[Arquivado] problemas com vírus

[gari 0]

aê galera, fui infectado pelo bagle e queria saber como resolver

li vários topicos a respeito

 

baixei o combofix e o findykill, do jeito que estava sendo explicado,

os relatorios foram esses

 

 

ComboFix 09-12-23.06 - Administrador 24/12/2009 13:07:55.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.958.551 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\mama.exe

AV: avast! antivirus 4.8.1368 [VPS 091218-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-- Execuções precedente --

 

A cópia de c:\windows\system32\mmc.exe foi encontrada e desinfectada

Cópia restaurada de - c:\windows\system32\dllcache\mmc.exe

 

--------

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ASC3360PR

-------\Service_asc3360pr

-------\Legacy_ASC3360PR

-------\Service_asc3360pr

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-24 to 2009-12-24 ))))))))))))))))))))))))))))

.

 

2009-12-24 14:47 . 2009-12-24 14:47 -------- dc----w- C:\1ac37b40879f5368f87df9

2009-12-20 23:14 . 2008-04-13 21:19 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll

2009-12-20 21:31 . 2009-12-20 21:31 -------- dc----w- C:\!KillBox

2009-12-20 20:49 . 2009-12-20 20:49 110592 ------w- c:\windows\Wplugin.dll

2009-12-19 17:38 . 2008-04-13 11:35 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys

2009-12-19 17:38 . 2008-04-13 11:35 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys

2009-12-19 17:34 . 2008-04-14 07:20 21172 ----a-w- c:\windows\ws2help.dll

2009-12-10 23:16 . 2009-12-10 23:17 -------- d-----w- c:\arquivos de programas\VirtualDJ

2009-12-04 14:46 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-12-04 14:46 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-12-04 14:46 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-12-04 14:46 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-12-04 14:46 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-12-04 14:46 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-12-04 14:46 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-12-04 14:46 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-12-04 14:46 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-12-03 12:38 . 2009-07-22 14:19 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys

2009-12-03 12:38 . 2009-07-22 14:19 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

2009-12-03 12:38 . 2009-07-22 14:19 102656 ----a-w- c:\windows\system32\drivers\ewusbfake.sys

2009-12-03 12:38 . 2009-07-22 14:19 102400 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2009-12-03 12:38 . 2009-07-22 14:19 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2009-12-02 14:45 . 2008-04-13 21:20 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll

2009-12-02 14:45 . 2008-04-13 21:20 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll

2009-12-02 14:45 . 2008-04-13 21:20 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll

2009-12-02 14:45 . 2008-04-13 21:20 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll

2009-12-02 14:45 . 2008-04-13 21:20 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll

2009-12-02 14:45 . 2008-04-13 21:20 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll

2009-12-02 14:45 . 2008-04-13 21:20 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll

2009-12-02 14:45 . 2008-04-13 13:36 44928 ------w- c:\windows\system32\drivers\agpcpq.sys

2009-12-02 14:45 . 2008-04-13 13:36 43008 ------w- c:\windows\system32\drivers\amdagp.sys

2009-12-02 14:45 . 2008-04-13 13:36 42752 ------w- c:\windows\system32\drivers\alim1541.sys

2009-12-02 14:45 . 2008-04-13 13:36 42368 ------w- c:\windows\system32\drivers\agp440.sys

2009-12-02 14:45 . 2008-04-13 11:34 56623 ------w- c:\windows\system32\drivers\ati1btxx.sys

2009-12-02 14:45 . 2008-04-13 11:34 11615 ------w- c:\windows\system32\drivers\ati1mdxx.sys

2009-11-29 22:29 . 2009-11-30 01:25 -------- d-----w- c:\arquivos de programas\SpeedBit Video Accelerator

2009-11-26 19:05 . 2009-11-26 19:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Motorola Shared

2009-11-25 12:39 . 2009-11-25 12:39 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2009-11-25 01:13 . 2009-11-25 01:13 -------- d-----w- c:\arquivos de programas\DownloadToolz

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-24 15:21 . 2009-03-27 23:53 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DNA

2009-12-24 15:21 . 2009-03-27 23:53 -------- d-----w- c:\arquivos de programas\DNA

2009-12-24 15:21 . 2009-12-21 00:07 110592 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Wplugin.dll

2009-12-24 15:21 . 2009-12-21 00:07 110592 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Wplugin.dll

2009-12-24 14:33 . 2009-11-07 12:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HPAppData

2009-12-20 20:49 . 2009-12-20 20:49 110592 ------w- c:\documents and settings\NetworkService\Dados de aplicativos\Wplugin.dll

2009-12-20 20:49 . 2009-12-20 20:49 110592 ------w- c:\documents and settings\NetworkService\Dados de aplicativos\Wplugin.dll

2009-12-20 20:49 . 2009-12-19 17:34 110592 ------w- c:\documents and settings\LocalService\Dados de aplicativos\Wplugin.dll

2009-12-20 20:49 . 2009-12-19 17:34 110592 ------w- c:\documents and settings\LocalService\Dados de aplicativos\Wplugin.dll

2009-12-20 10:12 . 2009-03-25 18:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-12-20 09:57 . 2009-07-19 15:15 -------- d-----w- c:\arquivos de programas\WinAVI MP4 Converter

2009-12-19 17:45 . 2009-10-21 03:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2009-12-19 17:37 . 2001-10-29 03:07 471376 ----a-w- c:\windows\system32\perfh016.dat

2009-12-19 17:37 . 2001-10-29 03:07 80198 ----a-w- c:\windows\system32\perfc016.dat

2009-12-17 16:58 . 2009-03-28 15:25 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-12-16 15:03 . 2009-03-27 23:54 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent

2009-12-16 12:34 . 2009-03-28 12:03 -------- d-----w- c:\arquivos de programas\MediaCoder

2009-12-14 14:15 . 2009-04-15 18:17 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\gtk-2.0

2009-12-07 23:32 . 2009-05-28 15:13 -------- d-----w- c:\arquivos de programas\AoA Audio Extractor

2009-12-03 19:33 . 2009-03-29 02:49 -------- d-----w- c:\arquivos de programas\NitroPC

2009-12-03 11:27 . 2009-04-30 02:12 -------- d-----w- c:\arquivos de programas\Replay Media Catcher

2009-12-03 11:21 . 2009-04-01 18:55 -------- d-----w- c:\arquivos de programas\iG

2009-12-03 11:19 . 2009-03-27 23:54 -------- d-----w- c:\arquivos de programas\Filzip

2009-12-03 11:10 . 2009-03-27 23:52 -------- d-----w- c:\arquivos de programas\Oi Internet

2009-12-02 13:20 . 2009-11-21 21:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\AVSMedia

2009-12-02 13:19 . 2009-11-21 21:09 -------- d-----w- c:\arquivos de programas\AVS4YOU

2009-12-01 14:31 . 2009-10-30 21:52 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Clickteam

2009-12-01 14:31 . 2009-10-30 21:52 -------- d-----w- c:\arquivos de programas\The Games Factory 2

2009-11-29 23:13 . 2009-04-26 01:39 -------- d-----w- c:\arquivos de programas\Java

2009-11-29 23:11 . 2009-11-29 23:11 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-29 23:09 . 2009-11-29 23:09 79488 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-29 15:10 . 2009-03-25 17:47 -------- d-----w- c:\arquivos de programas\Windows Live

2009-11-27 18:17 . 2009-03-26 13:40 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-11-24 12:39 . 2009-03-25 17:44 -------- d-----w- c:\arquivos de programas\MSN Messenger

2009-11-23 01:01 . 2009-11-10 13:01 180488 ----a-w- c:\windows\PSEXESVC.EXE

2009-11-21 21:12 . 2009-11-21 21:11 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\AVS4YOU

2009-11-21 21:11 . 2009-11-21 21:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVS4YOU

2009-11-18 15:46 . 2009-11-18 15:46 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DAZ 3D

2009-11-18 15:46 . 2009-11-18 15:46 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DAZ

2009-11-18 15:45 . 2009-11-18 15:45 -------- d-----w- c:\arquivos de programas\DAZ 3D

2009-11-17 22:09 . 2009-06-13 23:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2009-11-17 21:36 . 2009-11-04 12:32 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP

2009-11-17 21:36 . 2009-11-04 12:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2009-11-17 20:42 . 2009-11-04 12:18 155028 ----a-w- c:\windows\hpoins37.dat

2009-11-15 20:24 . 2009-06-14 17:40 -------- d-----w- c:\arquivos de programas\Bywifi

2009-11-14 10:36 . 2009-03-25 17:24 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-11-13 15:21 . 2009-11-13 15:21 8854 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

2009-11-13 15:21 . 2009-11-13 15:21 209379 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2009-11-13 15:21 . 2009-11-13 15:21 205283 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2009-11-13 15:21 . 2009-04-02 02:23 -------- d-----w- c:\arquivos de programas\Project64 1.6

2009-11-13 11:19 . 2009-11-13 11:19 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\IObit

2009-11-13 11:19 . 2009-11-13 11:19 -------- d-----w- c:\arquivos de programas\IObit

2009-11-13 11:14 . 2009-08-16 09:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ulead Systems

2009-11-13 11:06 . 2009-11-13 11:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\MMToolz

2009-11-13 11:05 . 2009-11-13 11:05 -------- d-----w- c:\arquivos de programas\MMToolz

2009-11-13 10:55 . 2009-11-13 10:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TVU Networks

2009-11-12 13:00 . 2009-11-10 01:18 -------- d-----w- c:\arquivos de programas\BearShareTb

2009-11-10 13:00 . 2009-11-10 13:00 -------- d-----w- c:\arquivos de programas\Orban

2009-11-10 01:18 . 2009-11-10 01:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BearShareTb

2009-11-10 01:17 . 2009-11-10 01:17 -------- d-----w- c:\arquivos de programas\BearShare Applications

2009-11-06 00:01 . 2009-11-06 00:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HpUpdate

2009-11-06 00:00 . 2009-11-04 12:23 -------- d-----w- c:\arquivos de programas\HP

2009-11-05 22:20 . 2009-11-05 22:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WEBREG

2009-11-05 21:35 . 2009-11-05 21:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\OI

2009-11-05 21:35 . 2009-11-05 21:35 -------- d-----w- c:\arquivos de programas\OI

2009-11-05 00:31 . 2009-11-05 00:31 -------- d-----w- c:\arquivos de programas\Conduit

2009-11-04 23:26 . 2009-06-24 02:22 -------- d-----w- c:\arquivos de programas\Google

2009-11-04 20:34 . 2009-11-04 20:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2009-11-04 12:29 . 2009-11-04 12:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2009-11-04 12:24 . 2009-11-04 12:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2009-11-04 12:24 . 2009-11-04 12:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2009-10-29 07:43 . 2008-05-07 13:55 832512 ------w- c:\windows\system32\wininet.dll

2009-10-29 07:43 . 2008-05-07 13:54 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-29 07:43 . 2008-05-07 13:54 17408 ----a-w- c:\windows\system32\corpol.dll

2009-10-26 11:08 . 2009-04-30 02:13 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL

2009-10-25 23:18 . 2009-10-25 23:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Blender Foundation

2009-10-21 21:01 . 2009-11-13 11:19 52224 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\wj5bae9z.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll

2009-10-21 21:01 . 2009-11-13 11:19 114688 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\wj5bae9z.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\npmozax.dll

2009-10-21 05:39 . 2008-04-14 07:20 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2008-04-14 07:20 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2008-04-13 23:53 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:34 . 2008-04-14 07:20 271360 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:39 . 2008-04-14 07:20 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:39 . 2008-04-14 07:20 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-11 06:17 . 2009-04-26 01:40 411368 ----a-w- c:\windows\system32\deploytk.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]

2009-08-10 14:06 91576 ----a-w- c:\arquivos de programas\BearShareTb\BearShareDx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2009-05-04 10:56 398776 ----a-w- c:\arquivos de programas\BearShare Applications\BearShare\BearShareIEHelper.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\arquivos de programas\BearShareTb\BearShareDx.dll" [2009-08-10 91576]

 

[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2009-11-07 418083]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-13 1695232]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1897768]

"NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2008-08-19 3572195]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-04 2334856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-09-21 131072]

"S3Trayp"="S3Trayp.exe" [2007-06-11 249856]

"SkyTel"="SkyTel.EXE" [2007-10-11 1904640]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 104304]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 734987]

"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2290984]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1389904]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 227091]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 207683]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 313603]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [bU]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2009-10-29 124928]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 263019]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 309051]

KasperskyTrialAutomaticoDrH.bat [2009-10-21 3898]

Windows Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2008-5-26 296419]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoPopUpsOnBoot"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=

"c:\\Arquivos de programas\\Bywifi\\bywifi.exe"=

"c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Arquivos de programas\\Movie Maker\\moviemk.exe"=

"c:\\Documents and Settings\\Administrador\\Desktop\\Denis\\meus progamas\\Puxa Rápido\\PuxaRapido.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Arquivos de programas\\BearShare Applications\\BearShare\\BearShare.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\XP Codec Pack\\filters\\ac3config.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWuSchd2.exe"=

"c:\\WINDOWS\\system32\\S3Trayp.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nero\\Lib\\NeroCheck.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nero\\Lib\\NMIndexingService.exe"=

"c:\\WINDOWS\\system32\\VTTimer.exe"=

"c:\\Arquivos de programas\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Arquivos de programas\\Alwil Software\\Avast4\\ashBug.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nero\\Lib\\NMIndexStoreSvr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Product Assistant\\bin\\hprblog.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GrooveMonitor.exe"=

"c:\\Arquivos de programas\\Windows Desktop Search\\WindowsSearch.exe"=

"c:\\WINDOWS\\system32\\regsvr32.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTEM.EXE"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\jusched.exe"=

"c:\\WINDOWS\\system32\\grpconv.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [25/3/2009 15:23 16896]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [25/3/2009 15:23 52224]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/12/2009 12:46 114768]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [25/3/2009 15:19 13696]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/12/2009 12:46 20560]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]

R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [11/7/2007 14:08 714240]

S2 gupdate1c9f472b3f2483e;Google Update Service (gupdate1c9f472b3f2483e);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [24/6/2009 00:23 309715]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - ASC3360PR

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.bearshare.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

IE: &Search

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\wj5bae9z.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.globo.com/

FF - prefs.js: keyword.URL -

FF - prefs.js: network.proxy.type - 4

FF - component: c:\arquivos de programas\Google\Google Gears\Firefox\lib\ff35\gears.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\wj5bae9z.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NP_PR1.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NP_PR2.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NP_PR3.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NP_PR4.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NP_PR5.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NP_PR6.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-24 13:23

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2432)

c:\windows\system32\WININET.dll

c:\windows\Wplugin.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\VTTimer.exe

c:\windows\system32\S3Trayp.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\system32\PnkBstrA.exe

c:\arquiv~1\SPEEDB~2\VideoAcceleratorService.exe

c:\windows\system32\SearchIndexer.exe

c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\SearchProtocolHost.exe

c:\arquiv~1\SPEEDB~2\VideoAcceleratorEngine.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-12-24 13:33:08 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-12-24 15:32

ComboFix2.txt 2009-12-20 18:58

 

Pré-execução: 4.976.177.152 bytes disponíveis

Pós execução: 5.902.811.136 bytes disponíveis

 

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=2,3,4,5

- - End Of File - - 5BCD1BE7C1D7B298EDFF5EB2C3958F00

 

 

 

 

 

 

 

 

############################## | FindyKill V5.022 |

 

# User : Administrador (Administradores) # XPPC

# Update on 24/12/2009 by Chiquitine29

# Start at: 15:10:40 | 24/12/2009

# Website : http://pagesperso-orange.fr/NosTools/index.html

# Contact : FindyKill.Contact@gmail.com

 

# Intel® Celeron® CPU 2.66GHz

# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

# Internet Explorer 7.0.5730.11

# Windows Firewall Status : Enabled

 

# A:\ # Unidade de disquete de 3 1/2 polegadas

# C:\ # Disco fixo local # 74,52 Go (5,33 Go free) # NTFS

# D:\ # Disco CD-ROM

# E:\ # Disco CD-ROM # 4,46 Mo (0 Mo free) [Oi Velox 3G] # CDFS

# F:\ # Disco removível

 

############################## | Processos ativos |

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorEngine.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

################## | C: |

 

Supprimido ! E:\"autorun.inf"

 

################## | C:\WINDOWS |

 

 

################## | C:\WINDOWS\system32 |

 

 

################## | C:\WINDOWS\system32\drivers |

 

 

################## | C:\Documents and Settings\Administrador\Dados de aplicativos |

 

 

################## | Supressão Outros ... |

 

################## | Temporary Internet Files |

 

 

################## | Registro / Chaves infeciosas |

 

Supprimido ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"

Supprimido ! [HKLM\software\microsoft\security center] "AntiVirusOverride"

Supprimido ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"

Supprimido ! [HKLM\software\microsoft\security center] "FirewallOverride"

Supprimido ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"

Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"

 

################## | Estado / Serviços / Informações |

 

# Safe mode restaurado !

 

# Affichagem dos arquivos ocultos : OK

 

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )

# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )

# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )

# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

 

################## | PEH ... |

 

 

################## | Cracks / Keygens / Serials |

 

 

################## | ! Fim do relatório # FindyKill V5.022 ! |

[Power Max 54]

:) Olá!

 

Vi no seu log que você tem o Malwarebytes instalado em seu PC.

 

Faça (se for possível) uma atualização do Malwarebytes, ou seja, faça um update nele.

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

 

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com log do programa Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir este procedimento acima.

 

Ficamos no aguardo de sua resposta.

___________________________________

 

Obs: Para postar o log do Hijackthis é só fazer o seguinte:

 

Crie uma pasta própria (como por exemplo C:\Arquivos de Programas\HijackThis).

 

Faça o download do HijackThis e no momento de salvá-lo escolha a opção de salvá-lo nesta pasta que você acabou de criar e descompacte o hijackthis.zip dentro dela.

 

Dê um duplo clique no instalador do Hijackthis > clique na opção I Accept.

 

Clique no botão: Do a system scan and save a logfile. Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar).

 

Depois disso é só voltar aqui no fórum e postar este log do Hijackthis juntamente com o log do Malwarebytes para que eles possam ser analisados.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.