avapor 0 Denunciar post Postado Agosto 4, 2007 ola amigos,mais uma vez recorro a este conceituado forum,pois um sujeito me enviou um arquivo pelo msn e meu avast acusou como um ardamax e pesquizando pela internet ,vi que é muito perigoso,usado para roubar senhas .Por favor analizem meu log ,abraços e aguardo Logfile of HijackThis v1.99.1 Scan saved at 17:50:21, on 4/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Google\Google Talk\googletalk.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\hjackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{35F7BB82-EC5D-4696-8AE9-DA4CDA84CDE3}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe Compartilhar este post Link para o post Compartilhar em outros sites
avapor 0 Denunciar post Postado Agosto 5, 2007 pra adinadar um log do combo fix ComboFix 07-08-04.3 - "Administrador" 2007-08-05 10:12:00.1 [GMT -3:00] - NTFS Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro * Created a new restore point ((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 ))))))))))))))))))))))))))))))) 2007-08-05 10:14 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-08-05 10:11 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-05 10:06 <DIR> d-------- C:\VundoFix Backups 2007-08-05 09:31 16,384 --a----t- C:\Temp\Perflib_Perfdata_728.dat 2007-08-04 22:22 <DIR> d-------- C:\Temp\outlook logging 2007-08-04 18:27 <DIR> d-------- C:\LinhaDefensiva 2007-08-04 18:05 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-04 17:48 <DIR> d-------- C:\hjackthis 2007-08-04 17:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\ATI 2007-08-04 17:18 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\ATI 2007-08-04 17:14 <DIR> d-------- C:\Temp\iss1BB.tmp 2007-08-04 17:14 <DIR> d-------- C:\Arquivos de programas\ATI Technologies 2007-08-04 16:57 <DIR> d-------- C:\Temp\MessengerCache 2007-08-04 16:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Contacts 2007-08-04 16:54 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-08-04 16:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller 2007-08-04 16:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\WindowsLiveInstaller 2007-08-04 16:53 <DIR> d-------- C:\Arquivos de programas\Windows Live 2007-08-04 16:39 <DIR> d-------- C:\Arquivos de programas\Real 2007-08-04 16:39 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared 2007-08-04 16:39 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real 2007-08-04 16:31 <DIR> d-------- C:\Temp\e4j15E.tmp_dir12500 2007-08-04 15:26 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-08-04 15:25 <DIR> d-------- C:\Arquivos de programas\MSBuild 2007-08-04 15:24 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET 2007-08-04 15:19 <DIR> d-------- C:\Arquivos de programas\Microsoft Visual Studio 8 2007-08-04 15:18 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-08-04 15:17 145,184 -ra------ C:\Temp\ose00000.exe 2007-08-04 15:17 <DIR> dr-h----- C:\MSOCache 2007-08-04 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft Help 2007-08-04 15:10 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-08-04 14:36 <DIR> d-------- C:\Temp\nps.tmp 2007-08-04 14:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead 2007-08-04 14:36 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Ahead 2007-08-04 14:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero 2007-08-04 14:33 <DIR> d-------- C:\Arquivos de programas\Nero 2007-08-04 14:33 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead 2007-08-04 14:32 <DIR> d-------- C:\WINDOWS\RegisteredPackages 2007-08-04 14:29 <DIR> d-------- C:\Temp\nro.tmp 2007-08-04 14:29 <DIR> d-------- C:\Temp\nro.log 2007-08-04 14:28 <DIR> d-------- C:\Temp\NER15.tmp 2007-08-04 14:27 <DIR> d-------- C:\Temp\NER14.tmp 2007-08-04 14:26 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2007-08-04 14:26 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools 2007-08-04 14:21 <DIR> d-------- C:\Arquivos de programas\Gabest 2007-08-04 14:19 <DIR> d-------- C:\Temp\~rnsetu0 2007-08-04 14:18 <DIR> d-------- C:\Arquivos de programas\DaemonTools_WhenUSave_Installer 2007-08-04 14:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\DAEMON Tools Pro 2007-08-04 14:10 <DIR> d-------- C:\Temp\~rnsetup 2007-08-04 14:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Real 2007-08-04 14:05 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-08-04 14:03 <DIR> d-------- C:\Temp\Ultra$ISO 2007-08-04 14:02 <DIR> d-------- C:\Arquivos de programas\UltraISO 2007-08-04 14:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\EZB Systems 2007-08-04 13:45 77,824 --a------ C:\Temp\swt-gdip-win32-3344.dll 2007-08-04 13:25 307,200 --a------ C:\Temp\swt-win32-3344.dll 2007-08-04 13:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Azureus 2007-08-04 13:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Azureus 2007-08-04 13:23 4,608 --a------ C:\Temp\i4jdel0.exe 2007-08-04 13:23 <DIR> d-------- C:\Temp\hsperfdata_Administrador 2007-08-04 13:23 <DIR> d-------- C:\Arquivos de programas\Azureus 2007-08-04 13:22 <DIR> d-------- C:\Arquivos de programas\Google 2007-08-04 13:15 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-08-04 13:14 <DIR> d-------- C:\ATI 2007-08-04 13:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\WinRAR 2007-08-04 13:02 <DIR> d-------- C:\Temp\nsis_temp 2007-08-04 13:00 69,632 --a------ C:\Temp\dsprs.dll 2007-08-04 13:00 146,399 --a------ C:\Temp\Reboot.exe 2007-08-04 12:59 <DIR> d-------- C:\Arquivos de programas\Telefonica 2007-08-04 12:58 45,056 --a------ C:\WINDOWS\system32\msxml4a.dll 2007-08-04 12:58 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-08-04 12:57 <DIR> d-------- C:\Arquivos de programas\Foxit 2007-08-04 12:53 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys 2007-08-04 12:53 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-08-04 12:53 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys 2007-08-04 12:53 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-08-04 12:52 7,552 --a--c--- C:\WINDOWS\system32\dllcache\mskssrv.sys 2007-08-04 12:52 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-08-04 12:52 60,800 --a--c--- C:\WINDOWS\system32\dllcache\sysaudio.sys 2007-08-04 12:52 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-08-04 12:52 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys 2007-08-04 12:52 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-08-04 12:52 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys 2007-08-04 12:52 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-08-04 12:52 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys 2007-08-04 12:52 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-08-04 12:52 4,992 --a--c--- C:\WINDOWS\system32\dllcache\mspqm.sys 2007-08-04 12:52 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-08-04 12:52 2,944 --a--c--- C:\WINDOWS\system32\dllcache\drmkaud.sys 2007-08-04 12:52 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-08-04 12:52 171,776 --a--c--- C:\WINDOWS\system32\dllcache\kmixer.sys 2007-08-04 12:52 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-08-04 12:52 142,464 --a--c--- C:\WINDOWS\system32\dllcache\aec.sys 2007-08-04 12:52 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-08-04 12:50 9,389,568 -ra------ C:\WINDOWS\system32\RTLCPL.EXE 2007-08-04 12:50 77,824 -ra------ C:\WINDOWS\SOUNDMAN.EXE 2007-08-04 12:50 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys 2007-08-04 12:50 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-08-04 12:50 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe 2007-08-04 12:50 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-04 22:22 71938 --a------ C:\WINDOWS\system32\perfc016.dat 2007-08-04 22:22 436754 --a------ C:\WINDOWS\system32\perfh016.dat 2007-06-26 23:27 44240 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp 2007-06-26 22:59 344064 --a------ C:\WINDOWS\system32\ATIDEMGX.dll 2007-06-26 22:58 269312 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-06-26 22:58 2303488 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-06-26 22:56 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll 2007-06-26 22:51 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe 2007-06-26 22:51 143360 --a------ C:\WINDOWS\system32\atipdlxx.dll 2007-06-26 22:51 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll 2007-06-26 22:50 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll 2007-06-26 22:50 118784 --a------ C:\WINDOWS\system32\ati2evxx.dll 2007-06-26 22:49 483328 --a------ C:\WINDOWS\system32\ati2evxx.exe 2007-06-26 22:48 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL 2007-06-26 22:44 8232960 --a------ C:\WINDOWS\system32\atioglx2.dll 2007-06-26 22:41 2940992 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-06-26 22:31 1519744 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-06-26 22:30 972072 --a------ C:\WINDOWS\system32\ativva6x.dat 2007-06-26 22:30 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat 2007-06-26 22:30 3107788 --a------ C:\WINDOWS\system32\ativva5x.dat 2007-06-26 22:19 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll 2007-06-26 22:17 266240 --a------ C:\WINDOWS\system32\atikvmag.dll 2007-06-26 22:16 17408 --a------ C:\WINDOWS\system32\atitvo32.dll 2007-06-26 22:15 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll 2007-06-26 22:14 176128 --a------ C:\WINDOWS\system32\atiok3x2.dll 2007-06-26 22:10 376832 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-06-10 11:14 1548288 --a------ C:\WINDOWS\system32\sfcfiles.dll 2007-06-10 11:13 61440 --a------ C:\WINDOWS\system32\vuins32.dll 2007-06-10 11:13 42496 --a------ C:\WINDOWS\system32\drivers\fetnd5bv.sys 2007-06-10 11:10 994816 --a------ C:\WINDOWS\system32\syssetup.dll 2007-06-10 11:10 884736 --a--c--- C:\WINDOWS\system32\dllcache\msimsg.dll 2007-06-10 11:10 884736 --a------ C:\WINDOWS\system32\msimsg.dll 2007-06-10 11:10 78848 --a--c--- C:\WINDOWS\system32\dllcache\msiexec.exe 2007-06-10 11:10 78848 --a------ C:\WINDOWS\system32\msiexec.exe 2007-06-10 11:10 2890240 --a--c--- C:\WINDOWS\system32\dllcache\msi.dll 2007-06-10 11:10 2890240 --a------ C:\WINDOWS\system32\msi.dll 2007-06-10 11:10 271360 --a--c--- C:\WINDOWS\system32\dllcache\msihnd.dll 2007-06-10 11:10 271360 --a------ C:\WINDOWS\system32\msihnd.dll 2007-06-10 11:10 219648 --a------ C:\WINDOWS\system32\uxtheme.dll 2007-06-10 11:10 15360 --a--c--- C:\WINDOWS\system32\dllcache\msisip.dll 2007-06-10 11:10 15360 --a------ C:\WINDOWS\system32\msisip.dll 2007-06-05 14:40 149278 --a------ C:\WINDOWS\system32\atiicdxx.dat 2007-05-17 13:09 51568 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-05-16 09:42 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe 2007-05-15 09:45 972336 --a------ C:\WINDOWS\UNNeroVision.exe --------- C:\Arquivos de programas\Serviços on-line --------- C:\Arquivos de programas\Arquivos comuns\Serviços ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42] "RaidTool"="C:\Arquivos de programas\VIA\RAID\raid_t" [] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 07:48 C:\WINDOWS\SOUNDMAN.EXE] "googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54] "DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2005-11-08 19:00] "NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57] "TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-08-04 16:39] "StartCCC"="C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27] "MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-05-17 13:11] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N R0 uagp35;Filtro Microsoft AGPv3.5;C:\WINDOWS\system32\DRIVERS\uagp35.sys R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys S3 NTSIM;NTSIM;\??\C:\WINDOWS\system32\ntsim.sys S3 odserv;Microsoft Office Diagnostics Service;"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE" ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-05 10:14:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-05 10:15:33 --- E O F --- Compartilhar este post Link para o post Compartilhar em outros sites
avapor 0 Denunciar post Postado Agosto 5, 2007 ola amigo,obrigado pela atençao mais eu tinha formatado o pc neste mesmo dia,nao sei como entraram tantos virus.por isso acabo de formatal o e vou postar outro log do hjachthis pra ver se esses virus estao vindo na minha copia do windows,e se o ardamax foi embora, abraços e aguardo Logfile of HijackThis v1.99.1 Scan saved at 19:33:29, on 5/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Google\Google Talk\googletalk.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\hjackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RaidTool] C:\Arquivos de programas\VIA\RAID\raid_t O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\RunOnce: [update0] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{23C6DA7F-89EA-49E3-BFBA-5DE051A68A25}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Setembro 24, 2008 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites