drakos 0 Denunciar post Postado Setembro 3, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:55:26, on 03/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\PnkBstrA.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\PnkBstrB.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\ARQUIV~1\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Hijack\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: (no name) - {d4c128fa-6b45-4546-9683-f31426cff209} - c:\windows\system32\lhgzgmy.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WheelMouse] C:\ARQUIV~1\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://clickjogos.uol.com.br/Jogos-online/Acao-e-Aventura/FFX-Runner/" O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\msdrive32.exe O4 - Startup: .security O4 - Global Startup: .security O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: aetybvzf - C:\WINDOWS\SYSTEM32\lhgzgmy.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 6242 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Setembro 4, 2009 Baixe o Malwarebytes dê um destes locais abaixo: Link 1 Link 2 -- Salve o programa no seu Desktop (área de trabalho) • Dê um duplo clique no programa para executá-lo. • Atualize o programa Malwarebytes. • Escolha a Verificação Completa (Tenha paciência, é um pouco demorado) • Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta. • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log. • Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante). • O log do programa será aberto automaticamente para você. • Poste-o na sua próxima resposta juntamente com um novo log do hijackThis. Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente. Compartilhar este post Link para o post Compartilhar em outros sites
drakos 0 Denunciar post Postado Setembro 22, 2009 ok obrigado bom vamos la : Malwarebytes' Anti-Malware 1.41 Versão do banco de dados: 2826 Windows 5.1.2600 Service Pack 2 (Safe Mode) 20/09/2009 20:35:19 mbam-log-2009-09-20 (20-35-19).txt Tipo de Verificação: Completa (A:\|C:\|D:\|E:\|) Objetos verificados: 170751 Tempo decorrido: 12 minute(s), 13 second(s) Processos da Memória infectados: 1 Módulos de Memória Infectados: 2 Chaves do Registro infectadas: 17 Valores do Registro infectados: 1 Ítens do Registro infectados: 3 Pastas infectadas: 0 Arquivos infectados: 6 Processos da Memória infectados: C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Unloaded process successfully. Módulos de Memória Infectados: C:\WINDOWS\system32\phlzmtzn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\lhgzgmy.dll (Trojan.Vundo.H) -> Delete on reboot. Chaves do Registro infectadas: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d4c128fa-6b45-4546-9683-f31426cff209} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\aetybvzf (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{d4c128fa-6b45-4546-9683-f31426cff209} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000d232-1797-4626-a94f-af175c41ece5} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0000d232-1797-4626-a94f-af175c41ece5} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000d232-1797-4626-a94f-af175c41ece5} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fhgpxoea (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fhgpxoea (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fhgpxoea (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d4c128fa-6b45-4546-9683-f31426cff209} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ekhiqiqa (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ekhiqiqa (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ekhiqiqa (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ekhiqiqa (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/drivers/vxxrcypf.sys (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vxxrcypf.sys (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vxxrcypf.sys (Rootkit.Agent) -> Delete on reboot. Valores do Registro infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully. Ítens do Registro infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: c:\WINDOWS\system32\lhgzgmy.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\phlzmtzn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ixysmjw.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\drivers\ekhiqiqa.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\vxxrcypf.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:21:37, on 22/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\A4Tech\Mouse\Amoumain.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe C:\Hijack\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: (no name) - {d4c128fa-6b45-4546-9683-f31426cff209} - c:\windows\system32\lhgzgmy.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [WheelMouse] C:\ARQUIV~1\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://clickjogos.uol.com.br/Jogos-online/Acao-e-Aventura/FFX-Runner/" O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: aetybvzf - C:\WINDOWS\SYSTEM32\lhgzgmy.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 5803 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Setembro 22, 2009 Faça o download do ComboFix de um destes locais: Link 1. Link 2. Link 3. Importante! Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança. Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado. Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional. Certifique-se de que você salvou ComboFix.exe para o seu desktop. • Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta. • Dê um duplo clique no ComboFix.exe & siga as instruções. • Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware. • Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console. -- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos. Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem: Clique em Sim, para continuar a varredura de malware. Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis. Compartilhar este post Link para o post Compartilhar em outros sites
drakos 0 Denunciar post Postado Setembro 24, 2009 ComboFix 09-09-23.02 - FAMILIA 24/09/2009 1:38.1.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2046.1687 [GMT -3:00] Executando de: c:\documents and settings\FAMILIA\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\FAMILIA\CONFIG~1\Temp\502.exe c:\recycler\S-1-5-21-0054083668-8098245973-192123591-7337 c:\recycler\S-1-5-21-0222092389-5135532072-140691296-9394 c:\recycler\S-1-5-21-0241545462-3485959817-386454928-1302 c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1077 c:\recycler\S-1-5-21-0535984130-2595656182-624617258-4373 c:\recycler\S-1-5-21-0770657423-9957140239-344696528-1291 c:\recycler\S-1-5-21-0927020446-3370569362-347822294-5035 c:\recycler\S-1-5-21-1141375615-9728657716-717996357-4030 c:\recycler\S-1-5-21-1902121227-2394623628-515141629-7924 c:\recycler\S-1-5-21-1930008156-6534356220-868268172-4297 c:\recycler\S-1-5-21-2029126737-4906123207-011314617-6803 c:\recycler\S-1-5-21-2106356755-9497013739-373398107-0136 c:\recycler\S-1-5-21-2679360669-2244136944-781973790-7600 c:\recycler\S-1-5-21-3121709754-3593490186-533834581-0263 c:\recycler\S-1-5-21-3623960918-6554825212-077224994-0029 c:\recycler\S-1-5-21-3651859227-6656164220-807241344-0193 c:\recycler\S-1-5-21-3723987041-1200251293-848005557-6354 c:\recycler\S-1-5-21-3814112336-6764552135-952097413-0008 c:\recycler\S-1-5-21-4109375158-2410959109-475318577-9344 c:\recycler\S-1-5-21-4301106187-4322432477-038455468-8488 c:\recycler\S-1-5-21-4405537089-0857448906-391113914-9595 c:\recycler\S-1-5-21-5083979046-8355569055-289915814-5590 c:\recycler\S-1-5-21-5206547064-5027246172-827036537-8203 c:\recycler\S-1-5-21-5350211373-7659637841-291310101-3193 c:\recycler\S-1-5-21-5451356341-9818259334-036788090-4501 c:\recycler\S-1-5-21-5602174111-4622001053-863936935-1629 c:\recycler\S-1-5-21-5623641148-2834304743-040113679-3482 c:\recycler\S-1-5-21-5720421167-4332847301-862911169-7198 c:\recycler\S-1-5-21-5847048546-0209038421-404879751-3919 c:\recycler\S-1-5-21-5946494467-1630045617-429931692-1839 c:\recycler\S-1-5-21-5961501865-8140550188-380830099-2520 c:\recycler\S-1-5-21-6210469234-6058325479-007419193-5715 c:\recycler\S-1-5-21-6256123682-2977844484-920903709-4836 c:\recycler\S-1-5-21-6666724709-9350382126-545064195-6466 c:\recycler\S-1-5-21-6833702013-4652679406-056506920-1198 c:\recycler\S-1-5-21-7497932749-2416906274-799728544-0942 c:\recycler\S-1-5-21-7653430512-8438440619-751487280-7603 c:\recycler\S-1-5-21-7699761869-6974065353-279467221-1763 c:\recycler\S-1-5-21-7807512937-3529488171-588336418-4289 c:\recycler\S-1-5-21-7848393925-7506961599-295439935-4915 c:\recycler\S-1-5-21-8368871075-2812623155-971562577-7953 c:\recycler\S-1-5-21-8432386965-3738493436-198810547-6796 c:\recycler\S-1-5-21-8578364629-6782463605-331126662-8281 c:\recycler\S-1-5-21-8586973485-6316699679-265826543-5256 c:\recycler\S-1-5-21-8668145511-4479163657-638735571-8197 c:\recycler\S-1-5-21-8845223908-2213727326-434914057-7902 c:\recycler\S-1-5-21-9025123810-6481885604-949430877-9707 c:\recycler\S-1-5-21-9072495255-9558931271-143178032-3200 c:\recycler\S-1-5-21-9362495577-2990560338-033787464-3097 c:\recycler\S-1-5-21-9452990235-6340749168-304389720-4418 c:\recycler\S-1-5-21-9543436851-3737621482-191130651-4925 c:\recycler\S-1-5-21-9644640310-0205885121-830544614-5958 c:\recycler\S-1-5-21-9827140323-4740066315-503268865-7813 c:\recycler\S-1-5-21-9938905266-7101117598-342444633-2795 c:\windows\system32\drivers\ekhiqiqa.sys c:\windows\system32\drivers\vxxrcypf.sys c:\windows\system32\inmbox c:\windows\system32\inmbox\Config.ini c:\windows\system32\inmbox\iData\1064963578\bnanovaes1231969268.xml c:\windows\system32\inmbox\iData\1064963578\f48inho_143676762407.xml c:\windows\system32\inmbox\iData\1064963578\MessageLog.xsl c:\windows\system32\inmbox\iData\1846291854\andre_o_maximo2678133009.xml c:\windows\system32\inmbox\iData\1846291854\giovanna_muito_linda1846291854.xml c:\windows\system32\inmbox\iData\1846291854\latoya.lah3160174336.xml c:\windows\system32\inmbox\iData\1846291854\MessageLog.xsl c:\windows\system32\inmbox\iData\1846291854\milena_muito_linda3727050937.xml c:\windows\system32\inmbox\iData\1846291854\pedrocas96950501663.xml c:\windows\system32\inmbox\iData\1846291854\raizzafhatschbach2449466979.xml c:\windows\system32\inmbox\iData\2015172395\ma-arcelo77694816.xml c:\windows\system32\inmbox\iData\2015172395\MessageLog.xsl c:\windows\system32\inmbox\iData\2015172395\rafa_hatschbach1435661477.xml c:\windows\system32\inmbox\iData\2449466979\anelize_barbosa3870007600.xml c:\windows\system32\inmbox\iData\2449466979\babi_winter2509111473.xml c:\windows\system32\inmbox\iData\2449466979\biankinha.zs2994296519.xml c:\windows\system32\inmbox\iData\2449466979\catgell1024454351.xml c:\windows\system32\inmbox\iData\2449466979\eric_seichi1844163950.xml c:\windows\system32\inmbox\iData\2449466979\fabiana_hatschbach1390248149.xml c:\windows\system32\inmbox\iData\2449466979\fernando_sosa293180989680.xml c:\windows\system32\inmbox\iData\2449466979\gagao_peixeiro3390875658.xml c:\windows\system32\inmbox\iData\2449466979\giovanna_muito_linda1846291854.xml c:\windows\system32\inmbox\iData\2449466979\gus.tavo.gomes25890171746.xml c:\windows\system32\inmbox\iData\2449466979\hericktexeira1733913175.xml c:\windows\system32\inmbox\iData\2449466979\juliofervelp3729769434.xml c:\windows\system32\inmbox\iData\2449466979\kaiquetexeira3077594273.xml c:\windows\system32\inmbox\iData\2449466979\karen.harumi2125585488.xml c:\windows\system32\inmbox\iData\2449466979\largatixa_foguinho2976614402.xml c:\windows\system32\inmbox\iData\2449466979\luper_0003195597958.xml c:\windows\system32\inmbox\iData\2449466979\mayara_annies1661807431.xml c:\windows\system32\inmbox\iData\2449466979\MessageLog.xsl c:\windows\system32\inmbox\iData\2449466979\milena_muito_linda3727050937.xml c:\windows\system32\inmbox\iData\2449466979\rafa_hatschbach1435661477.xml c:\windows\system32\inmbox\iData\3160174336\jmalacoski2988810473.xml c:\windows\system32\inmbox\iData\3160174336\MessageLog.xsl c:\windows\system32\inmbox\iData\3160174336\milena_muito_linda3727050937.xml c:\windows\system32\inmbox\iData\3727050937\giovanna_muito_linda1846291854.xml c:\windows\system32\inmbox\iData\3727050937\MessageLog.xsl c:\windows\system32\inmbox\iData\3727050937\raizzafhatschbach2449466979.xml c:\windows\system32\inmbox\iData\4278423633\ca.mi.la_gata2469234610.xml c:\windows\system32\inmbox\iData\4278423633\debinha.let2707902453.xml c:\windows\system32\inmbox\iData\4278423633\lihzinha_lokinha2495787095.xml c:\windows\system32\inmbox\iData\4278423633\MessageLog.xsl c:\windows\system32\inmbox\iData\4278423633\my_rodrigues_20091055013142.xml c:\windows\system32\inmbox\iData\4278423633\nts.tom3521793778.xml c:\windows\system32\inmbox\iData\4278423633\raizzafhatschbach2449466979.xml c:\windows\system32\inmbox\iData\4278423633\ruan_atleticano2427199800.xml c:\windows\system32\inmbox\iData\4278423633\tati-atletico3266456239.xml c:\windows\system32\inmbox\iData\Data.msn c:\windows\system32\inmbox\iData\Mail.msm c:\windows\system32\inmbox\iData\Screens\1114574270245200915.JPG c:\windows\system32\inmbox\iData\Screens\1174865868291200918.JPG c:\windows\system32\inmbox\iData\Screens\1174865868291200919.JPG c:\windows\system32\inmbox\iData\Screens\1174865868301200913.JPG c:\windows\system32\inmbox\iData\Screens\15138665501812200821.JPG c:\windows\system32\inmbox\iData\Screens\15138665501812200822.JPG c:\windows\system32\inmbox\iData\Screens\15294852012111200820.JPG c:\windows\system32\inmbox\iData\Screens\1652872867161200912.JPG c:\windows\system32\inmbox\iData\Screens\165287286742200915.JPG c:\windows\system32\inmbox\iData\Screens\1669375224291200918.JPG c:\windows\system32\inmbox\iData\Screens\1669375224311200915.JPG c:\windows\system32\inmbox\iData\Screens\173141872322200914.JPG c:\windows\system32\inmbox\iData\Screens\173141872322200915.JPG c:\windows\system32\inmbox\iData\Screens\17497774932412200812.JPG c:\windows\system32\inmbox\iData\Screens\1750678312301200921.JPG c:\windows\system32\inmbox\iData\Screens\180389136222200918.JPG c:\windows\system32\inmbox\iData\Screens\180389136222200919.JPG c:\windows\system32\inmbox\iData\Screens\1845000413301200923.JPG c:\windows\system32\inmbox\iData\Screens\189696131512200917.JPG c:\windows\system32\inmbox\iData\Screens\189696131512200918.JPG c:\windows\system32\inmbox\iData\Screens\189696131522200916.JPG c:\windows\system32\inmbox\iData\Screens\189696131522200917.JPG c:\windows\system32\inmbox\iData\Screens\189696131532200913.JPG c:\windows\system32\inmbox\iData\Screens\189696131532200915.JPG c:\windows\system32\inmbox\iData\Screens\189696131532200916.JPG c:\windows\system32\inmbox\iData\Screens\189696131562200915.JPG c:\windows\system32\inmbox\iData\Screens\189696131562200918.JPG c:\windows\system32\inmbox\iData\Screens\192638224212200917.JPG c:\windows\system32\inmbox\iData\Screens\1926382242271200917.JPG c:\windows\system32\inmbox\iData\Screens\1926382242281200915.JPG c:\windows\system32\inmbox\iData\Screens\1926382242281200916.JPG c:\windows\system32\inmbox\iData\Screens\1926382242281200917.JPG c:\windows\system32\inmbox\iData\Screens\1926382242301200922.JPG c:\windows\system32\inmbox\iData\Screens\192638224232200916.JPG c:\windows\system32\inmbox\iData\Screens\192638224262200915.JPG c:\windows\system32\inmbox\iData\Screens\218842429522200913.JPG c:\windows\system32\inmbox\iData\Screens\2265399921301200921.JPG c:\windows\system32\inmbox\iData\Screens\2317309193301200919.JPG c:\windows\system32\inmbox\iData\Screens\2317309193301200922.JPG c:\windows\system32\inmbox\iData\Screens\23769591522111200820.JPG c:\windows\system32\inmbox\iData\Screens\2404391824301200913.JPG c:\windows\system32\inmbox\iData\Screens\249025821962200913.JPG c:\windows\system32\inmbox\iData\Screens\2553585348301200913.JPG c:\windows\system32\inmbox\iData\Screens\268164851061200912.JPG c:\windows\system32\inmbox\iData\Screens\270826968922200913.JPG c:\windows\system32\inmbox\iData\Screens\2890976086301200921.JPG c:\windows\system32\inmbox\iData\Screens\296152135112200918.JPG c:\windows\system32\inmbox\iData\Screens\2961521351221200918.JPG c:\windows\system32\inmbox\iData\Screens\3057017054231200914.JPG c:\windows\system32\inmbox\iData\Screens\311163788012200917.JPG c:\windows\system32\inmbox\iData\Screens\311163788012200918.JPG c:\windows\system32\inmbox\iData\Screens\33920271001812200820.JPG c:\windows\system32\inmbox\iData\Screens\3392027100812200822.JPG c:\windows\system32\inmbox\iData\Screens\3508161156301200923.JPG c:\windows\system32\inmbox\iData\Screens\3508161156311200900.JPG c:\windows\system32\inmbox\iData\Screens\3639316443281200921.JPG c:\windows\system32\inmbox\iData\Screens\3782358008275200902.JPG c:\windows\system32\inmbox\iData\Screens\3782358008285200901.JPG c:\windows\system32\inmbox\iData\Screens\3782358008285200902.JPG c:\windows\system32\inmbox\iData\Screens\415199703321200913.JPG c:\windows\system32\inmbox\iData\Screens\42029310972911200819.JPG c:\windows\system32\inmbox\iData\Screens\42029310972911200820.JPG c:\windows\system32\inmbox\iData\Screens\42029310973011200820.JPG c:\windows\system32\inmbox\iData\Screens\42029310973011200821.JPG c:\windows\system32\inmbox\iData\Screens\4229155734301200919.JPG c:\windows\system32\inmbox\iData\Screens\4229155734301200920.JPG c:\windows\system32\inmbox\iData\Screens\526210351231200916.JPG c:\windows\system32\inmbox\iData\Screens\546917165291200918.JPG c:\windows\system32\inmbox\iData\Screens\546917165291200919.JPG c:\windows\system32\inmbox\iData\Screens\546917165301200916.JPG c:\windows\system32\inmbox\iData\Screens\72015883301200923.JPG c:\windows\system32\inmbox\iData\Screens\782834532291200918.JPG c:\windows\system32\inmbox\iData\Screens\782834532291200919.JPG c:\windows\system32\inmbox\iData\Screens\782834532301200922.JPG c:\windows\system32\inmbox\iData\Screens\782834532301200923.JPG c:\windows\system32\inmbox\iData\Screens\861241364311200900.JPG c:\windows\system32\inmbox\iData\Screens\94237429762200914.JPG c:\windows\system32\inmbox\iData\Screens\985600104291200918.JPG c:\windows\system32\inmbox\iData\Screens\985600104291200920.JPG c:\windows\system32\inmbox\iData\Users.msm c:\windows\system32\inmbox\unins000.dat c:\windows\system32\inmbox\unins000.exe c:\windows\system32\ixysmjw.dll c:\windows\system32\lhgzgmy.dll c:\windows\system32\phlzmtzn.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ekhiqiqa -------\Legacy_fhgpxoea -------\Service_ekhiqiqa -------\Service_fhgpxoea (((((((((((((((( Arquivos/Ficheiros criados de 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))) . 2009-09-23 03:10 . 2009-09-23 03:10 -------- d-----w- c:\documents and settings\FAMILIA\Dados de aplicativos\sgvtcerh 2009-09-23 02:50 . 2009-09-23 02:50 -------- d-----w- c:\documents and settings\NetworkService\Dados de aplicativos\sgvtcerh 2009-09-16 05:06 . 2009-09-16 05:06 -------- d-s---w- c:\windows\Hist¾rico 2009-09-16 05:06 . 2009-09-16 05:06 -------- d-----w- c:\documents and settings\FAMILIA\Configuraþ§es locais 2009-09-16 05:05 . 2009-09-16 05:05 -------- d-----w- c:\arquivos de programas\Utherverse Digital Inc 2009-09-16 04:37 . 2009-09-16 04:37 -------- d-----w- c:\documents and settings\FAMILIA\Tracing 2009-09-16 04:36 . 2009-09-16 04:36 -------- d-----w- c:\arquivos de programas\Microsoft 2009-09-16 04:36 . 2009-09-16 04:36 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive 2009-09-16 04:36 . 2009-09-16 04:36 -------- d-----w- c:\arquivos de programas\Windows Live 2009-09-16 04:34 . 2009-09-16 04:34 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live 2009-09-15 02:32 . 2009-09-15 02:32 -------- d-----w- c:\windows\system32\AGEIA 2009-09-15 02:32 . 2009-09-15 02:32 -------- d-----w- c:\arquivos de programas\AGEIA Technologies 2009-09-15 02:32 . 2009-09-15 02:32 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard 2009-09-11 01:10 . 2001-08-18 09:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll 2009-09-11 01:10 . 2001-08-18 09:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll 2009-09-11 01:10 . 2001-08-18 09:36 8192 ----a-w- c:\windows\system32\kbdkor.dll 2009-09-11 01:10 . 2001-08-18 09:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll 2009-09-11 01:10 . 2001-08-18 01:55 6144 ----a-w- c:\windows\system32\kbd106.dll 2009-09-11 01:10 . 2001-08-18 01:55 6144 ----a-w- c:\windows\system32\kbd101c.dll 2009-09-11 01:10 . 2001-08-18 01:55 6144 ----a-w- c:\windows\system32\kbd101b.dll 2009-09-11 01:10 . 2001-08-18 01:55 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll 2009-09-11 01:10 . 2001-08-18 01:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll 2009-09-11 01:10 . 2001-08-18 01:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll 2009-09-11 01:10 . 2001-08-18 01:55 5632 ----a-w- c:\windows\system32\kbd103.dll 2009-09-11 01:10 . 2001-08-18 01:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll 2009-09-07 22:38 . 2009-09-07 22:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ahead 2009-09-04 16:17 . 2009-09-04 16:17 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-04 11:27 . 2009-09-04 11:27 -------- d-----w- c:\documents and settings\FAMILIA\Dados de aplicativos\GrabPro 2009-09-04 11:27 . 2009-09-04 11:27 -------- d-----w- c:\documents and settings\FAMILIA\Dados de aplicativos\Orbit 2009-09-03 04:27 . 2009-09-03 04:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-03 04:27 . 2009-09-03 04:27 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-03 04:27 . 2009-09-03 04:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-03 04:27 . 2009-09-03 04:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-09-03 04:27 . 2009-09-03 04:27 -------- d-----w- c:\windows\system32\drivers\Avg 2009-09-03 04:27 . 2009-09-03 04:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar 2009-09-03 04:27 . 2009-09-03 04:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8 2009-09-03 04:27 . 2009-09-03 04:27 -------- d-----w- c:\arquivos de programas\AVG 2009-09-03 03:38 . 2009-09-03 03:38 -------- d-----w- C:\$AVG8.VAULT$ 2009-09-03 03:12 . 2009-09-03 03:12 -------- d-----w- C:\FOUND.056 2009-09-03 03:05 . 2009-09-03 03:05 -------- d-----w- C:\FOUND.055 2009-09-02 17:29 . 2009-09-02 17:29 -------- d-----w- C:\FOUND.054 . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-24 04:13 . 2008-09-22 01:32 189672 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-09-24 01:56 . 2008-09-22 01:32 139072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-09-10 17:54 . 2009-05-29 03:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 17:53 . 2009-05-29 03:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-03 03:13 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP7668.tmp 2009-09-03 03:07 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP7697.tmp 2009-09-02 22:41 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP76a7.tmp 2009-09-02 22:33 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP755f.tmp 2009-09-02 22:28 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP7521.tmp 2009-09-02 22:22 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP756f.tmp 2009-09-02 21:25 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP7520.tmp 2009-09-02 21:23 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP7fce.tmp 2009-09-02 21:20 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP8472.tmp 2009-09-02 21:15 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP75ad.tmp 2009-09-02 21:11 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP754f.tmp 2009-09-02 21:06 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP7580.tmp 2009-09-02 21:05 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP804b.tmp 2009-09-02 21:00 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP757f.tmp 2009-09-02 20:55 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP753f.tmp 2009-09-02 18:23 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP8453.tmp 2009-09-02 18:04 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP7f22.tmp 2009-09-02 18:00 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP755e.tmp 2009-09-02 17:58 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP7d6d.tmp 2009-09-02 17:53 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP787b.tmp 2009-09-02 17:51 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP953b.tmp 2009-09-02 17:46 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP7510.tmp 2009-09-02 17:40 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP7530.tmp 2009-09-02 17:35 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP757e.tmp 2009-09-02 17:30 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP756e.tmp 2009-09-02 16:05 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMP758d.tmp 2009-09-02 15:59 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMPefba.tmp 2009-09-02 12:19 . 2008-09-21 09:16 98304 ----a-w- c:\windows\DUMPec10.tmp 2009-08-15 02:38 . 2008-09-26 13:03 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-13 16:02 . 2009-08-13 16:02 552 ----a-w- c:\windows\system32\d3d8caps.dat 2009-08-13 05:49 . 2009-08-13 05:49 -------- d-----w- c:\arquivos de programas\RivaTuner v2.24 2009-08-13 04:51 . 2009-08-13 04:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation 2009-08-13 04:19 . 2009-08-13 04:19 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab 2009-08-10 03:42 . 2009-08-10 03:42 -------- d-----w- c:\arquivos de programas\Realtek 2009-08-01 22:18 . 2009-08-01 22:18 -------- d-----w- c:\documents and settings\FAMILIA\Dados de aplicativos\Desktopicon 2009-08-01 22:18 . 2009-08-01 22:18 -------- d-----w- c:\arquivos de programas\VDOWNLOADER 2009-08-01 16:48 . 2009-08-01 16:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero 2009-08-01 16:48 . 2009-08-01 16:48 -------- d-----w- c:\arquivos de programas\Nero 2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll 2009-07-18 02:42 . 2009-07-18 02:42 0 ----a-w- c:\windows\ativpsrm.bin 2009-07-14 18:54 . 2009-05-01 01:02 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-07-14 18:54 . 2009-05-01 01:02 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-07-14 18:54 . 2009-05-01 01:02 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-07-14 18:54 . 2009-01-16 06:42 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-07-14 18:54 . 2009-01-16 06:42 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-07-14 18:54 . 2009-01-16 06:42 151552 ----a-w- c:\windows\system32\nvcodins.dll 2009-07-14 18:54 . 2009-01-16 06:42 151552 ----a-w- c:\windows\system32\nvcod.dll 2009-07-14 18:54 . 2009-01-16 06:42 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-07-14 18:54 . 2008-09-21 10:13 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-07-14 18:54 . 2006-10-30 22:35 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-07-14 18:54 . 2006-10-30 22:35 5842816 ----a-w- c:\windows\system32\nv4_disp.dll 2009-07-14 16:35 . 2009-07-14 16:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe 2009-07-14 16:35 . 2009-07-14 16:35 81920 ----a-w- c:\windows\system32\nvwddi.dll 2009-07-14 16:35 . 2009-07-14 16:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll 2009-07-14 16:35 . 2009-07-14 16:35 3170304 ----a-w- c:\windows\system32\nvwss.dll 2009-07-14 16:34 . 2009-07-14 16:34 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-07-14 16:34 . 2009-07-14 16:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll 2009-07-14 16:34 . 2009-07-14 16:34 3547136 ----a-w- c:\windows\system32\nvgames.dll 2009-07-14 16:34 . 2009-07-14 16:34 188416 ----a-w- c:\windows\system32\nvmccss.dll 2009-07-14 16:34 . 2009-07-14 16:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-07-14 16:34 . 2009-07-14 16:34 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-07-14 16:34 . 2009-07-14 16:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll 2009-07-14 16:34 . 2009-07-14 16:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll 2009-07-14 16:34 . 2009-07-14 16:34 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-07-10 10:01 . 2008-09-21 10:13 485920 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-07-03 15:37 . 2009-07-03 15:37 106496 ----a-w- c:\windows\system32\WMPBTRemote.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 12:55 1090816 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WheelMouse"="c:\arquiv~1\A4Tech\Mouse\Amoumain.exe" [2005-09-29 172032] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-09-03 2007832] "nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248] "Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-09-03 04:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk backup=c:\windows\pss\Orbit.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^FAMILIA^Menu Iniciar^Programas^Inicializar^DW_Start.lnk] path=c:\documents and settings\FAMILIA\Menu Iniciar\Programas\Inicializar\DW_Start.lnk backup=c:\windows\pss\DW_Start.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\GameSpy Arcade\\Aphex.exe"= "c:\\Arquivos de programas\\Messenger\\MSMSGS.EXE"= "c:\\WINDOWS\\System32\\dpvsetup.exe"= "c:\\Arquivos de programas\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Arquivos de programas\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Documents and Settings\\FAMILIA\\Desktop\\MSNMSGR.EXE"= "c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Arquivos de programas\\A4Tech\\eMule\\emule.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Mozilla Shared\\firefox.exe"= "c:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7292:TCP"= 7292:TCP:huzyd R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/09/2009 01:27 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/09/2009 01:27 108552] R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [03/09/2009 01:27 297752] S0 ljxqji;ljxqji;c:\windows\system32\drivers\gcvm.sys --> c:\windows\system32\drivers\gcvm.sys [?] S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [13/08/2009 03:03 4224] S1 1e19370d;1e19370d;c:\windows\system32\drivers\1e19370d.sys --> c:\windows\system32\drivers\1e19370d.sys [?] S1 526a8c47;526a8c47;c:\windows\system32\drivers\526a8c47.sys --> c:\windows\system32\drivers\526a8c47.sys [?] S1 9152fc78;9152fc78;c:\windows\system32\drivers\9152fc78.sys --> c:\windows\system32\drivers\9152fc78.sys [?] S1 9ff51593;9ff51593;c:\windows\system32\drivers\9ff51593.sys --> c:\windows\system32\drivers\9ff51593.sys [?] S1 c5640739;c5640739;c:\windows\system32\drivers\c5640739.sys --> c:\windows\system32\drivers\c5640739.sys [?] S1 d8489fa6;d8489fa6;c:\windows\system32\drivers\d8489fa6.sys --> c:\windows\system32\drivers\d8489fa6.sys [?] S1 f50b4463;f50b4463;c:\windows\system32\drivers\f50b4463.sys --> c:\windows\system32\drivers\f50b4463.sys [?] S2 bucccgu;Shell Update;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 03:45 14336] S2 eaglaza;Microsoft Network;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 03:45 14336] S2 norycmtru;System Boot;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 03:45 14336] S2 rwcblsb;Config Boot;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 03:45 14336] S2 vcoonsnx;Image Driver;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 03:45 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/08/2009 00:42 1684736] S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [15/06/2009 00:55 12672] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rwcblsb bucccgu norycmtru eaglaza vcoonsnx . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ mWindow Title = uInternet Connection Wizard,ShellNext = iexplore IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab . - - - - ORFÃOS REMOVIDOS - - - - WebBrowser-{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - (no file) Notify-AtiExtEvent - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-24 01:43 Windows 5.1.2600 Service Pack 2 FAT NTAPI Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bucccgu] "ServiceDll"="c:\windows\system32\mffhr.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\eaglaza] "ServiceDll"="c:\windows\system32\mffhr.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\norycmtru] "ServiceDll"="c:\windows\system32\mffhr.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rwcblsb] "ServiceDll"="c:\windows\system32\mffhr.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vcoonsnx] "ServiceDll"="c:\windows\system32\mffhr.dll" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1417001333-1220945662-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:a9,80,db,ff,1b,0d,4c,c2,2c,aa,a7,72,cb,79,3d,ed,74,b4,21,76,36, 38,82,0e,71,c5,03,76,79,39,4e,4e,55,38,51,74,22,a7,e2,82,8e,21,9e,50,5d,dd,\ "rkeysecu"=hex:02,21,7a,3f,b2,84,3b,81,9c,f2,ae,2d,c8,23,3e,54 . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\SYSTEM32\NVSVC32.EXE c:\arquivos de programas\AVG\AVG8\AVGTRAY.EXE c:\windows\SYSTEM32\RUNDLL32.EXE c:\arquivos de programas\AVG\AVG8\AVGWDSVC.EXE c:\arquivos de programas\NVIDIA CORPORATION\NETWORKACCESSMANAGER\BIN\NSVCLOG.EXE c:\windows\SYSTEM32\PNKBSTRA.EXE c:\windows\SYSTEM32\PNKBSTRB.EXE c:\arquivos de programas\AVG\AVG8\AVGRSX.EXE c:\arquivos de programas\AVG\AVG8\AVGNSX.EXE c:\windows\SYSTEM32\WDFMGR.EXE c:\arquivos de programas\NVIDIA CORPORATION\NETWORKACCESSMANAGER\BIN\NSVCIP.EXE c:\windows\system32\wscntfy.exe . ************************************************************************** . Tempo para conclusão: 2009-09-24 1:45 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-09-24 04:45 Pré-execução: 15 pasta(s) 31.495.847.936 bytes disponíveis Pós execução: 74 pasta(s) 38.845.218.816 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer C:\ = "Microsoft Windows" 474 --- E O F --- 2008-10-26 05:01 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:48:19, on 24/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Hijack\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [WheelMouse] C:\ARQUIV~1\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://clickjogos.uol.com.br/Jogos-online/Acao-e-Aventura/FFX-Runner/" O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 5808 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Setembro 24, 2009 Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento. Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt. Folder::C:\FOUND.056 C:\FOUND.055 C:\FOUND.054 File:: c:\windows\DUMP7668.tmp c:\windows\DUMP7697.tmp c:\windows\DUMP76a7.tmp c:\windows\DUMP755f.tmp c:\windows\DUMP7521.tmp c:\windows\DUMP756f.tmp c:\windows\DUMP7520.tmp c:\windows\DUMP7fce.tmp c:\windows\DUMP8472.tmp c:\windows\DUMP75ad.tmp c:\windows\DUMP754f.tmp c:\windows\DUMP7580.tmp c:\windows\DUMP804b.tmp c:\windows\DUMP757f.tmp c:\windows\DUMP753f.tmp c:\windows\DUMP8453.tmp c:\windows\DUMP7f22.tmp c:\windows\DUMP755e.tmp c:\windows\DUMP7d6d.tmp c:\windows\DUMP787b.tmp c:\windows\DUMP953b.tmp c:\windows\DUMP7510.tmp c:\windows\DUMP7530.tmp c:\windows\DUMP757e.tmp c:\windows\DUMP756e.tmp c:\windows\DUMP758d.tmp c:\windows\DUMPefba.tmp c:\windows\DUMPec10.tmp Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7292:TCP"=- NetSvcs:: "rwcblsb" "bucccgu" "norycmtru" "eaglaza" "vcoonsnx" Driver:: "rwcblsb" "bucccgu" "norycmtru" "eaglaza" "vcoonsnx" Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos. Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo. O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Poste-o junto com o novo log do hijackthis Compartilhar este post Link para o post Compartilhar em outros sites
drakos 0 Denunciar post Postado Setembro 25, 2009 ComboFix 09-09-23.02 - FAMILIA 24/09/2009 21:44.2.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2046.1515 [GMT -3:00] Executando de: c:\documents and settings\FAMILIA\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\FAMILIA\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\windows\DUMP7510.tmp" "c:\windows\DUMP7520.tmp" "c:\windows\DUMP7521.tmp" "c:\windows\DUMP7530.tmp" "c:\windows\DUMP753f.tmp" "c:\windows\DUMP754f.tmp" "c:\windows\DUMP755e.tmp" "c:\windows\DUMP755f.tmp" "c:\windows\DUMP756e.tmp" "c:\windows\DUMP756f.tmp" "c:\windows\DUMP757e.tmp" "c:\windows\DUMP757f.tmp" "c:\windows\DUMP7580.tmp" "c:\windows\DUMP758d.tmp" "c:\windows\DUMP75ad.tmp" "c:\windows\DUMP7668.tmp" "c:\windows\DUMP7697.tmp" "c:\windows\DUMP76a7.tmp" "c:\windows\DUMP787b.tmp" "c:\windows\DUMP7d6d.tmp" "c:\windows\DUMP7f22.tmp" "c:\windows\DUMP7fce.tmp" "c:\windows\DUMP804b.tmp" "c:\windows\DUMP8453.tmp" "c:\windows\DUMP8472.tmp" "c:\windows\DUMP953b.tmp" "c:\windows\DUMPec10.tmp" "c:\windows\DUMPefba.tmp" . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\FOUND.054 c:\found.054\FILE0000.CHK C:\FOUND.055 c:\found.055\FILE0000.CHK c:\found.055\FILE0001.CHK c:\found.055\FILE0002.CHK c:\found.055\FILE0003.CHK C:\FOUND.056 c:\found.056\FILE0000.CHK c:\found.056\FILE0001.CHK c:\windows\DUMP7510.tmp c:\windows\DUMP7520.tmp c:\windows\DUMP7521.tmp c:\windows\DUMP7530.tmp c:\windows\DUMP753f.tmp c:\windows\DUMP754f.tmp c:\windows\DUMP755e.tmp c:\windows\DUMP755f.tmp c:\windows\DUMP756e.tmp c:\windows\DUMP756f.tmp c:\windows\DUMP757e.tmp c:\windows\DUMP757f.tmp c:\windows\DUMP7580.tmp c:\windows\DUMP758d.tmp c:\windows\DUMP75ad.tmp c:\windows\DUMP7668.tmp c:\windows\DUMP7697.tmp c:\windows\DUMP76a7.tmp c:\windows\DUMP787b.tmp c:\windows\DUMP7d6d.tmp c:\windows\DUMP7f22.tmp c:\windows\DUMP7fce.tmp c:\windows\DUMP804b.tmp c:\windows\DUMP8453.tmp c:\windows\DUMP8472.tmp c:\windows\DUMP953b.tmp c:\windows\DUMPec10.tmp c:\windows\DUMPefba.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BUCCCGU -------\Legacy_EAGLAZA -------\Legacy_NORYCMTRU -------\Legacy_RWCBLSB -------\Legacy_VCOONSNX -------\Service_bucccgu -------\Service_eaglaza -------\Service_norycmtru -------\Service_rwcblsb -------\Service_vcoonsnx (((((((((((((((( Arquivos/Ficheiros criados de 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))) . 2009-09-23 03:10 . 2009-09-23 03:10 -------- d-----w- c:\documents and settings\FAMILIA\Dados de aplicativos\sgvtcerh 2009-09-23 02:50 . 2009-09-23 02:50 -------- d-----w- c:\documents and settings\NetworkService\Dados de aplicativos\sgvtcerh 2009-09-16 05:06 . 2009-09-16 05:06 -------- d-s---w- c:\windows\Hist¾rico 2009-09-16 05:06 . 2009-09-16 05:06 -------- d-----w- c:\documents and settings\FAMILIA\Configuraþ§es locais 2009-09-16 05:05 . 2009-09-16 05:05 -------- d-----w- c:\arquivos de programas\Utherverse Digital Inc 2009-09-16 04:37 . 2009-09-16 04:37 -------- d-----w- c:\documents and settings\FAMILIA\Tracing 2009-09-16 04:36 . 2009-09-16 04:36 -------- d-----w- c:\arquivos de programas\Microsoft 2009-09-16 04:36 . 2009-09-16 04:36 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive 2009-09-16 04:36 . 2009-09-16 04:36 -------- d-----w- c:\arquivos de programas\Windows Live 2009-09-16 04:34 . 2009-09-16 04:34 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live 2009-09-15 02:32 . 2009-09-15 02:32 -------- d-----w- c:\windows\system32\AGEIA 2009-09-15 02:32 . 2009-09-15 02:32 -------- d-----w- c:\arquivos de programas\AGEIA Technologies 2009-09-15 02:32 . 2009-09-15 02:32 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard 2009-09-11 01:10 . 2001-08-18 09:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll 2009-09-11 01:10 . 2001-08-18 09:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll 2009-09-11 01:10 . 2001-08-18 09:36 8192 ----a-w- c:\windows\system32\kbdkor.dll 2009-09-11 01:10 . 2001-08-18 09:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll 2009-09-11 01:10 . 2001-08-18 01:55 6144 ----a-w- c:\windows\system32\kbd106.dll 2009-09-11 01:10 . 2001-08-18 01:55 6144 ----a-w- c:\windows\system32\kbd101c.dll 2009-09-11 01:10 . 2001-08-18 01:55 6144 ----a-w- c:\windows\system32\kbd101b.dll 2009-09-11 01:10 . 2001-08-18 01:55 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll 2009-09-11 01:10 . 2001-08-18 01:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll 2009-09-11 01:10 . 2001-08-18 01:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll 2009-09-11 01:10 . 2001-08-18 01:55 5632 ----a-w- c:\windows\system32\kbd103.dll 2009-09-11 01:10 . 2001-08-18 01:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll 2009-09-07 22:38 . 2009-09-07 22:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ahead 2009-09-04 16:17 . 2009-09-04 16:17 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-04 11:27 . 2009-09-04 11:27 -------- d-----w- c:\documents and settings\FAMILIA\Dados de aplicativos\GrabPro 2009-09-04 11:27 . 2009-09-04 11:27 -------- d-----w- c:\documents and settings\FAMILIA\Dados de aplicativos\Orbit 2009-09-03 04:27 . 2009-09-03 04:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-03 04:27 . 2009-09-03 04:27 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-03 04:27 . 2009-09-03 04:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-03 04:27 . 2009-09-03 04:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-09-03 04:27 . 2009-09-03 04:27 -------- d-----w- c:\windows\system32\drivers\Avg 2009-09-03 04:27 . 2009-09-03 04:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar 2009-09-03 04:27 . 2009-09-03 04:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8 2009-09-03 04:27 . 2009-09-03 04:27 -------- d-----w- c:\arquivos de programas\AVG 2009-09-03 03:38 . 2009-09-03 03:38 -------- d-----w- C:\$AVG8.VAULT$ . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-24 13:01 . 2008-09-22 01:32 139072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-09-24 13:01 . 2008-09-22 01:32 189672 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-09-10 17:54 . 2009-05-29 03:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 17:53 . 2009-05-29 03:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-15 02:38 . 2008-09-26 13:03 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-13 16:02 . 2009-08-13 16:02 552 ----a-w- c:\windows\system32\d3d8caps.dat 2009-08-13 05:49 . 2009-08-13 05:49 -------- d-----w- c:\arquivos de programas\RivaTuner v2.24 2009-08-13 04:51 . 2009-08-13 04:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation 2009-08-13 04:19 . 2009-08-13 04:19 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab 2009-08-10 03:42 . 2009-08-10 03:42 -------- d-----w- c:\arquivos de programas\Realtek 2009-08-01 22:18 . 2009-08-01 22:18 -------- d-----w- c:\documents and settings\FAMILIA\Dados de aplicativos\Desktopicon 2009-08-01 22:18 . 2009-08-01 22:18 -------- d-----w- c:\arquivos de programas\VDOWNLOADER 2009-08-01 16:48 . 2009-08-01 16:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero 2009-08-01 16:48 . 2009-08-01 16:48 -------- d-----w- c:\arquivos de programas\Nero 2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll 2009-07-18 02:42 . 2009-07-18 02:42 0 ----a-w- c:\windows\ativpsrm.bin 2009-07-14 18:54 . 2009-05-01 01:02 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-07-14 18:54 . 2009-05-01 01:02 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-07-14 18:54 . 2009-05-01 01:02 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-07-14 18:54 . 2009-01-16 06:42 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-07-14 18:54 . 2009-01-16 06:42 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-07-14 18:54 . 2009-01-16 06:42 151552 ----a-w- c:\windows\system32\nvcodins.dll 2009-07-14 18:54 . 2009-01-16 06:42 151552 ----a-w- c:\windows\system32\nvcod.dll 2009-07-14 18:54 . 2009-01-16 06:42 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-07-14 18:54 . 2008-09-21 10:13 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-07-14 18:54 . 2006-10-30 22:35 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-07-14 18:54 . 2006-10-30 22:35 5842816 ----a-w- c:\windows\system32\nv4_disp.dll 2009-07-14 16:35 . 2009-07-14 16:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe 2009-07-14 16:35 . 2009-07-14 16:35 81920 ----a-w- c:\windows\system32\nvwddi.dll 2009-07-14 16:35 . 2009-07-14 16:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll 2009-07-14 16:35 . 2009-07-14 16:35 3170304 ----a-w- c:\windows\system32\nvwss.dll 2009-07-14 16:34 . 2009-07-14 16:34 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-07-14 16:34 . 2009-07-14 16:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll 2009-07-14 16:34 . 2009-07-14 16:34 3547136 ----a-w- c:\windows\system32\nvgames.dll 2009-07-14 16:34 . 2009-07-14 16:34 188416 ----a-w- c:\windows\system32\nvmccss.dll 2009-07-14 16:34 . 2009-07-14 16:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-07-14 16:34 . 2009-07-14 16:34 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-07-14 16:34 . 2009-07-14 16:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll 2009-07-14 16:34 . 2009-07-14 16:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll 2009-07-14 16:34 . 2009-07-14 16:34 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-07-10 10:01 . 2008-09-21 10:13 485920 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-07-03 15:37 . 2009-07-03 15:37 106496 ----a-w- c:\windows\system32\WMPBTRemote.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 12:55 1090816 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WheelMouse"="c:\arquiv~1\A4Tech\Mouse\Amoumain.exe" [2005-09-29 172032] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-09-03 2007832] "nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248] "Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-09-03 04:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk backup=c:\windows\pss\Orbit.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^FAMILIA^Menu Iniciar^Programas^Inicializar^DW_Start.lnk] path=c:\documents and settings\FAMILIA\Menu Iniciar\Programas\Inicializar\DW_Start.lnk backup=c:\windows\pss\DW_Start.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\GameSpy Arcade\\Aphex.exe"= "c:\\Arquivos de programas\\Messenger\\MSMSGS.EXE"= "c:\\WINDOWS\\System32\\dpvsetup.exe"= "c:\\Arquivos de programas\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Arquivos de programas\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Documents and Settings\\FAMILIA\\Desktop\\MSNMSGR.EXE"= "c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Arquivos de programas\\A4Tech\\eMule\\emule.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Mozilla Shared\\firefox.exe"= "c:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/09/2009 01:27 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/09/2009 01:27 108552] R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [03/09/2009 01:27 297752] S0 ljxqji;ljxqji;c:\windows\system32\drivers\gcvm.sys --> c:\windows\system32\drivers\gcvm.sys [?] S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [13/08/2009 03:03 4224] S1 1e19370d;1e19370d;c:\windows\system32\drivers\1e19370d.sys --> c:\windows\system32\drivers\1e19370d.sys [?] S1 526a8c47;526a8c47;c:\windows\system32\drivers\526a8c47.sys --> c:\windows\system32\drivers\526a8c47.sys [?] S1 9152fc78;9152fc78;c:\windows\system32\drivers\9152fc78.sys --> c:\windows\system32\drivers\9152fc78.sys [?] S1 9ff51593;9ff51593;c:\windows\system32\drivers\9ff51593.sys --> c:\windows\system32\drivers\9ff51593.sys [?] S1 c5640739;c5640739;c:\windows\system32\drivers\c5640739.sys --> c:\windows\system32\drivers\c5640739.sys [?] S1 d8489fa6;d8489fa6;c:\windows\system32\drivers\d8489fa6.sys --> c:\windows\system32\drivers\d8489fa6.sys [?] S1 f50b4463;f50b4463;c:\windows\system32\drivers\f50b4463.sys --> c:\windows\system32\drivers\f50b4463.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/08/2009 00:42 1684736] S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [15/06/2009 00:55 12672] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ mWindow Title = uInternet Connection Wizard,ShellNext = iexplore IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-24 21:47 Windows 5.1.2600 Service Pack 2 FAT NTAPI Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1417001333-1220945662-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:a9,80,db,ff,1b,0d,4c,c2,2c,aa,a7,72,cb,79,3d,ed,74,b4,21,76,36, 38,82,0e,71,c5,03,76,79,39,4e,4e,55,38,51,74,22,a7,e2,82,8e,21,9e,50,5d,dd,\ "rkeysecu"=hex:02,21,7a,3f,b2,84,3b,81,9c,f2,ae,2d,c8,23,3e,54 . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\SYSTEM32\NVSVC32.EXE c:\arquivos de programas\AVG\AVG8\AVGWDSVC.EXE c:\arquivos de programas\NVIDIA CORPORATION\NETWORKACCESSMANAGER\BIN\NSVCLOG.EXE c:\windows\SYSTEM32\PNKBSTRA.EXE c:\windows\SYSTEM32\PNKBSTRB.EXE c:\windows\SYSTEM32\WDFMGR.EXE c:\arquivos de programas\NVIDIA CORPORATION\NETWORKACCESSMANAGER\BIN\NSVCIP.EXE c:\arquivos de programas\AVG\AVG8\AVGRSX.EXE c:\arquivos de programas\AVG\AVG8\AVGNSX.EXE c:\windows\SYSTEM32\WSCNTFY.EXE c:\arquivos de programas\AVG\AVG8\AVGTRAY.EXE c:\windows\SYSTEM32\RUNDLL32.EXE . ************************************************************************** . Tempo para conclusão: 2009-09-25 21:49 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-09-25 00:49 ComboFix2.txt 2009-09-24 04:45 Pré-execução: 73 pasta(s) 38.094.110.720 bytes disponíveis Pós execução: 71 pasta(s) 38.456.229.888 bytes disponíveis 286 --- E O F --- 2008-10-26 05:01 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:50:13, on 24/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\wscntfy.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe C:\WINDOWS\system32\notepad.exe C:\Hijack\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [WheelMouse] C:\ARQUIV~1\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\RunOnce: [shockwave Updater] "C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" -"http://clickjogos.uol.com.br/Jogos-online/Acao-e-Aventura/FFX-Runner/" O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 5839 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Setembro 28, 2009 Acesse este site: http://www.kaspersky.com/virusscanner Clique em Siga as instruções de configuração do verificador conforme imagem abaixo. poste o log do scan aqui mesmo no tópico Compartilhar este post Link para o post Compartilhar em outros sites
drakos 0 Denunciar post Postado Outubro 2, 2009 nao consigo por que diz que nao tenho um java 1.5!!! nao consigo isso?? Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Outubro 3, 2009 Faça o download deste Arquivo • Instale em seu PC. • Agora repita o scan e veja se consegue. Abraços Compartilhar este post Link para o post Compartilhar em outros sites
drakos 0 Denunciar post Postado Outubro 16, 2009 baixei o arquivo e tentei fazer o scan mas diz que tenho que esperar, pois parece que ele tao atualizando; Coming soon: A new, improved version of the Kaspersky Online Scanner Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Outubro 16, 2009 Execute-o novamente. Baixe o Malwarebytes dê um destes locais abaixo: Link 1 Link 2 -- Salve o programa no seu Desktop (área de trabalho) • Dê um duplo clique no programa para executá-lo. • Atualize o programa Malwarebytes. • Escolha a Verificação Completa (Tenha paciência, é um pouco demorado) • Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta. • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log. • Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante). • O log do programa será aberto automaticamente para você. • Poste-o na sua próxima resposta juntamente com um novo log do hijackThis. Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Novembro 17, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
