Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

godoy89

[Arquivado] Análise de LOG

Recommended Posts

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:02:18, on 10/1/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Razer\Lachesis\razerhid.exe

C:\Arquivos de programas\Razer\Tarantula\razerhid.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\LClock\lclock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\windows\netaps\sysinternals.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\UPHClean\uphclean.exe

C:\Arquivos de programas\Razer\Lachesis\OSD.exe

C:\Arquivos de programas\Razer\Lachesis\razerofa.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Arquivos de programas\TechSmith\Snagit 9\SnagitBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Arquivos de programas\TechSmith\Snagit 9\SnagitIEAddin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Lachesis] C:\Arquivos de programas\Razer\Lachesis\razerhid.exe

O4 - HKLM\..\Run: [Tarantula] C:\Arquivos de programas\Razer\Tarantula\razerhid.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spooler de Impressão] C:\WINDOWS\system32\rundll32.exe C:\windows\netaps\windll.dll update

O4 - HKCU\..\Run: [serviço de Indexação Windows] C:\windows\netaps\sysinternals.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 8320 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Olá Godoy!

 

:seta: Siga, primeiramente, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

_________________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

RcAuto1.gif

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com o log do Malwarebytes e um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

MBAM:

Malwarebytes' Anti-Malware 1.44

Database version: 3538

Windows 5.1.2600 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.18702

 

2010-01-11 00:18:38

mbam-log-2010-01-11 (00-18-38).txt

 

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 291777

Time elapsed: 30 minute(s), 28 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\WINDOWS\didulist (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\wbtemp2.txt (Malware.Trace) -> Quarantined and deleted successfully.

 

ComboFix:

ComboFix 10-01-04.01 - Godoy 11/01/2010 0:36.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1791.1299 [GMT -2:00]

Executando de: c:\documents and settings\Godoy\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

C:\khq

c:\windows\netaps

c:\windows\netaps\outlook.exe

c:\windows\netaps\sysinternals.exe

c:\windows\netaps\windll.dll

c:\windows\netaps\Windll.log

c:\windows\system32\msvcr92d.cfg

c:\windows\system32\msvcr92d.usr

D:\Autorun.inf

D:\khq

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-11 to 2010-01-11 ))))))))))))))))))))))))))))

.

 

2010-01-11 02:29 . 2010-01-11 02:29 400384 ----a-w- c:\windows\system32\CF4801.exe

2010-01-11 01:38 . 2010-01-11 01:38 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\Malwarebytes

2010-01-11 01:38 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-11 01:38 . 2010-01-11 01:38 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-01-11 01:38 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-11 00:59 . 2010-01-11 01:02 -------- d-----w- C:\Hijack

2010-01-07 21:05 . 2010-01-07 21:05 -------- d-----w- C:\ProgramData

2010-01-07 21:05 . 2010-01-07 21:05 -------- d-----w- c:\arquivos de programas\Electronic Arts

2010-01-06 23:24 . 2010-01-06 23:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2009-12-22 18:08 . 2009-12-22 18:08 4043544 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgui.exe

2009-12-22 18:08 . 2009-12-18 18:07 294656 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avglngx.dll

2009-12-22 18:08 . 2009-12-22 18:07 3966744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-11 01:08 . 2009-10-05 14:05 -------- d-----w- c:\arquivos de programas\WS_FTP

2010-01-11 01:04 . 2008-07-24 05:43 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-01-11 01:04 . 2008-07-24 05:43 -------- d-----w- c:\arquivos de programas\SpywareBlaster

2010-01-09 20:21 . 2008-07-18 02:55 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\FrostWire

2010-01-09 02:31 . 2008-12-15 19:19 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\Tibia

2010-01-08 12:52 . 2008-07-24 05:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-01-07 21:05 . 2009-06-29 02:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Electronic Arts

2010-01-07 20:49 . 2008-07-16 23:28 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-07 20:31 . 2009-09-09 23:34 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\FileZilla

2010-01-07 00:03 . 2009-09-09 23:34 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client

2010-01-06 23:40 . 2008-07-17 00:20 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\Ahead

2010-01-06 01:17 . 2008-07-18 02:26 -------- d-----w- c:\arquivos de programas\FrostWire

2009-12-12 23:07 . 2009-12-04 19:09 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\Tropico 3

2009-12-10 23:23 . 2001-10-28 18:07 71242 ----a-w- c:\windows\system32\perfc016.dat

2009-12-10 23:23 . 2001-10-28 18:07 432812 ----a-w- c:\windows\system32\perfh016.dat

2009-11-30 18:24 . 2009-11-30 18:24 -------- d-----w- c:\arquivos de programas\AGEIA Technologies

2009-11-30 18:24 . 2008-09-16 22:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-11-30 01:59 . 2009-11-30 01:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2009-11-30 01:59 . 2009-11-30 01:59 -------- d-----w- c:\arquivos de programas\DVDVideoSoft

2009-11-27 13:34 . 2009-08-06 01:55 1 ----a-w- c:\documents and settings\Godoy\Dados de aplicativos\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-11-23 20:39 . 2008-07-17 00:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-11-23 19:36 . 2008-07-18 02:37 -------- d-----w- c:\arquivos de programas\Java

2009-11-23 19:35 . 2009-11-23 19:35 152576 ----a-w- c:\documents and settings\Godoy\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-23 19:34 . 2009-11-23 19:34 79488 ----a-w- c:\documents and settings\Godoy\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-21 16:42 . 2004-08-04 03:45 470528 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-19 22:03 . 2008-07-16 23:27 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2009-11-19 20:21 . 2009-11-19 19:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BioWare

2009-11-19 19:06 . 2009-11-19 19:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation

2009-11-19 18:50 . 2009-06-26 18:56 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2009-11-15 22:58 . 2008-07-26 06:13 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-11-10 00:53 . 2009-10-25 17:33 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-10-29 07:42 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-25 17:33 . 2009-10-25 17:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-10-25 17:33 . 2009-10-25 17:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-10-25 17:33 . 2009-10-25 17:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-10-21 06:01 . 2004-08-04 03:45 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 06:01 . 2004-08-04 03:45 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 14:58 . 2004-08-04 02:00 263552 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-14 22:45 . 2009-10-14 22:45 152576 ----a-w- c:\documents and settings\Godoy\Dados de aplicativos\Sun\Java\jre1.6.0_16\lzma.dll

2009-10-13 10:52 . 2004-08-04 03:45 267776 ----a-w- c:\windows\system32\oakley.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LClock"="c:\arquivos de programas\LClock\lclock.exe" [2004-09-19 65536]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]

"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]

"Lachesis"="c:\arquivos de programas\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]

"Tarantula"="c:\arquivos de programas\Razer\Tarantula\razerhid.exe" [2006-09-30 176128]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-10-02 198160]

"AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-30 7634944]

"nwiz"="nwiz.exe" [2006-10-30 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-30 86016]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-10-25 17:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Iolo Macro Magic.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Iolo Macro Magic.lnk

backup=c:\windows\pss\Iolo Macro Magic.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Godoy^Menu Iniciar^Programas^Inicializar^OpenOffice.org 3.1.lnk]

path=c:\documents and settings\Godoy\Menu Iniciar\Programas\Inicializar\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-09-04 14:08 935288 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2007-05-15 18:55 1057328 ----a-w- c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

2008-07-26 03:27 249856 ----a-w- c:\arquivos de programas\lg_fwupdate\fwupdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2010-01-07 18:07 1394000 ----a-w- c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2007-06-15 08:45 1826816 ------r- c:\windows\SkyTel.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"d:\\Jogos\\Steam\\Steam.exe"=

"c:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"d:\\Jogos\\Tibia\\Tibia.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"d:\\Jogos\\Steam\\steamapps\\guilherme_godoy@sixsons.com.br\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/10/2009 15:33 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/10/2009 15:33 360584]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [25/10/2009 15:33 285392]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/7/2009 23:11 721904]

S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [20/1/2009 00:24 12032]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 slnt;Realtek RTL8139 Family PCI Fast Ethernet NIC;c:\windows\system32\drivers\slnt.sys [16/7/2008 22:00 18042]

S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [5/8/2009 00:35 44800]

S3 XDva068;XDva068;\??\c:\windows\system32\XDva068.sys --> c:\windows\system32\XDva068.sys [?]

S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?]

S3 XDva187;XDva187;\??\c:\windows\system32\XDva187.sys --> c:\windows\system32\XDva187.sys [?]

S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]

S3 XDva195;XDva195;\??\c:\windows\system32\XDva195.sys --> c:\windows\system32\XDva195.sys [?]

S3 XDva220;XDva220;\??\c:\windows\system32\XDva220.sys --> c:\windows\system32\XDva220.sys [?]

S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]

S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]

S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [12/9/2008 01:21 90568]

S4 Htiideaewxr;Htiideaewxr; [x]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*Deregistered* - uphcleanhlp

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Godoy\Dados de aplicativos\Mozilla\Firefox\Profiles\8mhv5gzd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

MSConfigStartUp-cida - c:\windows\system32\cida.exe

MSConfigStartUp-Serviço de Indexação Windows - c:\windows\netaps\sysinternals.exe

MSConfigStartUp-Spooler de Impressão - c:\windows\netaps\windll.dll

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-11 00:39

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1275210071-1757981266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{54AF3933-F717-AE76-896C-3750071518DA}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"oaalplckjnmjeglddmdmcpgnaianlo"=hex:64,61,61,6a,66,66,65,63,00,80

"oamipemfdabjmldcmpmncncpimhlip"=hex:6a,61,64,67,65,67,61,6c,6a,65,64,64,6b,64,

70,65,6d,69,6e,69,00,fd

"naoifghocillpphajobfdkfpncde"=hex:69,61,67,66,70,68,69,6b,6e,6c,61,69,6b,64,

69,61,66,61,00,00

 

[HKEY_USERS\S-1-5-21-1275210071-1757981266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A5CDDD73-75CC-932B-DE3A-92816583454F}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"paebhegnmjopcbogleahicjncnlgoepk"=hex:6b,61,61,61,66,6c,63,70,6b,64,6b,69,62,

70,67,67,66,63,64,6f,65,6d,00,00

"oaoajgdcjlkephaaoagfhfmfabamia"=hex:6b,61,61,61,66,6c,63,70,6b,64,6b,69,62,70,

67,67,66,63,64,6f,65,6d,00,00

 

[HKEY_USERS\S-1-5-21-1275210071-1757981266-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:57,6e,9c,33,45,fa,28,74,7e,75,17,d2,03,d6,79,14,2a,cb,f1,0b,33,ac,6e,

42,1a,13,ea,b8,39,9e,c1,fa,1f,86,05,83,69,bf,be,d3,5a,e8,00,d7,89,eb,a6,95,\

"??"=hex:eb,ed,84,dd,a8,31,88,9c,45,0d,1b,b1,dd,01,48,48

 

[HKEY_USERS\S-1-5-21-1275210071-1757981266-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:ca,47,05,9c,5d,1f,41,eb,5e,e9,2a,7f,5c,28,d9,a4,9a,f9,8f,d2,ac,

3b,05,e8,0c,42,61,3a,f7,1d,0d,fb,5b,5a,60,2a,7f,4c,84,4f,e0,1c,73,47,b2,c7,\

"rkeysecu"=hex:61,69,c9,ec,af,13,4e,17,43,58,ba,60,fe,a5,9a,b4

.

Tempo para conclusão: 2010-01-11 00:41:07

ComboFix-quarantined-files.txt 2010-01-11 02:41

 

Pré-execução: 8 pasta(s) 12.254.998.528 bytes disponíveis

Pós execução: 11 pasta(s) 12.217.229.312 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

 

- - End Of File - - 7B928DF93991B3E586337FF8FCC2E8B3

 

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:42:26, on 11/1/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\UPHClean\uphclean.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Arquivos de programas\TechSmith\Snagit 9\SnagitBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Arquivos de programas\TechSmith\Snagit 9\SnagitIEAddin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Lachesis] C:\Arquivos de programas\Razer\Lachesis\razerhid.exe

O4 - HKLM\..\Run: [Tarantula] C:\Arquivos de programas\Razer\Tarantula\razerhid.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 7344 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Vários problemas foram removidos do seu PC.

 

:seta: Siga, por gentileza, as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-usbfix.html"]Tutorial do USBFix

 

Tutorial do antivírus BitDefender Online

 

Poste o log do Usbfix que estará em C:\UsbFix.txt em sua próxima resposta juntamente com um o log que estará em C:\Windows\BDOSCAN8\bdoscan.log e novo log do Hijackthis e nos diga como está o PC após estes procedimentos.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

USBFix:

 

############################## | UsbFix V6.073 |

 

User : Godoy (Administradores) # PC1

Update on 09/01/2010 by El Desaparecido , C_XX & Chimay8

Start at: 20:47:57 | 13/1/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

AMD Athlon 64 X2 Dual Core Processor 4800+

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : AVG Anti-Virus Free 9.0 [ Enabled | Updated ]

 

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 29,3 Go (11,15 Go free) # NTFS

D:\ -> Disco fixo local # 119,74 Go (87,52 Go free) # NTFS

E:\ -> Disco CD-ROM # 5,56 Go (0 Mo free) [sims3] # UDF

F:\ -> Disco removível # 1,89 Go (1,74 Go free) [2GB - GODOY] # FAT

 

############################## | Processos activos |

 

C:\WINDOWS\System32\smss.exe 624

C:\WINDOWS\system32\csrss.exe 676

C:\WINDOWS\system32\winlogon.exe 700

C:\WINDOWS\system32\services.exe 744

C:\WINDOWS\system32\lsass.exe 756

C:\WINDOWS\system32\svchost.exe 940

C:\WINDOWS\system32\svchost.exe 988

C:\WINDOWS\System32\svchost.exe 1084

C:\WINDOWS\system32\svchost.exe 1204

C:\WINDOWS\system32\svchost.exe 1280

C:\WINDOWS\system32\logonui.exe 1360

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe 1392

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe 1408

C:\WINDOWS\system32\spoolsv.exe 1468

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe 1600

C:\WINDOWS\Explorer.EXE 1972

C:\WINDOWS\system32\svchost.exe 500

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe 536

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe 616

C:\Arquivos de programas\Java\jre6\bin\jqs.exe 828

C:\WINDOWS\system32\nvsvc32.exe 1064

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe 1200

C:\WINDOWS\system32\svchost.exe 1532

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe 1764

C:\Arquivos de programas\UPHClean\uphclean.exe 276

C:\WINDOWS\system32\wuauclt.exe 512

C:\WINDOWS\system32\wbem\wmiprvse.exe 2316

C:\WINDOWS\System32\alg.exe 2380

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\kht

Supprimido ! C:\khu

Supprimido ! C:\khv

Supprimido ! C:\khw

Supprimido ! C:\Recycler\S-1-5-21-1275210071-1757981266-839522115-1003

Supprimido ! D:\kht

Supprimido ! D:\khu

Supprimido ! D:\khv

Supprimido ! D:\khw

Supprimido ! D:\Recycler\S-1-5-21-1275210071-1757981266-839522115-1003

Supprimido ! D:\Recycler\S-1-5-21-1275210071-1757981266-839522115-500

Não supprimido ! E:\autorun.inf

 

################## | Registro # Chaves infectieuses |

 

Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"

Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

 

################## | Registro # Mountpoints2 |

 

 

################## | Listing |

 

[16/07/2008 21:18|--a------|0] C:\AUTOEXEC.BAT

[10/01/2010 23:14|--ah-----|223] C:\Boot.bak

[11/01/2010 00:34|-rahs----|293] C:\boot.ini

[28/10/2001 16:06|-rahs----|4952] C:\Bootfont.bin

[03/08/2004 23:00|--ah-----|261856] C:\cmldr

[16/07/2008 21:18|--a------|0] C:\CONFIG.SYS

[16/07/2008 21:18|-rahs----|0] C:\IO.SYS

[16/07/2008 21:18|-rahs----|0] C:\MSDOS.SYS

[03/08/2004 23:38|-rahs----|47564] C:\NTDETECT.COM

[03/08/2004 23:59|-rahs----|251168] C:\ntldr

[?|?|?] C:\pagefile.sys

[13/04/2008 08:56|-rahs----|815690] C:\psifyq.exe

[13/04/2008 20:22|-rahs----|851154] C:\ttcpao.exe

[13/01/2010 20:52|--a------|3599] C:\UsbFix.txt

[14/04/2008 00:22|-rahs----|405622] D:\mutbnp.exe

[?|?|?] D:\pagefile.sys

[13/04/2008 08:56|-rahs----|815690] D:\psifyq.exe

[14/04/2008 08:03|-rahs----|878074] D:\tcxjeg.exe

[04/08/2004 15:32|-rahs----|724902] D:\trnavs.exe

[13/04/2008 20:22|-rahs----|851154] D:\ttcpao.exe

[09/04/2009 23:52|-r-------|12292] E:\.DS_Store

[09/04/2009 23:59|-r-------|253] E:\.hidden

[30/04/2009 00:57|-r-------|54544] E:\Autorun.exe

[21/10/2008 21:48|-r-------|45] E:\Autorun.inf

[19/06/2008 23:06|-r-------|555520] E:\ISSetup.dll

[21/10/2008 21:48|-r-------|174684] E:\Sims3.ico

[30/04/2009 01:03|-r-------|398608] E:\Sims3Setup.exe

[05/03/2009 18:33|-r-------|319488] E:\_Setup.dll

[30/04/2009 00:58|-r-------|3204962] E:\data1.cab

[30/04/2009 00:57|-r-------|195056] E:\data1.hdr

[30/04/2009 01:03|-r-------|512] E:\data2.cab

[12/08/2008 19:02|-r-------|10134] E:\eauninstall.ico

[30/04/2009 01:03|-r-------|25506] E:\layout.bin

[03/10/2008 17:46|-r-------|164463] E:\setup.gif

[30/04/2009 00:57|-r-------|707] E:\setup.ini

[30/04/2009 00:57|-r-------|354226] E:\setup.inx

[28/03/2009 04:29|-r-------|548828] E:\setup.isn

[30/04/2009 00:57|-r-------|152] E:\skuversion.txt

[14/12/2009 14:19|--ah-----|4096] F:\._.Trashes

 

################## | Vaccinação |

 

# C:\autorun.inf -> Folder criado por UsbFix.

# D:\autorun.inf -> Folder criado por UsbFix.

# F:\autorun.inf -> Folder criado por UsbFix.

 

################## | Crack > Keygen > Serial |

 

 

################## | Upload |

 

Favor enviar o arquivo : C:\DOCUME~1\Godoy\Desktop\UsbFix_Upload_Me_PC1.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # UsbFix V6.073 ! |

 

 

Amanhã faço o outro.

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Vários problemas foram removidos pelo Usbfix.

 

Envie, por gentileza, o arquivo C:\DOCUME~1\Godoy\Desktop\UsbFix_Upload_Me_PC1.zip para este site abaixo para que o Usbfix possa ser aperfeiçoado:

http://chiquitine.changelog.fr/Sample/Upload.php

_______________________________________

 

Amanhã faço o outro

Ok, ficamos na espera.

 

Faça também o seguinte por gentileza:

 

● Desative temporariamente a proteção residente de seu antivírus para evitar conflitos e volte a ativá-la depois de cumprir todas as etapas abaixo:

 

* Faça o download do PenClean:

https://dl.getdropbox.com/u/1035720/PenClean.zip

 

● Descompacte o Penclean.zip usando um descompactor (como o Winrar ou Winzip, por exemplo).

● Conecte o seu pendrive ou outra mídia que estiver infectada (se você tiver um) no computador e siga as etapas abaixo:

● Execute o arquivo PenClean.exe, e marque a opção: Verificar unidade > clique seta voltada para baixo e escolha a opção Todas as unidades. Depois disto clique no botão: Verificar.

● Se algo for detectado, o programa vai pedir para reiniciar o computador. Marque a opção para reiniciar e aguarde.

 

● Será salvo um log em C:\PenClean\PenClean.txt

____________________________________

 

:seta: Siga também as dicas deste tutorial:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-flash-disinfector.html"]Tutorial do Flash Disinfector

___________________________________

 

:seta: Na sua próxima resposta poste o log que estará em C:\PenClean\PenClean.txt, o log que estará em C:\Windows\BDOSCAN8\bdoscan.log e novo log do Hijackthis e nos diga como está o PC após estes procedimentos.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.