Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

pedrotelles

[Arquivado] &nbspInternet explorer

Recommended Posts

O IE abre constantemente sozinho em sites do tipo cassinos, chats, conteudo adulto..

 

Bom, segue o log do hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:01:21, on 3/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\DOCUME~1\Pedro\CONFIG~1\Temp\Kdm.exe

C:\WINDOWS\Kfacaa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\Pedro\CONFIG~1\Temp\Kdl.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Pedro\Meus documentos\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

O4 - HKCU\..\Run: [u36VRSFLG6] C:\DOCUME~1\Pedro\CONFIG~1\Temp\Kdl.exe

O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 8784 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Olá Pedro!

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

RcAuto1.gif

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://www.caixadedicas.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

O log do Combofix estará em C:\ComboFix.txt

_____________________________

 

:seta: Siga também este tutorial:

 

'>http://www.caixadedicas.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

_____________________________

 

:seta: Na sua próxima resposta poste o log do Malwarebytes juntamente com um novo log do Hijackthis e o log do Combofix que estará em C:\ComboFix.txt e nos diga como está o seu PC após estes procedimentos.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom, primeiramente muito obrigado pela resposta. A primeira impressao é que ja esta tudo ok, mas de qualquer jeito estou postando os logs:

 

ComboFix 10-11-09.02 - Pedro 10/11/2010 12:30:06.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.515 [GMT -2:00]

Executando de: c:\documents and settings\Pedro\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Pedro\Dados de aplicativos\Desktopicon

c:\documents and settings\Pedro\Dados de aplicativos\Desktopicon\mc.ico

c:\windows\system32\autorun.i

c:\windows\system32\autorun.in

c:\windows\system32\msconfig.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SSHNAS

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-10-10 to 2010-11-10 ))))))))))))))))))))))))))))

.

 

2010-11-10 00:50 . 2010-11-10 00:50 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2010-11-10 00:45 . 2010-11-10 00:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-11-09 22:30 . 2009-08-13 15:21 512000 -c----w- c:\windows\system32\dllcache\jscript.dll

2010-11-09 22:29 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-11-09 22:29 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys

2010-11-09 22:28 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-11-09 22:28 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-11-09 22:25 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2010-11-09 22:25 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2010-11-09 22:24 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-11-09 22:24 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2010-11-09 22:24 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll

2010-11-09 22:24 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe

2010-11-09 22:24 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2010-11-09 22:24 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2010-11-09 22:24 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll

2010-11-09 22:24 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll

2010-11-09 22:24 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-11-09 22:23 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-11-09 22:23 . 2010-04-28 18:13 2194176 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-11-09 22:23 . 2010-04-28 05:43 2071040 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-11-09 22:23 . 2010-04-28 05:43 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-11-09 22:23 . 2010-04-28 05:43 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-11-09 22:13 . 2008-05-01 14:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-11-09 22:07 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-11-09 22:04 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-11-09 22:02 . 2010-07-16 11:57 218624 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-11-09 22:02 . 2010-08-16 08:44 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2010-11-05 15:07 . 2010-11-05 15:07 -------- d-----w- c:\documents and settings\Pedro\Dados de aplicativos\Malwarebytes

2010-11-05 15:07 . 2010-04-29 17:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-05 15:07 . 2010-11-05 15:07 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-11-05 15:07 . 2010-11-05 15:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-11-05 15:07 . 2010-04-29 17:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-05 14:42 . 2010-11-05 14:42 -------- d-----w- C:\!KillBox

2010-11-03 16:03 . 2010-11-06 00:03 -------- d-----w- C:\HijackThis

2010-11-02 18:02 . 2010-11-02 18:06 -------- d-----w- c:\arquivos de programas\Valve

2010-11-02 17:13 . 2010-09-15 06:50 472808 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

2010-11-02 17:13 . 2010-09-15 06:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-01 00:35 . 2010-11-01 00:35 -------- d-----w- c:\arquivos de programas\NOS

2010-10-31 20:42 . 2010-10-31 20:42 -------- d-----w- c:\windows\system32\wbem\Repository

2010-10-31 20:42 . 2010-11-01 00:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NOS

2010-10-31 02:17 . 2010-10-31 20:42 -------- d-----w- c:\arquivos de programas\Ask.com

2010-10-28 23:18 . 2010-10-28 23:18 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\McAfee

2010-10-28 23:12 . 2010-10-28 23:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 14:23 . 2007-10-09 02:18 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2007-10-09 02:18 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-18 06:53 . 2004-08-04 02:45 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2001-10-28 17:06 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-15 04:29 . 2009-06-02 13:14 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-09 13:34 . 2007-10-09 02:21 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:34 . 2004-08-04 02:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:34 . 2004-08-04 02:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-09 13:34 . 2004-08-04 02:45 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:58 . 2004-08-04 02:37 389120 ----a-w- c:\windows\system32\html.iec

2010-09-01 11:52 . 2004-08-04 02:44 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57 . 2007-10-09 02:18 1852928 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:03 . 2007-10-09 02:15 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-23 16:12 . 2007-10-09 02:17 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2007-10-09 02:13 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:44 . 2004-08-04 02:45 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-08-13 20:44 . 2010-08-13 20:44 5120 ------w- c:\windows\system32\xpsp4res.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2009-05-01 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2010-09-09 124928]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"=

"c:\\Documents and Settings\\Pedro\\Meus documentos\\Downloads\\PS6 Rip\\pes6.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\aMSN\\bin\\wish.exe"=

"c:\\Arquivos de programas\\Alcohol Soft\\Alcohol 120\\StarWind\\StarWindServiceAE.exe"=

"c:\\Arquivos de programas\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Valve\\hlds.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1433:TCP"= 1433:TCP:MSNmsgr.exe

 

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/6/2009 23:53 691696]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2/6/2009 14:29 108289]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [21/11/2009 12:18 135664]

S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [2/6/2009 12:29 5824]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/8/2004 00:45 14336]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - HELPSVC

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]

 

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-11-21 14:18]

 

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-11-21 14:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\z04gs0yn.default\

FF - prefs.js: browser.search.selectedEngine - Ask

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\documents and settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\z04gs0yn.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKU-Default-Run-MsnMsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-10 12:35

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(3208)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\wbem\wmiapsrv.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-11-10 12:41:15 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-11-10 14:41

 

Pré-execução: 10 pasta(s) 127.598.223.360 bytes disponíveis

Pós execução: 14 pasta(s) 127.592.525.824 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 975853317AE6CF462C4582EE83693500

 

 

 

 

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 5051

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

 

5/11/2010 21:56:03

mbam-log-2010-11-05 (21-56-03).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 225433

Tempo decorrido: 8 hora(s), 37 minuto(s), 33 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 1

Chaves de Registro Infectadas: 7

Valores de Registro Infectados: 1

Itens de Dados no Registro Infectados: 3

Pastas Infectadas: 0

Arquivos Infectados: 4

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

 

Chaves de Registro Infectadas:

HKEY_CURRENT_USER\SOFTWARE\65MWRMP54G (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u36vrsflg6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:44:50, on 10/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17091)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\HijackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 6624 bytes

 

 

Muito agradecido, aguardo a resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Vários problemas foram removidos pelo Combofix e Malwarebytes.

_________________________

 

:seta: Siga, por gentileza, as dicas destes tutoriais:

 

'>http://www.caixadedicas.com/2009/10/tutorial-do-usbfix.html"]Tutorial do USBFix

 

Tutorial do antivirus Nod32 Online

__________________________

 

:seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis e o log do Usbfix que estará em C:\UsbFix.txt e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia. É o seguinte, o computador esta rodando muito bem, porém ainda com alguns problemas. O relogio, por exemplo, não atualiza e mostra a seguinte mensagem:

 

Erro enquanto o Windows estava sincronizando com time.windows.com.Por motivos de segurança, o windows não pode ser sincronizado com o servidor porque a data não coicide. corrija a data e tente novamente.

 

Não sei se é algo relacionado a algum virus, mas estou relatando de qualquer forma.

 

Segue o log do Nod32:

 

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=b07d834f53ec93478ca7bcabe308a3ed

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-12-03 10:35:57

# local_time=2010-12-03 08:35:57 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1797 16775141 100 100 0 1291369585 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=80168

# found=4

# cleaned=4

# scan_time=2977

C:\Documents and Settings\Pedro\Meus documentos\Downloads\FFSetup210.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Pedro\Meus documentos\Downloads\FFSetup210.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Pedro\Meus documentos\Downloads\PenClean.exe probably a variant of Win32/Spy.Agent.LSEPXML trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\autorun.i.vir Win32/Tifaut.C worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

 

 

E um novo log do Hijackthis:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:10:38, on 3/12/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\HijackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 7080 bytes

 

 

Como utilizei o malwarebytes novamente, segue o log:

 

 

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

 

Versão da Base de Dados: 5214

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

3/12/2010 06:08:23

mbam-log-2010-12-03 (06-08-23).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 213228

Tempo decorrido: 2 hora(s), 1 minuto(s), 15 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

c:\system volume information\_restore{747e637e-f5df-4e2a-97f8-acb45ffe943a}\RP411\A0063524.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

 

 

Nao estou postando o log do usb fix pois nao consegui baixá-lo

Muito obrigado pela ajuda, aguardo a resposta.

Bom dia.

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Outros problemas foram removidos.

_________________________

 

Nao estou postando o log do usb fix pois nao consegui baixá-lo

Muito obrigado pela ajuda, aguardo a resposta.

:seta: É que o link dele mudou, para baixá-lo acesse a página abaixo e clique no botão Download:

http://chiquitine.changelog.fr/UsbFix.html

 

Depois disto, use-o conforme o tutorial que te passei e poste o log dele.

Compartilhar este post


Link para o post
Compartilhar em outros sites

############################## | UsbFix 7.035 | [supressão]

 

Usuário: Pedro (Administrador) # MEU_PC [ ]

Atualizado em 22/11/10 por El Desaparecido / C_XX

Começou em 20:52:32 | 04/12/2010

Site: http://www.teamxscript.org

Contato: eldesaparecido@teamxscript.org

 

CPU: Intel® Core2 Duo CPU E4600 @ 2.40GHz

CPU 2: Intel® Core2 Duo CPU E4600 @ 2.40GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Habilitado

Antivirus: AntiVir Desktop 9.0.1.32 [Enabled | Updated]

RAM -> 1023 Mb

C:\ (%systemdrive%) -> Disco fixo # 149 Gb (117 Mb livre - 79%) [] # NTFS

D:\ -> CD-ROM

E:\ -> CD-ROM

F:\ -> CD-ROM

G:\ -> CD-ROM

H:\ -> CD-ROM

I:\ -> CD-ROM

 

################## | Ficheiros # pastas infeciosos |

 

 

Supprimido ! C:\Recycler\S-1-5-21-606747145-1715567821-725345543-1001

Supprimido ! C:\kht

Supprimido ! C:\khw

 

################## | Registro |

 

Supprimido ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoSMHelp

 

################## | Mountpoints2 |

 

 

################## | Listing |

 

[05/11/2010 - 12:42:21 | D ] C:\!KillBox

[11/11/2010 - 22:32:53 | D ] C:\61c1936a6f5d3e9d8dd8

[03/12/2010 - 07:38:06 | D ] C:\Arquivos de programas

[02/06/2009 - 11:13:48 | N | 0] C:\AUTOEXEC.BAT

[02/06/2009 - 11:10:29 | N | 211] C:\Boot.bak

[10/11/2010 - 12:28:23 | N | 327] C:\boot.ini

[28/10/2001 - 15:06:10 | N | 4952] C:\Bootfont.bin

[10/11/2010 - 12:28:23 | D ] C:\cmdcons

[03/08/2004 - 23:00:16 | N | 261856] C:\cmldr

[02/12/1980 - 02:26:57 | D ] C:\ComboFix

[02/12/1980 - 02:26:54 | N | 11969] C:\ComboFix.txt

[02/06/2009 - 11:13:48 | N | 0] C:\CONFIG.SYS

[02/06/2009 - 11:22:32 | D ] C:\Documents and Settings

[02/06/2009 - 13:25:34 | D ] C:\Drives

[21/08/2010 - 22:40:07 | N | 17677] C:\GF_Excpt.txt

[03/12/2010 - 09:09:50 | D ] C:\HijackThis

[02/06/2009 - 12:56:35 | D ] C:\Intel

[02/06/2009 - 11:13:48 | N | 0] C:\IO.SYS

[02/03/2010 - 15:56:14 | D ] C:\jexepackres

[02/06/2009 - 11:13:48 | N | 0] C:\MSDOS.SYS

[02/06/2009 - 14:38:14 | RD ] C:\MSOCache

[03/08/2004 - 22:38:34 | N | 47564] C:\NTDETECT.COM

[02/06/2009 - 15:00:09 | N | 251696] C:\ntldr

[02/06/2009 - 13:16:26 | D ] C:\NVIDIA

[03/12/2010 - 07:25:35 | ASH | 1610612736] C:\pagefile.sys

[10/11/2010 - 20:20:11 | D ] C:\PenClean

[02/06/2009 - 17:08:08 | D ] C:\Program Files

[02/12/1980 - 02:26:56 | D ] C:\Qoobox

[04/12/2010 - 20:54:21 | SHD ] C:\RECYCLER

[30/12/2009 - 18:53:28 | SHD ] C:\System Volume Information

[04/12/2010 - 20:54:21 | D ] C:\UsbFix

[04/12/2010 - 20:54:21 | A | 955] C:\UsbFix.txt

[03/12/2010 - 09:17:23 | D ] C:\WINDOWS

 

################## | Vaccin |

 

C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

 

################## | Upload |

 

Favor enviar o arquivo: C:\UsbFix_Upload_Me_MEU_PC.zip

http://www.teamxscript.org/Upload.php

Obrigado pela sua contribuição.

 

################## | E.O.F |

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Vários problemas foram removidos pelo Usbfix.

 

Favor enviar o arquivo: C:\UsbFix_Upload_Me_MEU_PC.zip para este endereço para que o Usbfix possa ser aperfeiçoado:

http://www.teamxscript.org/Upload.php

Obrigado pela sua contribuição.

____________________________

 

:seta: Siga também estas dicas, por gentileza:

 

Tutorial do Norman Malware Cleaner

 

Tutorial do Spyware Doctor Starter Edition

 

Na sua próxima resposta poste o log do Spyware Doctor juntamente com um novo log do Hijackthis e o log do Norman Malware Cleaner e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.