Ir ao conteúdo
  • Cadastre-se
n4me

Por favor analisem! :D

Recommended Posts

Cara..outra coisa que eu achei interresante e que..quando eu digito lá no executar..msconfig

aparece um com o nome de Iphclu9j0e5n1.exec...

que e o mesmo que acuso quando o avg apareceuu

OHhh pc..também ele..quandoe u deixo ele parado..outra coisa estranha... e que..eu deixo o pc assim normal parado..ai ele fica normal rodando..mas dai ele abre uma tela azul que ta escritoproblem has been detect an your computer ai aaprece um nome la do programa... ai espera um pouco..

aparece embaixo..

restarting... ai ele mostra carregando o windowsXP..ai carrega carrega aparece de novo a tela azul..ai depois..eu aperto alguma tecla volta normal assim pro PC...como si fosse uma proteção de tela muito estranho

Logfile of HijackThis v1.99.1

Scan saved at 18:12:49, on 20/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\winds32.exe

C:\WINDOWS\system32\maxpaynowti1.exe

C:\WINDOWS\system32\lphclu9j0e5n1.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\dflgh8jkd2q5.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe

C:\Arquivos de programas\BitComet\BitComet.exe

C:\Arquivos de programas\BitComet\tools\UPNP.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Tiago\CONFIG~1\Temp\Rar$EX00.531\HijackThis.exe

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\winds32.exe

O4 - HKLM\..\Run: [DriveSystem] C:\WINDOWS\system32\maxpaynowti1.exe

O4 - HKLM\..\Run: [lphclu9j0e5n1] C:\WINDOWS\system32\lphclu9j0e5n1.exe

O4 - HKLM\..\Run: [in3] C:\Documents and Settings\Tiago\Configurações locais\Temp\.tt12.tmp.exe /CR=4BA78053AD92FE8FF17A4A8FF0A55D4A0311B3CA8C6CDD301D714725A910F442EF4FCFE886E4DE59D1434805A9BB977D87C4FEE7A7FAD3245E8C17C22418300045F5AF4AC7546A6BFD2722F37B290FD7290B9C

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Siga as instruções contidas no link abaixo e instale e execute o Combofix:

http://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

  • É importante que instale o Console de Recuperação também.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt).
  • Cole o conteúdo desse arquivo e faça também um novo log do HijackThis para colocar na sua resposta.

Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver rodando, isso pode fazer com que o computador pare.

Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize corretamente poderá danificar o seu sistema. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware devidamente treinados.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-09-20.05 - Tiago 2008-09-22 19:56:56.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.2613 [GMT -3:00]

Executando de: D:\Downloads\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\dflgh8jkd2q8.exe

C:\WINDOWS\system32\winds32.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-22 to 2008-09-22 ))))))))))))))))))))))))))))))))

.

2008-09-20 21:58 . 2008-09-20 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-09-20 21:58 . 2008-09-20 21:58 <DIR> d-------- C:\Arquivos de programas\Avira

2008-09-20 21:08 . 2008-09-20 21:08 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\TeamViewer

2008-09-20 19:55 . 2008-09-20 19:55 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-09-20 19:55 . 2003-03-18 18:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-09-20 17:55 . 2008-09-20 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-09-20 17:55 . 2008-09-20 17:55 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-09-20 17:20 . 2008-09-20 17:20 194,560 --a------ C:\WINDOWS\system32\lphclu9j0e5n1.exe

2008-09-20 17:19 . 2008-09-20 17:19 <DIR> d--h----- C:\$AVG8.VAULT$

2008-09-19 18:46 . 2008-09-19 18:46 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\BSplayer Pro

2008-09-19 18:46 . 2008-09-19 18:46 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\BSplayer

2008-09-19 18:46 . 2008-09-19 18:46 <DIR> d-------- C:\Arquivos de programas\BS.Player ControlBar

2008-09-13 11:15 . 2008-09-13 11:15 2,064 --a------ C:\WINDOWS\Ascd_tmp.ini

2008-09-11 12:26 . 2008-09-11 12:26 <DIR> d-------- C:\Arquivos de programas\SpeedFan

2008-09-11 12:26 . 2008-09-11 12:26 45 --a------ C:\WINDOWS\system32\initdebug.nfo

2008-09-08 22:14 . 2008-09-08 22:14 <DIR> d--hs---- C:\FOUND.000

2008-09-04 18:40 . 2008-09-21 17:31 138,280 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-09-04 18:40 . 2008-09-21 17:31 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-09-04 18:39 . 2008-09-04 18:39 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-09-04 18:33 . 2008-09-04 18:33 <DIR> d-------- C:\Arquivos de programas\HLSW

2008-09-04 18:20 . 2008-09-04 18:20 <DIR> d-------- C:\Arquivos de programas\Wolfenstein - Enemy Territory

2008-08-30 21:17 . 2008-08-30 21:17 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\skypePM

2008-08-30 21:17 . 2008-08-30 21:17 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-08-30 21:16 . 2008-08-30 21:16 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\Skype

2008-08-30 21:16 . 2008-08-30 21:16 <DIR> d-------- C:\Arquivos de programas\Skype

2008-08-30 21:16 . 2008-08-30 21:16 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-08-30 21:15 . 2008-08-30 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-08-29 16:48 . 2008-08-29 16:48 <DIR> d-------- C:\Arquivos de programas\Electronic Arts

2008-08-29 16:48 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-08-29 12:18 . 2008-08-29 12:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-08-29 12:18 . 2008-08-29 12:18 <DIR> d-------- C:\Arquivos de programas\AVG

2008-08-29 12:18 . 2008-08-31 18:16 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-08-29 12:18 . 2008-08-31 18:16 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-08-29 12:18 . 2008-08-31 18:16 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-08-29 12:17 . 2008-08-29 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-08-28 18:15 . 2008-08-28 18:15 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\teamspeak2

2008-08-28 18:15 . 2008-08-28 18:15 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

2008-08-28 18:15 . 2008-08-28 18:15 34,064 --a------ C:\WINDOWS\system32\lhacm.acm

2008-08-28 15:51 . 2008-08-28 15:51 <DIR> d-------- C:\Arquivos de programas\Ares

2008-08-28 14:57 . 2008-08-28 14:57 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Toolbar

2008-08-28 14:57 . 2008-08-28 14:57 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-08-28 12:09 . 2008-08-28 12:09 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\DAEMON Tools

2008-08-28 07:10 . 2008-08-28 07:10 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\AVGTOOLBAR

2008-08-28 07:02 . 2008-08-28 07:02 2 --a------ C:\Setup.svc

2008-08-28 07:00 . 2008-08-28 07:00 <DIR> d-------- C:\Arquivos de programas\Google

2008-08-28 06:58 . 2008-08-28 06:58 <DIR> d-------- C:\Downloads

2008-08-28 06:58 . 2008-08-28 06:58 <DIR> d-------- C:\Arquivos de programas\BitComet

2008-08-28 06:51 . 2008-08-28 06:51 <DIR> d-------- C:\Arquivos de programas\Webteh

2008-08-28 06:30 . 2008-08-28 06:30 <DIR> d---s---- C:\Documents and Settings\Tiago\UserData

2008-08-27 19:34 . 2008-08-28 12:09 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-08-27 14:00 . 2008-08-27 14:00 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\Winamp

2008-08-27 14:00 . 2008-08-27 14:00 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-08-27 13:43 . 2008-08-27 13:43 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\CyberLink

2008-08-27 09:17 . 2007-11-12 13:15 56,684 --a------ C:\WINDOWS\system32\oemlogo.bmp

2008-08-27 09:17 . 2006-11-25 00:33 359 --a------ C:\WINDOWS\system32\Oeminfo.ini

2008-08-27 09:16 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2008-08-27 09:16 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll

2008-08-27 09:16 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2008-08-27 09:16 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll

2008-08-27 09:16 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-08-27 09:16 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2008-08-27 09:04 . 2008-08-27 09:04 <DIR> d-------- C:\Arquivos de programas\THQ

2008-08-26 18:58 . 2008-08-26 18:59 <DIR> d-------- C:\Documents and Settings\Tiago\Contacts

2008-08-26 18:58 . 2008-08-26 18:58 268 --ah----- C:\sqmdata01.sqm

2008-08-26 18:58 . 2008-08-26 18:58 244 --ah----- C:\sqmnoopt01.sqm

2008-08-26 10:45 . 2008-09-20 17:23 116 --a------ C:\WINDOWS\NeroDigital.ini

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-29 19:53 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2008-08-27 11:58 --------- d-----w C:\Arquivos de programas\MSECache

2008-08-27 11:57 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-08-27 11:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2008-08-27 11:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-27 11:48 --------- d-----w C:\Arquivos de programas\Ahead

2008-08-27 11:47 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-08-27 11:47 --------- d-----w C:\Arquivos de programas\CyberLink

2008-08-27 11:42 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-08-27 11:42 --------- d-----w C:\Arquivos de programas\Java

2008-08-27 11:42 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-08-27 11:41 --------- d-----w C:\Arquivos de programas\XP Codec Pack

2008-08-27 11:41 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-08-27 11:39 --------- d-----w C:\Arquivos de programas\Players

2008-08-27 11:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-27 11:38 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-08-27 11:38 --------- d-----w C:\Arquivos de programas\CCleaner

2008-08-27 11:37 --------- d-----w C:\Arquivos de programas\SlySoft

2008-08-27 11:37 --------- d-----w C:\Arquivos de programas\Elaborate Bytes

2008-08-27 11:32 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-27 11:32 --------- d-----w C:\Arquivos de programas\Analog Devices

2008-08-27 11:30 --------- d-----w C:\Arquivos de programas\DIFX

2008-08-27 11:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2008-08-27 11:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-27 11:14 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-27 11:13 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-27 11:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-07-05 10:14 456,192 ----a-w C:\WINDOWS\system32\libmplayer.dll

2008-07-05 10:14 3,591,168 ----a-w C:\WINDOWS\system32\libavcodec.dll

2008-07-05 10:13 708,096 ----a-w C:\WINDOWS\system32\ff_x264.dll

2008-06-22 16:34 177,664 ----a-w C:\WINDOWS\system32\ff_theora.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll" [2008-08-13 757192]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]

[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]

[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]

[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitComet"="C:\Arquivos de programas\BitComet\BitComet.exe" [2008-08-22 2567992]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2008-08-21 888832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-08-31 1235736]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-10 13496320]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

-r------- 2006-11-16 06:05 1953792 C:\WINDOWS\system32\JMRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

--a------ 2003-08-24 08:45 210944 C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

--a------ 2008-08-21 12:45 888832 C:\Arquivos de programas\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

--a------ 2008-08-22 03:07 2567992 C:\Arquivos de programas\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-08-08 09:11 490952 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]

--a------ 2002-11-02 03:33 45056 C:\Arquivos de programas\SlySoft\AnyDVD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

-r------- 2006-10-30 09:44 36864 C:\WINDOWS\JM\JMInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphclu9j0e5n1]

--a------ 2008-09-20 17:20 194560 C:\WINDOWS\system32\lphclu9j0e5n1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-01-10 08:20 13496320 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-01-10 08:20 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-12-08 17:35 32768 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-08-11 17:46 21741864 C:\Arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--------- 2006-07-13 07:12 729088 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

-ra------ 2006-12-18 10:34 868352 C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-08-18 18:41 1832272 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-09-15 17:14 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-01-15 19:54 37376 C:\Arquivos de programas\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-01-10 08:20 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"SharedAccess"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13960:TCP"= 13960:TCP:BitComet 13960 TCP

"13960:UDP"= 13960:UDP:BitComet 13960 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 97928]

R2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-08-31 875288]

R2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-31 76040]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{928413d0-802f-11dd-87a8-001fc6298a5b}]

\Shell\AutoRun\command - G:\cfv90h.com

\Shell\explore\Command - G:\cfv90h.com

\Shell\open\Command - G:\cfv90h.com

*Newly Created Service* - PROCEXP90

.

- - - - ORFAOS REMOVIDOS - - - -

MSConfigStartUp-DriveSystem - C:\WINDOWS\system32\maxpaynowti1.exe

MSConfigStartUp-System32 - C:\WINDOWS\system32\winds32.exe

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\gh8qnn8z.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.bsplayer-search.com/startpage

FF -: plugin - C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll

FF -: plugin - C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-22 19:58:47

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-09-22 19:59:21

ComboFix-quarantined-files.txt 2008-09-22 22:59:18

Pre-Run: 8 pasta(s) 66.535.915.520 bytes disponíveis

Post-Run: 12 pasta(s) 66,582,282,240 bytes disponíveis

238

Logfile of HijackThis v1.99.1

Scan saved at 20:01:21, on 22/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Tiago\CONFIG~1\Temp\Rar$EX00.438\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Só tenho até agradece!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Por gentileza, veja a parte que peço para instalar o Console de Recuperação conforme está explicado no link acima.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-09-20.05 - Tiago 2008-09-22 20:15:39.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.2604 [GMT -3:00]

Executando de: D:\Desktop\ComboFix.exe

Command switches used :: D:\Desktop\WinXP_BR_PRO_BF.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\lphclu9j0e5n1.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-22 to 2008-09-22 ))))))))))))))))))))))))))))))))

.

2008-09-20 21:58 . 2008-09-20 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-09-20 21:58 . 2008-09-20 21:58 <DIR> d-------- C:\Arquivos de programas\Avira

2008-09-20 21:08 . 2008-09-20 21:08 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\TeamViewer

2008-09-20 19:55 . 2008-09-20 19:55 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-09-20 19:55 . 2003-03-18 18:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-09-20 17:55 . 2008-09-20 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-09-20 17:55 . 2008-09-20 17:55 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-09-20 17:19 . 2008-09-20 17:19 <DIR> d--h----- C:\$AVG8.VAULT$

2008-09-19 18:46 . 2008-09-19 18:46 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\BSplayer Pro

2008-09-19 18:46 . 2008-09-19 18:46 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\BSplayer

2008-09-19 18:46 . 2008-09-19 18:46 <DIR> d-------- C:\Arquivos de programas\BS.Player ControlBar

2008-09-13 11:15 . 2008-09-13 11:15 2,064 --a------ C:\WINDOWS\Ascd_tmp.ini

2008-09-11 12:26 . 2008-09-11 12:26 <DIR> d-------- C:\Arquivos de programas\SpeedFan

2008-09-11 12:26 . 2008-09-11 12:26 45 --a------ C:\WINDOWS\system32\initdebug.nfo

2008-09-08 22:14 . 2008-09-08 22:14 <DIR> d--hs---- C:\FOUND.000

2008-09-04 18:40 . 2008-09-21 17:31 138,280 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-09-04 18:40 . 2008-09-21 17:31 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-09-04 18:39 . 2008-09-04 18:39 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-09-04 18:33 . 2008-09-04 18:33 <DIR> d-------- C:\Arquivos de programas\HLSW

2008-09-04 18:20 . 2008-09-04 18:20 <DIR> d-------- C:\Arquivos de programas\Wolfenstein - Enemy Territory

2008-08-30 21:17 . 2008-08-30 21:17 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\skypePM

2008-08-30 21:17 . 2008-08-30 21:17 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-08-30 21:16 . 2008-08-30 21:16 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\Skype

2008-08-30 21:16 . 2008-08-30 21:16 <DIR> d-------- C:\Arquivos de programas\Skype

2008-08-30 21:16 . 2008-08-30 21:16 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-08-30 21:15 . 2008-08-30 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-08-29 16:48 . 2008-08-29 16:48 <DIR> d-------- C:\Arquivos de programas\Electronic Arts

2008-08-29 16:48 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-08-29 12:18 . 2008-08-29 12:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-08-29 12:18 . 2008-08-29 12:18 <DIR> d-------- C:\Arquivos de programas\AVG

2008-08-29 12:18 . 2008-08-31 18:16 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-08-29 12:18 . 2008-08-31 18:16 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-08-29 12:18 . 2008-08-31 18:16 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-08-29 12:17 . 2008-08-29 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-08-28 18:15 . 2008-08-28 18:15 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\teamspeak2

2008-08-28 18:15 . 2008-08-28 18:15 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

2008-08-28 18:15 . 2008-08-28 18:15 34,064 --a------ C:\WINDOWS\system32\lhacm.acm

2008-08-28 15:51 . 2008-08-28 15:51 <DIR> d-------- C:\Arquivos de programas\Ares

2008-08-28 14:57 . 2008-08-28 14:57 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Toolbar

2008-08-28 14:57 . 2008-08-28 14:57 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-08-28 12:09 . 2008-08-28 12:09 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\DAEMON Tools

2008-08-28 07:10 . 2008-08-28 07:10 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\AVGTOOLBAR

2008-08-28 07:02 . 2008-08-28 07:02 2 --a------ C:\Setup.svc

2008-08-28 07:00 . 2008-08-28 07:00 <DIR> d-------- C:\Arquivos de programas\Google

2008-08-28 06:58 . 2008-08-28 06:58 <DIR> d-------- C:\Downloads

2008-08-28 06:58 . 2008-08-28 06:58 <DIR> d-------- C:\Arquivos de programas\BitComet

2008-08-28 06:51 . 2008-08-28 06:51 <DIR> d-------- C:\Arquivos de programas\Webteh

2008-08-28 06:30 . 2008-08-28 06:30 <DIR> d---s---- C:\Documents and Settings\Tiago\UserData

2008-08-27 19:34 . 2008-08-28 12:09 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-08-27 14:00 . 2008-08-27 14:00 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\Winamp

2008-08-27 14:00 . 2008-08-27 14:00 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-08-27 13:43 . 2008-08-27 13:43 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\CyberLink

2008-08-27 09:17 . 2007-11-12 13:15 56,684 --a------ C:\WINDOWS\system32\oemlogo.bmp

2008-08-27 09:17 . 2006-11-25 00:33 359 --a------ C:\WINDOWS\system32\Oeminfo.ini

2008-08-27 09:16 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2008-08-27 09:16 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll

2008-08-27 09:16 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2008-08-27 09:16 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll

2008-08-27 09:16 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-08-27 09:16 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2008-08-27 09:04 . 2008-08-27 09:04 <DIR> d-------- C:\Arquivos de programas\THQ

2008-08-26 18:58 . 2008-08-26 18:59 <DIR> d-------- C:\Documents and Settings\Tiago\Contacts

2008-08-26 18:58 . 2008-08-26 18:58 268 --ah----- C:\sqmdata01.sqm

2008-08-26 18:58 . 2008-08-26 18:58 244 --ah----- C:\sqmnoopt01.sqm

2008-08-26 10:45 . 2008-09-20 17:23 116 --a------ C:\WINDOWS\NeroDigital.ini

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-29 19:53 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2008-08-27 11:58 --------- d-----w C:\Arquivos de programas\MSECache

2008-08-27 11:57 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-08-27 11:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2008-08-27 11:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-27 11:48 --------- d-----w C:\Arquivos de programas\Ahead

2008-08-27 11:47 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-08-27 11:47 --------- d-----w C:\Arquivos de programas\CyberLink

2008-08-27 11:42 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-08-27 11:42 --------- d-----w C:\Arquivos de programas\Java

2008-08-27 11:42 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-08-27 11:41 --------- d-----w C:\Arquivos de programas\XP Codec Pack

2008-08-27 11:41 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-08-27 11:39 --------- d-----w C:\Arquivos de programas\Players

2008-08-27 11:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-27 11:38 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-08-27 11:38 --------- d-----w C:\Arquivos de programas\CCleaner

2008-08-27 11:37 --------- d-----w C:\Arquivos de programas\SlySoft

2008-08-27 11:37 --------- d-----w C:\Arquivos de programas\Elaborate Bytes

2008-08-27 11:32 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-27 11:32 --------- d-----w C:\Arquivos de programas\Analog Devices

2008-08-27 11:30 --------- d-----w C:\Arquivos de programas\DIFX

2008-08-27 11:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2008-08-27 11:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-27 11:14 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-27 11:13 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-27 11:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-07-05 10:14 456,192 ----a-w C:\WINDOWS\system32\libmplayer.dll

2008-07-05 10:14 3,591,168 ----a-w C:\WINDOWS\system32\libavcodec.dll

2008-07-05 10:13 708,096 ----a-w C:\WINDOWS\system32\ff_x264.dll

2008-06-22 16:34 177,664 ----a-w C:\WINDOWS\system32\ff_theora.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll" [2008-08-13 757192]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]

[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]

[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]

[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitComet"="C:\Arquivos de programas\BitComet\BitComet.exe" [2008-08-22 2567992]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2008-08-21 888832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-08-31 1235736]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-10 13496320]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

-r------- 2006-11-16 06:05 1953792 C:\WINDOWS\system32\JMRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

--a------ 2003-08-24 08:45 210944 C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

--a------ 2008-08-21 12:45 888832 C:\Arquivos de programas\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

--a------ 2008-08-22 03:07 2567992 C:\Arquivos de programas\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-08-08 09:11 490952 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]

--a------ 2002-11-02 03:33 45056 C:\Arquivos de programas\SlySoft\AnyDVD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

-r------- 2006-10-30 09:44 36864 C:\WINDOWS\JM\JMInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-01-10 08:20 13496320 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-01-10 08:20 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-12-08 17:35 32768 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-08-11 17:46 21741864 C:\Arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--------- 2006-07-13 07:12 729088 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

-ra------ 2006-12-18 10:34 868352 C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-08-18 18:41 1832272 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-09-15 17:14 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-01-15 19:54 37376 C:\Arquivos de programas\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-01-10 08:20 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"SharedAccess"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13960:TCP"= 13960:TCP:BitComet 13960 TCP

"13960:UDP"= 13960:UDP:BitComet 13960 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 97928]

R2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-08-31 875288]

R2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-31 76040]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{928413d0-802f-11dd-87a8-001fc6298a5b}]

\Shell\AutoRun\command - G:\cfv90h.com

\Shell\explore\Command - G:\cfv90h.com

\Shell\open\Command - G:\cfv90h.com

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

- - - - ORFAOS REMOVIDOS - - - -

MSConfigStartUp-lphclu9j0e5n1 - C:\WINDOWS\system32\lphclu9j0e5n1.exe

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\gh8qnn8z.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.bsplayer-search.com/startpage

FF -: plugin - C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll

FF -: plugin - C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-22 20:16:49

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-09-22 20:17:19

ComboFix-quarantined-files.txt 2008-09-22 23:17:18

ComboFix2.txt 2008-09-22 22:59:24

Pre-Run: 8 pasta(s) 66.553.610.240 bytes disponíveis

Post-Run: 13 pasta(s) 66,520,186,880 bytes disponíveis

WinXP_BR_PRO_BF.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

C:\ = "Microsoft Windows"

243

Logfile of HijackThis v1.99.1

Scan saved at 20:19:10, on 22/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Tiago\CONFIG~1\Temp\Rar$EX08.906\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você faz uso de mídias removíveis?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Há infecção proveniente de pendrive, fique atento.

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{928413d0-802f-11dd-87a8-001fc6298a5b}]

Firefox::

FireFox -: Profile - C:\Documents and Settings\Tiago\Dados de aplicativos\Mozilla\Firefox\Profiles\gh8qnn8z.defa ult\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.bsplayer-search.com/startpage
FF -: plugin - C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

OKk..Renato!

ComboFix 08-09-20.05 - Tiago 2008-09-22 22:39:16.3 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.2609 [GMT -3:00]

Executando de: D:\Desktop\ComboFix.exe

Command switches used :: D:\Desktop\CFScript.txt.txt

* Criado um novo ponto de restauro

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-23 to 2008-09-23 ))))))))))))))))))))))))))))))))

.

2008-09-20 21:58 . 2008-09-20 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-09-20 21:58 . 2008-09-20 21:58 <DIR> d-------- C:\Arquivos de programas\Avira

2008-09-20 21:08 . 2008-09-20 21:08 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\TeamViewer

2008-09-20 19:55 . 2008-09-20 19:55 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-09-20 19:55 . 2003-03-18 18:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-09-20 17:55 . 2008-09-20 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-09-20 17:55 . 2008-09-20 17:55 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-09-20 17:19 . 2008-09-20 17:19 <DIR> d--h----- C:\$AVG8.VAULT$

2008-09-19 18:46 . 2008-09-19 18:46 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\BSplayer Pro

2008-09-19 18:46 . 2008-09-19 18:46 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\BSplayer

2008-09-19 18:46 . 2008-09-19 18:46 <DIR> d-------- C:\Arquivos de programas\BS.Player ControlBar

2008-09-13 11:15 . 2008-09-13 11:15 2,064 --a------ C:\WINDOWS\Ascd_tmp.ini

2008-09-11 12:26 . 2008-09-11 12:26 <DIR> d-------- C:\Arquivos de programas\SpeedFan

2008-09-11 12:26 . 2008-09-11 12:26 45 --a------ C:\WINDOWS\system32\initdebug.nfo

2008-09-08 22:14 . 2008-09-08 22:14 <DIR> d--hs---- C:\FOUND.000

2008-09-04 18:40 . 2008-09-21 17:31 138,280 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-09-04 18:40 . 2008-09-21 17:31 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-09-04 18:39 . 2008-09-04 18:39 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-09-04 18:33 . 2008-09-04 18:33 <DIR> d-------- C:\Arquivos de programas\HLSW

2008-09-04 18:20 . 2008-09-04 18:20 <DIR> d-------- C:\Arquivos de programas\Wolfenstein - Enemy Territory

2008-08-30 21:17 . 2008-08-30 21:17 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\skypePM

2008-08-30 21:17 . 2008-08-30 21:17 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-08-30 21:16 . 2008-08-30 21:16 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\Skype

2008-08-30 21:16 . 2008-08-30 21:16 <DIR> d-------- C:\Arquivos de programas\Skype

2008-08-30 21:16 . 2008-08-30 21:16 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-08-30 21:15 . 2008-08-30 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-08-29 16:48 . 2008-08-29 16:48 <DIR> d-------- C:\Arquivos de programas\Electronic Arts

2008-08-29 16:48 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-08-29 12:18 . 2008-08-29 12:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-08-29 12:18 . 2008-08-29 12:18 <DIR> d-------- C:\Arquivos de programas\AVG

2008-08-29 12:18 . 2008-08-31 18:16 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-08-29 12:18 . 2008-08-31 18:16 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-08-29 12:18 . 2008-08-31 18:16 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-08-29 12:17 . 2008-08-29 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-08-28 18:15 . 2008-08-28 18:15 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\teamspeak2

2008-08-28 18:15 . 2008-08-28 18:15 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

2008-08-28 18:15 . 2008-08-28 18:15 34,064 --a------ C:\WINDOWS\system32\lhacm.acm

2008-08-28 15:51 . 2008-08-28 15:51 <DIR> d-------- C:\Arquivos de programas\Ares

2008-08-28 14:57 . 2008-08-28 14:57 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Toolbar

2008-08-28 14:57 . 2008-08-28 14:57 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-08-28 12:09 . 2008-08-28 12:09 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\DAEMON Tools

2008-08-28 07:10 . 2008-08-28 07:10 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\AVGTOOLBAR

2008-08-28 07:02 . 2008-08-28 07:02 2 --a------ C:\Setup.svc

2008-08-28 07:00 . 2008-08-28 07:00 <DIR> d-------- C:\Arquivos de programas\Google

2008-08-28 06:58 . 2008-08-28 06:58 <DIR> d-------- C:\Downloads

2008-08-28 06:58 . 2008-08-28 06:58 <DIR> d-------- C:\Arquivos de programas\BitComet

2008-08-28 06:51 . 2008-08-28 06:51 <DIR> d-------- C:\Arquivos de programas\Webteh

2008-08-28 06:30 . 2008-08-28 06:30 <DIR> d---s---- C:\Documents and Settings\Tiago\UserData

2008-08-27 19:34 . 2008-08-28 12:09 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-08-27 14:00 . 2008-08-27 14:00 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\Winamp

2008-08-27 14:00 . 2008-08-27 14:00 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-08-27 13:43 . 2008-08-27 13:43 <DIR> d-------- C:\Documents and Settings\Tiago\Dados de aplicativos\CyberLink

2008-08-27 09:17 . 2007-11-12 13:15 56,684 --a------ C:\WINDOWS\system32\oemlogo.bmp

2008-08-27 09:17 . 2006-11-25 00:33 359 --a------ C:\WINDOWS\system32\Oeminfo.ini

2008-08-27 09:16 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2008-08-27 09:16 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll

2008-08-27 09:16 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2008-08-27 09:16 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll

2008-08-27 09:16 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-08-27 09:16 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2008-08-27 09:04 . 2008-08-27 09:04 <DIR> d-------- C:\Arquivos de programas\THQ

2008-08-26 18:58 . 2008-08-26 18:59 <DIR> d-------- C:\Documents and Settings\Tiago\Contacts

2008-08-26 18:58 . 2008-08-26 18:58 268 --ah----- C:\sqmdata01.sqm

2008-08-26 18:58 . 2008-08-26 18:58 244 --ah----- C:\sqmnoopt01.sqm

2008-08-26 10:45 . 2008-09-20 17:23 116 --a------ C:\WINDOWS\NeroDigital.ini

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-29 19:53 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2008-08-27 11:58 --------- d-----w C:\Arquivos de programas\MSECache

2008-08-27 11:57 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-08-27 11:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2008-08-27 11:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-27 11:48 --------- d-----w C:\Arquivos de programas\Ahead

2008-08-27 11:47 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-08-27 11:47 --------- d-----w C:\Arquivos de programas\CyberLink

2008-08-27 11:42 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-08-27 11:42 --------- d-----w C:\Arquivos de programas\Java

2008-08-27 11:42 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-08-27 11:41 --------- d-----w C:\Arquivos de programas\XP Codec Pack

2008-08-27 11:41 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-08-27 11:39 --------- d-----w C:\Arquivos de programas\Players

2008-08-27 11:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-27 11:38 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-08-27 11:38 --------- d-----w C:\Arquivos de programas\CCleaner

2008-08-27 11:37 --------- d-----w C:\Arquivos de programas\SlySoft

2008-08-27 11:37 --------- d-----w C:\Arquivos de programas\Elaborate Bytes

2008-08-27 11:32 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-27 11:32 --------- d-----w C:\Arquivos de programas\Analog Devices

2008-08-27 11:30 --------- d-----w C:\Arquivos de programas\DIFX

2008-08-27 11:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2008-08-27 11:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-27 11:14 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-08-27 11:13 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-27 11:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-07-05 10:14 456,192 ----a-w C:\WINDOWS\system32\libmplayer.dll

2008-07-05 10:14 3,591,168 ----a-w C:\WINDOWS\system32\libavcodec.dll

2008-07-05 10:13 708,096 ----a-w C:\WINDOWS\system32\ff_x264.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll" [2008-08-13 757192]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]

[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]

[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]

[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitComet"="C:\Arquivos de programas\BitComet\BitComet.exe" [2008-08-22 2567992]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2008-08-21 888832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-08-31 1235736]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-10 13496320]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

-r------- 2006-11-16 06:05 1953792 C:\WINDOWS\system32\JMRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

--a------ 2003-08-24 08:45 210944 C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

--a------ 2008-08-21 12:45 888832 C:\Arquivos de programas\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

--a------ 2008-08-22 03:07 2567992 C:\Arquivos de programas\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-08-08 09:11 490952 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]

--a------ 2002-11-02 03:33 45056 C:\Arquivos de programas\SlySoft\AnyDVD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

-r------- 2006-10-30 09:44 36864 C:\WINDOWS\JM\JMInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-01-10 08:20 13496320 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-01-10 08:20 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-12-08 17:35 32768 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-08-11 17:46 21741864 C:\Arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--------- 2006-07-13 07:12 729088 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

-ra------ 2006-12-18 10:34 868352 C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-08-18 18:41 1832272 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-09-15 17:14 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-01-15 19:54 37376 C:\Arquivos de programas\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-01-10 08:20 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"SharedAccess"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13960:TCP"= 13960:TCP:BitComet 13960 TCP

"13960:UDP"= 13960:UDP:BitComet 13960 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 97928]

R2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-08-31 875288]

R2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-31 76040]

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-22 22:40:18

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-09-22 22:40:44

ComboFix-quarantined-files.txt 2008-09-23 01:40:44

ComboFix3.txt 2008-09-22 22:59:24

ComboFix2.txt 2008-09-22 23:17:22

Pre-Run: 9 pasta(s) 66.480.340.992 bytes disponíveis

Post-Run: 13 pasta(s) 66,485,878,784 bytes disponíveis

217

Logfile of HijackThis v1.99.1

Scan saved at 22:41:42, on 22/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Tiago\CONFIG~1\Temp\Rar$EX00.828\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e poste na sua próxima resposta.

    [*]Gere e cole também um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tuesday, September 23, 2008

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Tuesday, September 23, 2008 00:45:38

Records in database: 1249909

Scan settingsScan using the following databaseextendedScan archivesyesScan mail databasesyesScan areaMy ComputerA:\

C:\

D:\

E:\

F:\ Scan statisticsFiles scanned34366Threat name2Infected objects3Suspicious objects0Duration of the scan00:45:56

File nameThreat nameThreats countC:\System Volume Information\_restore{5F588DAD-376A-4A63-86A9-3B3094305C11}\RP7\A0000330.exeInfected: Backdoor.Win32.Frauder.fb1C:\QooBox\Quarantine\C\WINDOWS\system32\lphclu9j0e5n1.exe.virInfected: Backdoor.Win32.Frauder.fb1D:\Downloads\vdownloader.zipInfected: not-a-virus:Downloader.Win32.VDown.a1The selected area was scanned.

Logfile of HijackThis v1.99.1

Scan saved at 00:06:12, on 23/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Tiago\CONFIG~1\Temp\Rar$EX00.375\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Parabéns, seu log está limpo.

De agora em diante fique ALERTA!

Para finalizar faça o seguinte:

Vá em Iniciar > Executar e digite combofix /u. Isso desinstalará o ComboFix de sua máquina.

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Sugiro também que consulte este artigo: Proteja seu PC

Mais algum problema com o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites

BAhhh..MUito obrigado..Eu acho que não..está bom agora! :D

BRIGADO RENATO>.

BRIGADO MESMO!

UM FORTE ABRAÇO E BOA SEMANA!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×