Ir ao conteúdo
  • Cadastre-se
Alex Braga

Problemas com tuto.exe, avg.exe e svchost.exe

Recommended Posts

Olá,

Bom, estou com os seguintes problemas:

TODAS as vezes que inicio meu Windows, o AVG detecta a presença de um vírus (Trojan horse PSW.OnlineGames.AYEV) no arquivo C:\tuto.exe

Mesmo mandando o arquivo pra quarentena, ele retorna sempre.

Outro problema é com um arquivo que acredito ser um vírus, em C:\Arquivos de programas\avg.exe. Descobri este arquivo ontem a noite e o deletei, mas retornou com a reinicialização também. E tenho certeza de não se tratar de um arquivo do prórprio AVG, tanto pela localização quanto pelo seu comportamento, data de criação e ícone do arquivo (Internet Explorer 6).

Por fim, surgiu um arquivo do svchost em C:\svchost.exe

Sei da existência dos processos do svchost, mas este arquivo foi criado aleatoriamente há algumas semanas, possui o ícone do Internet Explorer 7, não há como deletar e ainda consome memória do pc como o svchost comum.

Se alguém puder me ajudar, ficarei agradecido!

Abraços

Logfile of HijackThis v1.99.1

Scan saved at 12:08:14, on 15/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\Windows\System32\svchosts.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Alexandre Braga\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Windows\System32\cmd.exe

C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avg] C:\Arquivos de programas\avg.exe

O4 - HKLM\..\Run: [Windows Setup] C:\svchost.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe"

O4 - HKLM\..\Run: [] C:\Windows\System32\svchosts.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alexandre Braga\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - Global Startup: avg.exe

O4 - Global Startup: Picture Package Menu.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{22DD771D-7AC4-497D-98C9-53ACB74D9430}: NameServer = 200.222.117.97

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740403-BE14-4CAA-A79E-49FE48FF5E03}: NameServer = 200.165.132.147 200.165.132.155

O17 - HKLM\System\CS1\Services\Tcpip\..\{22DD771D-7AC4-497D-98C9-53ACB74D9430}: NameServer = 200.222.117.97

O17 - HKLM\System\CS2\Services\Tcpip\..\{22DD771D-7AC4-497D-98C9-53ACB74D9430}: NameServer = 200.222.117.97

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Por gentileza, poste um novo log do Hijackthis.

Obs: Não abra um novo tópico, poste seu novo log clicando no botão Responder.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom, como você pediu, aí vai um novo log

Logfile of HijackThis v1.99.1

Scan saved at 12:49:27, on 23/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\avg.exe

C:\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\cmd.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Documents and Settings\Alexandre Braga\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avg] C:\Arquivos de programas\avg.exe

O4 - HKLM\..\Run: [Windows Setup] C:\svchost.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe"

O4 - HKLM\..\Run: [] C:\Windows\System32\svchosts.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alexandre Braga\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - Global Startup: avg.exe

O4 - Global Startup: Picture Package Menu.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{22DD771D-7AC4-497D-98C9-53ACB74D9430}: NameServer = 200.222.117.97

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740403-BE14-4CAA-A79E-49FE48FF5E03}: NameServer = 200.165.132.147 200.165.132.155

O17 - HKLM\System\CS1\Services\Tcpip\..\{22DD771D-7AC4-497D-98C9-53ACB74D9430}: NameServer = 200.222.117.97

O17 - HKLM\System\CS2\Services\Tcpip\..\{22DD771D-7AC4-497D-98C9-53ACB74D9430}: NameServer = 200.222.117.97

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rodei o ComboFix e fiz tudo conforme instruído

aí segue o log

ComboFix 08-10-23.03 - Alexandre Braga 2008-10-25 11:10:43.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.719 [GMT -2:00]

Executando de: C:\Documents and Settings\Alexandre Braga\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\Alexandre Braga\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\DOCUME~1\ALEXAN~1\CONFIG~1\Temp\svchost.exe

C:\svchost.exe

C:\WINDOWS\config.ini

C:\WINDOWS\svchost.exe

C:\WINDOWS\system32\svchosts.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-25 to 2008-10-25 ))))))))))))))))))))))))))))

.

2008-10-25 10:34 . 2008-10-25 10:34 14,336 --a------ C:\tuto.exe

2008-10-25 10:34 . 2008-10-25 10:34 7,936 --a------ C:\WINDOWS\system32\PLUG.SYS

2008-10-24 23:17 . 2008-10-25 01:56 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-10-24 20:39 . 2008-10-24 20:50 <DIR> d-------- C:\Arquivos de programas\pixelComic 1.26

2008-10-24 15:52 . 2008-10-24 15:52 249,856 --------- C:\WINDOWS\Setup1.exe

2008-10-24 15:52 . 2008-10-24 15:52 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-10-24 15:34 . 2008-10-24 15:38 <DIR> d-------- C:\Documents and Settings\Alexandre Braga\Dados de aplicativos\Quivi

2008-10-19 18:02 . 2008-10-19 18:02 <DIR> d-------- C:\Arquivos de programas\123di_40

2008-10-15 12:36 . 2008-08-06 19:43 3,752,448 --a------ C:\Arquivos de programas\avg.exe

2008-10-13 20:25 . 2008-10-13 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-10-13 20:25 . 2008-10-13 20:25 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-10-13 20:25 . 2008-10-13 20:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Apple

2008-10-12 23:35 . 2008-10-12 23:35 <DIR> d-------- C:\Arquivos de programas\Combined Community Codec Pack

2008-10-02 15:12 . 2008-10-02 15:12 <DIR> d-------- C:\WINDOWS\Sys

2008-10-02 15:06 . 2008-08-08 12:44 211 --ahs---- C:\Setup.svc

2008-09-27 00:51 . 2008-10-24 14:30 <DIR> d-------- C:\Documents and Settings\Alexandre Braga\Tracing

2008-09-27 00:49 . 2008-09-27 00:49 <DIR> d-------- C:\Arquivos de programas\Microsoft

2008-09-27 00:45 . 2008-09-27 00:45 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Windows Live

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-25 13:07 --------- d-----w C:\Arquivos de programas\SpeedBit Video Accelerator

2008-10-25 13:06 --------- d-----w C:\Documents and Settings\Alexandre Braga\Dados de aplicativos\uTorrent

2008-10-24 00:01 560 ----a-w C:\Documents and Settings\Alexandre Braga\Dados de aplicativos\ViewerApp.dat

2008-10-20 20:04 --------- d-----w C:\Arquivos de programas\eMule

2008-10-13 02:21 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-10-08 16:33 --------- d-----w C:\Arquivos de programas\JKDefrag

2008-10-05 02:11 3,350 --sha-w C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-09-27 02:48 --------- d-----w C:\Arquivos de programas\Windows Live

2008-09-16 21:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ACD Systems

2008-09-16 21:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ACD Systems

2008-09-16 21:58 --------- d-----w C:\Arquivos de programas\ACD Systems

2008-09-14 19:21 --------- d-----w C:\Documents and Settings\Alexandre Braga\Dados de aplicativos\YouSendIt

2008-09-09 03:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll

2008-09-08 14:51 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-08 14:51 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-09-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-09-08 14:51 --------- d-----w C:\Arquivos de programas\AVG

2008-09-03 19:14 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-09-03 19:13 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-09-02 20:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-09-02 20:34 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-07-31 23:34 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

2008-07-18 01:02 88 --sh--r C:\Documents and Settings\All Users\Dados de aplicativos\66D9AFB5DE.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"Google Update"="C:\Documents and Settings\Alexandre Braga\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-10-02 133104]

"uTorrent"="C:\Arquivos de programas\uTorrent\uTorrent.exe" [2008-10-12 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]

"SpeedBitVideoAccelerator"="C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-09-23 2705008]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2008-09-06 413696]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

avg.exe [2008-08-06 3752448]

Picture Package Menu.lnk - C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-07-17 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

"vidc.ffds"= C:\ARQUIV~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Picture Package VCD Maker.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Picture Package VCD Maker.lnk

backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 03:38 34672 C:\Arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-27 01:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-12-13 20:10 1688872 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

--a------ 2007-10-25 17:33 563984 C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

--a------ 2007-10-25 17:37 2178832 C:\Arquivos de programas\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-12-03 15:21 2213160 C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 16:09 413696 C:\Arquivos de programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2005-07-26 10:54 716800 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-05-16 15:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"NMIndexingService"=3 (0x3)

"Nero BackItUp Scheduler 3"=2 (0x2)

"LVSrvLauncher"=2 (0x2)

"LVCOMSer"=2 (0x2)

"WLSetupSvc"=3 (0x3)

"IviRegMgr"=2 (0x2)

"avg8emc"=2 (0x2)

"FLEXnet Licensing Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Corel\\DVD9\\WinDVD.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-08 97928]

R1 PLUG;Driver do GB;c:\windows\system32\PLUG.SYS [2008-10-25 7936]

R2 avg8wd;AVG Free8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-09-08 231704]

R2 PSI_SVC_2;Protexis Licensing V2;C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]

R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]

R2 sbbotdi;sbbotdi;C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys [2008-09-23 35584]

R2 VideoAcceleratorService;VideoAcceleratorService;C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe [2008-09-23 292472]

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2008-10-25 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job

- C:\Documents and Settings\Alexandre Braga\Configura []

.

- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-Windows Setup - C:\svchost.exe

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Alexandre Braga\Dados de aplicativos\Mozilla\Firefox\Profiles\f41pfhf2.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.whiplash.net

FF -: plugin - C:\Documents and Settings\Alexandre Braga\Configurações locais\Dados de aplicativos\Google\Update\1.2.131.25\npGoogleOneClick6.dll

FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-25 11:11:31

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

C:\DOCUME~1\ALEXAN~1\CONFIG~1\Temp\RGI2.tmp

Varredura completada com sucesso

arquivos/ficheiros ocultos: 1

**************************************************************************

.

Tempo para conclusão: 2008-10-25 11:12:18

ComboFix-quarantined-files.txt 2008-10-25 13:12:12

Pré-execução: 14 pasta(s) 120.518.041.600 bytes disponíveis

Pós execução: 14 pasta(s) 120,998,920,192 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

184 --- E O F --- 2008-08-19 13:58:54

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virusscan.jotti.org/

Em File to upload coloque: C:\tuto.exe

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Como o arquivo C:\Arquivos de programas\avg.exe também continuou no pc após a utilização do ComboFix, eu também fiz o mesmo procedimento com ele e vou postar o resultado da análise dele de uma vez, ok?

Primeiro segue o resultado do arquivo C:\tuto.exe

File: tuto.exe

Status:

INFECTED/MALWARE

MD5: 251b9e5ea854eca172eb5a1ea480c718

Packers detected:

-

Scan taken on 25 Oct 2008 23:24:06 (GMT)

A-Squared

Found nothing

AntiVir

Found TR/Killfiles.WV

ArcaVir

Found Trojan.Dropper.Small.Aso

Avast

Found Win32:Trojan-gen {Other}

AVG Antivirus

Found PSW.OnlineGames.AYEV

BitDefender

Found Trojan.Starter.AGB

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found W32/Trojan2.CMGH

F-Secure Anti-Virus

Found Trojan.Win32.KillFiles.wv

G DATA

Found nothing

Ikarus

Found Trojan.Win32.KillFiles.wv

Kaspersky Anti-Virus

Found Trojan.Win32.KillFiles.wv

NOD32

Found Win32/KillFiles.NBF

Norman Virus Control

Found OnLineGames.gen40

Panda Antivirus

Found Trj/KillFiles.BF

Sophos Antivirus

Found Mal/Generic-A

VirusBuster

Found Trojan.KillFiles.SP

VBA32

Found Trojan.Win32.KillFiles.wv

Agora o resultado para o arquivo C:\Arquivos de programas\avg.exe

File: avg.exe

Status:

INFECTED/MALWARE

MD5: 436d2fcd7bf32bf8a19baad1982289c3

Packers detected:

PE_PATCH.UPX, UPX

Scan taken on 25 Oct 2008 23:30:58 (GMT)

A-Squared

Found nothing

AntiVir

Found TR/Spy.Banker.Gen

ArcaVir

Found Trojan.Dropper.Microjoin.Cd, Trojan.Dropper.Small.Aso

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found Generic.Banker.Delf.D442A41C

ClamAV

Found nothing

CPsecure

Found Troj.Spy.W32.Banker.gen

Dr.Web

Found Trojan.PWS.Banker.origin, Trojan.AVKill.445

F-Prot Antivirus

Found W32/D_Banker!Generic (probable variant)

F-Secure Anti-Virus

Found nothing

G DATA

Found nothing

Ikarus

Found Trojan-Spy.Win32.Banker.JU

Kaspersky Anti-Virus

Found nothing

NOD32

Found probably a variant of Win32/Genetik (probable variant)

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Sophos Antivirus

Found Mal/Generic-A, Mal/Banspy-F

VirusBuster

Found nothing

VBA32

Found Embedded.Backdoor.Win32.BlackHole.2004.h (probable variant)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":


File::

C:\tuto.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
avg.exe

FireFox::

FireFox -: Profile - C:\Documents and Settings\Alexandre Braga\Dados de aplicativos\Mozilla\Firefox\Profiles\f41pfhf2.defa ult\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.whiplash.net
FF -: plugin - C:\Documents and Settings\Alexandre Braga\Configurações locais\Dados de aplicativos\Google\Update\1.2.131.25\npGoogleOneCl ick6.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Rootkit::

C:\DOCUME~1\ALEXAN~1\CONFIG~1\Temp\RGI2.tmp

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Parece que agora deu certo...pelo menos da última vez que reiniciei o pc, tais arquivos finalmente desapareceram de vez. Obrigado!

Lembrei-me também do arquivo C:\WINDOWS\system32\PLUG.SYS que é outro que teima em reaparecer mesmo que o AVG mande-o para a quarentena, bem como em C:\System Volume Information\_restore{F058AC69-BAFA-4DB4-86EA-DBCF7A9F31C2}\RP123\A0013807.exe. Sendo que neste último diretório citado, os dois últimos caminhos sempre sofrem alteração [a pasta RP(número) e o arquivo infectado (variando o nome e a extensão, que pode ser .exe ou .sys]

Segue abaixo os logs do ComboFix e do HijackThis, conforme solicitado por você:

ComboFix 08-10-25.01 - Alexandre Braga 2008-10-26 12:48:57.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.678 [GMT -2:00]

Executando de: C:\Documents and Settings\Alexandre Braga\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\Alexandre Braga\Desktop\CFScript.txt

* Criado um novo ponto de restauro

FILE ::

C:\tuto.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ :#:

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\tuto.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-26 to 2008-10-26 ))))))))))))))))))))))))))))

.

2008-10-26 12:51 . 2008-10-26 12:51 14,336 --a------ C:\tuto.exe

2008-10-25 10:34 . 2008-10-25 10:34 7,936 --a------ C:\WINDOWS\system32\PLUG.SYS

2008-10-24 23:17 . 2008-10-25 01:56 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-10-24 20:39 . 2008-10-24 20:50 <DIR> d-------- C:\Arquivos de programas\pixelComic 1.26

2008-10-24 15:52 . 2008-10-24 15:52 249,856 --------- C:\WINDOWS\Setup1.exe

2008-10-24 15:52 . 2008-10-24 15:52 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-10-24 15:34 . 2008-10-24 15:38 <DIR> d-------- C:\Documents and Settings\Alexandre Braga\Dados de aplicativos\Quivi

2008-10-19 18:02 . 2008-10-19 18:02 <DIR> d-------- C:\Arquivos de programas\123di_40

2008-10-15 12:36 . 2008-08-06 19:43 3,752,448 --a------ C:\Arquivos de programas\avg.exe

2008-10-13 20:25 . 2008-10-13 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-10-13 20:25 . 2008-10-13 20:25 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-10-13 20:25 . 2008-10-13 20:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Apple

2008-10-12 23:35 . 2008-10-12 23:35 <DIR> d-------- C:\Arquivos de programas\Combined Community Codec Pack

2008-10-02 15:12 . 2008-10-02 15:12 <DIR> d-------- C:\WINDOWS\Sys

2008-10-02 15:06 . 2008-08-08 12:44 211 --ahs---- C:\Setup.svc

2008-09-27 00:51 . 2008-10-25 11:28 <DIR> d-------- C:\Documents and Settings\Alexandre Braga\Tracing

2008-09-27 00:49 . 2008-09-27 00:49 <DIR> d-------- C:\Arquivos de programas\Microsoft

2008-09-27 00:45 . 2008-09-27 00:45 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Windows Live

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-26 14:52 --------- d-----w C:\Arquivos de programas\SpeedBit Video Accelerator

2008-10-26 14:38 --------- d-----w C:\Documents and Settings\Alexandre Braga\Dados de aplicativos\uTorrent

2008-10-24 00:01 560 ----a-w C:\Documents and Settings\Alexandre Braga\Dados de aplicativos\ViewerApp.dat

2008-10-20 20:04 --------- d-----w C:\Arquivos de programas\eMule

2008-10-13 02:21 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-10-08 16:33 --------- d-----w C:\Arquivos de programas\JKDefrag

2008-10-05 02:11 3,350 --sha-w C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-09-27 02:48 --------- d-----w C:\Arquivos de programas\Windows Live

2008-09-16 21:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ACD Systems

2008-09-16 21:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ACD Systems

2008-09-16 21:58 --------- d-----w C:\Arquivos de programas\ACD Systems

2008-09-14 19:21 --------- d-----w C:\Documents and Settings\Alexandre Braga\Dados de aplicativos\YouSendIt

2008-09-08 14:51 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-09-08 14:51 --------- d-----w C:\Arquivos de programas\AVG

2008-09-03 19:14 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-09-03 19:13 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-09-02 20:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-09-02 20:34 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-07-31 23:34 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

2008-07-18 01:02 88 --sh--r C:\Documents and Settings\All Users\Dados de aplicativos\66D9AFB5DE.sys

.

((((((((((((((((((((((((((((( snapshot@2008-10-25_11.12.02,78 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-08-06 21:43:02 3,752,448 ----a-w C:\WINDOWS\system32\svchosts.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"Google Update"="C:\Documents and Settings\Alexandre Braga\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-10-02 133104]

"uTorrent"="C:\Arquivos de programas\uTorrent\uTorrent.exe" [2008-10-12 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]

"SpeedBitVideoAccelerator"="C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-09-23 2705008]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2008-09-06 413696]

"avg"="C:\Arquivos de programas\avg.exe" [2008-08-06 3752448]

"<NO NAME>"="C:\Windows\System32\svchosts.exe" [2008-08-06 3752448]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

avg.exe [2008-08-06 3752448]

Picture Package Menu.lnk - C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-07-17 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

"vidc.ffds"= C:\ARQUIV~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Picture Package VCD Maker.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Picture Package VCD Maker.lnk

backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 03:38 34672 C:\Arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-27 01:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-12-13 20:10 1688872 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

--a------ 2007-10-25 17:33 563984 C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

--a------ 2007-10-25 17:37 2178832 C:\Arquivos de programas\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-12-03 15:21 2213160 C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 16:09 413696 C:\Arquivos de programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2005-07-26 10:54 716800 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-05-16 15:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"NMIndexingService"=3 (0x3)

"Nero BackItUp Scheduler 3"=2 (0x2)

"LVSrvLauncher"=2 (0x2)

"LVCOMSer"=2 (0x2)

"WLSetupSvc"=3 (0x3)

"IviRegMgr"=2 (0x2)

"avg8emc"=2 (0x2)

"FLEXnet Licensing Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Corel\\DVD9\\WinDVD.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-08 97928]

R1 PLUG;Driver do GB;c:\windows\system32\PLUG.SYS [2008-10-25 7936]

R2 avg8wd;AVG Free8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-09-08 231704]

R2 PSI_SVC_2;Protexis Licensing V2;C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]

R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]

R2 sbbotdi;sbbotdi;C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys [2008-09-23 35584]

R2 VideoAcceleratorService;VideoAcceleratorService;C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe [2008-09-23 292472]

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2008-10-26 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job

- C:\Documents and Settings\Alexandre Braga\Configura []

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-26 12:51:23

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

C:\WINDOWS\system32\svchosts.exe 3752448 bytes executable

Varredura completada com sucesso

arquivos/ficheiros ocultos: 1

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\avg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-26 12:53:37 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-10-26 14:53:34

ComboFix2.txt 2008-10-25 13:12:18

Pré-execução: 14 pasta(s) 116.865.843.200 bytes disponíveis

Pós execução: 14 pasta(s) 116,887,519,232 bytes disponíveis

185 --- E O F --- 2008-08-19 13:58:54

Logfile of HijackThis v1.99.1

Scan saved at 13:02:10, on 26/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Alexandre Braga\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\avg.exe

C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\wscntfy.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alexandre Braga\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - Global Startup: avg.exe

O4 - Global Startup: Picture Package Menu.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{22DD771D-7AC4-497D-98C9-53ACB74D9430}: NameServer = 200.222.117.97

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740403-BE14-4CAA-A79E-49FE48FF5E03}: NameServer = 200.165.132.147 200.165.132.155

O17 - HKLM\System\CS1\Services\Tcpip\..\{22DD771D-7AC4-497D-98C9-53ACB74D9430}: NameServer = 200.222.117.97

O17 - HKLM\System\CS2\Services\Tcpip\..\{22DD771D-7AC4-497D-98C9-53ACB74D9430}: NameServer = 200.222.117.97

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":


File::

c:\windows\system32\PLUG.SYS
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\avg.exe

Driver::

PLUG

Rootkit::

C:\WINDOWS\system32\svchosts.exe

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-10-23.03 - Alexandre Braga 2008-10-27 0:03:34.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.681 [GMT -2:00]

Executando de: C:\Documents and Settings\Alexandre Braga\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\Alexandre Braga\Desktop\CFScript.txt

* Criado um novo ponto de restauro

FILE ::

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\avg.exe

c:\windows\system32\PLUG.SYS

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\svchosts.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_PLUG

-------\Service_PLUG

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-27 to 2008-10-27 ))))))))))))))))))))))))))))

.

2008-10-24 23:17 . 2008-10-25 01:56 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-10-24 20:39 . 2008-10-24 20:50 <DIR> d-------- C:\Arquivos de programas\pixelComic 1.26

2008-10-24 15:52 . 2008-10-24 15:52 249,856 --------- C:\WINDOWS\Setup1.exe

2008-10-24 15:52 . 2008-10-24 15:52 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-10-24 15:34 . 2008-10-24 15:38 <DIR> d-------- C:\Documents and Settings\Alexandre Braga\Dados de aplicativos\Quivi

2008-10-19 18:02 . 2008-10-19 18:02 <DIR> d-------- C:\Arquivos de programas\123di_40

2008-10-13 20:25 . 2008-10-13 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-10-13 20:25 . 2008-10-13 20:25 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-10-13 20:25 . 2008-10-13 20:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Apple

2008-10-12 23:35 . 2008-10-12 23:35 <DIR> d-------- C:\Arquivos de programas\Combined Community Codec Pack

2008-10-02 15:12 . 2008-10-02 15:12 <DIR> d-------- C:\WINDOWS\Sys

2008-10-02 15:06 . 2008-08-08 12:44 211 --ahs---- C:\Setup.svc

2008-09-27 00:51 . 2008-10-26 20:59 <DIR> d-------- C:\Documents and Settings\Alexandre Braga\Tracing

2008-09-27 00:49 . 2008-09-27 00:49 <DIR> d-------- C:\Arquivos de programas\Microsoft

2008-09-27 00:45 . 2008-09-27 00:45 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Windows Live

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-27 02:06 --------- d-----w C:\Documents and Settings\Alexandre Braga\Dados de aplicativos\uTorrent

2008-10-26 15:13 --------- d-----w C:\Arquivos de programas\SpeedBit Video Accelerator

2008-10-24 00:01 560 ----a-w C:\Documents and Settings\Alexandre Braga\Dados de aplicativos\ViewerApp.dat

2008-10-20 20:04 --------- d-----w C:\Arquivos de programas\eMule

2008-10-13 02:21 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-10-08 16:33 --------- d-----w C:\Arquivos de programas\JKDefrag

2008-10-05 02:11 3,350 --sha-w C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-09-27 02:48 --------- d-----w C:\Arquivos de programas\Windows Live

2008-09-16 21:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ACD Systems

2008-09-16 21:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ACD Systems

2008-09-16 21:58 --------- d-----w C:\Arquivos de programas\ACD Systems

2008-09-14 19:21 --------- d-----w C:\Documents and Settings\Alexandre Braga\Dados de aplicativos\YouSendIt

2008-09-08 14:51 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-08 14:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-09-08 14:51 --------- d-----w C:\Arquivos de programas\AVG

2008-09-03 19:14 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-09-03 19:13 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-09-02 20:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-09-02 20:34 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-07-31 23:34 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

2008-07-18 01:02 88 --sh--r C:\Documents and Settings\All Users\Dados de aplicativos\66D9AFB5DE.sys

.

((((((((((((((((((((((((((((( snapshot@2008-10-25_11.12.02,78 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 22:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"Google Update"="C:\Documents and Settings\Alexandre Braga\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-10-02 133104]

"uTorrent"="C:\Arquivos de programas\uTorrent\uTorrent.exe" [2008-10-12 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2008-09-06 413696]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Picture Package Menu.lnk - C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-07-17 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

"vidc.ffds"= C:\ARQUIV~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Picture Package VCD Maker.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Picture Package VCD Maker.lnk

backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 03:38 34672 C:\Arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-27 01:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-12-13 20:10 1688872 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

--a------ 2007-10-25 17:33 563984 C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

--a------ 2007-10-25 17:37 2178832 C:\Arquivos de programas\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-12-03 15:21 2213160 C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 16:09 413696 C:\Arquivos de programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2005-07-26 10:54 716800 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-05-16 15:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"NMIndexingService"=3 (0x3)

"Nero BackItUp Scheduler 3"=2 (0x2)

"LVSrvLauncher"=2 (0x2)

"LVCOMSer"=2 (0x2)

"WLSetupSvc"=3 (0x3)

"IviRegMgr"=2 (0x2)

"avg8emc"=2 (0x2)

"FLEXnet Licensing Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Corel\\DVD9\\WinDVD.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-08 97928]

R2 avg8wd;AVG Free8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-09-08 231704]

R2 PSI_SVC_2;Protexis Licensing V2;C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]

R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]

R2 sbbotdi;sbbotdi;C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys [2008-09-23 35584]

R2 VideoAcceleratorService;VideoAcceleratorService;C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe [2008-09-23 292472]

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2008-10-26 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job

- C:\Documents and Settings\Alexandre Braga\Configura []

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-27 00:06:08

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-27 0:08:04 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-10-27 02:08:00

ComboFix2.txt 2008-10-26 14:53:38

ComboFix3.txt 2008-10-25 13:12:18

Pré-execução: 14 pasta(s) 112.918.450.176 bytes disponíveis

Pós execução: 14 pasta(s) 112,879,775,744 bytes disponíveis

180 --- E O F --- 2008-08-19 13:58:54

Logfile of HijackThis v1.99.1

Scan saved at 00:11:32, on 27/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Alexandre Braga\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alexandre Braga\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - Global Startup: Picture Package Menu.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{22DD771D-7AC4-497D-98C9-53ACB74D9430}: NameServer = 200.222.117.97

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740403-BE14-4CAA-A79E-49FE48FF5E03}: NameServer = 200.165.132.147 200.165.132.155

O17 - HKLM\System\CS1\Services\Tcpip\..\{22DD771D-7AC4-497D-98C9-53ACB74D9430}: NameServer = 200.222.117.97

O17 - HKLM\System\CS2\Services\Tcpip\..\{22DD771D-7AC4-497D-98C9-53ACB74D9430}: NameServer = 200.222.117.97

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Façamos agora um scan final.

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e poste na sua próxima resposta.

    [*]Gere e cole também um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Monday, October 27, 2008

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Monday, October 27, 2008 22:28:07

Records in database: 1352105

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

Scan statistics:

Files scanned: 61771

Threat name: 2

Infected objects: 2

Suspicious objects: 0

Duration of the scan: 00:51:49

File name / Threat name / Threats count

C:\Qoobox\Quarantine\C\tuto.exe.vir Infected: Trojan.Win32.KillFiles.wv 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\svchosts.exe.vir Infected: Trojan-Banker.Win32.Banbra.efz 1

The selected area was scanned.

Logfile of HijackThis v1.99.1

Scan saved at 21:59:13, on 27/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Alexandre Braga\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alexandre Braga\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - Global Startup: Picture Package Menu.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{22DD771D-7AC4-497D-98C9-53ACB74D9430}: NameServer = 200.222.117.97

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740403-BE14-4CAA-A79E-49FE48FF5E03}: NameServer = 200.165.132.147 200.165.132.155

O17 - HKLM\System\CS1\Services\Tcpip\..\{22DD771D-7AC4-497D-98C9-53ACB74D9430}: NameServer = 200.222.117.97

O17 - HKLM\System\CS2\Services\Tcpip\..\{22DD771D-7AC4-497D-98C9-53ACB74D9430}: NameServer = 200.222.117.97

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Parabéns, seu log está limpo.

De agora em diante fique ALERTA!

Para finalizar faça o seguinte:

Vá em Iniciar > Executar e digite combofix /u. Isso desinstalará o ComboFix de sua máquina.

Desative e reative a Restauração do Sistema

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Sugiro também que consulte este artigo: Proteja seu PC

Mais algum problema com o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito obrigado pela ajuda, Renato!

Bom, lembra-se de que eu havia feito o seguinte comentário:

O AVG volta e meia detecta uma infecção em C:\System Volume Information\_restore{F058AC69-BAFA-4DB4-86EA-DBCF7A9F31C2}\RP123\A0013807.exe. Sendo que neste diretório citado, os dois últimos caminhos sempre sofrem alteração [a pasta RP(número) e o arquivo infectado (variando o nome e a extensão, que pode ser .exe ou .sys]. Todos os dias ele acusa uma infecção neste local, com essas variações que mencionei. Normalmente com a infecção Trojan horse Generic11.BLDB. Hoje, por exemplo, o diretório foi o seguinte: C:\System Volume Information\_restore{F058AC69-BAFA-4DB4-86EA-DBCF7A9F31C2}\RP124\A0013934.exe

Parece que a infecção está sempre mudando de local. O estranho é que quando eu ativo a opção para que o AVG mostrar os detalhes, ele acusa:

Process Name: C:\WINDOWS\System32\svchost.exe

Process ID: 1120

Bom, isto é a única coisa que ainda acontece no meu pc. Se puder ajudar, ficarei grato.

Compartilhar este post


Link para o post
Compartilhar em outros sites

As infecções estão na restauração do sistema, basta rodar o comando combofix /u que mencionei acima para resolver esse problema.

Siga o que pedi acima, e depois observe para ver se os problemas persistem.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×