[Arquivado] Computador Estranho

[DiMinas 6]

Moderadores, só para ganhar tempo, em breve posto o log do Hijack.

 

 

Segue log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:50:49, on 25/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\bndmss.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\HP\ToolBoxFX\bin\HPTLBXFX.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\RavMonE.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\TEMP\mscup2.exe

C:\Documents and Settings\TEMP\mscup2.exe

C:\Documents and Settings\TEMP\iclose.exe

C:\HijackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/pt/index.php?rvs=ho...&d=79919094

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://portuguese.ircfast2.com/index.php?m...=73320&c=BR

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [wTask] C:\WINDOWS\Media\LTaskup.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ToolBoxFX] "C:\Arquivos de programas\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [12CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe

O4 - HKCU\..\Run: [13CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0950\vsse33.exe

O4 - HKCU\..\Run: [12CFG914-K641-26SF-N32P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Windows Network Data Management System Service (BNDMSS) - Unknown owner - C:\WINDOWS\system32\bndmss.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

 

--

End of file - 6156 bytes

[Power Max 54]

:thumbsup: Olá DiMinas!

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Vá no menu: Iniciar > Executar e digite:

 

services.msc

 

Tecle Enter.

 

Ache esse Serviço: "Windows Network Data Management System Service (BNDMSS)", dê um duplo clique sobre ele com o botão esquerdo do mouse e escolha a opção: Desativado. Clique também em Parar e troque o Tipo de Inicialização para Desativado.

 

Reinicie o PC em entre em Modo Seguro (Fique apertando intermitentemente a tecla F8, ou a tecla F5 em alguns computadores, até que apareça uma tela preta em DOS e escolha a opção: Modo Seguro).

 

Estando no modo seguro, abra o HijackThis e clique no botão Open the Misc Tools section e depois em Delete an NT service.

 

Coloque isto: BNDMSS

 

Dê ok.

 

Reinicie o computador em modo normal.

_____________________________________________________________________________

 

:seta: Depois disso faça o seguinte:

 

Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):

http://swandog46.geekstogo.com/avenger2/download.php

 

*Selecione e copie (Ctrl+C) todo o texto dentro do CODE (caixa branca) abaixo:

 

Files to delete:C:\WINDOWS\system32\bndmss.exeC:\WINDOWS\RavMonE.exeC:\Documents and Settings\TEMP\mscup2.exeC:\Documents and Settings\TEMP\iclose.exeC:\WINDOWS\Media\LTaskup.exeC:\WINDOWS\RavMonE.exeC:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exeC:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0950\vsse33.exeC:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe

 

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado

*Será criado um relatório em C:\avenger.txt.

_____________________________________________________________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O4 - HKLM\..\Run: [wTask] C:\WINDOWS\Media\LTaskup.exe

 

O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe

 

O4 - HKCU\..\Run: [12CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe

 

O4 - HKCU\..\Run: [13CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0950\vsse33.exe

 

O4 - HKCU\..\Run: [12CFG914-K641-26SF-N32P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe

_____________________________________________________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

 

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com o log do Avenger que estará em C:\avenger.txt e um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir estes procedimentos acima.

 

Ficamos no aguardo de sua resposta.

[DiMinas 6]

Ache esse Serviço: "Windows Network Data Management System Service (BNDMSS)", dê um duplo clique sobre ele com o botão esquerdo do mouse e escolha a opção: Desativado. Clique também em Parar e troque o Tipo de Inicialização para Desativado.

 

Aqui, o "PARAR" apresenta desativado:

 

 

Estando no modo seguro, abra o HijackThis e clique no botão Open the Misc Tools section e depois em Delete an NT service.

 

Coloque isto: BNDMSS

 

Também não tive sucesso nesta parte. Pode ser alguma ligação com o PARAR lá de cima?

[Power Max 54]

:thumbsup: Tudo bem, mas siga então os outros passos que te indiquei e poste os logs deles por gentileza.

 

Ficamos no aguardo.

[DiMinas 6]

Avenger:

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: file "C:\WINDOWS\system32\bndmss.exe" not found!

Deletion of file "C:\WINDOWS\system32\bndmss.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\WINDOWS\RavMonE.exe" not found!

Deletion of file "C:\WINDOWS\RavMonE.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

File "C:\Documents and Settings\TEMP\mscup2.exe" deleted successfully.

File "C:\Documents and Settings\TEMP\iclose.exe" deleted successfully.

 

Error: file "C:\WINDOWS\Media\LTaskup.exe" not found!

Deletion of file "C:\WINDOWS\Media\LTaskup.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\WINDOWS\RavMonE.exe" not found!

Deletion of file "C:\WINDOWS\RavMonE.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: could not open file "C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe"

Deletion of file "C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\vsse32.exe" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

 

 

Error: file "C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0950\vsse33.exe" not found!

Deletion of file "C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0950\vsse33.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: could not open file "C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe"

Deletion of file "C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

Hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:41:15, on 27/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\HP\ToolBoxFX\bin\HPTLBXFX.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\HijackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/pt/index.php?rvs=ho...&d=79919094

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://portuguese.ircfast2.com/index.php?m...=73320&c=BR

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ToolBoxFX] "C:\Arquivos de programas\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Windows Network Data Management System Service (BNDMSS) - Unknown owner - C:\WINDOWS\system32\bndmss.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

 

--

End of file - 5551 bytes

 

 

 

Malware:

Malwarebytes' Anti-Malware 1.36

Versão do banco de dados: 2047

Windows 5.1.2600 Service Pack 2

 

27/4/2009 11:23:55

mbam-log-2009-04-27 (11-23-55).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 179614

Tempo decorrido: 45 minute(s), 5 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 2

Valores do Registro infectados: 0

Ítens do Registro infectados: 2

Pastas infectadas: 6

Arquivos infectados: 32

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas infectadas:

C:\Arquivos de programas\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyGlobalSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851 (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Arquivos infectados:

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\vmdcgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\TEMP\clf32.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP371\A0392290.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP372\A0392337.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP372\A0392390.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP373\A0392451.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP373\A0392464.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP373\A0393464.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP374\A0393508.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP374\A0394491.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP374\A0395502.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP375\A0395606.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP376\A0396588.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP376\A0396630.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP377\A0396693.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP377\A0397676.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP377\A0397714.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP377\A0397747.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

C:\0qx0sc6.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Grafca Barao\Configurações locais\Temp\tru4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Grafca Barao\Configurações locais\Temp\tru5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Grafca Barao\Configurações locais\Temp\tru6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Grafca Barao\Configurações locais\Temp\tru7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Grafca Barao\Configurações locais\Temp\tru8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Grafca Barao\Configurações locais\Temp\tru9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\lnk_dados_2.dll (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Grafca Barao\Configurações locais\Temp\oprBA.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.

 

 

Já vejo uma melhora bem significativa.

Instalando o Avira.

 

Desde já agradeço.

[Power Max 54]

:thumbsup: Vários problemas foram removidos do seu PC.

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\EsetOnlineScanner\log

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento.

 

Ficamos no aguardo de sua resposta.

[DiMinas 6]

# version=4

# OnlineScanner.ocx=1.0.0.635

# OnlineScannerDLLA.dll=1, 0, 0, 79

# OnlineScannerDLLW.dll=1, 0, 0, 78

# OnlineScannerUninstaller.exe=1, 0, 0, 49

# vers_standard_module=4039 (20090428)

# vers_arch_module=1.064 (20080214)

# vers_adv_heur_module=1.066 (20070917)

# EOSSerial=27b90509bd44ff46aeef0dea4af3eb27

# end=finished

# remove_checked=true

# unwanted_checked=true

# utc_time=2009-04-28 02:14:17

# local_time=2009-04-28 11:14:17 (-0300, Hora oficial do Brasil)

# country="Brazil"

# osver=5.1.2600 NT Service Pack 2

# scanned=270840

# found=27

# scan_time=6088

C:\Documents and Settings\TEMP\Configurações locais\Temporary Internet Files\Content.IE5\33PJBLCW\um[2].1 a variant of Win32/Kryptik.BF trojan (unable to clean - deleted) 00000000000000000000000000000000

C:\Documents and Settings\TEMP\Configurações locais\Temporary Internet Files\Content.IE5\GL6JSDQV\iclos[1].r a variant of Win32/Kryptik.BF trojan (unable to clean - deleted) 00000000000000000000000000000000

C:\Documents and Settings\TEMP\Configurações locais\Temporary Internet Files\Content.IE5\GL6JSDQV\ver[2].exe Win32/Small.NFH trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\pnc.exe Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\autorun.inf Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\i.bat Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\30ed3.exe Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\c.com Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\2y8la.exe Win32/PSW.OnLineGames.OAS trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\v2h3.exe Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\nsv.bat Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\gsxlexd.cmd Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\o9o2u.bat Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\0.com Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\0qx0sc6.bat Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP404\A0425305.exe Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP404\A0425306.inf Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP404\A0425307.bat Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP404\A0425308.exe Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP404\A0425309.com Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP404\A0425310.exe Win32/PSW.OnLineGames.OAS trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP404\A0425311.exe Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP404\A0425312.bat Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP404\A0425313.cmd Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP404\A0425314.bat Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP404\A0425315.com Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\System Volume Information\_restore{187FDC22-E17D-4B46-B402-8DD299E1D297}\RP404\A0425316.bat Win32/PSW.OnLineGames.NNU trojan (unable to clean - deleted) 00000000000000000000000000000000

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:33:41, on 28/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\HP\ToolBoxFX\bin\HPTLBXFX.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Corel\CorelDRAW Graphics Suite 13\PROGRAMS\CORELDRW.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Microsoft Office\Office10\EXCEL.EXE

C:\Documents and Settings\TEMP\Desktop\calc.exe

C:\Documents and Settings\TEMP\Desktop\calc.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircdown.com/pt/index.php?rvs=ho...&d=79919094

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://portuguese.ircfast2.com/index.php?m...=73320&c=BR

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ToolBoxFX] "C:\Arquivos de programas\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Windows Network Data Management System Service (BNDMSS) - Unknown owner - C:\WINDOWS\system32\bndmss.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

 

--

End of file - 6596 bytes

[Power Max 54]

:thumbsup: Mais 27 ameaças foram eliminadas pelo Nod32 Online.

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do USBFix e salve-o no desktop (área de trabalho):

http://rapidshare.com/files/186762158/UsbFix.exe

Obs: Quando acessar o site acima, clique no botão Free user > aguarde a contagem regressiva > Clique no botão Download.

 

● Desative temporariamente seu antivírus;

● Dê um duplo clique no ícone do programa e instale-o clicando em (Suivant > Aceite o contrato > Suivant > Suivant > Démarrer > Quitter);

● Dê um duplo clique no ícone do USBFix criado no desktop para executá-lo;

● Insira o pen drive, MP3, MP4, ou outra mídia removível que você suspeite que possa estar infectada na porta USB do PC (se você tiver alguma mídia removível);

● Tecle 1, pressione Enter e siga as instruções que aparecer. Seu computador será reiniciado, aguarde e espere-o reiniciar;

● O PC será reiniciado. Mantenha o pen drive no local. Não remova!

● Quando estiver reiniciando aparecerá uma tela azul lhe dizendo que as unidades estão sendo verificadas;

● Após reiniciar, a ferramenta será executada automaticamente. Apenas aguarde sem mover o mouse ou usar o teclado;

● Ao receber a mensagem "Nettoyage effectue!", tecle ENTER

● Será aberto o log no bloco de notas automaticamente. O log também estará em C:\UsbFix.txt.

 

OBS: Se após reiniciar o seu desktop sumir, tecle Ctrl + Alt + Delete para rodar o gerenciador de tarefas. Clique em Arquivo > Executar nova tarefa, digite: explorer.exe e dê um OK.

_______________________________________________________________________________

 

:seta: Depois disto, siga as dicas deste tutorial:

 

Tutorial do Kaspersky Virus Removal Tool

 

Poste este log do Kaspersky Virus Removal Tool juntamente com o log do Usbfix que estará em C:\UsbFix.txt e também um novo log do Hijackthis e nos diga como está o PC após estes procedimentos.

 

Ficamos no aguardo.

[DiMinas 6]

-------------- UsbFix V2.413.4 ---------------

 

* User : Grafca Barao - RAFAEL-945FF89F

* Outils mis a jours le 11/12/2008 par Chiquitine29 et Chimay8

* Recherche effectuée à 16:33:09 le ter 28/04/2009

* Windows Xp - Internet Explorer 6.0.2900.2180

 

 

--------------- [ Processus actifs ] ----------------

 

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\userinit.exe

C:\DOCUME~1\TEMP\CONFIG~1\Temp\1.tmp\b2e.exe

C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\HP\ToolBoxFX\bin\HPTLBXFX.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\agent.exe

 

--------------- [ Informations lecteurs ] ----------------

 

C: - Unidade de disco fixo

 

D: - Unidade de disco fixo

 

 

--------------- [ Lecteur C ] ----------------

 

C: - Unidade de disco fixo

 

 

+- Listing des fichiers présents :

 

[22/12/2006 22:07][--a------] C:\AUTOEXEC.BAT

[03/08/2004 22:38][-rahs----] C:\NTDETECT.COM

[22/12/2006 22:00][---hs----] C:\boot.ini

[27/04/2009 11:33][--a------] C:\avenger.txt

[27/04/2009 11:33][--a------] C:\UsbFix.txt

[22/12/2006 22:07][--a------] C:\CONFIG.SYS

[22/12/2006 22:07][--a------] C:\IO.SYS

[22/12/2006 22:07][--a------] C:\MSDOS.SYS

[22/12/2006 22:07][--a------] C:\pagefile.sys

 

--------------- [ Lecteur D ] ----------------

 

D: - Unidade de disco fixo

 

 

+- Listing des fichiers présents :

 

[21/06/2006 10:37][--a------] D:\AUTOEXEC.BAT

[05/05/1999 22:22][--a------] D:\COMMAND.COM

[19/05/1999 10:15][--a------] D:\DOS801.EXE

[19/05/1999 10:15][--a------] D:\CFG801.EXE

[19/05/1999 10:15][--a------] D:\UNWISE.EXE

[19/05/1999 10:15][--a------] D:\dap71.exe

[05/03/2004 16:51][--ahs----] D:\DETLOG.TXT

[05/03/2004 16:51][--ahs----] D:\SETUPLOG.TXT

[05/03/2004 16:51][--ahs----] D:\BOOTLOG.TXT

[05/03/2004 16:51][--ahs----] D:\SETUPXLG.TXT

[21/09/2004 15:41][--a------] D:\CONFIG.SYS

[21/09/2004 15:41][--a------] D:\MSDOS.SYS

[21/09/2004 15:41][--a------] D:\IO.SYS

 

--------------- [ Registre / Startup ] ----------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="&http://home.microsoft.com/intl/br/access/allinone.asp"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

VTTimer=VTTimer.exe

NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe

{0228e555-4f9c-4e35-a3ec-b109a192b4c2}=C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

SunJavaUpdateSched="C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

ISUSPM Startup="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

ISUSScheduler="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

avast!=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

ToolBoxFX="C:\Arquivos de programas\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on

<NO NAME>=

HP Software Update=C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

Adobe Reader Speed Launcher="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

avgnt="C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=

<NO NAME>=

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=

Installed=1

<NO NAME>=

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=

NoChange=1

Installed=1

<NO NAME>=

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=

Installed=1

<NO NAME>=

 

--------------- [ Registre / Mountpoint2 ] ----------------

 

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\explore\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e6da472-e3bc-11dd-bd56-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e6da472-e3bc-11dd-bd56-000ea658a87f}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29dc4e11-82ec-11dc-abcb-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29dc4e11-82ec-11dc-abcb-000ea658a87f}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33bb378e-9c48-11dd-ada3-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{371e5241-e633-11dd-bd59-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{371e5241-e633-11dd-bd59-000ea658a87f}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4344749a-fdbe-11dd-bd7e-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4344749a-fdbe-11dd-bd7e-000ea658a87f}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53e0f3c6-17b2-11de-bd98-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53e0f3c6-17b2-11de-bd98-000ea658a87f}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55da4b13-c6a9-11dd-adde-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55da4b13-c6a9-11dd-adde-000ea658a87f}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61dd452e-2f3e-11de-bdb6-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61dd452e-2f3e-11de-bdb6-000ea658a87f}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61dd4535-2f3e-11de-bdb6-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61dd4535-2f3e-11de-bdb6-000ea658a87f}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68745e89-1122-11dd-aca8-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7408863e-e128-11db-aada-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7408863e-e128-11db-aada-000ea658a87f}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c7cfc7a-a1a9-11dd-adac-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b47e238c-80ef-11dd-ad77-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c476b9d6-e8bc-11dd-bd5e-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c476b9d6-e8bc-11dd-bd5e-000ea658a87f}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccfe5c31-1ed6-11de-bda5-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccfe5c31-1ed6-11de-bda5-000ea658a87f}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2c2e544-95f3-11dd-ad96-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2c2e555-95f3-11dd-ad96-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2195a86-8c94-11dd-ad89-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efe02b24-3025-11de-bdba-000ea658a87f}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efe02b24-3025-11de-bdba-000ea658a87f}\Shell\open\Command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fed7179b-7fed-11dd-ad74-000ea658a87f}\Shell\AutoRun\command

 

--------------- [ Nettoyage des disques ] ----------------

 

 

--------------- [ Resumé ] ----------------

 

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

 

[22/12/2006 22:07][--a------] C:\AUTOEXEC.BAT

[03/08/2004 22:38][-rahs----] C:\NTDETECT.COM

[22/12/2006 22:00][---hs----] C:\boot.ini

[21/06/2006 10:37][--a------] D:\AUTOEXEC.BAT

[05/05/1999 22:22][--a------] D:\COMMAND.COM

[19/05/1999 10:15][--a------] D:\DOS801.EXE

[19/05/1999 10:15][--a------] D:\CFG801.EXE

[19/05/1999 10:15][--a------] D:\UNWISE.EXE

[19/05/1999 10:15][--a------] D:\dap71.exe

 

--------------- ! Fin du rapport ! ----------------

 

Aguardando Kasperky...

[Power Max 54]

:thumbsup: Vários problemas foram removidos pelo Usbfix.

 

Ficamos no aguardo do log do Kaspersky.

[DiMinas 6]

Antônio, antes de mais nada, obrigado pela análise.

 

Não sabia que era demorado demais.

Infelizmente, passado mais de 8 horas, estava em 90% e deu um pique de energia.

Vou aproveitar o feriado para passar o Kaspersky.

 

Fica a dica para incluir no seu tutorial que é mais recomendável usar o Kaspersky, quando o computador estiver ocioso, ou seja, madrugadas e fins-de-semana.

 

Me desculpe pelo off.

[Power Max 54]

Realmente dependendo da quantidade de arquivos que existem no seu PC o escaneamento com ele pode demorar bastante.

 

Uma dica para que o escaneamento seja feito mais rapidamente é fazer primeiro uma limpeza de arquivos temporários, inúteis e de erros em geral usando o programa Ccleaner.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.