godoy89 0 Denunciar post Postado Janeiro 11, 2010 Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:02:18, on 10/1/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe C:\Arquivos de programas\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Razer\Lachesis\razerhid.exe C:\Arquivos de programas\Razer\Tarantula\razerhid.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\ARQUIV~1\AVG\AVG9\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\LClock\lclock.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\windows\netaps\sysinternals.exe C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVG\AVG9\avgnsx.exe C:\Arquivos de programas\UPHClean\uphclean.exe C:\Arquivos de programas\Razer\Lachesis\OSD.exe C:\Arquivos de programas\Razer\Lachesis\razerofa.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Arquivos de programas\TechSmith\Snagit 9\SnagitBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Arquivos de programas\TechSmith\Snagit 9\SnagitIEAddin.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Lachesis] C:\Arquivos de programas\Razer\Lachesis\razerhid.exe O4 - HKLM\..\Run: [Tarantula] C:\Arquivos de programas\Razer\Tarantula\razerhid.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spooler de Impressão] C:\WINDOWS\system32\rundll32.exe C:\windows\netaps\windll.dll update O4 - HKCU\..\Run: [serviço de Indexação Windows] C:\windows\netaps\sysinternals.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe -- End of file - 8320 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Janeiro 11, 2010 :) Olá Godoy! :seta: Siga, primeiramente, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes: '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware _________________________________________ :seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: Faça o download do ComboFix Salve-o no Desktop (área de trabalho). * Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! ) * Feche todas as janelas e execute a ferramenta. * Ps: A execução, por comando, também é possível: * Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall * Clique em Ok. * Na solicitação: "Negação de garantia de software" --> Clique em Sim. * Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo. * Terminando,clique Sim ou Yes. --> Aguarde. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX :!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download. * Salve-a no Desktop,renomeada como: Kombo.exe * Ps: Nomeie durante o salvamento,e não após salvá-la! * Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link! * Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: * Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos. * Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! * Ps: Para evitar problemas, siga todas as recomendações propostas. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX * Abrir-se-á a janela Auto Scan. --> Aguarde! * Para finalizar remoções, o ComboFix poderá reiniciar o computador. * Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! * Durante o scan, evite manusear o mouse ou teclado! <-- Importante! * Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter. <><><><><><><><><><><><> Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com o log do Malwarebytes e um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
godoy89 0 Denunciar post Postado Janeiro 11, 2010 MBAM: Malwarebytes' Anti-Malware 1.44 Database version: 3538 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18702 2010-01-11 00:18:38 mbam-log-2010-01-11 (00-18-38).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 291777 Time elapsed: 30 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\didulist (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\wbtemp2.txt (Malware.Trace) -> Quarantined and deleted successfully. ComboFix: ComboFix 10-01-04.01 - Godoy 11/01/2010 0:36.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1791.1299 [GMT -2:00] Executando de: c:\documents and settings\Godoy\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\khq c:\windows\netaps c:\windows\netaps\outlook.exe c:\windows\netaps\sysinternals.exe c:\windows\netaps\windll.dll c:\windows\netaps\Windll.log c:\windows\system32\msvcr92d.cfg c:\windows\system32\msvcr92d.usr D:\Autorun.inf D:\khq . (((((((((((((((( Arquivos/Ficheiros criados de 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))) . 2010-01-11 02:29 . 2010-01-11 02:29 400384 ----a-w- c:\windows\system32\CF4801.exe 2010-01-11 01:38 . 2010-01-11 01:38 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\Malwarebytes 2010-01-11 01:38 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-11 01:38 . 2010-01-11 01:38 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-01-11 01:38 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-11 00:59 . 2010-01-11 01:02 -------- d-----w- C:\Hijack 2010-01-07 21:05 . 2010-01-07 21:05 -------- d-----w- C:\ProgramData 2010-01-07 21:05 . 2010-01-07 21:05 -------- d-----w- c:\arquivos de programas\Electronic Arts 2010-01-06 23:24 . 2010-01-06 23:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink 2009-12-22 18:08 . 2009-12-22 18:08 4043544 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgui.exe 2009-12-22 18:08 . 2009-12-18 18:07 294656 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avglngx.dll 2009-12-22 18:08 . 2009-12-22 18:07 3966744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-11 01:08 . 2009-10-05 14:05 -------- d-----w- c:\arquivos de programas\WS_FTP 2010-01-11 01:04 . 2008-07-24 05:43 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-01-11 01:04 . 2008-07-24 05:43 -------- d-----w- c:\arquivos de programas\SpywareBlaster 2010-01-09 20:21 . 2008-07-18 02:55 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\FrostWire 2010-01-09 02:31 . 2008-12-15 19:19 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\Tibia 2010-01-08 12:52 . 2008-07-24 05:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2010-01-07 21:05 . 2009-06-29 02:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Electronic Arts 2010-01-07 20:49 . 2008-07-16 23:28 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-01-07 20:31 . 2009-09-09 23:34 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\FileZilla 2010-01-07 00:03 . 2009-09-09 23:34 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client 2010-01-06 23:40 . 2008-07-17 00:20 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\Ahead 2010-01-06 01:17 . 2008-07-18 02:26 -------- d-----w- c:\arquivos de programas\FrostWire 2009-12-12 23:07 . 2009-12-04 19:09 -------- d-----w- c:\documents and settings\Godoy\Dados de aplicativos\Tropico 3 2009-12-10 23:23 . 2001-10-28 18:07 71242 ----a-w- c:\windows\system32\perfc016.dat 2009-12-10 23:23 . 2001-10-28 18:07 432812 ----a-w- c:\windows\system32\perfh016.dat 2009-11-30 18:24 . 2009-11-30 18:24 -------- d-----w- c:\arquivos de programas\AGEIA Technologies 2009-11-30 18:24 . 2008-09-16 22:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard 2009-11-30 01:59 . 2009-11-30 01:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft 2009-11-30 01:59 . 2009-11-30 01:59 -------- d-----w- c:\arquivos de programas\DVDVideoSoft 2009-11-27 13:34 . 2009-08-06 01:55 1 ----a-w- c:\documents and settings\Godoy\Dados de aplicativos\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-11-23 20:39 . 2008-07-17 00:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2009-11-23 19:36 . 2008-07-18 02:37 -------- d-----w- c:\arquivos de programas\Java 2009-11-23 19:35 . 2009-11-23 19:35 152576 ----a-w- c:\documents and settings\Godoy\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-23 19:34 . 2009-11-23 19:34 79488 ----a-w- c:\documents and settings\Godoy\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-21 16:42 . 2004-08-04 03:45 470528 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-19 22:03 . 2008-07-16 23:27 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation 2009-11-19 20:21 . 2009-11-19 19:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BioWare 2009-11-19 19:06 . 2009-11-19 19:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation 2009-11-19 18:50 . 2009-06-26 18:56 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab 2009-11-15 22:58 . 2008-07-26 06:13 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy 2009-11-10 00:53 . 2009-10-25 17:33 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-10-29 07:42 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-25 17:33 . 2009-10-25 17:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-10-25 17:33 . 2009-10-25 17:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-10-25 17:33 . 2009-10-25 17:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-10-21 06:01 . 2004-08-04 03:45 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 06:01 . 2004-08-04 03:45 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 14:58 . 2004-08-04 02:00 263552 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-14 22:45 . 2009-10-14 22:45 152576 ----a-w- c:\documents and settings\Godoy\Dados de aplicativos\Sun\Java\jre1.6.0_16\lzma.dll 2009-10-13 10:52 . 2004-08-04 03:45 267776 ----a-w- c:\windows\system32\oakley.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LClock"="c:\arquivos de programas\LClock\lclock.exe" [2004-09-19 65536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SecurDisc"="c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208] "BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416] "Lachesis"="c:\arquivos de programas\Razer\Lachesis\razerhid.exe" [2007-09-12 172032] "Tarantula"="c:\arquivos de programas\Razer\Tarantula\razerhid.exe" [2006-09-30 176128] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-10-02 198160] "AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-30 7634944] "nwiz"="nwiz.exe" [2006-10-30 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-30 86016] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-10-25 17:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Iolo Macro Magic.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Iolo Macro Magic.lnk backup=c:\windows\pss\Iolo Macro Magic.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Godoy^Menu Iniciar^Programas^Inicializar^OpenOffice.org 3.1.lnk] path=c:\documents and settings\Godoy\Menu Iniciar\Programas\Inicializar\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 14:08 935288 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-05-15 18:55 1057328 ----a-w- c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU] 2008-07-26 03:27 249856 ----a-w- c:\arquivos de programas\lg_fwupdate\fwupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-01-07 18:07 1394000 ----a-w- c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2007-06-15 08:45 1826816 ------r- c:\windows\SkyTel.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "d:\\Jogos\\Steam\\Steam.exe"= "c:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"= "c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "d:\\Jogos\\Tibia\\Tibia.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"= "c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "d:\\Jogos\\Steam\\steamapps\\guilherme_godoy@sixsons.com.br\\counter-strike\\hl.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/10/2009 15:33 333192] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/10/2009 15:33 360584] R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [25/10/2009 15:33 285392] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/7/2009 23:11 721904] S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [20/1/2009 00:24 12032] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 slnt;Realtek RTL8139 Family PCI Fast Ethernet NIC;c:\windows\system32\drivers\slnt.sys [16/7/2008 22:00 18042] S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [5/8/2009 00:35 44800] S3 XDva068;XDva068;\??\c:\windows\system32\XDva068.sys --> c:\windows\system32\XDva068.sys [?] S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?] S3 XDva187;XDva187;\??\c:\windows\system32\XDva187.sys --> c:\windows\system32\XDva187.sys [?] S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?] S3 XDva195;XDva195;\??\c:\windows\system32\XDva195.sys --> c:\windows\system32\XDva195.sys [?] S3 XDva220;XDva220;\??\c:\windows\system32\XDva220.sys --> c:\windows\system32\XDva220.sys [?] S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?] S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?] S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [12/9/2008 01:21 90568] S4 Htiideaewxr;Htiideaewxr; [x] --- =Outros Serviços/Drivers Na Memória --- *Deregistered* - uphcleanhlp . . ------- Scan Suplementar ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\Godoy\Dados de aplicativos\Mozilla\Firefox\Profiles\8mhv5gzd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . - - - - ORFÃOS REMOVIDOS - - - - MSConfigStartUp-cida - c:\windows\system32\cida.exe MSConfigStartUp-Serviço de Indexação Windows - c:\windows\netaps\sysinternals.exe MSConfigStartUp-Spooler de Impressão - c:\windows\netaps\windll.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-11 00:39 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1275210071-1757981266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{54AF3933-F717-AE76-896C-3750071518DA}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oaalplckjnmjeglddmdmcpgnaianlo"=hex:64,61,61,6a,66,66,65,63,00,80 "oamipemfdabjmldcmpmncncpimhlip"=hex:6a,61,64,67,65,67,61,6c,6a,65,64,64,6b,64, 70,65,6d,69,6e,69,00,fd "naoifghocillpphajobfdkfpncde"=hex:69,61,67,66,70,68,69,6b,6e,6c,61,69,6b,64, 69,61,66,61,00,00 [HKEY_USERS\S-1-5-21-1275210071-1757981266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A5CDDD73-75CC-932B-DE3A-92816583454F}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "paebhegnmjopcbogleahicjncnlgoepk"=hex:6b,61,61,61,66,6c,63,70,6b,64,6b,69,62, 70,67,67,66,63,64,6f,65,6d,00,00 "oaoajgdcjlkephaaoagfhfmfabamia"=hex:6b,61,61,61,66,6c,63,70,6b,64,6b,69,62,70, 67,67,66,63,64,6f,65,6d,00,00 [HKEY_USERS\S-1-5-21-1275210071-1757981266-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:57,6e,9c,33,45,fa,28,74,7e,75,17,d2,03,d6,79,14,2a,cb,f1,0b,33,ac,6e, 42,1a,13,ea,b8,39,9e,c1,fa,1f,86,05,83,69,bf,be,d3,5a,e8,00,d7,89,eb,a6,95,\ "??"=hex:eb,ed,84,dd,a8,31,88,9c,45,0d,1b,b1,dd,01,48,48 [HKEY_USERS\S-1-5-21-1275210071-1757981266-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:ca,47,05,9c,5d,1f,41,eb,5e,e9,2a,7f,5c,28,d9,a4,9a,f9,8f,d2,ac, 3b,05,e8,0c,42,61,3a,f7,1d,0d,fb,5b,5a,60,2a,7f,4c,84,4f,e0,1c,73,47,b2,c7,\ "rkeysecu"=hex:61,69,c9,ec,af,13,4e,17,43,58,ba,60,fe,a5,9a,b4 . Tempo para conclusão: 2010-01-11 00:41:07 ComboFix-quarantined-files.txt 2010-01-11 02:41 Pré-execução: 8 pasta(s) 12.254.998.528 bytes disponíveis Pós execução: 11 pasta(s) 12.217.229.312 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - 7B928DF93991B3E586337FF8FCC2E8B3 Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:42:26, on 11/1/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe C:\Arquivos de programas\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\Arquivos de programas\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\UPHClean\uphclean.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Arquivos de programas\TechSmith\Snagit 9\SnagitBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Arquivos de programas\TechSmith\Snagit 9\SnagitIEAddin.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Lachesis] C:\Arquivos de programas\Razer\Lachesis\razerhid.exe O4 - HKLM\..\Run: [Tarantula] C:\Arquivos de programas\Razer\Tarantula\razerhid.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe -- End of file - 7344 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Janeiro 11, 2010 :) Vários problemas foram removidos do seu PC. :seta: Siga, por gentileza, as dicas destes tutoriais: '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-usbfix.html"]Tutorial do USBFix Tutorial do antivírus BitDefender Online Poste o log do Usbfix que estará em C:\UsbFix.txt em sua próxima resposta juntamente com um o log que estará em C:\Windows\BDOSCAN8\bdoscan.log e novo log do Hijackthis e nos diga como está o PC após estes procedimentos. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
godoy89 0 Denunciar post Postado Janeiro 13, 2010 USBFix: ############################## | UsbFix V6.073 | User : Godoy (Administradores) # PC1 Update on 09/01/2010 by El Desaparecido , C_XX & Chimay8 Start at: 20:47:57 | 13/1/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com AMD Athlon 64 X2 Dual Core Processor 4800+ Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled AV : AVG Anti-Virus Free 9.0 [ Enabled | Updated ] A:\ -> Unidade de disquete de 3 1/2 polegadas C:\ -> Disco fixo local # 29,3 Go (11,15 Go free) # NTFS D:\ -> Disco fixo local # 119,74 Go (87,52 Go free) # NTFS E:\ -> Disco CD-ROM # 5,56 Go (0 Mo free) [sims3] # UDF F:\ -> Disco removível # 1,89 Go (1,74 Go free) [2GB - GODOY] # FAT ############################## | Processos activos | C:\WINDOWS\System32\smss.exe 624 C:\WINDOWS\system32\csrss.exe 676 C:\WINDOWS\system32\winlogon.exe 700 C:\WINDOWS\system32\services.exe 744 C:\WINDOWS\system32\lsass.exe 756 C:\WINDOWS\system32\svchost.exe 940 C:\WINDOWS\system32\svchost.exe 988 C:\WINDOWS\System32\svchost.exe 1084 C:\WINDOWS\system32\svchost.exe 1204 C:\WINDOWS\system32\svchost.exe 1280 C:\WINDOWS\system32\logonui.exe 1360 C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe 1392 C:\Arquivos de programas\AVG\AVG9\avgrsx.exe 1408 C:\WINDOWS\system32\spoolsv.exe 1468 C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe 1600 C:\WINDOWS\Explorer.EXE 1972 C:\WINDOWS\system32\svchost.exe 500 C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe 536 C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe 616 C:\Arquivos de programas\Java\jre6\bin\jqs.exe 828 C:\WINDOWS\system32\nvsvc32.exe 1064 C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe 1200 C:\WINDOWS\system32\svchost.exe 1532 C:\Arquivos de programas\AVG\AVG9\avgnsx.exe 1764 C:\Arquivos de programas\UPHClean\uphclean.exe 276 C:\WINDOWS\system32\wuauclt.exe 512 C:\WINDOWS\system32\wbem\wmiprvse.exe 2316 C:\WINDOWS\System32\alg.exe 2380 ################## | Ficheiros # pastas infeciosos | Supprimido ! C:\kht Supprimido ! C:\khu Supprimido ! C:\khv Supprimido ! C:\khw Supprimido ! C:\Recycler\S-1-5-21-1275210071-1757981266-839522115-1003 Supprimido ! D:\kht Supprimido ! D:\khu Supprimido ! D:\khv Supprimido ! D:\khw Supprimido ! D:\Recycler\S-1-5-21-1275210071-1757981266-839522115-1003 Supprimido ! D:\Recycler\S-1-5-21-1275210071-1757981266-839522115-500 Não supprimido ! E:\autorun.inf ################## | Registro # Chaves infectieuses | Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools" Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" ################## | Registro # Mountpoints2 | ################## | Listing | [16/07/2008 21:18|--a------|0] C:\AUTOEXEC.BAT [10/01/2010 23:14|--ah-----|223] C:\Boot.bak [11/01/2010 00:34|-rahs----|293] C:\boot.ini [28/10/2001 16:06|-rahs----|4952] C:\Bootfont.bin [03/08/2004 23:00|--ah-----|261856] C:\cmldr [16/07/2008 21:18|--a------|0] C:\CONFIG.SYS [16/07/2008 21:18|-rahs----|0] C:\IO.SYS [16/07/2008 21:18|-rahs----|0] C:\MSDOS.SYS [03/08/2004 23:38|-rahs----|47564] C:\NTDETECT.COM [03/08/2004 23:59|-rahs----|251168] C:\ntldr [?|?|?] C:\pagefile.sys [13/04/2008 08:56|-rahs----|815690] C:\psifyq.exe [13/04/2008 20:22|-rahs----|851154] C:\ttcpao.exe [13/01/2010 20:52|--a------|3599] C:\UsbFix.txt [14/04/2008 00:22|-rahs----|405622] D:\mutbnp.exe [?|?|?] D:\pagefile.sys [13/04/2008 08:56|-rahs----|815690] D:\psifyq.exe [14/04/2008 08:03|-rahs----|878074] D:\tcxjeg.exe [04/08/2004 15:32|-rahs----|724902] D:\trnavs.exe [13/04/2008 20:22|-rahs----|851154] D:\ttcpao.exe [09/04/2009 23:52|-r-------|12292] E:\.DS_Store [09/04/2009 23:59|-r-------|253] E:\.hidden [30/04/2009 00:57|-r-------|54544] E:\Autorun.exe [21/10/2008 21:48|-r-------|45] E:\Autorun.inf [19/06/2008 23:06|-r-------|555520] E:\ISSetup.dll [21/10/2008 21:48|-r-------|174684] E:\Sims3.ico [30/04/2009 01:03|-r-------|398608] E:\Sims3Setup.exe [05/03/2009 18:33|-r-------|319488] E:\_Setup.dll [30/04/2009 00:58|-r-------|3204962] E:\data1.cab [30/04/2009 00:57|-r-------|195056] E:\data1.hdr [30/04/2009 01:03|-r-------|512] E:\data2.cab [12/08/2008 19:02|-r-------|10134] E:\eauninstall.ico [30/04/2009 01:03|-r-------|25506] E:\layout.bin [03/10/2008 17:46|-r-------|164463] E:\setup.gif [30/04/2009 00:57|-r-------|707] E:\setup.ini [30/04/2009 00:57|-r-------|354226] E:\setup.inx [28/03/2009 04:29|-r-------|548828] E:\setup.isn [30/04/2009 00:57|-r-------|152] E:\skuversion.txt [14/12/2009 14:19|--ah-----|4096] F:\._.Trashes ################## | Vaccinação | # C:\autorun.inf -> Folder criado por UsbFix. # D:\autorun.inf -> Folder criado por UsbFix. # F:\autorun.inf -> Folder criado por UsbFix. ################## | Crack > Keygen > Serial | ################## | Upload | Favor enviar o arquivo : C:\DOCUME~1\Godoy\Desktop\UsbFix_Upload_Me_PC1.zip : http://chiquitine.changelog.fr/Sample/Upload.php Obrigado pela sua contribuição . ################## | ! Fim do relatório # UsbFix V6.073 ! | Amanhã faço o outro. Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Janeiro 13, 2010 :) Vários problemas foram removidos pelo Usbfix. Envie, por gentileza, o arquivo C:\DOCUME~1\Godoy\Desktop\UsbFix_Upload_Me_PC1.zip para este site abaixo para que o Usbfix possa ser aperfeiçoado: http://chiquitine.changelog.fr/Sample/Upload.php _______________________________________ Amanhã faço o outro Ok, ficamos na espera. Faça também o seguinte por gentileza: ● Desative temporariamente a proteção residente de seu antivírus para evitar conflitos e volte a ativá-la depois de cumprir todas as etapas abaixo: * Faça o download do PenClean: https://dl.getdropbox.com/u/1035720/PenClean.zip ● Descompacte o Penclean.zip usando um descompactor (como o Winrar ou Winzip, por exemplo). ● Conecte o seu pendrive ou outra mídia que estiver infectada (se você tiver um) no computador e siga as etapas abaixo: ● Execute o arquivo PenClean.exe, e marque a opção: Verificar unidade > clique seta voltada para baixo e escolha a opção Todas as unidades. Depois disto clique no botão: Verificar. ● Se algo for detectado, o programa vai pedir para reiniciar o computador. Marque a opção para reiniciar e aguarde. ● Será salvo um log em C:\PenClean\PenClean.txt ____________________________________ :seta: Siga também as dicas deste tutorial: '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-flash-disinfector.html"]Tutorial do Flash Disinfector ___________________________________ :seta: Na sua próxima resposta poste o log que estará em C:\PenClean\PenClean.txt, o log que estará em C:\Windows\BDOSCAN8\bdoscan.log e novo log do Hijackthis e nos diga como está o PC após estes procedimentos. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Fevereiro 14, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites