[Resolvido!] PC se comportando de modo estranho.

curseknight · Junho 1, 2009

Bom dia à todos, meu PC vinha se comportando muito estranhamente nas últimas semanas: Logo após a tela do boot, uma tela preta permanecia no monitor e não saia. O único jeito de resolver isso era reiniciando. Com o PC ligado, acontecia o seguinte problema: ele ficava dando "mini-travadas", perceptíveis por causa do ponteiro do mouse travar durante uma fração de segundo, e os sons saírem com falhas nesse exato momento. Até ai tudo bem.

Exatamente hoje, eu ia ligar o PC e, não deu outra, a tela preta. Só que dessa vez tentei outras vezes e o PC continuou não passando da tela preta. Tentei ligar em modo de segurança e nada. Na segunda tentativa em modo de segurança ele ligou após muito tempo de espera naquela tela. Mesmo em modo de segurança, a estranha lentidão continua e em ambos os modos a pasta MEU COMPUTADOR não abre e faz o PC travar temporariamente quando eu tento abrir. Já executei o programa ComboFix duas vezes e possuo os logs. Posso executar o HiJackThis e postar um log, mas estou em modo de segurança. Outra coisa que reparei é o forte barulho, que dizem ser comum, mas parece não ser (não sei se isso tem á ver).

Por favor me ajudem o mais breve possível, pois eu utilizo muito este computador.

Eu postarei o(s) log(s) do ComboFix se vocês requisitarem.

Obrigado desde já.

EDIT: Lembrei de mais um problema: Toda hora aparece o ícone de um CD perto do ponteiro e eu não consigo abrir o drive. Não sei se tem CD dentro. CONSEGUI RODAR O PC EM MODO NORMAL, MAS ELE APRESENTA OS PROBLEMAS AINDA.

Mário Monteiro · Junho 2, 2009

post o log do HT mesmo em segurança

curseknight · Junho 2, 2009

Consegui executar o windows em modo normal, e aqui está o log do Hijackthis. Caso queira o do ComboFix eu mando!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:37, on 02/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Meus documentos\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll

O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.69.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [\\MICRO-02\EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P44 "\\MICRO-02\EPSON Stylus C45 Series (cópia 1)" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [Auto EPSON Stylus C45 Series (cópia 1) em MICRO-02] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P50 "Auto EPSON Stylus C45 Series (cópia 1) em MICRO-02" /O21 "\\MICRO-02\Impressora" /M "Stylus C45"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QT Lite\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 9234 bytes

jgarcia · Junho 7, 2009

Opa curseknight,

Poste o log do ComboFix.

Abraços.

curseknight · Junho 8, 2009

Segue o log do COMBOFIX:

ComboFix 09-05-31.06 - User 01/06/2009 16:52.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.563 [GMT -3:00]

Executando de: c:\documents and settings\User\Meus documentos\FIXBOX\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090531-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-01 to 2009-06-01 ))))))))))))))))))))))))))))

.

2010-01-25 15:29 . 2010-01-25 15:29 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\AdobeUM

2010-01-25 15:29 . 2008-07-09 13:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-01-25 15:28 . 2010-01-25 15:28 -------- d-----w- c:\windows\Cache

2010-01-25 15:24 . 2010-01-25 15:24 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Symantec

2010-01-25 15:23 . 2008-04-03 22:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec

2009-05-28 22:04 . 2009-05-28 22:04 -------- d-----w- c:\arquivos de programas\TibiaBot NG PREMIUM VERSION

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-01 19:48 . 2008-04-19 00:06 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-01 18:25 . 2008-11-04 19:53 -------- d-----w- c:\arquivos de programas\Winamp

2009-06-01 12:57 . 2008-06-05 00:06 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys

2009-05-30 22:53 . 2008-04-21 17:11 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Tibia

2009-05-23 12:10 . 2009-03-14 12:48 -------- d-----w- c:\arquivos de programas\NetBattle Supremacy

2009-05-23 03:40 . 2008-08-29 19:34 -------- d-----w- c:\arquivos de programas\Dofus

2009-04-29 00:28 . 2008-10-17 17:43 -------- d-----w- c:\arquivos de programas\CyberScript32

2009-04-25 17:31 . 2001-10-28 15:07 67450 ----a-w- c:\windows\system32\perfc016.dat

2009-04-25 17:31 . 2001-10-28 15:07 425426 ----a-w- c:\windows\system32\perfh016.dat

2009-04-25 03:30 . 2009-01-26 13:15 -------- d--h--w- c:\arquivos de programas\Allinone

2009-04-22 16:40 . 2008-12-10 17:26 -------- d-----w- c:\arquivos de programas\Tibia_8.40__

2009-04-21 12:07 . 2008-05-16 20:36 -------- d-----w- c:\arquivos de programas\HTV

2009-04-20 13:01 . 2009-04-20 12:44 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\TeamViewer

2009-04-19 13:35 . 2009-03-27 21:20 -------- d-----w- c:\arquivos de programas\ARDAextremeMAX

2009-04-10 01:11 . 2009-03-28 16:22 -------- d-----w- c:\arquivos de programas\LevelUpGames

2009-04-10 01:07 . 2008-04-04 19:58 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Free Download Manager

2009-04-10 00:20 . 2009-04-10 00:20 8552 ----a-w- c:\documents and settings\User\bvd32.exe

2009-04-09 11:59 . 2009-04-09 11:53 -------- d-----w- c:\arquivos de programas\Silkroad

2009-03-14 03:19 . 2009-03-14 03:19 16286 ----a-w- c:\documents and settings\User\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\5\42c06805-488d4582-n\ShoddyHelper.dll

2009-03-11 18:46 . 2008-04-07 20:48 717296 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-03-07 02:38 . 2009-03-07 02:38 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2009-03-07 02:38 . 2009-03-07 02:38 47360 ----a-w- c:\documents and settings\User\Dados de aplicativos\pcouffin.sys

2009-03-07 02:38 . 2009-03-07 02:38 47360 ----a-w- c:\documents and settings\User\Dados de aplicativos\pcouffin.sys

2009-03-06 14:20 . 2004-08-04 08:45 286208 ----a-w- c:\windows\system32\pdh.dll

2008-09-28 01:58 . 2008-09-28 22:18 288 ----a-w- c:\arquivos de programas\NyxLauncherEnc.xfs

2008-05-31 16:43 . 2008-06-04 16:38 37729090 ----a-w- c:\arquivos de programas\Sound.xfs

2008-05-12 23:58 . 2008-05-12 23:58 411248 ----a-w- c:\arquivos de programas\FLV PlayerRCSetup.exe

2007-03-19 12:11 . 2008-04-05 18:05 77209 ----a-w- c:\arquivos de programas\Fireworks CS3 Read Me.pdf

2004-07-08 09:57 . 2008-04-20 14:52 568832 ----a-w- c:\arquivos de programas\pic_editor_v21.exe

2004-06-04 00:11 . 2004-06-04 00:11 737 ----a-w- c:\arquivos de programas\layout.bin

2004-06-04 00:11 . 2004-06-04 00:11 127138500 ----a-w- c:\arquivos de programas\data2.cab

2004-06-04 00:10 . 2004-06-04 00:10 577634 ----a-w- c:\arquivos de programas\data1.hdr

2004-06-04 00:10 . 2004-06-04 00:10 11642103 ----a-w- c:\arquivos de programas\data1.cab

2004-06-04 00:10 . 2004-06-04 00:10 392284 ----a-w- c:\arquivos de programas\setup.boot

2004-06-04 00:09 . 2004-06-04 00:09 480 ----a-w- c:\arquivos de programas\setup.ini

2004-06-04 00:09 . 2004-06-04 00:09 338304 ----a-w- c:\arquivos de programas\setup.inx

2004-06-03 22:25 . 2004-06-03 22:25 720056 ----a-w- c:\arquivos de programas\setup.bmp

2004-06-03 22:25 . 2004-06-03 22:25 2902 ----a-w- c:\arquivos de programas\Abcpy.ini

2002-12-05 18:16 . 2002-12-05 18:16 418296 ----a-w- c:\arquivos de programas\engine32.cab

2002-10-23 21:32 . 2002-10-23 21:32 243858 ----a-w- c:\arquivos de programas\setup.skin

2007-03-09 08:12 . 2007-03-09 08:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-05-28_13.10.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-01 12:56 . 2009-06-01 12:56 16384 c:\windows\temp\Perflib_Perfdata_848.dat

+ 2009-06-01 12:55 . 2009-06-01 12:55 16384 c:\windows\temp\Perflib_Perfdata_6a0.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

"Google Update"="c:\documents and settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-10-18 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"USB Storage Toolbox"="c:\arquivos de programas\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-12-27 136600]

"BootSkin Startup Jobs"="c:\arquivos de programas\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]

"\\MICRO-02\EPSON Stylus C45 Series (cópia 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]

"Auto EPSON Stylus C45 Series (cópia 1) em MICRO-02"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]

"QuickTime Task"="c:\arquivos de programas\QT Lite\qttask.exe" [2008-09-06 413696]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-02-26 185872]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-11-14 16270848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

WinZip Quick Pick.lnk - c:\arquivos de programas\WinZip\WZQKPICK.EXE [2008-9-23 415072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2005-12-06 23:16 176128 ----a-w- c:\arquiv~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wbsys.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32

"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Iniciar^Programas^Inicializar^MSN Pictures Displayer.lnk]

backup=c:\windows\pss\MSN Pictures Displayer.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

"ErrorKiller"=c:\arquivos de programas\ErrorKiller\ErrorKiller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"skp66.exe"= skp66.exe:BNDMSS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

"3306:TCP"= 3306:TCP:TFS Zorty

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/04/2008 20:01 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/04/2008 20:01 20560]

R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]

S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 14:31 42000]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-06-01 c:\windows\Tasks\GlaryInitialize.job

- c:\arquivos de programas\Glary Utilities\initialize.exe [2009-03-21 16:22]

2009-06-01 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.daemon-search.com/startpage

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

uInternet Settings,ProxyServer = 127.0.0.1:8080

IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.usinavirtual.com/portal/forum/

FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: c:\arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPBILLARD8.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPBOARDS.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPCARDS.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPDARTS.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPDOMINO.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPNAVY.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPPOKER.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPSNOOKER.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPWORDS.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-01 16:55

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(796)

c:\arquiv~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(2396)

c:\arquivos de programas\IconChanger\IconChng.dll

.

Tempo para conclusão: 2009-06-01 16:57

ComboFix-quarantined-files.txt 2009-06-01 19:57

ComboFix2.txt 2009-05-28 13:15

ComboFix3.txt 2008-11-04 19:18

Pré-execução: 18 pasta(s) 188.992.147.456 bytes disponíveis

Pós execução: 17 pasta(s) 189.017.907.200 bytes disponíveis

199 --- E O F --- 2009-05-29 13:00

Note que o log foi feito há oito dias (algumas coisas foram mudadas desde então, como o antivirus), se necessário passarei o programa novamente.

jgarcia · Junho 9, 2009

Note que o log foi feito há oito dias (algumas coisas foram mudadas desde então, como o antivirus), se necessário passarei o programa novamente.

Faça isto e poste um novo log. :thumbsup:

curseknight · Junho 13, 2009

Desculpe a demora, acabei de passar o ComboFix novamente, e ai está o log:

ComboFix 09-06-13.03 - User 13/06/2009 18:01.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.664 [GMT -3:00]

Executando de: c:\documents and settings\User\Meus documentos\FIXBOX\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-13 to 2009-06-13 ))))))))))))))))))))))))))))

.

2010-01-25 15:29 . 2010-01-25 15:29 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\AdobeUM

2010-01-25 15:29 . 2008-07-09 13:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-01-25 15:28 . 2010-01-25 15:28 -------- d-----w- c:\windows\Cache

2010-01-25 15:24 . 2010-01-25 15:24 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Symantec

2010-01-25 15:23 . 2008-04-03 22:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec

2009-06-10 14:03 . 2009-06-10 14:03 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2009-06-07 16:15 . 2009-06-07 16:15 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Avira

2009-06-07 15:08 . 2009-06-09 20:38 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys

2009-06-07 15:08 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-06-07 15:08 . 2009-02-24 16:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys

2009-06-07 15:08 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-06-07 15:08 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-06-07 15:08 . 2009-06-07 15:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-06-01 21:36 . 2009-03-24 19:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-06-01 21:36 . 2009-06-01 21:36 -------- d-----w- c:\arquivos de programas\Avira

2009-05-28 22:04 . 2009-06-06 21:20 -------- d-----w- c:\arquivos de programas\TibiaBot NG PREMIUM VERSION

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-13 03:11 . 2008-04-19 00:06 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-05 00:34 . 2008-05-16 20:36 -------- d-----w- c:\arquivos de programas\HTV

2009-06-03 20:19 . 2008-10-17 17:43 -------- d-----w- c:\arquivos de programas\CyberScript32

2009-06-03 15:46 . 2008-12-10 17:26 -------- d-----w- c:\arquivos de programas\Tibia_8.40__

2009-06-01 22:43 . 2008-04-28 19:23 -------- d-----w- c:\arquivos de programas\101 MP3 Splitter and Joiner

2009-06-01 21:13 . 2008-10-31 00:31 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-06-01 18:25 . 2008-11-04 19:53 -------- d-----w- c:\arquivos de programas\Winamp

2009-06-01 12:57 . 2008-06-05 00:06 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys

2009-05-30 22:53 . 2008-04-21 17:11 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Tibia

2009-05-23 12:10 . 2009-03-14 12:48 -------- d-----w- c:\arquivos de programas\NetBattle Supremacy

2009-05-23 03:40 . 2008-08-29 19:34 -------- d-----w- c:\arquivos de programas\Dofus

2009-05-07 15:33 . 2004-08-04 08:45 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:45 . 2004-08-04 08:45 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:45 . 2004-08-04 08:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-25 17:31 . 2001-10-28 15:07 67450 ----a-w- c:\windows\system32\perfc016.dat

2009-04-25 17:31 . 2001-10-28 15:07 425426 ----a-w- c:\windows\system32\perfh016.dat

2009-04-25 03:30 . 2009-01-26 13:15 -------- d--h--w- c:\arquivos de programas\Allinone

2009-04-20 13:01 . 2009-04-20 12:44 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\TeamViewer

2009-04-19 19:50 . 2004-08-04 08:38 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-19 13:35 . 2009-03-27 21:20 -------- d-----w- c:\arquivos de programas\ARDAextremeMAX

2009-04-15 14:53 . 2004-08-04 08:45 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2008-09-28 01:58 . 2008-09-28 22:18 288 ----a-w- c:\arquivos de programas\NyxLauncherEnc.xfs

2008-05-31 16:43 . 2008-06-04 16:38 37729090 ----a-w- c:\arquivos de programas\Sound.xfs

2008-05-12 23:58 . 2008-05-12 23:58 411248 ----a-w- c:\arquivos de programas\FLV PlayerRCSetup.exe

2007-03-19 12:11 . 2008-04-05 18:05 77209 ----a-w- c:\arquivos de programas\Fireworks CS3 Read Me.pdf

2004-07-08 09:57 . 2008-04-20 14:52 568832 ----a-w- c:\arquivos de programas\pic_editor_v21.exe

2004-06-04 00:11 . 2004-06-04 00:11 737 ----a-w- c:\arquivos de programas\layout.bin

2004-06-04 00:11 . 2004-06-04 00:11 127138500 ----a-w- c:\arquivos de programas\data2.cab

2004-06-04 00:10 . 2004-06-04 00:10 577634 ----a-w- c:\arquivos de programas\data1.hdr

2004-06-04 00:10 . 2004-06-04 00:10 11642103 ----a-w- c:\arquivos de programas\data1.cab

2004-06-04 00:10 . 2004-06-04 00:10 392284 ----a-w- c:\arquivos de programas\setup.boot

2004-06-04 00:09 . 2004-06-04 00:09 480 ----a-w- c:\arquivos de programas\setup.ini

2004-06-04 00:09 . 2004-06-04 00:09 338304 ----a-w- c:\arquivos de programas\setup.inx

2004-06-03 22:25 . 2004-06-03 22:25 720056 ----a-w- c:\arquivos de programas\setup.bmp

2004-06-03 22:25 . 2004-06-03 22:25 2902 ----a-w- c:\arquivos de programas\Abcpy.ini

2002-12-05 18:16 . 2002-12-05 18:16 418296 ----a-w- c:\arquivos de programas\engine32.cab

2002-10-23 21:32 . 2002-10-23 21:32 243858 ----a-w- c:\arquivos de programas\setup.skin

2007-03-09 08:12 . 2007-03-09 08:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

"Google Update"="c:\documents and settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-10-18 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]

"USB Storage Toolbox"="c:\arquivos de programas\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-12-27 136600]

"\\MICRO-02\EPSON Stylus C45 Series (cópia 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]

"Auto EPSON Stylus C45 Series (cópia 1) em MICRO-02"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]

"QuickTime Task"="c:\arquivos de programas\QT Lite\qttask.exe" [2008-09-06 413696]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-02-26 185872]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-11-14 16270848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

WinZip Quick Pick.lnk - c:\arquivos de programas\WinZip\WZQKPICK.EXE [2008-9-23 415072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2005-12-07 00:16 176128 ----a-w- c:\arquiv~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Iniciar^Programas^Inicializar^MSN Pictures Displayer.lnk]

backup=c:\windows\pss\MSN Pictures Displayer.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"skp66.exe"= skp66.exe:BNDMSS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

"3306:TCP"= 3306:TCP:TFS Zorty

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [07/06/2009 12:08 97608]

R2 AntiVirFirewallService;Avira Firewall;c:\arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe [07/06/2009 12:08 388865]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\arquivos de programas\Avira\AntiVir Desktop\avmailc.exe [07/06/2009 12:08 194817]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [07/06/2009 12:08 108289]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\arquivos de programas\Avira\AntiVir Desktop\avwebgrd.exe [07/06/2009 12:08 434945]

R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]

R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [07/06/2009 12:08 69632]

R3 XDva272;XDva272;\??\c:\windows\system32\XDva272.sys --> c:\windows\system32\XDva272.sys [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 14:31 42000]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 XDva223;XDva223; [x]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-06-13 c:\windows\Tasks\GlaryInitialize.job

- c:\arquivos de programas\Glary Utilities\initialize.exe [2009-03-21 16:22]

2009-06-13 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-WindowBlinds - c:\documents and settings\All Users\Documentos\Stardock\WindowBlinds\WBInstall32.exe

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.daemon-search.com/startpage

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

uInternet Settings,ProxyServer = 127.0.0.1:8080

IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

LSP: c:\arquivos de programas\Avira\AntiVir Desktop\avsda.dll

DPF: Microsoft XML Parser for Java

FF - ProfilePath -

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-13 18:06

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1160)

c:\arquiv~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'lsass.exe'(1216)

c:\arquivos de programas\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(1000)

c:\arquivos de programas\IconChanger\IconChng.dll

.

Tempo para conclusão: 2009-06-13 18:08

ComboFix-quarantined-files.txt 2009-06-13 21:08

ComboFix2.txt 2009-06-01 19:57

ComboFix3.txt 2009-05-28 13:15

ComboFix4.txt 2008-11-04 19:18

Pré-execução: 13 pasta(s) 188.906.029.056 bytes disponíveis

Pós execução: 13 pasta(s) 188.970.160.128 bytes disponíveis

192 --- E O F --- 2009-06-13 05:02

Nos últimos dias o computador tem apresentado apenas dois sintomas: A tela de boot demora muito para passar e as "travadinhas" são mais frequentes. Dá pra notar que isso é do computador e não da internet, a tela simplesmente congela por uns segundos e nenhum ponto é clicável.

jgarcia · Junho 21, 2009

Opa curseknight,

O Malwarebytes AntiMalware é um produto relativamente novo, porém com grande eficácia na remoção de infecções comuns. O programa é pequeno, gratuito e em português.

A sua instalação é o primeiro passo para a limpeza de um sistema operacional infectado.

Neste tutorial você aprenderá a instalá-lo e executá-lo.

1) Primeiramente faça o download do programa:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

2) Agora proceda a instalação do programa, conforme segue:

Execute o programa de instalação:

Logo após a execução do arquivo de instalação, será exibida a seguinte tela:

Agora, clique em Instalar para concluir:

Ao término da instalação deixe marcadas as opções de Atualização e Execução:

Será exibida então a tela de atualização do programa:

3) Essa é a tela inicial do programa. Marque a opção Verificação Completa e clique no botão Verificar.

Aguarde até o final da verificação:

Ao concluir a verificação, será exibida essa mensagem:

O resultado da verificação será exibido, com o nome dos arquivos e malwares encontrados.

Para efetivar a limpeza, clique em Remover selecionados:

Para concluir a limpeza haverá a necessidade da reinicialização do computador:

O programa guarda os logs das verificações feitas na pasta C:\Documents and Settings\Seu nome de Usuario\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\Logs, que também pode ser acessados na aba Logs, dentro do programa.

Retorne com o resultado da varredura.

Créditos: Fabio Assolini.

Link para a postagem original: aqui.

curseknight · Junho 22, 2009

Executei o programa, encontrou e removeu 8 infecções. Segue o log.

22/06/2009 18:36:23
mbam-log-2009-06-22 (18-36-23).txt

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 298455

Tempo decorrido: 1 hour(s), 10 minute(s), 10 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 3

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 5

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

c:\arquivos de programas\netbattle supremacy\virtual.drv (Adware.WinButler) -> Quarantined and deleted successfully.

c:\system volume information\_restore{0ca4c513-3482-4014-be83-b49680a9dbdf}\RP193\A0145109.exe (Trojan.SpyArdamax) -> Quarantined and deleted successfully.

c:\system volume information\_restore{0ca4c513-3482-4014-be83-b49680a9dbdf}\RP134\A0086438.exe (Trojan.SpyArdamax) -> Quarantined and deleted successfully.

c:\documents and settings\User\meus documentos\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.

c:\documents and settings\User\meus documentos\setupxv.exe.part (Rogue.Installer) -> Quarantined and deleted successfully.

Caso o problema continue, estarei informando. Obrigado.

EDIT: O problema ainda continua...

jgarcia · Junho 28, 2009

Opa curseknight,

Poste um novo log do ComboFix.

Abraços.

curseknight · Julho 3, 2009

Opa, desculpe pela demora. Aqui está o novo log do Combofix:

ComboFix 09-07-02.02 - User 03/07/2009 10:05.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.420 [GMT -3:00]

Executando de: c:\documents and settings\User\Meus documentos\FIXBOX\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\User\Meus documentos\mspaint.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-03 to 2009-07-03 ))))))))))))))))))))))))))))

.

2010-01-25 15:29 . 2010-01-25 15:29 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\AdobeUM

2010-01-25 15:29 . 2008-07-09 13:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-01-25 15:28 . 2010-01-25 15:28 -------- d-----w- c:\windows\Cache

2010-01-25 15:24 . 2010-01-25 15:24 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Symantec

2010-01-25 15:23 . 2008-04-03 22:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec

2009-07-01 19:03 . 2009-07-02 17:39 -------- d-----w- c:\arquivos de programas\Tibia_8.5

2009-06-28 00:38 . 2009-06-28 00:40 -------- d-----w- C:\xampp

2009-06-27 17:27 . 2009-06-27 17:27 -------- d-----w- c:\arquivos de programas\PFPortChecker

2009-06-26 17:10 . 2009-06-02 01:36 3184128 ----a-w- c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll

2009-06-26 17:10 . 2009-04-23 15:47 28672 ----a-w- c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll

2009-06-26 17:10 . 2009-03-20 02:57 40960 ----a-w- c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe

2009-06-26 17:10 . 2009-03-20 02:46 102400 ----a-w- c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll

2009-06-26 17:10 . 2009-06-03 18:19 57856 ----a-w- c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll

2009-06-22 20:00 . 2009-06-22 20:00 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Malwarebytes

2009-06-22 20:00 . 2009-06-17 14:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-22 20:00 . 2009-06-22 20:00 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-06-22 20:00 . 2009-06-22 20:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-06-22 20:00 . 2009-06-17 14:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-10 14:03 . 2009-06-10 14:03 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2009-06-07 16:15 . 2009-06-07 16:15 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Avira

2009-06-07 15:08 . 2009-06-09 20:38 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys

2009-06-07 15:08 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-06-07 15:08 . 2009-02-24 16:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys

2009-06-07 15:08 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-06-07 15:08 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-06-07 15:08 . 2009-06-07 15:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-01 02:28 . 2008-04-21 17:11 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Tibia

2009-06-30 03:30 . 2008-10-25 22:52 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\sqlitestudio

2009-06-29 14:33 . 2008-12-10 17:26 -------- d-----w- c:\arquivos de programas\Tibia_8.42

2009-06-27 18:17 . 2008-04-19 00:06 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-22 21:36 . 2009-03-14 12:48 -------- d-----w- c:\arquivos de programas\NetBattle Supremacy

2009-06-20 23:47 . 2008-04-28 19:23 -------- d-----w- c:\arquivos de programas\101 MP3 Splitter and Joiner

2009-06-06 21:20 . 2009-05-28 22:04 -------- d-----w- c:\arquivos de programas\TibiaBot NG PREMIUM VERSION

2009-06-05 00:34 . 2008-05-16 20:36 -------- d-----w- c:\arquivos de programas\HTV

2009-06-03 20:19 . 2008-10-17 17:43 -------- d-----w- c:\arquivos de programas\CyberScript32

2009-06-01 21:36 . 2009-06-01 21:36 -------- d-----w- c:\arquivos de programas\Avira

2009-06-01 21:13 . 2008-10-31 00:31 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-06-01 18:25 . 2008-11-04 19:53 -------- d-----w- c:\arquivos de programas\Winamp

2009-06-01 12:57 . 2008-06-05 00:06 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys

2009-05-23 03:40 . 2008-08-29 19:34 -------- d-----w- c:\arquivos de programas\Dofus

2009-05-07 15:33 . 2004-08-04 08:45 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:45 . 2004-08-04 08:45 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:45 . 2004-08-04 08:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-25 17:31 . 2001-10-28 15:07 67450 ----a-w- c:\windows\system32\perfc016.dat

2009-04-25 17:31 . 2001-10-28 15:07 425426 ----a-w- c:\windows\system32\perfh016.dat

2009-04-19 19:50 . 2004-08-04 08:38 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:53 . 2004-08-04 08:45 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2008-09-28 01:58 . 2008-09-28 22:18 288 ----a-w- c:\arquivos de programas\NyxLauncherEnc.xfs

2008-05-31 16:43 . 2008-06-04 16:38 37729090 ----a-w- c:\arquivos de programas\Sound.xfs

2008-05-12 23:58 . 2008-05-12 23:58 411248 ----a-w- c:\arquivos de programas\FLV PlayerRCSetup.exe

2007-03-19 12:11 . 2008-04-05 18:05 77209 ----a-w- c:\arquivos de programas\Fireworks CS3 Read Me.pdf

2004-07-08 09:57 . 2008-04-20 14:52 568832 ----a-w- c:\arquivos de programas\pic_editor_v21.exe

2004-06-04 00:11 . 2004-06-04 00:11 737 ----a-w- c:\arquivos de programas\layout.bin

2004-06-04 00:11 . 2004-06-04 00:11 127138500 ----a-w- c:\arquivos de programas\data2.cab

2004-06-04 00:10 . 2004-06-04 00:10 577634 ----a-w- c:\arquivos de programas\data1.hdr

2004-06-04 00:10 . 2004-06-04 00:10 11642103 ----a-w- c:\arquivos de programas\data1.cab

2004-06-04 00:10 . 2004-06-04 00:10 392284 ----a-w- c:\arquivos de programas\setup.boot

2004-06-04 00:09 . 2004-06-04 00:09 480 ----a-w- c:\arquivos de programas\setup.ini

2004-06-04 00:09 . 2004-06-04 00:09 338304 ----a-w- c:\arquivos de programas\setup.inx

2004-06-03 22:25 . 2004-06-03 22:25 720056 ----a-w- c:\arquivos de programas\setup.bmp

2004-06-03 22:25 . 2004-06-03 22:25 2902 ----a-w- c:\arquivos de programas\Abcpy.ini

2002-12-05 18:16 . 2002-12-05 18:16 418296 ----a-w- c:\arquivos de programas\engine32.cab

2002-10-23 21:32 . 2002-10-23 21:32 243858 ----a-w- c:\arquivos de programas\setup.skin

2007-03-09 08:12 . 2007-03-09 08:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-06-13_21.06.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-03 12:57 . 2009-07-03 12:57 16384 c:\windows\temp\Perflib_Perfdata_128.dat

+ 2005-11-15 19:42 . 2005-11-15 19:42 73216 c:\windows\Installer\680c4.msp

+ 2008-04-10 12:57 . 2008-04-10 12:57 836096 c:\windows\Installer\f5d6c.msi

+ 2008-04-04 19:10 . 2008-04-04 19:10 467968 c:\windows\Installer\ecb03d.msi

+ 2008-12-07 13:51 . 2008-12-07 13:51 324096 c:\windows\Installer\ce62ba.msi

+ 2008-04-05 23:35 . 2008-04-05 23:35 903168 c:\windows\Installer\cb1b0.msi

+ 2009-06-01 21:34 . 2009-06-01 21:34 228352 c:\windows\Installer\74855.msi

+ 2008-10-21 19:29 . 2008-10-21 19:29 308736 c:\windows\Installer\70215.msi

+ 2006-06-12 18:41 . 2006-06-12 18:41 318464 c:\windows\Installer\6812a.msp

+ 2004-08-25 15:45 . 2004-08-25 15:45 129024 c:\windows\Installer\68083.msp

+ 2008-01-25 12:30 . 2008-01-25 12:30 100352 c:\windows\Installer\5f02d.msi

+ 2008-07-12 13:06 . 2008-07-12 13:06 805376 c:\windows\Installer\4fd06.msi

+ 2008-04-12 12:06 . 2008-04-12 12:06 431104 c:\windows\Installer\4f4ee1.msi

+ 2008-07-23 08:05 . 2008-07-23 08:05 111616 c:\windows\Installer\42f17c.msp

+ 2008-05-07 19:45 . 2008-05-07 19:45 674304 c:\windows\Installer\42f12c.msp

+ 2008-05-18 19:40 . 2008-05-18 19:40 188416 c:\windows\Installer\2fa036.msi

+ 2008-04-27 22:10 . 2008-04-27 22:10 289792 c:\windows\Installer\25be2fa.msi

+ 2008-11-23 11:23 . 2008-11-23 11:23 432640 c:\windows\Installer\2344a.msi

+ 2005-01-06 00:55 . 2005-01-06 00:55 265216 c:\windows\Installer\21306.msi

+ 2008-04-19 23:49 . 2008-04-19 23:49 456704 c:\windows\Installer\203e77b.msi

+ 2009-02-10 12:22 . 2009-02-10 12:22 533504 c:\windows\Installer\1faf88.msp

+ 2009-03-02 00:39 . 2009-03-02 00:39 152576 c:\windows\Installer\1cdbcaa.msi

+ 2008-12-27 19:58 . 2008-12-27 19:58 562176 c:\windows\Installer\18cc331.msi

+ 2008-12-25 18:09 . 2008-12-25 18:09 847360 c:\windows\Installer\16cc925.msi

+ 2008-12-25 18:08 . 2008-12-25 18:08 455680 c:\windows\Installer\16cc920.msi

+ 2008-12-25 18:08 . 2008-12-25 18:08 335360 c:\windows\Installer\16cc91b.msi

+ 2008-12-25 18:08 . 2008-12-25 18:08 163840 c:\windows\Installer\16cc916.msi

+ 2008-05-29 22:33 . 2008-05-29 22:33 145920 c:\windows\Installer\1533e14.msi

+ 2009-04-20 18:32 . 2009-04-20 18:32 210432 c:\windows\Installer\125ee9b.msp

+ 2004-07-17 19:35 . 2004-07-17 19:35 1354752 c:\windows\system32\webfldrs.msi

+ 2008-11-06 16:37 . 2008-11-06 16:37 1585664 c:\windows\system32\VC80CRTRedist.msi

+ 2008-07-12 12:38 . 2004-07-17 19:35 1354752 c:\windows\ServicePackFiles\i386\webfldrs.msi

+ 2008-06-09 21:05 . 2008-06-09 21:05 5091840 c:\windows\Installer\ef9802.msi

+ 2008-04-07 18:32 . 2008-04-07 18:32 8415232 c:\windows\Installer\d1c49.msp

+ 2008-03-31 19:35 . 2008-03-31 19:35 8309760 c:\windows\Installer\d1c35.msp

+ 2008-04-05 18:11 . 2008-04-05 18:11 2337792 c:\windows\Installer\ce6b5c.msi

+ 2008-04-05 18:10 . 2008-04-05 18:10 1718272 c:\windows\Installer\ce6b56.msi

+ 2008-04-05 18:10 . 2008-04-05 18:10 1954304 c:\windows\Installer\ce6b51.msi

+ 2008-04-05 18:10 . 2008-04-05 18:10 1826816 c:\windows\Installer\ce6b4c.msi

+ 2008-04-05 18:10 . 2008-04-05 18:10 1726976 c:\windows\Installer\ce6b47.msi

+ 2008-04-05 18:10 . 2008-04-05 18:10 1730048 c:\windows\Installer\ce6b42.msi

+ 2008-04-05 18:09 . 2008-04-05 18:09 1735680 c:\windows\Installer\ce6b3d.msi

+ 2008-04-05 18:09 . 2008-04-05 18:09 1715712 c:\windows\Installer\ce6b2c.msi

+ 2008-04-05 18:09 . 2008-04-05 18:09 1761792 c:\windows\Installer\ce6b26.msi

+ 2008-04-05 18:08 . 2008-04-05 18:08 1753088 c:\windows\Installer\ce6b21.msi

+ 2008-04-05 18:08 . 2008-04-05 18:08 1720832 c:\windows\Installer\ce6b1c.msi

+ 2008-04-05 18:08 . 2008-04-05 18:08 2595840 c:\windows\Installer\ce6b17.msi

+ 2008-04-05 18:07 . 2008-04-05 18:07 1826304 c:\windows\Installer\ce6b12.msi

+ 2008-04-05 18:07 . 2008-04-05 18:07 1716736 c:\windows\Installer\ce6b0d.msi

+ 2008-04-05 18:05 . 2008-04-05 18:05 1772544 c:\windows\Installer\ce6b08.msi

+ 2008-04-05 23:35 . 2008-04-05 23:35 3563520 c:\windows\Installer\cb1ab.msi

+ 2008-04-05 23:35 . 2008-04-05 23:35 4337664 c:\windows\Installer\cb1a6.msi

+ 2008-01-25 15:08 . 2008-01-25 15:08 3395072 c:\windows\Installer\c8430.msi

+ 2008-09-04 17:52 . 2008-09-04 17:52 4337664 c:\windows\Installer\b78cf5.msp

+ 2009-01-04 16:09 . 2009-01-04 16:09 8990208 c:\windows\Installer\b2357d.msi

+ 2009-01-04 16:08 . 2009-01-04 16:08 1549312 c:\windows\Installer\b23579.msi

+ 2008-04-05 17:03 . 2008-04-05 17:03 1101312 c:\windows\Installer\94611d.msi

+ 2008-06-24 15:08 . 2008-06-24 15:08 2109440 c:\windows\Installer\934add.msi

+ 2009-03-11 18:57 . 2009-03-11 18:57 1193984 c:\windows\Installer\8a4d7.msi

+ 2008-04-06 01:56 . 2008-04-06 01:56 3233280 c:\windows\Installer\895e36.msi

+ 2008-04-06 01:54 . 2008-04-06 01:54 2078208 c:\windows\Installer\895e30.msi

+ 2008-04-06 01:52 . 2008-04-06 01:52 2159104 c:\windows\Installer\8952e1.msi

+ 2008-04-06 01:51 . 2008-04-06 01:51 1772544 c:\windows\Installer\8952dc.msi

+ 2008-01-11 17:13 . 2008-01-11 17:13 5862912 c:\windows\Installer\681a3.msp

+ 2008-01-29 15:00 . 2008-01-29 15:00 7983104 c:\windows\Installer\68190.msp

+ 2008-01-14 18:08 . 2008-01-14 18:08 8411136 c:\windows\Installer\68167.msp

+ 2008-01-14 17:26 . 2008-01-14 17:26 8362496 c:\windows\Installer\68153.msp

+ 2008-01-14 17:26 . 2008-01-14 17:26 4478464 c:\windows\Installer\6813e.msp

+ 2006-08-29 20:50 . 2006-08-29 20:50 3210240 c:\windows\Installer\68115.msp

+ 2006-09-28 14:08 . 2006-09-28 14:08 9573888 c:\windows\Installer\68101.msp

+ 2006-03-28 18:37 . 2006-03-28 18:37 6956032 c:\windows\Installer\680ed.msp

+ 2006-02-22 12:25 . 2006-02-22 12:25 1016832 c:\windows\Installer\680d7.msp

+ 2006-02-27 19:31 . 2006-02-27 19:31 1269248 c:\windows\Installer\680b0.msp

+ 2004-03-11 15:01 . 2004-03-11 15:01 2590720 c:\windows\Installer\6806c.msp

+ 2004-09-13 12:21 . 2004-09-13 12:21 3115008 c:\windows\Installer\68050.msp

+ 2008-11-22 15:12 . 2008-11-22 15:12 1533440 c:\windows\Installer\661326.msi

+ 2009-01-06 11:54 . 2009-01-06 11:54 1769984 c:\windows\Installer\5da1a.msi

+ 2009-01-06 11:54 . 2009-01-06 11:54 1767424 c:\windows\Installer\5da10.msi

+ 2008-04-04 11:46 . 2008-04-04 11:46 1107456 c:\windows\Installer\50cfb.msi

+ 2008-07-09 13:21 . 2008-07-09 13:21 2999808 c:\windows\Installer\4c884.msi

+ 2008-07-09 13:19 . 2008-07-09 13:19 1888256 c:\windows\Installer\4c87d.msi

+ 2008-07-09 13:19 . 2008-07-09 13:19 3060224 c:\windows\Installer\4c86d.msi

+ 2008-07-09 13:18 . 2008-07-09 13:18 1786880 c:\windows\Installer\4c868.msi

+ 2008-07-09 13:18 . 2008-07-09 13:18 1733120 c:\windows\Installer\4c863.msi

+ 2008-07-09 13:18 . 2008-07-09 13:18 1768448 c:\windows\Installer\4c85e.msi

+ 2008-07-09 13:18 . 2008-07-09 13:18 1722880 c:\windows\Installer\4c859.msi

+ 2008-07-09 13:18 . 2008-07-09 13:18 1723904 c:\windows\Installer\4c853.msi

+ 2008-07-09 13:17 . 2008-07-09 13:17 1722880 c:\windows\Installer\4c84d.msi

+ 2008-07-09 13:16 . 2008-07-09 13:16 1774592 c:\windows\Installer\4c842.msi

+ 2008-06-30 17:34 . 2008-06-30 17:34 8416768 c:\windows\Installer\42f168.msp

+ 2008-05-06 13:30 . 2008-05-06 13:30 9577984 c:\windows\Installer\42f140.msp

+ 2009-05-01 02:02 . 2009-05-01 02:02 9628672 c:\windows\Installer\3c493d.msp

+ 2008-04-05 20:09 . 2008-04-05 20:09 1840640 c:\windows\Installer\31af70.msi

+ 2008-04-05 20:09 . 2008-04-05 20:09 1768448 c:\windows\Installer\31af12.msi

+ 2009-01-06 03:02 . 2009-01-06 03:02 4192256 c:\windows\Installer\3164708.msi

+ 2008-08-25 01:43 . 2008-08-25 01:43 2428416 c:\windows\Installer\280a535.msi

+ 2008-08-25 01:42 . 2008-08-25 01:42 1879040 c:\windows\Installer\280a52f.msi

+ 2008-08-25 01:42 . 2008-08-25 01:42 1744384 c:\windows\Installer\280a52a.msi

+ 2008-08-25 01:41 . 2008-08-25 01:41 1718272 c:\windows\Installer\280a525.msi

+ 2008-08-24 23:10 . 2008-08-24 23:10 1767424 c:\windows\Installer\1f5bbec.msi

+ 2008-06-11 23:13 . 2008-06-11 23:13 7988224 c:\windows\Installer\1ce53d8.msp

+ 2008-12-21 23:24 . 2008-12-21 23:24 1098752 c:\windows\Installer\1bbcd0c.msi

+ 2008-10-28 17:59 . 2008-10-28 17:59 8413184 c:\windows\Installer\14fb4c2.msp

+ 2009-04-29 18:03 . 2009-04-29 18:03 8404992 c:\windows\Installer\125ee87.msp

+ 2005-09-23 10:48 . 2005-09-23 10:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi

+ 2008-04-05 23:36 . 2008-04-05 23:36 23867392 c:\windows\Installer\cb1bb.msi

+ 2008-08-19 11:37 . 2008-08-19 11:37 17523712 c:\windows\Installer\b78d09.msp

+ 2007-05-29 17:41 . 2007-05-29 17:41 16549888 c:\windows\Installer\7260a.msp

+ 2008-01-24 18:56 . 2008-01-24 18:56 13570560 c:\windows\Installer\681b8.msp

+ 2008-01-29 16:14 . 2008-01-29 16:14 17524224 c:\windows\Installer\6817b.msp

+ 2005-09-25 14:46 . 2005-09-25 14:46 16084480 c:\windows\Installer\6809c.msp

+ 2004-02-24 13:25 . 2004-02-24 13:25 56876956 c:\windows\Installer\4f4f58.msp

+ 2008-06-20 18:30 . 2008-06-20 18:30 16733184 c:\windows\Installer\42f154.msp

+ 2009-03-09 18:55 . 2009-03-09 18:55 17526272 c:\windows\Installer\1faf9c.msp

+ 2008-10-28 21:17 . 2008-10-28 21:17 17520128 c:\windows\Installer\14fb4ae.msp

+ 2009-05-05 21:06 . 2009-05-05 21:06 17515008 c:\windows\Installer\125eeaf.msp

+ 2005-08-31 07:31 . 2005-08-31 07:31 23870464 c:\windows\Downloaded Installations\Macromedia Flash 8\Macromedia Flash 8.msi

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

"Google Update"="c:\documents and settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-10-18 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]

"USB Storage Toolbox"="c:\arquivos de programas\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-12-27 136600]

"\\MICRO-02\EPSON Stylus C45 Series (cópia 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]

"Auto EPSON Stylus C45 Series (cópia 1) em MICRO-02"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]

"QuickTime Task"="c:\arquivos de programas\QT Lite\qttask.exe" [2008-09-06 413696]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-11-14 16270848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

WinZip Quick Pick.lnk - c:\arquivos de programas\WinZip\WZQKPICK.EXE [2008-9-23 415072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2005-12-07 00:16 176128 ----a-w- c:\arquiv~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Iniciar^Programas^Inicializar^MSN Pictures Displayer.lnk]

backup=c:\windows\pss\MSN Pictures Displayer.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"skp66.exe"= skp66.exe:BNDMSS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

"3306:TCP"= 3306:TCP:TFS Zorty

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [07/06/2009 12:08 97608]

R2 AntiVirFirewallService;Avira Firewall;c:\arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe [07/06/2009 12:08 388865]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\arquivos de programas\Avira\AntiVir Desktop\avmailc.exe [07/06/2009 12:08 194817]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [07/06/2009 12:08 108289]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\arquivos de programas\Avira\AntiVir Desktop\avwebgrd.exe [07/06/2009 12:08 434945]

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [09/12/2008 20:10 24636]

R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]

R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [07/06/2009 12:08 69632]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 14:31 42000]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 XDva223;XDva223; [x]

S3 XDva272;XDva272;\??\c:\windows\system32\XDva272.sys --> c:\windows\system32\XDva272.sys [?]

S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-07-03 c:\windows\Tasks\GlaryInitialize.job

- c:\arquivos de programas\Glary Utilities\initialize.exe [2009-03-21 16:22]

2009-07-03 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.daemon-search.com/startpage

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

uInternet Settings,ProxyServer = 127.0.0.1:8080

IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

LSP: c:\arquivos de programas\Avira\AntiVir Desktop\avsda.dll

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.usinavirtual.com/portal/forum/

FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: c:\arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPBILLARD8.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPBOARDS.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPCARDS.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPDARTS.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPDOMINO.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPNAVY.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPPOKER.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPSNOOKER.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPWORDS.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-03 10:12

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1164)

c:\arquiv~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'lsass.exe'(1220)

c:\arquivos de programas\Avira\AntiVir Desktop\avsda.dll

.

Tempo para conclusão: 2009-07-03 10:14

ComboFix-quarantined-files.txt 2009-07-03 13:14

ComboFix2.txt 2009-06-13 21:08

ComboFix3.txt 2009-06-01 19:57

ComboFix4.txt 2009-05-28 13:15

ComboFix5.txt 2009-07-03 13:03

Pré-execução: 14 pasta(s) 186.212.978.688 bytes disponíveis

Pós execução: 14 pasta(s) 186.281.234.432 bytes disponíveis

344 --- E O F --- 2009-07-03 13:03

Aguardando resposta!

jgarcia · Julho 7, 2009

Opa curseknight,

Siga as instruções:

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::
c:\windows\system32\drivers\vidstub.sys

c:\windows\system32\GameMon.des

c:\windows\system32\XDva272.sys

c:\windows\system32\XDva279.sys

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"skp66.exe"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"=-

"5000:UDP"=-

"3306:TCP"=-

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

Driver::

"BootScreen"

"npggsvc"

"XDva223"

"XDva272"

"XDva279"

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

2. Salve o arquivo como CFScript.txt;

3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.

4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

curseknight · Julho 7, 2009

Opa, já fiz tudo e aqui estão os logs:

LOG DO COMBOFIX (com o script):

ComboFix 09-07-07.A2 - User 07/07/2009 18:44.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.468 [GMT -3:00]

Executando de: c:\documents and settings\User\Meus documentos\FIXBOX\COMBOFIX\ComboFix.exe

Comandos utilizados :: c:\documents and settings\User\Meus documentos\FIXBOX\COMBOFIX\CFScript.txt

AV: avast! antivirus 4.8.1335 [VPS 090706-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

* Criado um novo ponto de restauração

FILE ::

"c:\windows\system32\drivers\vidstub.sys"

"c:\windows\system32\GameMon.des"

"c:\windows\system32\XDva272.sys"

"c:\windows\system32\XDva279.sys"

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\vidstub.sys

c:\windows\system32\GameMon.des

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_BOOTSCREEN

-------\Legacy_XDVA223

-------\Legacy_XDVA272

-------\Legacy_XDVA279

-------\Service_BootScreen

-------\Service_XDva223

-------\Service_XDva272

-------\Service_XDva279

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-07 to 2009-07-07 ))))))))))))))))))))))))))))

.

2010-01-25 15:29 . 2010-01-25 15:29 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\AdobeUM

2010-01-25 15:29 . 2008-07-09 13:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-01-25 15:28 . 2010-01-25 15:28 -------- d-----w- c:\windows\Cache

2010-01-25 15:24 . 2010-01-25 15:24 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Symantec

2010-01-25 15:23 . 2008-04-03 22:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec

2009-07-06 18:39 . 2009-02-05 22:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-07-06 18:39 . 2009-02-05 22:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-07-06 18:39 . 2009-02-05 22:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-07-06 18:39 . 2009-02-05 22:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-07-06 18:39 . 2009-02-05 22:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-07-06 18:39 . 2009-02-05 22:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-07-06 18:39 . 2009-02-05 22:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-07-06 18:39 . 2009-02-05 22:04 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-07-06 18:38 . 2009-02-05 22:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe

2009-07-03 15:05 . 2009-07-03 15:05 -------- d-----w- c:\arquivos de programas\TibiaCam TV Lite

2009-07-01 19:03 . 2009-07-05 19:40 -------- d-----w- c:\arquivos de programas\Tibia_8.5

2009-06-28 00:38 . 2009-06-28 00:40 -------- d-----w- C:\xampp

2009-06-27 17:27 . 2009-06-27 17:27 -------- d-----w- c:\arquivos de programas\PFPortChecker

2009-06-26 17:10 . 2009-06-02 01:36 3184128 ----a-w- c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll

2009-06-26 17:10 . 2009-04-23 15:47 28672 ----a-w- c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll

2009-06-26 17:10 . 2009-03-20 02:57 40960 ----a-w- c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe

2009-06-26 17:10 . 2009-03-20 02:46 102400 ----a-w- c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll

2009-06-26 17:10 . 2009-06-03 18:19 57856 ----a-w- c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll

2009-06-22 20:00 . 2009-06-22 20:00 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Malwarebytes

2009-06-22 20:00 . 2009-06-17 14:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-22 20:00 . 2009-06-22 20:00 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-06-22 20:00 . 2009-06-22 20:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-06-22 20:00 . 2009-06-17 14:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-10 14:03 . 2009-06-10 14:03 2560 ----a-w- c:\windows\_MSRSTRT.EXE

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-06 18:16 . 2009-06-07 15:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-07-06 02:20 . 2008-04-21 17:11 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\Tibia

2009-06-30 03:30 . 2008-10-25 22:52 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\sqlitestudio

2009-06-29 14:33 . 2008-12-10 17:26 -------- d-----w- c:\arquivos de programas\Tibia_8.42

2009-06-27 18:17 . 2008-04-19 00:06 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-22 21:36 . 2009-03-14 12:48 -------- d-----w- c:\arquivos de programas\NetBattle Supremacy

2009-06-20 23:47 . 2008-04-28 19:23 -------- d-----w- c:\arquivos de programas\101 MP3 Splitter and Joiner

2009-06-06 21:20 . 2009-05-28 22:04 -------- d-----w- c:\arquivos de programas\TibiaBot NG PREMIUM VERSION

2009-06-05 00:34 . 2008-05-16 20:36 -------- d-----w- c:\arquivos de programas\HTV

2009-06-03 20:19 . 2008-10-17 17:43 -------- d-----w- c:\arquivos de programas\CyberScript32

2009-06-01 21:13 . 2008-10-31 00:31 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-06-01 18:25 . 2008-11-04 19:53 -------- d-----w- c:\arquivos de programas\Winamp

2009-05-23 03:40 . 2008-08-29 19:34 -------- d-----w- c:\arquivos de programas\Dofus

2009-05-07 15:33 . 2004-08-04 08:45 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:45 . 2004-08-04 08:45 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:45 . 2004-08-04 08:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-25 17:31 . 2001-10-28 15:07 67450 ----a-w- c:\windows\system32\perfc016.dat

2009-04-25 17:31 . 2001-10-28 15:07 425426 ----a-w- c:\windows\system32\perfh016.dat

2009-04-19 19:50 . 2004-08-04 08:38 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:53 . 2004-08-04 08:45 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2008-09-28 01:58 . 2008-09-28 22:18 288 ----a-w- c:\arquivos de programas\NyxLauncherEnc.xfs

2008-05-31 16:43 . 2008-06-04 16:38 37729090 ----a-w- c:\arquivos de programas\Sound.xfs

2008-05-12 23:58 . 2008-05-12 23:58 411248 ----a-w- c:\arquivos de programas\FLV PlayerRCSetup.exe

2007-03-19 12:11 . 2008-04-05 18:05 77209 ----a-w- c:\arquivos de programas\Fireworks CS3 Read Me.pdf

2004-07-08 09:57 . 2008-04-20 14:52 568832 ----a-w- c:\arquivos de programas\pic_editor_v21.exe

2004-06-04 00:11 . 2004-06-04 00:11 737 ----a-w- c:\arquivos de programas\layout.bin

2004-06-04 00:11 . 2004-06-04 00:11 127138500 ----a-w- c:\arquivos de programas\data2.cab

2004-06-04 00:10 . 2004-06-04 00:10 577634 ----a-w- c:\arquivos de programas\data1.hdr

2004-06-04 00:10 . 2004-06-04 00:10 11642103 ----a-w- c:\arquivos de programas\data1.cab

2004-06-04 00:10 . 2004-06-04 00:10 392284 ----a-w- c:\arquivos de programas\setup.boot

2004-06-04 00:09 . 2004-06-04 00:09 480 ----a-w- c:\arquivos de programas\setup.ini

2004-06-04 00:09 . 2004-06-04 00:09 338304 ----a-w- c:\arquivos de programas\setup.inx

2004-06-03 22:25 . 2004-06-03 22:25 720056 ----a-w- c:\arquivos de programas\setup.bmp

2004-06-03 22:25 . 2004-06-03 22:25 2902 ----a-w- c:\arquivos de programas\Abcpy.ini

2002-12-05 18:16 . 2002-12-05 18:16 418296 ----a-w- c:\arquivos de programas\engine32.cab

2002-10-23 21:32 . 2002-10-23 21:32 243858 ----a-w- c:\arquivos de programas\setup.skin

2007-03-09 08:12 . 2007-03-09 08:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll

.

((((((((((((((((((((((((((((( SnapShot_2009-07-03_13.12.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-07 14:49 . 2009-07-07 14:49 16384 c:\windows\temp\Perflib_Perfdata_764.dat

+ 2009-07-07 21:52 . 2009-07-07 21:52 16384 c:\windows\temp\Perflib_Perfdata_74c.dat

+ 2009-07-07 21:52 . 2009-07-07 21:52 16384 c:\windows\temp\Perflib_Perfdata_6d0.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

"Google Update"="c:\documents and settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-10-18 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]

"USB Storage Toolbox"="c:\arquivos de programas\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-12-27 136600]

"\\MICRO-02\EPSON Stylus C45 Series (cópia 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]

"Auto EPSON Stylus C45 Series (cópia 1) em MICRO-02"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]

"QuickTime Task"="c:\arquivos de programas\QT Lite\qttask.exe" [2008-09-06 413696]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-11-14 16270848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

WinZip Quick Pick.lnk - c:\arquivos de programas\WinZip\WZQKPICK.EXE [2008-9-23 415072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2005-12-07 00:16 176128 ----a-w- c:\arquiv~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Menu Iniciar^Programas^Inicializar^MSN Pictures Displayer.lnk]

backup=c:\windows\pss\MSN Pictures Displayer.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/07/2009 15:39 114768]

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [09/12/2008 20:10 24636]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/07/2009 15:39 20560]

R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 14:31 42000]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-07-07 c:\windows\Tasks\GlaryInitialize.job

- c:\arquivos de programas\Glary Utilities\initialize.exe [2009-03-21 16:22]

2009-07-07 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.daemon-search.com/startpage

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

uInternet Settings,ProxyServer = 127.0.0.1:8080

IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.usinavirtual.com/portal/forum/

FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: c:\arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - component: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPBILLARD8.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPBOARDS.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPCARDS.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPDARTS.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPDOMINO.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPNAVY.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPPOKER.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPSNOOKER.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPWORDS.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-07 18:53

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(800)

c:\arquiv~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(276)

c:\arquivos de programas\IconChanger\IconChng.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\xampp\mysql\bin\mysqld.exe

c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\windows\system32\wdfmgr.exe

c:\arquiv~1\WinZip\WZQKPICK.EXE

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-07-07 18:57 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-07-07 21:57

ComboFix2.txt 2009-07-03 13:14

ComboFix3.txt 2009-06-13 21:08

ComboFix4.txt 2009-06-01 19:57

ComboFix5.txt 2009-07-07 21:43

Pré-execução: 14 pasta(s) 191.718.051.840 bytes disponíveis

Pós execução: 14 pasta(s) 191.779.983.360 bytes disponíveis

246 --- E O F --- 2009-07-03 13:03

LOG DO HIJACKTHIS (após passar o ComboFix):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:54, on 07/07/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\xampp\apache\bin\httpd.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\xampp\mysql\bin\mysqld.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\xampp\apache\bin\httpd.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Meus documentos\FIXBOX\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll

O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\lwaeddd1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.69.dll (file missing)

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [\\MICRO-02\EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P44 "\\MICRO-02\EPSON Stylus C45 Series (cópia 1)" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [Auto EPSON Stylus C45 Series (cópia 1) em MICRO-02] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P50 "Auto EPSON Stylus C45 Series (cópia 1) em MICRO-02" /O21 "\\MICRO-02\Impressora" /M "Stylus C45"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QT Lite\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 9568 bytes

Analise os logs, mesma regra, se o problema persistir eu digo.

E obrigado por sua disposição em me ajudar!

EDIT: Chequei rapidamente aqui abrindo alguns programas, ainda persiste o problema. Mas creio que estamos chegando perto da solução!

jgarcia · Julho 9, 2009

Opa curseknight,

1. Baixe o BankerFix 3.0.

2. Desative o seu anti-vírus temporariamente.

3. Dê um duplo-clique sobre o bankerfix.exe. A janela do Banker Fix 3.0 abrir-se-á com a seguinte pergunta Instalar o BankerFix 3.0 / Install BankerFix 3.0 ? >> clique em SIM.

4. Uma janela informando que o BankerFix 3.0 será baixado via internet abrir-se-á >> clique sobre OK e aguarde. Na próxima janela clique em OK mais uma vez, a fim de que o BankerFix 3.0 seja iniciado.

5. Pressione qualquer tecla para dar continuidade ao processo e aguarde até que a varredura se complete. Tenha paciência, pois ela pode demorar alguns minutos.

6. Terminado o scan, leia a mensagem na tela e aperte Enter.

7. Habilite o seu anti-vírus.

8. Retorne com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

9. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

Abraços.

PS.: Caso apareça a seguinte mensagem: Site denunciado como foco de ataques!, não se preocupe e clique sobre Ignorar este alerta.

curseknight · Julho 9, 2009

O programa não encontrou nada, tudo que está no relatorio.txt é o seguinte:

BankerFix 3.0 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-07-09 - 17:34

-------------------------------------------------------

Lista de Definição: 2009-06-26-1 | CORE: 2009-01-21-1

=======================================================

----- Fim -------------------------

Bom, meu pc vem travando toda vez que eu abro algum programa pesado, como firefox. Depois de um tempo destrava, mas é realmente perturbador. As vezes quando abro a pasta "meu computador" o computador dá uma travada feia e ao lado do ponteiro aparece um ícone de cd. Talvez essa nova descrição dos sintomas te ajude, e mais uma vez obrigado.

jgarcia · Julho 20, 2009

Opa curseknight,

Vamos tentar resolver o problema remanescente por meio do CCleaner -> baixe aqui.

1. Para efetivar a limpeza basta marcar a opção Limpeza – no alto e à esquerda – e clicar em Executar Limpeza – abaixo e à direita. Neste caso você poderá optar pela limpeza do Windows, de Programas ou de ambos;

2. Para a correção de erros basta escolher a opção Registro – no alto e à esquerda – clicar em Procurar erros – abaixo e à esquerda – e depois em Corrigir Erros Selecionados – abaixo e à direita (por padrão todos serão selecionados);

3. Em Ferramentas – no alto e à esquerda – você poderá efetivar a desinstalação de programas (os mesmos contidos em Adicionar / Remover programas) ou ainda remover processos de programas contidos na inicialização (somente para usuários experientes);

4. Em Opções encontram-se os dispositivos de configuração do CCleaner, os quais sugiro que permaneçam inalterados.

Execute as ações acima (apenas 1. e 2.) e verifique se o problema foi resolvido.

Abraços.

curseknight · Julho 24, 2009

Fiz como foi dito, mas as travadas ainda continuam. É caso de formatação?

jgarcia · Agosto 1, 2009

Fiz como foi dito, mas as travadas ainda continuam. É caso de formatação?

Infelizmente sim. Esgotadas todas as possibilidades técnicas, o FORMAT C passa a ser a única solução viável e eficaz. :(

Abraços e disponha sempre que precisar. :thumbsup:

Mário Monteiro · Setembro 3, 2009

PROBLEMA RESOLVIDO!

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Arquivado

[Resolvido!] PC se comportando de modo estranho.

Recommended Posts

curseknight 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

curseknight 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

curseknight 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

curseknight 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

curseknight 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

curseknight 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

curseknight 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

curseknight 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

curseknight 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

Fixar div até atingir uma certa altura