[Arquivado] Problemas com Explorer

[Ben-Hur 0]

Obrigado por esclarecer o Obs.

 

Segue os logs Combofix e Hijack respectivamente:

 

ComboFix 09-07-01.04 - Administrador 02/07/2009 16:35:17.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2046.1491 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt

 

FILE ::

"C:\docume~1\admini~1\config~1\temp\CPRF.tmp"

"C:\DOCUME~1\ADMINI~1\red.exe"

"C:\windows\dllmgr.exe"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\5_5

C:\5_5\5\DesKTop.ini

c:\arquivos de programas\dna\btdna.exe

C:\C

C:\C\Settings\dEsKtOp.InI

C:\DATA

C:\DATA\FILES\Desktop.ini

C:\FILES

C:\FILES\REMOVED\Desktop.ini

C:\MEMORY

C:\memory\S-v-6-2009\Desktop.ini

C:\Nsum

C:\Nsum\F\Desktop.ini

C:\Thun

C:\Thun\F\Desktop.ini

c:\windows\system32\ddd

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GARENAPENGINE

-------\Service_GarenaPEngine

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-02 to 2009-07-02 ))))))))))))))))))))))))))))

.

 

2009-06-30 17:14:45 . 2009-06-30 18:58:15 0 d-----w- C:\Arquivos de programas\Thoosje Vista Sidebar

2009-06-30 16:40:56 . 2009-06-30 16:56:53 819232 --sha-w- C:\WINDOWS\system32\drivers\fidbox.dat

2009-06-29 19:31:34 . 2009-02-05 22:06:10 23152 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys

2009-06-29 19:31:33 . 2009-02-05 22:06:20 51376 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys

2009-06-29 19:31:33 . 2009-02-05 22:05:11 26944 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys

2009-06-29 19:31:29 . 2009-02-05 22:07:23 114768 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys

2009-06-29 19:31:29 . 2009-02-05 22:07:12 20560 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2009-06-29 19:31:29 . 2009-02-05 22:04:45 97480 ----a-w- C:\WINDOWS\system32\AvastSS.scr

2009-06-29 19:31:28 . 2009-02-05 22:08:19 93296 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys

2009-06-29 19:31:28 . 2009-02-05 22:08:10 94032 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys

2009-06-29 19:31:12 . 2009-02-05 22:11:35 1256296 ----a-w- C:\WINDOWS\system32\aswBoot.exe

2009-06-29 19:31:12 . 2003-03-18 20:20:00 1060864 ----a-w- C:\WINDOWS\system32\MFC71.dll

2009-06-29 19:31:10 . 2009-06-29 19:31:10 0 d-----w- C:\Arquivos de programas\Alwil Software

2009-06-28 15:25:22 . 2009-06-28 18:46:04 0 d-----w- C:\Arquivos de programas\a-squared Free

2009-06-28 15:13:59 . 2009-06-28 15:14:10 0 d-----w- C:\Hijack

2009-06-28 14:53:57 . 2009-06-28 14:54:52 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater

2009-06-28 14:53:45 . 2009-06-28 14:53:46 0 d-----w- C:\Arquivos de programas\Autorun Eater

2009-06-28 14:47:46 . 2009-06-28 14:47:46 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Ashampoo

2009-06-28 14:47:38 . 2009-01-09 15:46:22 39776 ----a-w- C:\WINDOWS\system32\DfSdkBt64.exe

2009-06-28 14:47:38 . 2009-01-09 15:46:20 33632 ----a-w- C:\WINDOWS\system32\DfSdkBt.exe

2009-06-28 14:47:36 . 2009-06-28 14:47:36 0 d-----w- C:\Arquivos de programas\Ashampoo

2009-06-26 00:45:03 . 2009-06-30 00:24:40 33951 ----a-w- C:\WINDOWS\system32\log.dll

2009-06-26 00:37:26 . 2009-06-26 00:39:35 0 d-----w- C:\WINDOWS\mpass XP patch

2009-06-26 00:29:09 . 1997-04-08 23:08:10 299520 ----a-w- C:\WINDOWS\uninst.exe

2009-06-26 00:29:05 . 1997-08-25 16:55:36 407312 ------w- C:\WINDOWS\system32\msrepl35.dll

2009-06-26 00:29:05 . 1997-08-25 16:55:30 1045776 ------w- C:\WINDOWS\system32\msjet35.dll

2009-06-26 00:29:05 . 1997-01-13 03:00:00 37136 ------w- C:\WINDOWS\system32\Msjint35.dll

2009-06-26 00:29:05 . 1996-12-05 03:00:00 77824 ------w- C:\WINDOWS\system32\Odbctl32.dll

2009-06-26 00:29:05 . 1996-12-02 21:44:26 251664 ------w- C:\WINDOWS\system32\msrd2x35.dll

2009-06-26 00:29:05 . 1996-12-02 21:44:26 24336 ------w- C:\WINDOWS\system32\msjter35.dll

2009-06-26 00:29:05 . 1996-11-08 05:48:12 368912 ------w- C:\WINDOWS\system32\vbar332.dll

2009-06-26 00:29:05 . 1996-10-31 03:00:00 22288 ------w- C:\WINDOWS\system32\ComCat.dll

2009-06-26 00:28:58 . 2009-06-26 00:28:58 0 d-----w- C:\WINDOWS\NTBJRSTR

2009-06-25 23:55:11 . 2009-06-26 00:21:01 0 d-----w- C:\temp\C530

2009-06-25 23:55:11 . 2009-06-25 23:55:11 0 d-----w- C:\Temp

2009-06-25 16:20:48 . 2009-06-25 16:20:48 0 d-----w- C:\WINDOWS\system32\wbem\Repository

2009-06-25 15:38:01 . 1999-05-14 07:44:34 8976 ----a-r- C:\WINDOWS\system32\MPRSTR.DRV

2009-06-23 16:12:53 . 2009-06-23 16:12:53 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes

2009-06-23 16:10:53 . 2009-06-17 14:27:56 38160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2009-06-23 16:10:52 . 2009-06-23 20:46:42 0 d-----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2009-06-23 16:10:52 . 2009-06-23 16:10:52 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2009-06-23 16:10:52 . 2009-06-17 14:27:44 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2009-06-23 15:56:06 . 2009-06-23 15:56:06 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2009-06-21 16:24:38 . 2009-06-21 16:24:38 0 d-----w- C:\Arquivos de programas\ESET

2009-06-20 16:42:55 . 2009-06-20 16:42:55 577536 ----a-w- C:\WINDOWS\system32\dllcache\user32.dll

2009-06-20 16:41:22 . 2009-06-26 21:47:18 0 d-----w- C:\WINDOWS\ERUNT

2009-06-20 16:41:21 . 2009-06-20 17:04:39 0 d-----w- C:\Backups

2009-06-04 00:01:07 . 2009-06-04 00:01:07 1878984 ----a-w- C:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-02 20:39:12 . 2009-03-13 16:10:22 117760 ----a-w- C:\Documents and Settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-07-02 20:39:08 . 2009-04-08 18:24:18 0 d---a-w- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-07-02 20:38:47 . 2008-07-30 16:25:03 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Orbit

2009-07-02 19:38:45 . 2008-12-21 12:17:20 0 d-----w- C:\Arquivos de programas\DNA

2009-07-02 17:40:38 . 2008-11-02 17:31:57 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\SPORE

2009-07-02 17:31:06 . 2008-07-30 16:25:02 0 d-----w- C:\Arquivos de programas\Orbitdownloader

2009-07-02 15:43:23 . 2009-04-08 18:24:01 0 d-----w- C:\Arquivos de programas\Spyware Doctor

2009-07-02 15:27:39 . 2008-08-24 18:13:50 0 d-----w- C:\Arquivos de programas\Garena

2009-07-02 01:49:45 . 2008-12-21 12:17:20 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\DNA

2009-07-02 00:26:35 . 2008-08-25 22:04:26 0 d-----w- C:\Arquivos de programas\Warcraft III

2009-06-30 16:56:53 . 2009-06-30 16:40:56 11720 --sha-w- C:\WINDOWS\system32\drivers\fidbox.idx

2009-06-30 16:28:24 . 2008-07-30 15:38:30 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\foobar2000

2009-06-30 00:24:57 . 2009-03-07 15:06:13 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\AVGTOOLBAR

2009-06-29 19:33:09 . 2008-07-30 13:23:47 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2009-06-28 20:32:27 . 2008-09-26 16:37:41 0 d-----w- C:\Arquivos de programas\Razor

2009-06-27 12:54:08 . 2008-07-30 15:39:20 0 d-----w- C:\Arquivos de programas\DreaMule

2009-06-27 12:52:57 . 2009-02-28 17:26:22 0 d-----w- C:\Arquivos de programas\OnGame

2009-06-26 00:43:25 . 2009-03-13 16:06:27 0 d-----w- C:\Arquivos de programas\SUPERAntiSpyware

2009-06-26 00:27:20 . 2009-06-26 00:27:20 0 d-----w- C:\Arquivos de programas\Canon

2009-06-24 17:36:29 . 2008-08-18 01:25:21 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2009-06-23 15:57:41 . 2008-08-17 17:49:28 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Megacubo

2009-06-21 17:36:27 . 2008-07-30 12:28:33 0 d--h--w- C:\Arquivos de programas\InstallShield Installation Information

2009-05-23 00:01:18 . 2009-05-23 00:01:17 0 d-----w- C:\Arquivos de programas\Defraggler

2009-05-22 23:05:05 . 2008-10-27 17:10:15 0 d-----w- C:\Arquivos de programas\CCleaner

2009-05-18 23:27:52 . 2009-04-08 18:24:12 130936 ----a-w- C:\WINDOWS\system32\drivers\PCTCore.sys

2009-05-15 23:55:29 . 2008-08-09 16:54:27 34 ----a-w- C:\Documents and Settings\Administrador\jagex_runescape_preferences.dat

2009-05-08 21:23:21 . 2009-05-08 21:23:20 0 d-----w- C:\Arquivos de programas\Free WMA to MP3 Converter

2009-04-25 17:22:54 . 2008-10-21 21:45:17 721904 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys

2009-04-23 16:26:05 . 2009-04-23 16:26:14 410984 ----a-w- C:\WINDOWS\system32\deploytk.dll

2009-04-05 15:38:30 . 2001-10-28 14:07:18 77658 ----a-w- C:\WINDOWS\system32\perfc016.dat

2009-04-05 15:38:30 . 2001-10-28 14:07:18 449496 ----a-w- C:\WINDOWS\system32\perfh016.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VisualTaskTips"="C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2008-05-31 10:50:18 65536]

"SUPERAntiSpyware"="C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-26 00:43:25 1830128]

"UIWatcher"="C:\Arquivos de programas\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe" [2009-06-24 12:01:04 2529624]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 21:50:38 3885408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-10-07 15:33:00 13574144]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 14:50:42 155648]

"DrvIcon"="C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe" [2008-04-13 12:39:20 49152]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-08-18 17:22:50 185896]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-10-07 15:33:00 86016]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-23 16:26:06 148888]

"PWRISOVM.EXE"="C:\Arquivos de programas\PowerISO\PWRISOVM.EXE" [2009-03-15 10:15:16 180224]

"Autorun Eater"="C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe" [2009-05-27 01:54:10 549400]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 22:08:45 81000]

"ISTray"="C:\Arquivos de programas\Spyware Doctor\pctsTray.exe" [2008-12-08 17:33:48 1173384]

"nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2008-10-07 15:33:00 1630208]

"RTHDCPL"="RTHDCPL.EXE" - C:\WINDOWS\RTHDCPL.exe [2007-07-05 08:08:46 16380416]

"SkyTel"="SkyTel.EXE" - C:\WINDOWS\SkyTel.exe [2007-06-15 08:45:50 1826816]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:45:32 25088]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - C:\WINDOWS\system32\advpack.dll [2004-08-04 02:45:22 101376]

 

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

Blaero Start Orb.lnk - C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe [2006-7-30 521216]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-7-30 1719496]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoDevMgrUpdate"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 12:13:36 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 14:05:34 356352 ----a-w- C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Thoosje Sidebar.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Thoosje Sidebar.lnk

backup=C:\WINDOWS\pss\Thoosje Sidebar.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Thoosje Vista Sidebar.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Thoosje Vista Sidebar.lnk

backup=C:\WINDOWS\pss\Thoosje Vista Sidebar.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^WinFlip.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\WinFlip.lnk

backup=C:\WINDOWS\pss\WinFlip.lnkStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\Garena\\Garena.exe"=

"C:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\Client.exe"=

"C:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\benbolux\\counter-strike\\hl.exe"=

"C:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"C:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\No_Crypt_Client_2d.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7700:TCP"= 7700:TCP:THE DUEL

"7800:TCP"= 7800:TCP:THE DUEL

 

R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [8/4/2009 15:24:12 130936]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [29/6/2009 16:31:29 114768]

R1 SASDIFSV;SASDIFSV;C:\Arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [17/2/2009 11:43:28 9968]

R1 SASKUTIL;SASKUTIL;C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [17/2/2009 11:43:28 55024]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [29/6/2009 16:31:29 20560]

R2 fssfltr;FssFltr;C:\WINDOWS\system32\drivers\fssfltr_tdi.sys [9/1/2009 18:59:30 55136]

R2 fsssvc;Windows Live Proteção para a Família;C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe [6/2/2009 18:08:58 533360]

R2 sdAuxService;PC Tools Auxiliary Service;C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe [8/4/2009 15:24:02 348752]

R3 SASENUM;SASENUM;C:\Arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [17/2/2009 11:43:30 7408]

S3 XDva186;XDva186;\??\C:\WINDOWS\system32\XDva186.sys --> C:\WINDOWS\system32\XDva186.sys [?]

S3 XDva223;XDva223;\??\C:\WINDOWS\system32\XDva223.sys --> C:\WINDOWS\system32\XDva223.sys [?]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*Deregistered* - mchInjDrv

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Notify-avgrsstarter - avgrsstx.dll

 

 

.

------- Scan Suplementar -------

.

uStart Page = about:blank

mWindow Title =

uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/

IE: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: {A8CB1820-2298-4676-9080-87A69D6656C2} = 172.161.169.245,200.165.132.147

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

FF - ProfilePath - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\2uxhzj0s.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - plugin: C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

 

---- FIREFOX POLICIES ----

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");.

 

--------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:42:23, on 2/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

C:\Arquivos de programas\Autorun Eater\billy.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Hijack\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Autorun Eater] C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [uIWatcher] C:\Arquivos de programas\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB1820-2298-4676-9080-87A69D6656C2}: NameServer = 172.161.169.245,200.165.132.147

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MPService - Canon Information Systems, Inc. - C:\Arquivos de programas\Canon\MultiPASS\mpservic.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 9674 bytes

 

 

Abraço!

[DigRam 144]

Boa Noite! Ben-Hur

 

<@> Abra o HijackThis,e dê Fix nestas entradas:

 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

 

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

 

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

 

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

 

<@> Terminando,reinicie o computador!

<><><><><><><><><><>

<@> O log do HijackThis,está limpo! Portanto,o procedimento,logo abaixo,pode ser dispensado.

<@> Execute uma avaliação Expert,caso queira,em RunScanner.

<@> Baixe: < Runscanner v. 1.8.0.0 >

<@> Salve-o no Disco local(C) ou Desktop.

<@> Descompacte-o e reserve o executável. ( RunScanner.exe )

<@> Abra o programa e,com o botão Expert mode já marcado,clique Ok.

<@> Feche todas as janelas/programas,antes de executar este utilitário.

<@> Rode-o,clicando em Scan computer. --> Aguarde!

<@> Terminando,clique no menu: "Online analysis" <-- Esteja conectado!

<@> Abrirá a página: "online malware analysis report"

<@> Copie o resultado desta análise;Report Url:,para o seu computador. ( report.aspx )

<@> Coloque-o em um zip,dispondo-o no Desktop.

<@> Mantenha a extenção ( .aspx ),ao copiá-lo!

<@> Não desejando a verificação OnLine,salve-o como Arquivo RUN.

<@> Clique em "Save Run File" --> Coloque-o em um zip,dispondo-o na área de trabalho.

<@> Vá,agora,à este endereço: < Badongo >

<@> Faça upload do report.aspx.zip ou runscanner.run,que estão no desktop,para esse servidor. <-- Badongo!

<@> Copie o(s) endereço(s),que lhe serão fornecidos,para este Tópico. ( Report Url: ) ou ( Arquivo RUN )

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.