[Arquivado] Os 3 navegadores não acham as paginas, dão erro.

[Bechir Bitar 0]

Ola ! pessoal estou com problemas em outros computadores da rede.

 

Clico no icone de qualquer um navegador ele dá uma parada por algum tempo e mostra a mensagem que o servidor não foi encontrado jo rodei o AVG 9.0, MalwareBytes e HijackThis.

 

Para que possam me ajudar segue o log dos dois

 

Antecipadamente agradeço.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:33:29, on 22/03/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\web-fi-bc\webf.exe

C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\lan\viuoqu.exe

C:\Documents and Settings\All Users\Documentos\Ultra VNC PossibilitaCopiar Arquivos\winvnc.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://192.168.0.150:918; http://192.168.0.100:918; http://192.168.0.03:918; http://192.168.0.3:918; http://192.168.1.3:918; http://192.168.1.30:918; http://192.168.0.9:918; http://192.168.1.9:918

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [webf] C:\web-fi-bc\webf.exe

O4 - HKLM\..\Run: [00DSKSVR01] C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [00DSKSVR00] "C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe" saskda

O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [viuoqu] C:\Documents and Settings\lan\viuoqu.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: winvnc.exe.lnk = C:\Documents and Settings\All Users\Documentos\Ultra VNC PossibilitaCopiar Arquivos\winvnc.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {31A8068E-5C15-402F-81C0-04C7D2D66CE6} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab

O16 - DPF: {987ECFCE-E607-4D52-B2C5-2EA1F6F303C4} (WinlessActiveX Control) - http://www.pangya.com/PangyaLauncher/PangyaLauncher.cab

O16 - DPF: {CC5C7FFD-E058-4390-A22A-FD08CCD9A3CE} (JoyOnPlay Control) - http://www.pangonline.com.br/common/com/ongamenet.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{85A36832-F121-4842-9D5F-D11F4D49692B}: NameServer = 200.149.55.140

O17 - HKLM\System\CCS\Services\Tcpip\..\{D6FB4D86-5541-4CF1-A3C0-4ECC00612C88}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{E0C9790F-0CAB-4A11-AD8F-B28E2ED99194}: NameServer = 192.168.1.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs:

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 9946 bytes

 

 

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3900

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

 

22/03/2010 14:44:55

mbam-log-2010-03-22 (14-44-55).txt

 

Tipo de Verificação: Completa (K:\|)

Objetos verificados: 124750

Tempo decorrido: 3 minute(s), 6 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 2

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

[Power Max 54]

:) Olá!

mbam-log-2010-03-22 (14-44-55).txt

 

Tipo de Verificação: Completa (K:\|)

No seu log do Malwarebytes está constando que a unidade verificada foi a K, mas no log do Hijackthis não consta esta unidade K. Você analisou este PC do log do Hijackthis com o Malwarebytes? Caso tenha analisado outro PC, seria muito importante também analisar este PC cujo log foi postado aqui com o Malwarebytes e postar este novo log do Malwarebytes juntamente com os outros logs pedidos abaixo.

_____________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

O log do Combofix estará em C:\ComboFix.txt

______________________________

 

:seta: Siga também as dicas deste tutorial:

 

Tutorial do Norman Malware Cleaner

 

Na sua próxima resposta poste o conteúdo do log do Norman Malware Cleaner juntamente com o log que estará em C:\ComboFix.txt e um novo log do Hijackthis e nos diga como está o seu PC depois disto.

 

Ficamos na espera.

[Bechir Bitar 0]

Bom dia Antonio Vieira...

 

Deu muito trabalho pra rodar o Norman mais ...

 

Só tenho uma coisa a dizer, estes arquivos que ele deletou abaixo, são arquivos de jogos, emuladores e gerenciadores de uma lan house, como vou recuper los ?

 

C:\A-jogos\Gravity\Ragnarok Online\Gameguard\GameMon.des (Infected with SDBot.gen8)

Deleted file

 

C:\A-jogos\Gravity\Ragnarok Online_Old\unins000.exe (Infected with Agent.TUQB)

Deleted file

 

C:\A-jogos\L2\animations\Ct1LineageWeapons.ukx.bz2/file0 (Error whilst scanning file: I/O Error (0x00220005))

 

C:\A-jogos\L2\system\Game_Guard.des (Infected with W32/Suspicious_Gen2.GLMO)

Deleted file

 

C:\A-jogos\Line Age II Kosglad - Maloca\KOSGLAD.exe (Infected with W32/Suspicious_Gen2.VPW)

Removed link file: C:\Documents and Settings\lan\Desktop\Kosglad (Maloca).lnk

Deleted file

 

C:\A-jogos\Line Age II Kosglad - Maloca\system\Core.bpl (Infected with Hupigon.gen86)

Deleted file

 

C:\A-jogos\Line Age II Kosglad - Maloca\system\gameguard.des (Infected with W32/Suspicious_Gen2.GLMO)

Deleted file

 

C:\A-jogos\MU TITAN\Mini_Launcher.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\A-jogos\Sonic Heroes\SONICHEROES\Launcher.exe (Infected with W32/Suspicious_Gen2.JDO)

Removed link file: C:\Documents and Settings\lan\Desktop\SONIC HEROES.lnk

Deleted file

 

C:\A-jogos\system - L2PX\Game_Guard.des (Infected with W32/Suspicious_Gen2.GLMO)

Deleted file

 

C:\A-jogos\Valve\cstrike\maps\fy_funtown.bsp.ztmp/file0 (Error whilst scanning file: I/O Error (0x00220001))

 

C:\A-jogos\Valve\hl.exe (Infected with W32/Suspicious_Gen2.PWGE)

Removed link file: C:\Documents and Settings\lan\Desktop\Counter-Strike.lnk

Deleted file

 

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\Langs\AX_UA.dll (Infected with W32/Zbot.PVI)

Deleted file

 

C:\Documents and Settings\All Users\Documentos\Intaladores\CS\maps\fy_funtown.bsp.ztmp/file0 (Error whilst scanning file: I/O Error (0x00220001))

 

C:\Documents and Settings\All Users\Documentos\Tinasoft_Easycafe_2.2.14\EasyCafe v2.2.14+KG.rar/RR (Error whilst scanning file: I/O Error (0x00220000))

 

C:\Documents and Settings\lan\Meus documentos\Tinasoft_Easycafe_2.2.14\EasyCafe v2.2.14+KG.rar/RR (Error whilst scanning file: I/O Error (0x00220000))

C:\Games\OnGame\GunboundWC\GameGuard\npgmup.des (Infected with W32/Horst.gen33)

Deleted file

 

C:\Games\OnGame\GunboundWC\GameGuard\npgmup.des.new (Infected with W32/Horst.gen33)

Deleted file

 

C:\Games\StarCraft\scbw0_111.zip/scbw0_111.exe (Infected with Suspicious_F.gen)

Deleted file

 

 

Segue o log do Combofix e do norman

 

 

ComboFix 10-03-23.03 - lan 23/03/2010 20:33:44.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.958.599 [GMT -3:00]

Executando de: c:\documents and settings\All Users\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\a-jogos\Gravity\Ragnarok Online_Old\BGM\_desktop.ini

c:\a-jogos\Gravity\Ragnarok Online_Old\GameGuard\_desktop.ini

c:\a-jogos\Gravity\Ragnarok Online_Old\PatchClient\_desktop.ini

c:\a-jogos\Gravity\Ragnarok Online_Old\skin\_desktop.ini

c:\a-jogos\Gravity\Ragnarok Online_Old\skin\default\_desktop.ini

c:\a-jogos\Gravity\Ragnarok Online_Old\skin\default\basic_interface\_desktop.ini

c:\a-jogos\Gravity\Ragnarok Online_Old\skin\Scribbling Kid\_desktop.ini

c:\a-jogos\Gravity\Ragnarok Online_Old\skin\Scribbling Kid\basic_interface\_desktop.ini

c:\arquivos de programas\driver

c:\documents and settings\lan\autorun.inf

c:\documents and settings\lan\viuoqu.exe

c:\documents and settings\lan\viuoqu.scr

C:\khq

c:\recycler\S-1-5-21-117609710-1364589140-725345543-1003

c:\recycler\S-1-5-21-343818398-1993962763-725345543-1003

c:\windows\system32\AutoRun.inf

c:\windows\system32\csrs.txt

c:\windows\system32\Restore\11092008.kp_

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SSHNAS

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-23 to 2010-03-23 ))))))))))))))))))))))))))))

.

 

2010-03-22 21:33 . 2010-03-22 21:33 -------- d-----w- c:\arquivos de programas\Trend Micro

2010-03-18 18:59 . 2010-03-18 18:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-18 14:58 . 2004-08-04 04:45 236544 -c--a-w- c:\windows\system32\dllcache\smi2smir.exe

2010-03-18 14:57 . 2004-08-04 04:45 35840 -c--a-w- c:\windows\system32\dllcache\iprip.dll

2010-03-18 14:56 . 2004-08-04 04:45 29696 -c--a-w- c:\windows\system32\dllcache\admexs.dll

2010-03-18 14:52 . 2004-08-04 03:45 153600 ----a-w- c:\windows\system32\irftp.exe

2010-03-18 14:52 . 2004-08-04 03:45 8192 ----a-w- c:\windows\system32\wshirda.dll

2010-03-18 14:52 . 2004-08-04 03:45 27648 ----a-w- c:\windows\system32\irmon.dll

2010-03-18 14:52 . 2004-08-04 02:00 87424 ----a-w- c:\windows\system32\drivers\irda.sys

2010-03-18 14:01 . 2001-08-18 00:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys

2010-03-18 13:59 . 2001-10-28 18:07 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2010-03-18 13:59 . 2001-10-28 18:07 24661 ----a-w- c:\windows\system32\spxcoins.dll

2010-03-18 13:59 . 2001-10-28 18:06 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2010-03-18 13:59 . 2001-10-28 18:06 13312 ----a-w- c:\windows\system32\irclass.dll

2010-03-17 21:57 . 2010-03-17 21:57 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2010-03-17 20:49 . 2010-03-17 20:49 -------- d-----w- c:\arquivos de programas\VS Revo Group

2010-03-08 19:51 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-08 19:51 . 2010-03-20 23:03 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-03-08 19:51 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-05 00:10 . 2010-03-05 00:10 -------- d-----w- c:\windows\system32\wbem\Repository

2010-03-04 23:33 . 2010-03-04 23:33 -------- d-----w- c:\documents and settings\lan\Dados de aplicativos\Corel

2010-03-04 23:23 . 2010-03-04 23:23 -------- d-----w- c:\arquivos de programas\Corel

2010-03-04 23:23 . 2010-03-04 23:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel

2010-03-04 00:27 . 2010-03-04 00:27 -------- d-----w- c:\arquivos de programas\ONGAME

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-20 17:13 . 2009-12-11 13:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-03-18 18:59 . 2009-12-11 13:48 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-18 18:59 . 2009-12-11 13:48 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-18 18:58 . 2009-12-11 13:48 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-18 15:15 . 2001-10-28 15:07 67290 ----a-w- c:\windows\system32\perfc016.dat

2010-03-18 15:15 . 2001-10-28 15:07 425512 ----a-w- c:\windows\system32\perfh016.dat

2010-03-18 14:53 . 2006-04-06 12:54 23040 -c--a-w- c:\windows\system32\emptyregdb.dat

2010-03-17 22:23 . 2006-04-21 19:48 -------- d-----w- c:\arquivos de programas\Java

2010-03-17 22:15 . 2007-07-10 17:45 -------- d-----w- c:\arquivos de programas\Easy Desktop Keeper

2010-03-17 21:04 . 2006-04-06 13:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-03-17 20:48 . 2006-04-21 19:50 -------- d-----w- c:\arquivos de programas\Google

2010-03-17 20:48 . 2004-08-29 00:18 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-03-08 21:25 . 2004-08-27 03:21 27262976 ----a-w- C:\VIRTPART.DAT

2010-03-04 23:26 . 2006-04-06 13:07 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2004-10-01 17:00 . 2008-01-17 01:31 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"Google Update"="c:\documents and settings\lan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-12-12 135664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"webf"="c:\web-fi-bc\webf.exe" [2005-01-29 1327616]

"00DSKSVR01"="c:\arquivos de programas\Easy Desktop Keeper\desksaver.exe" [2004-01-23 1188352]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]

"nwiz"="nwiz.exe" [2006-08-16 1617920]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-16 86016]

"RTHDCPL"="RTHDCPL.EXE" [2006-10-11 16267776]

"00DSKSVR00"="c:\arquivos de programas\Easy Desktop Keeper\desksaver.exe" [2004-01-23 1188352]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\lan\Menu Iniciar\Programas\Inicializar\

winvnc.exe.lnk - c:\documents and settings\All Users\Documentos\Ultra VNC PossibilitaCopiar Arquivos\winvnc.exe [2010-3-17 630848]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dia"= 1

"data"= 6/4/2006

"rv"= 1

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoSecCPL"= 1 (0x1)

"NoPwdpage"= 1 (0x1)

"NoProfilePage"= 1 (0x1)

"NoDevMgrPage"= 1 (0x1)

"NoConfigpage"= 1 (0x1)

"NoFileSysPage"= 1 (0x1)

"NoVirtMemPage"= 1 (0x1)

"NoThemesTab"= 0 (0x0)

"NoChangeAnimation"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDeletePrinter"= 1 (0x1)

"NoAddPrinter"= 1 (0x1)

"NoExpandedNewMenu"= 0 (0x0)

"NoFileUrl"= 0 (0x0)

"NoNavButtons"= 0 (0x0)

"SmallIcons"= 0 (0x0)

"SpecifyDefaultButtons"= 1 (0x1)

"RestrictRun"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-18 18:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client]

2003-04-14 19:37 451072 ----a-w- c:\arquivos de programas\TinaSoft\Easy Cafe Client\client.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Games\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"=

"c:\\Games\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Sierra Entertainment\\World in Conflict\\wic.exe"=

"c:\\Arquivos de programas\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=

"c:\\Arquivos de programas\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=

"c:\\Arquivos de programas\\KONAMI\\PES2008.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Documents and Settings\\All Users\\Documentos\\Ultra VNC PossibilitaCopiar Arquivos\\winvnc.exe"=

"c:\\Arquivos de programas\\TinaSoft\\Easy Cafe Client\\client.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\A-jogos\\World of Warcraft-Wow Brasil\\Repair.exe"=

"c:\\Games2\\grand chase\\Grand Chase Season 2\\main.exe"=

"c:\\A-jogos\\Metin 2\\Metin2\\metin2.bin"=

 

R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [06/04/2006 10:46 159616]

R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [06/04/2006 10:46 5248]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/12/2009 10:48 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/12/2009 10:48 242696]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [19/09/2007 17:11 13696]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [18/03/2010 15:59 308064]

R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;c:\windows\system32\drivers\psxpad.sys [13/07/2007 23:21 12160]

R3 PsxPortEnumerator;Psx Port Enumerator;c:\windows\system32\drivers\psxenum.sys [13/07/2007 23:21 16896]

S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys --> c:\windows\system32\Drivers\M1000KNT.sys [?]

S3 NDISKIO;NDISKIO;\??\c:\docume~1\lan\CONFIG~1\Temp\00000985.nmc\nse\bin\ndiskio.sys --> c:\docume~1\lan\CONFIG~1\Temp\00000985.nmc\nse\bin\ndiskio.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 npkycryp;npkycryp;\??\UNC\atl19\gamess\RO\npkycryp.sys --> UNC\atl19\gamess\RO\npkycryp.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = hxxp://192.168.0.150:918; http://192.168.0.100:918; http://192.168.0.03:918; http://192.168.0.3:918; http://192.168.1.3:918; http://192.168.1.30:918; http://192.168.0.9:918; http://192.168.1.9:918

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {85A36832-F121-4842-9D5F-D11F4D49692B} = 200.149.55.140

TCP: {D6FB4D86-5541-4CF1-A3C0-4ECC00612C88} = 192.168.1.1

TCP: {E0C9790F-0CAB-4A11-AD8F-B28E2ED99194} = 192.168.1.1

DPF: {31A8068E-5C15-402F-81C0-04C7D2D66CE6} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab

DPF: {987ECFCE-E607-4D52-B2C5-2EA1F6F303C4} - hxxp://www.pangya.com/PangyaLauncher/PangyaLauncher.cab

DPF: {CC5C7FFD-E058-4390-A22A-FD08CCD9A3CE} - hxxp://www.pangonline.com.br/common/com/ongamenet.cab

FF - ProfilePath - c:\documents and settings\lan\Dados de aplicativos\Mozilla\Firefox\Profiles\uhbdvz27.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-viuoqu - c:\documents and settings\lan\viuoqu.exe

Notify-WgaLogon - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-23 20:46

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(1636)

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 6\PCSCM.dll

c:\windows\system32\ConnAPI.DLL

c:\arquivos de programas\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr

c:\arquivos de programas\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\AVG\AVG9\avgchsvx.exe

c:\arquivos de programas\AVG\AVG9\avgrsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\arquivos de programas\AVG\AVG9\avgnsx.exe

c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\arquiv~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-03-23 20:56:21 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-03-23 23:56

 

Pré-execução: 19 pasta(s) 17.900.068.864 bytes disponíveis

Pós execução: 24 pasta(s) 18.744.500.224 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 91E6881546CBD48A0AFF64E25DD52DDD

 

Norman Malware Cleaner

Version 1.6.2

Copyright © 1990 - 2009, Norman ASA. Built 2010/03/22 20:25:13

 

Norman Scanner Engine Version: 6.04.08

Nvcbin.def Version: 6.04.00, Date: 2010/03/22 20:25:13, Variants: 5779955

 

Scan started: 23/03/2010 21:26:06

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2

Logged on user: CLONADOR01-10\lan

 

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoHardwareTab = 0x00000000

Removed registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoFileMenu = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoResolveSearch = 0x00000001

Set registry value: HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify = 0x00000001 -> 0x00000000

Set registry value: HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify = 0x00000001 -> 0x00000000

 

Scanning bootsectors...

 

Number of sectors found: 0

Number of sectors scanned: 0

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 3656

Number of processes/threads scanned: 3656

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 1m 57s

 

 

Scanning file system...

 

Scanning: prescan

 

Scanning: C:\*.*

 

C:\A-jogos\Gravity\Ragnarok Online\Gameguard\GameMon.des (Infected with SDBot.gen8)

Deleted file

 

C:\A-jogos\Gravity\Ragnarok Online_Old\unins000.exe (Infected with Agent.TUQB)

Deleted file

 

C:\A-jogos\L2\animations\Ct1LineageWeapons.ukx.bz2/file0 (Error whilst scanning file: I/O Error (0x00220005))

 

C:\A-jogos\L2\system\Game_Guard.des (Infected with W32/Suspicious_Gen2.GLMO)

Deleted file

 

C:\A-jogos\Line Age II Kosglad - Maloca\KOSGLAD.exe (Infected with W32/Suspicious_Gen2.VPW)

Removed link file: C:\Documents and Settings\lan\Desktop\Kosglad (Maloca).lnk

Deleted file

 

C:\A-jogos\Line Age II Kosglad - Maloca\system\Core.bpl (Infected with Hupigon.gen86)

Deleted file

 

C:\A-jogos\Line Age II Kosglad - Maloca\system\gameguard.des (Infected with W32/Suspicious_Gen2.GLMO)

Deleted file

 

C:\A-jogos\MU TITAN\Mini_Launcher.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\A-jogos\Sonic Heroes\SONICHEROES\Launcher.exe (Infected with W32/Suspicious_Gen2.JDO)

Removed link file: C:\Documents and Settings\lan\Desktop\SONIC HEROES.lnk

Deleted file

 

C:\A-jogos\system - L2PX\Game_Guard.des (Infected with W32/Suspicious_Gen2.GLMO)

Deleted file

 

C:\A-jogos\Valve\cstrike\maps\fy_funtown.bsp.ztmp/file0 (Error whilst scanning file: I/O Error (0x00220001))

 

C:\A-jogos\Valve\hl.exe (Infected with W32/Suspicious_Gen2.PWGE)

Removed link file: C:\Documents and Settings\lan\Desktop\Counter-Strike.lnk

Deleted file

 

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\Langs\AX_UA.dll (Infected with W32/Zbot.PVI)

Deleted file

 

C:\Documents and Settings\All Users\Documentos\Intaladores\CS\maps\fy_funtown.bsp.ztmp/file0 (Error whilst scanning file: I/O Error (0x00220001))

 

C:\Documents and Settings\All Users\Documentos\Tinasoft_Easycafe_2.2.14\EasyCafe v2.2.14+KG.rar/RR (Error whilst scanning file: I/O Error (0x00220000))

 

C:\Documents and Settings\lan\Meus documentos\Tinasoft_Easycafe_2.2.14\EasyCafe v2.2.14+KG.rar/RR (Error whilst scanning file: I/O Error (0x00220000))

 

C:\Documents and Settings\lan\PATCH\GunzLauncher.exe_ (Infected with W32/Suspicious_Gen2.COAY)

Deleted file

 

C:\Games\OnGame\GunboundWC\GameGuard\npgmup.des (Infected with W32/Horst.gen33)

Deleted file

 

C:\Games\OnGame\GunboundWC\GameGuard\npgmup.des.new (Infected with W32/Horst.gen33)

Deleted file

 

C:\Games\StarCraft\scbw0_111.zip/scbw0_111.exe (Infected with Suspicious_F.gen)

Deleted file

 

C:\Qoobox\Quarantine\C\Documents and Settings\lan\viuoqu.exe.vir (Infected with W32/VBNA.C)

Deleted file

 

C:\Qoobox\Quarantine\C\Documents and Settings\lan\viuoqu.scr.vir (Infected with W32/VBNA.C)

Deleted file

 

C:\System Volume Information\_restore{CEC9B1D9-88A3-408A-A8DE-9626B99D8677}\RP7\A0003874.exe (Infected with W32/VBNA.C)

Deleted file

 

C:\System Volume Information\_restore{CEC9B1D9-88A3-408A-A8DE-9626B99D8677}\RP7\A0003875.scr (Infected with W32/VBNA.C)

Deleted file

 

C:\System Volume Information\_restore{CEC9B1D9-88A3-408A-A8DE-9626B99D8677}\RP7\A0003962.des (Infected with SDBot.gen8)

Deleted file

 

C:\System Volume Information\_restore{CEC9B1D9-88A3-408A-A8DE-9626B99D8677}\RP7\A0003963.exe (Infected with Agent.TUQB)

Deleted file

 

C:\System Volume Information\_restore{CEC9B1D9-88A3-408A-A8DE-9626B99D8677}\RP7\A0003964.des (Infected with W32/Suspicious_Gen2.GLMO)

Deleted file

 

C:\System Volume Information\_restore{CEC9B1D9-88A3-408A-A8DE-9626B99D8677}\RP7\A0003966.exe (Infected with W32/Suspicious_Gen2.VPW)

Deleted file

 

C:\System Volume Information\_restore{CEC9B1D9-88A3-408A-A8DE-9626B99D8677}\RP7\A0003967.des (Infected with W32/Suspicious_Gen2.GLMO)

Deleted file

 

C:\System Volume Information\_restore{CEC9B1D9-88A3-408A-A8DE-9626B99D8677}\RP7\A0003968.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\System Volume Information\_restore{CEC9B1D9-88A3-408A-A8DE-9626B99D8677}\RP7\A0003970.exe (Infected with W32/Suspicious_Gen2.JDO)

Deleted file

 

C:\System Volume Information\_restore{CEC9B1D9-88A3-408A-A8DE-9626B99D8677}\RP7\A0003971.des (Infected with W32/Suspicious_Gen2.GLMO)

Deleted file

 

C:\System Volume Information\_restore{CEC9B1D9-88A3-408A-A8DE-9626B99D8677}\RP7\A0003973.exe (Infected with W32/Suspicious_Gen2.PWGE)

Deleted file

 

C:\System Volume Information\_restore{CEC9B1D9-88A3-408A-A8DE-9626B99D8677}\RP7\A0003974.dll (Infected with W32/Zbot.PVI)

Deleted file

 

C:\System Volume Information\_restore{CEC9B1D9-88A3-408A-A8DE-9626B99D8677}\RP7\A0003976.des (Infected with W32/Horst.gen33)

Deleted file

 

C:\System Volume Information\_restore{CEC9B1D9-88A3-408A-A8DE-9626B99D8677}\RP7\A0003977.new (Infected with W32/Horst.gen33)

Deleted file

 

C:\WINDOWS\system32\autorun.i (Infected with BAT/Autorun.IXD)

Deleted file

 

Scanning: K:\*.*

 

Scanning: C:\System Volume Information\*.*

 

Scanning: postscan

 

 

Running post-scan cleanup routine:

 

Number of files found: 337438

Number of archives unpacked: 11039

Number of files scanned: 337431

Number of files not scanned: 7

Number of files skipped due to exclude list: 0

Number of infected files found: 32

Number of infected files repaired/deleted: 32

Number of infections removed: 32

Total scanning time: 1h 25m 33s

 

--------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:49:36, on 24/03/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\web-fi-bc\webf.exe

C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\All Users\Documentos\Ultra VNC PossibilitaCopiar Arquivos\winvnc.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://192.168.0.150:918; http://192.168.0.100:918; http://192.168.0.03:918; http://192.168.0.3:918; http://192.168.1.3:918; http://192.168.1.30:918; http://192.168.0.9:918; http://192.168.1.9:918

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [webf] C:\web-fi-bc\webf.exe

O4 - HKLM\..\Run: [00DSKSVR01] C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [00DSKSVR00] "C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe" saskda

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: winvnc.exe.lnk = C:\Documents and Settings\All Users\Documentos\Ultra VNC PossibilitaCopiar Arquivos\winvnc.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {31A8068E-5C15-402F-81C0-04C7D2D66CE6} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab

O16 - DPF: {987ECFCE-E607-4D52-B2C5-2EA1F6F303C4} (WinlessActiveX Control) - http://www.pangya.com/PangyaLauncher/PangyaLauncher.cab

O16 - DPF: {CC5C7FFD-E058-4390-A22A-FD08CCD9A3CE} (JoyOnPlay Control) - http://www.pangonline.com.br/common/com/ongamenet.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{85A36832-F121-4842-9D5F-D11F4D49692B}: NameServer = 200.149.55.140

O17 - HKLM\System\CCS\Services\Tcpip\..\{D6FB4D86-5541-4CF1-A3C0-4ECC00612C88}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{E0C9790F-0CAB-4A11-AD8F-B28E2ED99194}: NameServer = 192.168.1.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 9332 bytes

[Power Max 54]

Bom dia Antonio Vieira...

 

Deu muito trabalho pra rodar o Norman mais ...

 

Só tenho uma coisa a dizer, estes arquivos que ele deletou abaixo, são arquivos de jogos, emuladores e gerenciadores de uma lan house, como vou recuper los ?

Olá Bechir! Acontece que estes arquivos realmente estavam contaminados, tanto é verdade que o Combofix também deletou arquivos destes jogos, como estes por exemplo:

 

c:\a-jogos\Gravity\Ragnarok Online_Old\BGM\_desktop.ini

c:\a-jogos\Gravity\Ragnarok Online_Old\GameGuard\_desktop.ini

c:\a-jogos\Gravity\Ragnarok Online_Old\PatchClient\_desktop.ini

c:\a-jogos\Gravity\Ragnarok Online_Old\skin\_desktop.ini

c:\a-jogos\Gravity\Ragnarok Online_Old\skin\default\_desktop.ini

c:\a-jogos\Gravity\Ragnarok Online_Old\skin\default\basic_interface\_desktop.ini

c:\a-jogos\Gravity\Ragnarok Online_Old\skin\Scribbling Kid\_desktop.ini

c:\a-jogos\Gravity\Ragnarok Online_Old\skin\Scribbling

 

O que acontece normalmente é que são usados jogos craqueados ou pirateados e na maioria deste tipo de jogos vem embutidos virus e malwares. E para limparmos o PC é preciso realmente remover os arquivos contaminados, caso contrário não tem como resolver o problema da contaminação do PC.

__________________________________

 

:seta: Você esqueceu de responder esta pergunta importante:

 

mbam-log-2010-03-22 (14-44-55).txt

 

Tipo de Verificação: Completa (K:\|)

No seu log do Malwarebytes está constando que a unidade verificada foi a K, mas no log do Hijackthis não consta esta unidade K. Você analisou este PC do log do Hijackthis com o Malwarebytes? Caso tenha analisado outro PC, seria muito importante também analisar este PC cujo log foi postado aqui com o Malwarebytes e postar este novo log do Malwarebytes juntamente com os outros logs pedidos.

__________________________________

 

:seta: Siga, por gentileza, as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-usbfix.html"]Tutorial do USBFix

 

Tutorial do antivirus Nod32 Online

____________________________

 

:seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txtjuntamente com um novo log do Hijackthis e o log que estará em C:\UsbFix.txt e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta.

[Bechir Bitar 0]

Bom dia Antonio

 

Este é o log correto, é que fiz uma varredura no C: e K: e uma só no K: (Pendriver)

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3900

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

 

22/03/2010 14:36:27

mbam-log-2010-03-22 (14-36-27).txt

 

Tipo de Verificação: Completa (C:\|K:\|)

Objetos verificados: 25264

Tempo decorrido: 6 minute(s), 24 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

Obrigado

[Power Max 54]

Bom dia Antonio

 

Este é o log correto, é que fiz uma varredura no C: e K: e uma só no K: (Pendriver)

Ah sim, tudo bem. Fico no aguardo então do log do Usbfix, Nod32 Online e novo log do Hijackthis.

[Bechir Bitar 0]

Boa noite Antonio Vieira !!!

 

Em vista do que estava tá muito bom, os erros dos navegadores pararam estão funcionando 100% só tem um problema com relação ao tempo de carga total do sistema operacional que está levando uma média de 4 minutos para que tenha acesso a internet desde o momento que o equipamento é ligado.

 

 

Segue Log's

 

 

############################## | UsbFix V6.100 |

 

User : lan (Administradores) # CLONADOR01-10

Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8

Start at: 16:28:19 | 25/03/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

AMD Sempron Processor 3200+

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : AVG Anti-Virus Free 9.0 [ (!) Disabled | Updated ]

 

C:\ -> Disco fixo local # 149,05 Go (17,37 Go free) [Clonador] # NTFS

E:\ -> Disco CD-ROM # 2,13 Go (0 Mo free) [NFSMW] # UDF

F:\ -> Disco CD-ROM # 4,26 Go (0 Mo free) [RACEDRIVER3] # CDFS

G:\ -> Disco CD-ROM # 2,94 Go (0 Mo free) [Fifa 08] # UDF

H:\ -> Disco CD-ROM

I:\ -> Disco CD-ROM

J:\ -> Disco CD-ROM

K:\ -> Disco removível # 982,05 Mo (101,74 Mo free) [bECHIR JR] # FAT32

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\Documents and Settings\lan\theduel.exe

Supprimido ! C:\Documents and Settings\lan\Documents.lnk

Supprimido ! C:\Documents and Settings\lan\Music.lnk

Supprimido ! C:\Documents and Settings\lan\New Folder.lnk

Supprimido ! C:\Documents and Settings\lan\Passwords.lnk

Supprimido ! C:\Documents and Settings\lan\Pictures.lnk

Supprimido ! C:\Documents and Settings\lan\Video.lnk

Supprimido ! C:\WINDOWS\IFinst27.exe

Supprimido ! C:\khw

(!) Não supprimido ! E:\autorun.inf

(!) Não supprimido ! F:\autorun.inf

(!) Não supprimido ! G:\autorun.inf

(!) Não supprimido ! G:\DATA\SYSTEM

(!) Não supprimido ! G:\DATA

 

################## | Registro |

 

Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu"

 

################## | Mountpoints2 |

 

 

################## | Listing |

 

[06/04/2006 09:57|--a------|0] C:\AUTOEXEC.BAT

[10/09/2008 20:54|--a------|93] C:\Bechir Salvar NFS2.txt

[18/03/2010 11:52|--a------|211] C:\Boot.bak

[23/03/2010 19:54|-rahs----|281] C:\boot.ini

[28/10/2001 15:06|-rahs----|4952] C:\Bootfont.bin

[15/10/2009 17:34|--a------|6930] C:\bsmain_runtime.log

[03/08/2004 23:00|--a------|261856] C:\cmldr

[23/03/2010 20:56|--a------|19943] C:\ComboFix.txt

[06/04/2006 09:57|--a------|0] C:\CONFIG.SYS

[?|?|?] C:\hiberfil.sys

[06/04/2006 09:57|-rahs----|0] C:\IO.SYS

[06/04/2006 09:57|-rahs----|0] C:\MSDOS.SYS

[03/08/2004 23:38|-rahs----|47564] C:\NTDETECT.COM

[03/08/2004 23:59|-rahs----|251168] C:\ntldr

[?|?|?] C:\pagefile.sys

[25/03/2010 16:34|--a------|2525] C:\UsbFix.txt

[08/03/2010 18:25|--a------|27262976] C:\VIRTPART.DAT

[?|?|?] E:\AutoRun

[?|?|?] E:\DirectX

[?|?|?] E:\Support

[01/11/2005 02:07|-r-------|1091256] E:\00000000.256

[01/11/2005 02:07|-r-------|20482048] E:\00000001.TMP

[01/11/2005 02:07|-r-------|317440] E:\00000002.TMP

[01/11/2005 02:03|-r-------|2147458212] E:\0compressed.zip

[01/11/2005 02:03|-r-------|45425848] E:\1compressed.zip

[01/11/2005 01:31|-r-------|729088] E:\AutoRun.exe

[01/11/2005 02:04|-r-------|160] E:\autorun.inf

[14/10/2005 05:02|-r-------|585728] E:\AutoRunGUI.dll

[03/10/2005 19:25|-r-------|130] E:\bin.dat

[01/11/2005 02:04|-r-------|206] E:\common_filelist.txt

[01/11/2005 02:07|-r-------|1268972] E:\DIAG.EXE

[01/11/2005 01:31|-r-------|344064] E:\eauninstall.exe

[18/10/2005 05:00|-r-------|2366] E:\NFSMW_icon.ico

[26/10/2005 20:44|-r-------|40960] E:\safemode_inst.exe

[03/10/2005 19:25|-r-------|1462] E:\server.cfg

[20/10/2005 22:30|-r-------|380928] E:\server.dll

[28/10/2005 20:21|-r-------|40960] E:\shell_inst.exe

[01/11/2005 01:20|-r-------|7253204] E:\speed.exe

[25/01/2006 11:37|-r-------|1404928] F:\Autorun.exe

[20/11/2005 10:35|-r-------|81] F:\autorun.inf

[25/01/2006 12:51|-r-------|9829937] F:\data1.cab

[25/01/2006 12:51|-r-------|431079] F:\data1.hdr

[25/01/2006 13:00|-r-------|1384865792] F:\data2.cab

[25/01/2006 13:04|-r-------|807856734] F:\data3.cab

[25/01/2006 13:06|-r-------|512] F:\data4.cab

[15/07/2004 22:09|-r-------|461268] F:\engine32.cab

[25/01/2006 13:06|-r-------|3387] F:\layout.bin

[02/12/2005 11:08|-r-------|734003200] F:\pad700.dat

[16/09/2002 12:00|-r-------|12] F:\rd3_eur

[20/11/2005 10:35|-r-------|101] F:\rd3inst.cfg

[15/07/2004 22:09|-r-------|117200] F:\setup.exe

[25/01/2006 12:50|-r-------|424423] F:\setup.ibt

[25/01/2006 12:50|-r-------|515] F:\setup.ini

[25/01/2006 12:50|-r-------|243962] F:\setup.inx

[18/04/2004 23:10|-r-------|250296] F:\setup.isn

[02/09/2007 01:56|-r-------|2984960] G:\autorun.dat

[13/08/2007 21:30|-r-------|402696] G:\AutoRun.exe

[02/09/2007 01:50|-r-------|136] G:\autorun.inf

[02/09/2007 00:20|-r-------|26238] G:\config.dat

[13/08/2007 21:30|-r-------|386312] G:\EASetup.exe

[02/09/2007 01:53|-r-------|11183368] G:\FIFA08.exe

[14/07/2007 00:28|-r-------|25622] G:\fifapc.ico

[16/07/2007 17:00|-r-------|6168] G:\gameinterface.tlb

[02/09/2007 00:44|-r-------|910670944] G:\Group1.cab

[02/09/2007 00:38|-r-------|620340903] G:\Group2.cab

[02/09/2007 00:37|-r-------|486893877] G:\Group3.cab

[02/09/2007 00:40|-r-------|215235894] G:\Group4.cab

[02/09/2007 00:40|-r-------|12820728] G:\Group10.cab

[13/10/2007 12:26|-r-------|290645933] G:\narracao08br.exe

[20/10/2009 13:07|--a------|1258] K:\Melhoria do Sistema Operacional.txt

[02/12/2009 22:43|--a------|1035264] K:\Controle De Entrada.xls

[22/03/2010 21:04|--a------|204800] K:\segunda.doc

[01/12/2009 17:17|--a------|893440] K:\tela cyber.doc

[27/11/2009 14:34|--a------|112640] K:\Artigo muito bom sobre socket.doc

[22/03/2010 18:53|--a------|11260] K:\hijackthis.log

[11/01/2010 19:22|--a------|11237] K:\Truques e Dicas para Windows XP.txt

[12/03/2010 22:20|--a------|1615] K:\musicascelular.txt

 

################## | Vaccinação |

 

# C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# K:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

 

################## | Upload |

 

Favor enviar o arquivo : C:\UsbFix_Upload_Me_CLONADOR01-10.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # UsbFix V6.100 ! |

 

--------------------------------------------------------------------------------------------------------------------

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=449664f6d1d54846a6a7a958634cbd02

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-03-26 08:00:34

# local_time=2010-03-26 05:00:34 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777191 100 0 8168507 8168507 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=163586

# found=0

# cleaned=0

# scan_time=4249

 

 

 

----------------------------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:41:32, on 26/03/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\web-fi-bc\webf.exe

C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Documents and Settings\All Users\Documentos\Ultra VNC PossibilitaCopiar Arquivos\winvnc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://192.168.0.150:918; http://192.168.0.100:918; http://192.168.0.03:918; http://192.168.0.3:918; http://192.168.1.3:918; http://192.168.1.30:918; http://192.168.0.9:918; http://192.168.1.9:918

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [webf] C:\web-fi-bc\webf.exe

O4 - HKLM\..\Run: [00DSKSVR01] C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [00DSKSVR00] "C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe" saskda

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: winvnc.exe.lnk = C:\Documents and Settings\All Users\Documentos\Ultra VNC PossibilitaCopiar Arquivos\winvnc.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {31A8068E-5C15-402F-81C0-04C7D2D66CE6} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {987ECFCE-E607-4D52-B2C5-2EA1F6F303C4} (WinlessActiveX Control) - http://www.pangya.com/PangyaLauncher/PangyaLauncher.cab

O16 - DPF: {CC5C7FFD-E058-4390-A22A-FD08CCD9A3CE} (JoyOnPlay Control) - http://www.pangonline.com.br/common/com/ongamenet.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{85A36832-F121-4842-9D5F-D11F4D49692B}: NameServer = 200.149.55.140

O17 - HKLM\System\CCS\Services\Tcpip\..\{D6FB4D86-5541-4CF1-A3C0-4ECC00612C88}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{E0C9790F-0CAB-4A11-AD8F-B28E2ED99194}: NameServer = 192.168.1.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 9627 bytes

[Power Max 54]

:) Outros problemas foram removidos pelo Usbfix.

______________________________

 

:seta: Siga, por gentileza as dicas destes tutoriais:

 

Tutorial do Spyware Doctor Starter Edition

 

Tutorial'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-flash-disinfector.html"]Tutorial do Flash Disinfector

_____________________________

 

:seta: Faça o download do PenClean:

https://dl.getdropbox.com/u/1035720/PenClean.zip

 

● Descompacte o Penclean.zip usando um descompactor (como o Winrar ou Winzip, por exemplo).

● Conecte o seu pendrive ou outra mídia que estiver infectada (se você tiver um) no computador e siga as etapas abaixo:

● Execute o arquivo PenClean.exe, e marque a opção: Verificar unidade > clique seta voltada para baixo e escolha a opção Todas as unidades. Depois disto clique no botão: Verificar.

● Se algo for detectado, o programa vai pedir para reiniciar o computador. Marque a opção para reiniciar e aguarde.

 

● Será salvo um log em C:\PenClean\PenClean.txt

_______________________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

_______________________________

 

:seta: Na sua próxima resposta poste o log do Spyware Doctor juntamente com um novo log do Hijackthis e o log que estará em C:\PenClean\PenClean.txt e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

[Bechir Bitar 0]

Feito o que foi solicitado.

 

Seguem log's...

 

 

 

Iniciando relatório do PenClean 2.0.6-20090606

Por Renato Victor Mejias

renatomejias@yahoo.com.br

30/03/2010 14:00:57

-----------------------------------------------------------

Valor Shell restaurado com sucesso!

 

Malware não detectado no computador!

 

-----------------------------------------------------------

Fim da análise no computador.

 

-----------------------------------------------------------

Malware não detectado na unidade escolhida!

 

-----------------------------------------------------------

Fim da análise, a unidade verificada foi Unidade

 

-----------------------------------------------------------

Malware não detectado em nenhuma unidade!

 

-----------------------------------------------------------

Fim da análise, a unidade verificada foi: "Todas as unidades"

 

-----------------------------------------------------------

Malware não detectado no computador!

 

-----------------------------------------------------------

Fim da análise no computador.

 

-----------------------------------------------------------

Malware não detectado em nenhuma unidade!

 

-----------------------------------------------------------

Fim da análise, a unidade verificada foi: "Todas as unidades"

 

-----------------------------------------------------------

Unidade K: vacinada!

 

 

 

------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:11:18, on 30/03/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\web-fi-bc\webf.exe

C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\TinaSoft\Easy Cafe Client\client.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\TinaSoft\Easy Cafe Client\Guardit.exe

C:\Documents and Settings\All Users\Documentos\Ultra VNC PossibilitaCopiar Arquivos\winvnc.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://192.168.0.150:918; http://192.168.0.100:918; http://192.168.0.03:918; http://192.168.0.3:918; http://192.168.1.3:918; http://192.168.1.30:918; http://192.168.0.9:918; http://192.168.1.9:918

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [webf] C:\web-fi-bc\webf.exe

O4 - HKLM\..\Run: [00DSKSVR01] C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Client] "C:\Arquivos de programas\TinaSoft\Easy Cafe Client\client.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [00DSKSVR00] "C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe" saskda

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\lan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: winvnc.exe.lnk = C:\Documents and Settings\All Users\Documentos\Ultra VNC PossibilitaCopiar Arquivos\winvnc.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {31A8068E-5C15-402F-81C0-04C7D2D66CE6} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {987ECFCE-E607-4D52-B2C5-2EA1F6F303C4} (WinlessActiveX Control) - http://www.pangya.com/PangyaLauncher/PangyaLauncher.cab

O16 - DPF: {CC5C7FFD-E058-4390-A22A-FD08CCD9A3CE} (JoyOnPlay Control) - http://www.pangonline.com.br/common/com/ongamenet.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{85A36832-F121-4842-9D5F-D11F4D49692B}: NameServer = 200.149.55.140

O17 - HKLM\System\CCS\Services\Tcpip\..\{D6FB4D86-5541-4CF1-A3C0-4ECC00612C88}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{E0C9790F-0CAB-4A11-AD8F-B28E2ED99194}: NameServer = 192.168.1.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 10214 bytes

[Power Max 54]

:seta: Você esqueceu de postar o log do Spyware Doctor, poste-o por gentileza.

 

Ficamos na espera.

[Bechir Bitar 0]

Boa noite Antonio Vieira !

 

Não esqueci de postar o log do Spyware Doctor, ele não salva o log apenas coloca em quarentena talvez eu tenha feito algo errado digame o caminho para encontra lo.

 

Obrigado pela atenção.

[Power Max 54]

Boa noite Antonio Vieira !

 

Não esqueci de postar o log do Spyware Doctor, ele não salva o log apenas coloca em quarentena talvez eu tenha feito algo errado digame o caminho para encontra lo.

 

Obrigado pela atenção.

Para que o Spyware Doctor salve o log é só fazer desta forma abaixo, a qual também é mostrada naquele tutorial que te passei:

 

Clique com o botão direito do mouse no ícone do Spyware Doctor (ao lado do relógio do Windows) e escolha a opção Iniciar Verificação Completa.

 

Caso sejam detectados itens perigosos em seu PC surgirá uma tela mostrando as ameaças detectadas e oferecendo informações sobre cada um delas. Certifique-se que as caixinhas ao lado das ameaças estão marcadas e clique no botão Reparar marcados para corrigir estes problemas.

 

Depois disto clique na opção Exibir Histórico.

 

Clique na opção Salvar no arquivo.

 

Clique na opção Desktop(para que o log seja salvo na área de trabalho do computador) e salve-o com o nome de log. Depois disto clique no botão Salvar.

 

Aí é só copiar o conteúdo deste log e postar aqui no seu tópico.

 

Mas no primeiro escaneamento você fez a verificação completa? Foram removidos alguns virus e malwares?

 

Como está seu PC depois disto?

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.