[Resolvido!]Analisem meu log - suspeita de malwares

BrunoFD · Novembro 2, 2007

Aew pessoal beleza?

entaum esses dias eu estava com um mirar toolber no meu pc e akilo tava me pertubando agora, ai esses dias saiu mas mesmo assim eu gostaria de saber se eu estou com algum problema com algum malware ou meu pc esta limpo

vlw desde ja espero uma resposta

abraçosss

Logfile of HijackThis v1.99.1

Scan saved at 22:22:15, on 1/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\LClock\LClock.exe

C:\WINDOWS\System32\Rundll32.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\service.exe

C:\Documents and Settings\Bruno Godoi\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cifraclub.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Arquivos de programas\ContextTool\ContextTool-1.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: superiorads browser optimizer - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: dcads - {C7C90A5E-BE0A-44DD-83D2-1BE138460BAC} - C:\WINDOWS\system32\nsp25.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [LClock] C:\Arquivos de programas\LClock\LClock.exe

O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify

O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [Google Updater] C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8800ADD5-BD3F-46C6-AAE9-3DCEB4712146}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~3\GOEC62~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

DigRam · Novembro 2, 2007

Bom Dia BrunoFD!

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

BrunoFD · Novembro 2, 2007

Opa beleza

entaum eu executei o combo fix e deu um erro o pc foi reiniciado e quando voltou estava escrito q naum pode ser completada etc etc etc

ai no outro dia passei novamente e esta aki o log do COMBOFIX

ComboFix:::::::::::::::::::::::

ComboFix 07-11-01.1** - Bruno Godoi 2007-11-02 14:12:16.2 - NTFSx86

Executando de: C:\Documents and Settings\Bruno Godoi\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Previous Run -------

.

C:\Documents and Settings\Bruno Godoi\Desktop\internet.lnk

C:\WINDOWS\system32\nsp25.dll

C:\WINDOWS\system32\service.exe

.

((((((((((((((((((((((( Ficheiros criados de 2007-10-02 to 2007-11-02 ))))))))))))))))))))))))))))))))

.

2007-11-02 03:11 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-02 02:00 <DIR> d-------- C:\Documents and Settings\Bruno Godoi\Dados de aplicativos\PC Tools

2007-11-02 02:00 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2007-11-02 02:00 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2007-11-02 02:00 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2007-11-02 02:00 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2007-11-02 02:00 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2007-11-01 22:31 1,188 --a------ C:\WINDOWS\mozver.dat

2007-11-01 22:29 <DIR> d-------- C:\Documents and Settings\Bruno Godoi\Dados de aplicativos\Talkback

2007-11-01 22:28 0 --a------ C:\WINDOWS\nsreg.dat

2007-11-01 22:00 <DIR> d-------- C:\Arquivos de programas\Picasa2

2007-11-01 21:54 <DIR> d-------- C:\Arquivos de programas\Norton Security Scan

2007-11-01 21:31 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-11-01 16:55 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2007-11-01 15:37 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-11-01 15:37 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-11-01 15:37 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-11-01 15:37 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-11-01 15:37 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-11-01 15:37 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2007-11-01 15:37 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-11-01 15:37 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-10-31 23:06 80,113 --a------ C:\WINDOWS\system32\dcads-remove.exe

2007-10-31 23:06 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe

2007-10-31 23:00 <DIR> d-------- C:\Arquivos de programas\Incomplete

2007-10-31 22:54 <DIR> d-------- C:\Arquivos de programas\ContextTool

2007-10-29 20:34 100,992 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys

2007-10-29 20:34 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-10-29 20:34 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2007-10-29 20:34 24,448 -ra------ C:\WINDOWS\system32\drivers\ewdcsc.sys

2007-10-29 20:33 <DIR> d-------- C:\Arquivos de programas\TIM Web Movel

2007-10-29 20:32 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2007-10-26 21:35 <DIR> d-------- C:\WINDOWS\Sun

2007-10-23 18:43 <DIR> d-------- C:\Documents and Settings\Bruno Godoi\Dados de aplicativos\InstallShield

2007-10-23 16:53 <DIR> d-------- C:\Arquivos de programas\Conquer 2.0

2007-10-22 23:20 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\HP

2007-10-17 11:20 65,024 --a------ C:\WINDOWS\system32\spads.dll

2007-10-17 10:42 10,752 --a------ C:\WINDOWS\system32\WhoisCL.exe

2007-10-15 18:59 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\NSV

2007-10-15 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar

2007-10-15 18:34 <DIR> d-------- C:\Arquivos de programas\Winamp

2007-10-13 23:42 5,214,208 --a------ C:\WINDOWS\system32\vistaui.exe

2007-10-13 23:42 720,412 --a------ C:\WINDOWS\system32\MGB_ScreenSaver.scr

2007-10-13 23:42 382,976 --a------ C:\WINDOWS\system32\Vista.scr

2007-10-13 23:41 <DIR> d-------- C:\Arquivos de programas\LClock

2007-10-13 23:41 413,518 --a------ C:\WINDOWS\system32\vimc.exe

2007-10-13 23:38 <DIR> d-------- C:\WINDOWS\system32\VITrans

2007-10-13 23:37 <DIR> d-------- C:\VTPFiles

2007-10-13 23:37 111,104 --a------ C:\WINDOWS\system32\Uharc.exe

2007-10-13 23:37 81,920 --a------ C:\WINDOWS\system32\closeapp.exe

2007-10-13 23:37 19,968 --a------ C:\WINDOWS\system32\reico.exe

2007-10-13 23:37 8,636 --a------ C:\WINDOWS\system32\modifype.exe

2007-10-09 20:13 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll

2007-10-09 20:13 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

2007-10-09 15:57 <DIR> d-------- C:\Arquivos de programas\Cheat Engine

2007-10-08 14:56 396 --a------ C:\Documents and Settings\Bruno Godoi\Dados de aplicativos\hexplorer.dat

2007-10-08 14:56 13 --a------ C:\Documents and Settings\Bruno Godoi\Dados de aplicativos\mclip.dat

2007-10-06 19:38 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-10-05 16:41 <DIR> d-------- C:\Arquivos de programas\PC Accelerate

2007-10-03 15:29 <DIR> d-------- C:\Documents and Settings\Bruno Godoi\Incomplete

2007-10-03 15:29 <DIR> d-------- C:\Documents and Settings\Bruno Godoi\Dados de aplicativos\LimeWire

2007-10-03 15:05 <DIR> d-------- C:\Arquivos de programas\Java

2007-10-03 14:57 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2007-10-03 14:55 <DIR> d-------- C:\Arquivos de programas\LimeWire

2007-10-03 12:37 <DIR> d-------- C:\Arquivos de programas\K-LiteNitro

2007-10-02 17:04 <DIR> d-------- C:\Documents and Settings\Bruno Godoi\Dados de aplicativos\Kazaa Lite

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-02 17:12 --------- d-----w C:\Arquivos de programas\lg_fwupdate

2007-11-02 15:17 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2007-11-02 05:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2007-11-02 00:52 --------- d-----w C:\Arquivos de programas\Google

2007-10-23 02:23 --------- d-----w C:\Arquivos de programas\HP

2007-10-14 02:39 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2007-10-12 19:35 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-10-05 01:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2007-09-26 16:18 --------- d-----w C:\Documents and Settings\Bruno Godoi\Dados de aplicativos\Lavasoft

2007-09-26 16:18 --------- d-----w C:\Arquivos de programas\Lavasoft

2007-09-26 16:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-09-19 21:05 --------- d-----w C:\Arquivos de programas\DAP

2007-09-19 20:57 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll

2007-09-18 23:34 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-09-17 18:03 --------- d-----w C:\Documents and Settings\Bruno Godoi\Dados de aplicativos\HP

2007-09-17 17:17 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2007-09-17 16:44 --------- d-----w C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2007-09-17 16:40 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2007-09-15 16:46 --------- d-----w C:\Documents and Settings\Bruno Godoi\Dados de aplicativos\CyberLink

2007-09-15 16:38 --------- d-----w C:\Documents and Settings\Bruno Godoi\Dados de aplicativos\InterTrust

2007-09-15 16:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2007-09-15 16:36 --------- d-----w C:\Arquivos de programas\Ahead

2007-09-15 16:35 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2007-09-15 16:35 --------- d-----w C:\Arquivos de programas\CyberLink

2007-09-15 16:34 --------- d-----w C:\Arquivos de programas\CyberLink DVD Solution

2007-09-15 16:32 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-09-15 15:36 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2007-09-15 15:09 --------- d-----w C:\Arquivos de programas\CCleaner

2007-09-15 15:07 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2007-09-15 05:55 --------- d-----w C:\Arquivos de programas\Windows Live

2007-09-15 05:55 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-09-15 05:55 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-09-15 05:36 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Windows Live Toolbar

2007-09-15 05:09 --------- d-----w C:\Arquivos de programas\Alwil Software

2007-09-15 04:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

2007-09-15 04:44 --------- d-----w C:\Arquivos de programas\SiS VGA Utilities V3.75

2007-09-15 04:40 --------- d-----w C:\Arquivos de programas\Silicon Integrated Systems

2007-09-15 04:13 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2007-09-15 04:11 --------- d-----w C:\Arquivos de programas\Serviços on-line

2007-09-15 04:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-09-15 04:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-09-15 01:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2007-09-15 01:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-13 21:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll

2007-08-13 21:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll

2007-08-13 21:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll

2007-08-13 21:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll

2007-08-13 21:42 17,408 ----a-w C:\WINDOWS\system32\corpol.dll

2007-08-13 21:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll

2007-08-13 21:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll

2007-08-13 21:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll

2007-08-13 21:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe

2007-08-13 21:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]

2007-06-27 17:27 1044480 --a------ C:\Arquivos de programas\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]

2007-10-17 11:20 65024 --a------ C:\WINDOWS\system32\spads.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"="cmicnfg.cpl" []

"SiSPower"="SiSPower.dll" [2006-06-29 03:05 C:\WINDOWS\system32\SiSPower.dll]

"PCTVOICE"="pctspk.exe" [2004-01-29 21:33 C:\WINDOWS\system32\pctspk.exe]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 07:06]

"LGODDFU"="C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" [2005-04-12 10:11]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2005-07-08 11:25]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"WebCam Go Plus Sti Service Application"="Wcgopsvc" []

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"LClock"="C:\Arquivos de programas\LClock\LClock.exe" [2004-09-20 01:27]

"Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-01 21:52]

"SDTray"="C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-15 11:52]

"PowerBar"="" []

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Google Updater.lnk - C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe [2007-09-15 11:52:53]

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-09-15 01:44:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\ARQUIV~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R0 SiSRaid;SiSRaid;C:\WINDOWS\system32\DRIVERS\SiSRaid.sys

R3 WCGOPHAL;WCGOPHAL;C:\WINDOWS\system32\DRIVERS\Wcgophal.sys

R3 WCGOPVID;Video Blaster WebCam Go Plus (WDM);C:\WINDOWS\system32\DRIVERS\Wcgopvid.sys

S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22033822-8640-11dc-967a-00142ac31f92}]

\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22033825-8640-11dc-967a-00142ac31f92}]

\Shell\AutoRun\command - E:\AutoRun.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-11-02 00:54:44 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Arquivos de programas\Norton Security Scan\Nss.exe

"2007-11-02 16:29:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-02 14:14:34

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2007-11-02 14:15:42

.

--- E O F ---

E esse do Hijack::::::::::::::;:::

Logfile of HijackThis v1.99.1

Scan saved at 14:17:54, on 2/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\LClock\LClock.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\System32\Rundll32.exe

C:\WINDOWS\system32\rsvp.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Bruno Godoi\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cifraclub.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Arquivos de programas\ContextTool\ContextTool-2.dll