[Arquivado]Analisem meu log .

hacasal · Outubro 11, 2007

Galera, como venho dizendo num outro tópico que criei( http://forum.imasters.com.br/index.php?showtopic=252441 ) estou com alguns problemas com o explorer, me instruíram a postar meu log aqui para análise, então:

Logfile of HijackThis v1.99.1

Scan saved at 12:31:35, on 11/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {467ABA13-C205-4880-A754-4D94EEACBE04} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\ljjifgg.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\agxaxjne.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {DB7E5057-C170-4667-B473-EDEEC7ADAA2C} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Arquivos de programas\Dealio\kb106\res\DealioSearch.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F840D74C-314B-4391-8061-76DDE0E30DED}: NameServer = 200.165.132.147 200.165.132.155

O17 - HKLM\System\CCS\Services\Tcpip\..\{FB48204F-7501-4992-90C4-D11B545F0EF4}: NameServer = 200.165.132.147,200.165.132.155

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dll (file missing)

O20 - Winlogon Notify: ljjifgg - C:\WINDOWS\SYSTEM32\ljjifgg.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Espero respostas...

grato

DigRam · Outubro 12, 2007

Bom Dia hacasal!

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt + Log do HJT,atualizado.

Abraços!

hacasal · Outubro 14, 2007

Muito obrigado, farei isso já!

hacasal · Outubro 14, 2007

Aí estão:

ComboFix 07-10-12.4 - Geral 2007-10-14 10:24:23.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.715 [GMT -3:00]

Executando de: C:\Documents and Settings\Geral\Desktop\ComboFix.exe

.

((((((((((((((((((((((( Ficheiros criados de 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))))

.

2007-10-14 09:59 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-12 16:42 <DIR> d-------- C:\Documents and Settings\Geral\Dados de aplicativos\Apple Computer

2007-10-12 16:40 <DIR> d-------- C:\Arquivos de programas\iTunes

2007-10-12 16:40 <DIR> d-------- C:\Arquivos de programas\iPod

2007-10-12 16:38 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2007-10-12 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2007-10-12 16:37 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Apple

2007-10-09 16:55 <DIR> d-------- C:\Hijack

2007-10-09 13:52 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2007-10-09 13:52 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2007-10-09 13:52 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2007-10-09 13:52 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2007-10-09 13:52 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2007-10-09 13:52 <DIR> d--h----- C:\Documents and Settings\Administrador\Configura‡äes locais

2007-10-09 13:52 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2007-10-09 13:52 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressÆo

2007-10-07 22:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-10-07 20:36 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2007-10-07 20:36 <DIR> d-------- C:\Documents and Settings\Geral\Dados de aplicativos\AVG7

2007-10-07 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2007-10-07 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2007-10-06 19:11 <DIR> d-------- C:\Documents and Settings\Geral\Dados de aplicativos\DivX

2007-10-01 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-09-30 19:57 22,328 --a------ C:\Documents and Settings\Geral\Dados de aplicativos\PnkBstrK.sys

2007-09-29 20:52 315,392 --a------ C:\WINDOWS\HideWin.exe

2007-09-28 13:08 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-09-27 17:34 <DIR> d-------- C:\Arquivos de programas\Electronic Arts

2007-09-26 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2007-09-21 16:51 <DIR> d-------- C:\Arquivos de programas\EA GAMES Maxis

2007-09-20 11:07 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2007-09-18 23:40 <DIR> d-------- C:\Documents and Settings\Geral\Contacts

2007-09-18 23:13 <DIR> d-------- C:\Documents and Settings\Geral\Dados de aplicativos\SoundSpectrum

2007-09-18 22:33 <DIR> d-------- C:\Documents and Settings\Geral\Dados de aplicativos\Comodo

2007-09-18 22:31 <DIR> d--h----- C:\Documents and Settings\Geral\Modelos

2007-09-18 22:31 <DIR> dr------- C:\Documents and Settings\Geral\Meus documentos

2007-09-18 22:31 <DIR> dr------- C:\Documents and Settings\Geral\Menu Iniciar

2007-09-18 22:31 <DIR> dr------- C:\Documents and Settings\Geral\Favoritos

2007-09-18 22:31 <DIR> dr-h----- C:\Documents and Settings\Geral\Dados de aplicativos

2007-09-18 22:31 <DIR> d--h----- C:\Documents and Settings\Geral\Configura‡äes locais

2007-09-18 22:31 <DIR> d--h----- C:\Documents and Settings\Geral\Ambiente de rede

2007-09-18 22:31 <DIR> d--h----- C:\Documents and Settings\Geral\Ambiente de impressÆo

2007-09-16 11:12 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2007-09-16 11:12 <DIR> d-------- C:\Arquivos de programas\CCleaner

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-12 19:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2007-10-12 19:40 --------- d-----w C:\Arquivos de programas\QuickTime

2007-10-09 18:41 --------- d-----w C:\Arquivos de programas\Warcraft III

2007-10-09 18:33 --------- d-----w C:\Arquivos de programas\SAMSUNG

2007-10-09 18:32 --------- d-----w C:\Arquivos de programas\Real Alternative

2007-10-09 18:28 --------- d-----w C:\Arquivos de programas\Nokia

2007-10-09 18:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2007-10-09 18:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-10-09 18:13 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-10-09 18:13 --------- d-----w C:\Arquivos de programas\Macromedia

2007-10-09 18:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2007-10-09 18:03 --------- d-----w C:\Arquivos de programas\eMule

2007-10-09 18:02 --------- d-----w C:\Arquivos de programas\DFX

2007-10-09 18:00 --------- d-----w C:\Arquivos de programas\Azureus

2007-10-09 17:53 --------- d-----w C:\Arquivos de programas\Glary Utilities

2007-10-09 17:49 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-10-08 02:31 --------- d-----w C:\Arquivos de programas\Player Tool

2007-10-07 22:56 --------- d-----w C:\Arquivos de programas\DivX

2007-10-01 21:38 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\VMware

2007-10-01 21:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2007-10-01 21:22 --------- d-----w C:\Arquivos de programas\VS Revo Group

2007-10-01 19:06 --------- d-----w C:\Documents and Settings\LocalService\Dados de aplicativos\VMware

2007-09-30 03:19 --------- d-----w C:\Arquivos de programas\Realtek

2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-09-28 16:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2007-09-28 16:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-09-28 16:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-09-21 19:14 --------- d-----w C:\Arquivos de programas\EA GAMES

2007-09-20 01:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2007-09-20 01:42 --------- d-----w C:\Arquivos de programas\EA SPORTS

2007-09-19 20:41 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\VMware

2007-09-18 21:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2007-09-13 15:14 --------- d-----w C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2007-09-12 22:32 --------- d-----w C:\Arquivos de programas\DAEMON Tools

2007-09-11 14:41 --------- d-----w C:\Arquivos de programas\Maxis

2007-09-11 14:26 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Ahead

2007-09-11 14:16 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2007-09-11 14:14 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2007-09-11 14:14 --------- d-----w C:\Arquivos de programas\Nero

2007-09-09 14:37 --------- d-----w C:\Arquivos de programas\Ahead

2007-09-07 21:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2007-09-02 22:56 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Azureus

2007-09-02 17:43 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\GlarySoft

2007-09-02 17:42 --------- d-----w C:\Arquivos de programas\CCLS

2007-09-02 14:29 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\SoundSpectrum

2007-09-02 14:27 --------- d-----w C:\Arquivos de programas\SoundSpectrum

2007-09-01 21:27 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Publish Providers

2007-09-01 21:05 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Sony

2007-09-01 21:03 --------- d-----w C:\Arquivos de programas\Sony Setup

2007-08-26 03:47 --------- d-----w C:\Arquivos de programas\VisualTaskTips

2007-08-24 21:05 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\My Games

2007-08-24 20:57 --------- d-----w C:\Arquivos de programas\Firaxis Games

2007-08-24 15:30 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-08-23 21:45 --------- d-----w C:\Arquivos de programas\Quake III Arena

2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-17 01:34 --------- d-----w C:\Arquivos de programas\Assets

2007-08-17 01:30 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Styler

2007-08-17 01:21 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-08-17 00:44 --------- d-----w C:\Arquivos de programas\Alcohol Soft

2007-08-17 00:41 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-07-30 22:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-07-30 22:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-07-30 22:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-07-30 22:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-07-30 22:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-07-30 22:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-07-30 22:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll

2007-07-30 22:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-07-30 22:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-07-30 22:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-07-26 20:09 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll

2004-08-04 03:45:40 60,416 -csha-w C:\WINDOWS\system32\dllcache\msimn.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467ABA13-C205-4880-A754-4D94EEACBE04}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB7E5057-C170-4667-B473-EDEEC7ADAA2C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2007-06-29 06:24]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhe]

C:\WINDOWS\system32\jkhhe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTV Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"PCSuiteTrayApplication"=C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

"snpstd"=C:\WINDOWS\vsnpstd.exe

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-10-12 19:38:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-14 10:27:18

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

C:\WINDOWS\system32\immcache.dll

C:\WINDOWS\system32\tracesvr.exe

C:\WINDOWS\system32\danim32.dll

C:\WINDOWS\system32\drivers\msgpcnt.sys

C:\WINDOWS\system32\drivers\Wudf2k.sys

C:\WINDOWS\system32\drivers\SONYPVex.sys

Varredura completada com sucesso

Ficheiros ocultos: 6

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msgpcnt]

"ImagePath"="system32\drivers\msgpcnt.sys"

--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SONYPVex]

"ImagePath"="system32\drivers\SONYPVex.sys"

--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wudf2k]

"ImagePath"="system32\drivers\Wudf2k.sys"

.

Tempo para conclusão: 2007-10-14 10:28:00

C:\ComboFix2.txt ... 2007-10-14 10:09

.

--- E O F ---

Logfile of HijackThis v1.99.1

Scan saved at 10:29, on 2007-10-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {467ABA13-C205-4880-A754-4D94EEACBE04} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {DB7E5057-C170-4667-B473-EDEEC7ADAA2C} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"