[Arquivado] sera que fui infectado por ARDAMAX

[avapor 0]

ola amigos,mais uma vez recorro a este conceituado forum,pois um sujeito me enviou um arquivo pelo msn e meu avast acusou como um ardamax e pesquizando pela internet ,vi que é muito perigoso,usado para roubar senhas .Por favor analizem meu log ,abraços e aguardo

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 17:50:21, on 4/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\hjackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{35F7BB82-EC5D-4696-8AE9-DA4CDA84CDE3}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

[avapor 0]

pra adinadar um log do combo fix

 

ComboFix 07-08-04.3 - "Administrador" 2007-08-05 10:12:00.1 [GMT -3:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

* Created a new restore point

 

 

((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))

 

 

2007-08-05 10:14 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-08-05 10:11 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-05 10:06 <DIR> d-------- C:\VundoFix Backups

2007-08-05 09:31 16,384 --a----t- C:\Temp\Perflib_Perfdata_728.dat

2007-08-04 22:22 <DIR> d-------- C:\Temp\outlook logging

2007-08-04 18:27 <DIR> d-------- C:\LinhaDefensiva

2007-08-04 18:05 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-08-04 17:48 <DIR> d-------- C:\hjackthis

2007-08-04 17:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\ATI

2007-08-04 17:18 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\ATI

2007-08-04 17:14 <DIR> d-------- C:\Temp\iss1BB.tmp

2007-08-04 17:14 <DIR> d-------- C:\Arquivos de programas\ATI Technologies

2007-08-04 16:57 <DIR> d-------- C:\Temp\MessengerCache

2007-08-04 16:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Contacts

2007-08-04 16:54 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-08-04 16:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

2007-08-04 16:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\WindowsLiveInstaller

2007-08-04 16:53 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-08-04 16:39 <DIR> d-------- C:\Arquivos de programas\Real

2007-08-04 16:39 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2007-08-04 16:39 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-08-04 16:31 <DIR> d-------- C:\Temp\e4j15E.tmp_dir12500

2007-08-04 15:26 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2007-08-04 15:25 <DIR> d-------- C:\Arquivos de programas\MSBuild

2007-08-04 15:24 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2007-08-04 15:19 <DIR> d-------- C:\Arquivos de programas\Microsoft Visual Studio 8

2007-08-04 15:18 <DIR> d-------- C:\WINDOWS\SHELLNEW

2007-08-04 15:17 145,184 -ra------ C:\Temp\ose00000.exe

2007-08-04 15:17 <DIR> dr-h----- C:\MSOCache

2007-08-04 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft Help

2007-08-04 15:10 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2007-08-04 14:36 <DIR> d-------- C:\Temp\nps.tmp

2007-08-04 14:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead

2007-08-04 14:36 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Ahead

2007-08-04 14:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

2007-08-04 14:33 <DIR> d-------- C:\Arquivos de programas\Nero

2007-08-04 14:33 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-08-04 14:32 <DIR> d-------- C:\WINDOWS\RegisteredPackages

2007-08-04 14:29 <DIR> d-------- C:\Temp\nro.tmp

2007-08-04 14:29 <DIR> d-------- C:\Temp\nro.log

2007-08-04 14:28 <DIR> d-------- C:\Temp\NER15.tmp

2007-08-04 14:27 <DIR> d-------- C:\Temp\NER14.tmp

2007-08-04 14:26 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

2007-08-04 14:26 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools

2007-08-04 14:21 <DIR> d-------- C:\Arquivos de programas\Gabest

2007-08-04 14:19 <DIR> d-------- C:\Temp\~rnsetu0

2007-08-04 14:18 <DIR> d-------- C:\Arquivos de programas\DaemonTools_WhenUSave_Installer

2007-08-04 14:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\DAEMON Tools Pro

2007-08-04 14:10 <DIR> d-------- C:\Temp\~rnsetup

2007-08-04 14:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Real

2007-08-04 14:05 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-08-04 14:03 <DIR> d-------- C:\Temp\Ultra$ISO

2007-08-04 14:02 <DIR> d-------- C:\Arquivos de programas\UltraISO

2007-08-04 14:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\EZB Systems

2007-08-04 13:45 77,824 --a------ C:\Temp\swt-gdip-win32-3344.dll

2007-08-04 13:25 307,200 --a------ C:\Temp\swt-win32-3344.dll

2007-08-04 13:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Azureus

2007-08-04 13:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Azureus

2007-08-04 13:23 4,608 --a------ C:\Temp\i4jdel0.exe

2007-08-04 13:23 <DIR> d-------- C:\Temp\hsperfdata_Administrador

2007-08-04 13:23 <DIR> d-------- C:\Arquivos de programas\Azureus

2007-08-04 13:22 <DIR> d-------- C:\Arquivos de programas\Google

2007-08-04 13:15 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe

2007-08-04 13:14 <DIR> d-------- C:\ATI

2007-08-04 13:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\WinRAR

2007-08-04 13:02 <DIR> d-------- C:\Temp\nsis_temp

2007-08-04 13:00 69,632 --a------ C:\Temp\dsprs.dll

2007-08-04 13:00 146,399 --a------ C:\Temp\Reboot.exe

2007-08-04 12:59 <DIR> d-------- C:\Arquivos de programas\Telefonica

2007-08-04 12:58 45,056 --a------ C:\WINDOWS\system32\msxml4a.dll

2007-08-04 12:58 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-08-04 12:57 <DIR> d-------- C:\Arquivos de programas\Foxit

2007-08-04 12:53 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys

2007-08-04 12:53 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2007-08-04 12:53 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys

2007-08-04 12:53 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2007-08-04 12:52 7,552 --a--c--- C:\WINDOWS\system32\dllcache\mskssrv.sys

2007-08-04 12:52 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys

2007-08-04 12:52 60,800 --a--c--- C:\WINDOWS\system32\dllcache\sysaudio.sys

2007-08-04 12:52 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

2007-08-04 12:52 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys

2007-08-04 12:52 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

2007-08-04 12:52 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys

2007-08-04 12:52 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2007-08-04 12:52 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys

2007-08-04 12:52 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2007-08-04 12:52 4,992 --a--c--- C:\WINDOWS\system32\dllcache\mspqm.sys

2007-08-04 12:52 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys

2007-08-04 12:52 2,944 --a--c--- C:\WINDOWS\system32\dllcache\drmkaud.sys

2007-08-04 12:52 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys

2007-08-04 12:52 171,776 --a--c--- C:\WINDOWS\system32\dllcache\kmixer.sys

2007-08-04 12:52 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys

2007-08-04 12:52 142,464 --a--c--- C:\WINDOWS\system32\dllcache\aec.sys

2007-08-04 12:52 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys

2007-08-04 12:50 9,389,568 -ra------ C:\WINDOWS\system32\RTLCPL.EXE

2007-08-04 12:50 77,824 -ra------ C:\WINDOWS\SOUNDMAN.EXE

2007-08-04 12:50 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys

2007-08-04 12:50 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2007-08-04 12:50 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe

2007-08-04 12:50 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-04 22:22 71938 --a------ C:\WINDOWS\system32\perfc016.dat

2007-08-04 22:22 436754 --a------ C:\WINDOWS\system32\perfh016.dat

2007-06-26 23:27 44240 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp

2007-06-26 22:59 344064 --a------ C:\WINDOWS\system32\ATIDEMGX.dll

2007-06-26 22:58 269312 --a------ C:\WINDOWS\system32\ati2dvag.dll

2007-06-26 22:58 2303488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys

2007-06-26 22:56 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll

2007-06-26 22:51 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe

2007-06-26 22:51 143360 --a------ C:\WINDOWS\system32\atipdlxx.dll

2007-06-26 22:51 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll

2007-06-26 22:50 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll

2007-06-26 22:50 118784 --a------ C:\WINDOWS\system32\ati2evxx.dll

2007-06-26 22:49 483328 --a------ C:\WINDOWS\system32\ati2evxx.exe

2007-06-26 22:48 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL

2007-06-26 22:44 8232960 --a------ C:\WINDOWS\system32\atioglx2.dll

2007-06-26 22:41 2940992 --a------ C:\WINDOWS\system32\ati3duag.dll

2007-06-26 22:31 1519744 --a------ C:\WINDOWS\system32\ativvaxx.dll

2007-06-26 22:30 972072 --a------ C:\WINDOWS\system32\ativva6x.dat

2007-06-26 22:30 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat

2007-06-26 22:30 3107788 --a------ C:\WINDOWS\system32\ativva5x.dat

2007-06-26 22:19 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll

2007-06-26 22:17 266240 --a------ C:\WINDOWS\system32\atikvmag.dll

2007-06-26 22:16 17408 --a------ C:\WINDOWS\system32\atitvo32.dll

2007-06-26 22:15 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll

2007-06-26 22:14 176128 --a------ C:\WINDOWS\system32\atiok3x2.dll

2007-06-26 22:10 376832 --a------ C:\WINDOWS\system32\ati2cqag.dll

2007-06-10 11:14 1548288 --a------ C:\WINDOWS\system32\sfcfiles.dll

2007-06-10 11:13 61440 --a------ C:\WINDOWS\system32\vuins32.dll

2007-06-10 11:13 42496 --a------ C:\WINDOWS\system32\drivers\fetnd5bv.sys

2007-06-10 11:10 994816 --a------ C:\WINDOWS\system32\syssetup.dll

2007-06-10 11:10 884736 --a--c--- C:\WINDOWS\system32\dllcache\msimsg.dll

2007-06-10 11:10 884736 --a------ C:\WINDOWS\system32\msimsg.dll

2007-06-10 11:10 78848 --a--c--- C:\WINDOWS\system32\dllcache\msiexec.exe

2007-06-10 11:10 78848 --a------ C:\WINDOWS\system32\msiexec.exe

2007-06-10 11:10 2890240 --a--c--- C:\WINDOWS\system32\dllcache\msi.dll

2007-06-10 11:10 2890240 --a------ C:\WINDOWS\system32\msi.dll

2007-06-10 11:10 271360 --a--c--- C:\WINDOWS\system32\dllcache\msihnd.dll

2007-06-10 11:10 271360 --a------ C:\WINDOWS\system32\msihnd.dll

2007-06-10 11:10 219648 --a------ C:\WINDOWS\system32\uxtheme.dll

2007-06-10 11:10 15360 --a--c--- C:\WINDOWS\system32\dllcache\msisip.dll

2007-06-10 11:10 15360 --a------ C:\WINDOWS\system32\msisip.dll

2007-06-05 14:40 149278 --a------ C:\WINDOWS\system32\atiicdxx.dat

2007-05-17 13:09 51568 --a------ C:\WINDOWS\system32\sirenacm.dll

2007-05-16 09:42 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe

2007-05-15 09:45 972336 --a------ C:\WINDOWS\UNNeroVision.exe

--------- C:\Arquivos de programas\Serviços on-line

--------- C:\Arquivos de programas\Arquivos comuns\Serviços

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

"RaidTool"="C:\Arquivos de programas\VIA\RAID\raid_t" []

"SoundMan"="SOUNDMAN.EXE" [2005-05-17 07:48 C:\WINDOWS\SOUNDMAN.EXE]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2005-11-08 19:00]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-08-04 16:39]

"StartCCC"="C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-05-17 13:11]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

 

R0 uagp35;Filtro Microsoft AGPv3.5;C:\WINDOWS\system32\DRIVERS\uagp35.sys

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys

S3 NTSIM;NTSIM;\??\C:\WINDOWS\system32\ntsim.sys

S3 odserv;Microsoft Office Diagnostics Service;"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE"

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-05 10:14:06

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-05 10:15:33

 

--- E O F ---

[avapor 0]

ola amigo,obrigado pela atençao mais eu tinha formatado o pc neste mesmo dia,nao sei como entraram tantos virus.por isso acabo de formatal o e vou postar outro log do hjachthis pra ver se esses virus estao vindo na minha copia do windows,e se o ardamax foi embora,

 

abraços e aguardo

 

Logfile of HijackThis v1.99.1

Scan saved at 19:33:29, on 5/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\hjackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\RunOnce: [update0] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe"

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{23C6DA7F-89EA-49E3-BFBA-5DE051A68A25}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.