[Resolvido!]MegaClick e downloads parando do nada.

Saulo Leal · Janeiro 7, 2008

Meu pc estava funcionando corretamente, eu ateh estava estranhando, pq ele ficou cerca de 5 meses sem dar nenhum tipo de pau... mais agora tah zuado, qualquer download que eu faça, rapidshare, megaupload pah, sempre trava em alguma parte... Além do maldito megaclick que num dexa eu navegar direito...

A seguir o log do Hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 17:36:24, on 7/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

C:\Arquivos de programas\Mouse Driver\MouseDrv.exe

C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\RivaTuner v2.06\RivaTuner.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Lawrence\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\winlogon.exe

O1 - Hosts: 216.107.242.199 l2authd.lineage2.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O4 - HKLM\..\Run: [PRONoMgrWired] C:\Arquivos de programas\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Arquivos de programas\ASUS\Ai Booster\OverClk.exe"

O4 - HKLM\..\Run: [CreativeMouse ] C:\Arquivos de programas\Mouse Driver\MouseDrv.exe

O4 - HKLM\..\Run: [tspuf] C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Arquivos de programas\RivaTuner v2.06\RivaTuner.exe" /S

O4 - HKLM\..\Run: [RivaTuner] "C:\Arquivos de programas\RivaTuner v2.06\RivaTuner.exe" /T

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKCU\..\Run: [steam] "c:\arquivos de programas\sfappz\steam.exe" -silent

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"

O4 - HKCU\..\Run: [TelExtreme] C:\Arquivos de programas\TelExtreme\TelExtreme

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {33331111-1111-1111-1111-611111193423} -

O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {33331111-1131-1111-1111-611111193428} -

O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl224bd.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DA199116-5170-468F-B772-2219FD1DC2C2}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Aguardo a resposta, pois esse problema é uma bela dor de cabeça "/

Abraços! Saulo

Saulo Leal · Janeiro 11, 2008

Putz, jah to esperando 3 dias e não tive resposta "/

o cara fez um topico hoje e jah responderam ;~

Lucasg3 · Janeiro 15, 2008

Faça o download do ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

É importante que o salve no seu desktop (ambiente de trabalho)

* Feche todas as janelas e programas.

* Dê um duplo-clique no combofix.exe, marque 1 e dê o enter.

* É um pouco demorado, por favor seja paciente.

* Quando a ferramenta terminar de rodar, gerará um log. Poste o arquivo C:\ComboFix.txt.

* Faça também um novo log do HijackThis para colocar na sua resposta.

:!: Não clique com o mouse enquanto a ferramenta estiver rodando, isso pode fazer com que o PC pare.

Saulo Leal · Janeiro 16, 2008

Olá!

Obrigado por responder ;D

Segue os logs...

ComboFix 08-01-15.4 - Lawrence 2008-01-16 9:21:24.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.531 [GMT -2:00]

Executando de: C:\Documents and Settings\Lawrence\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))

.

2008-01-15 11:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-14 22:32 . 2008-01-14 22:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\snp2std

2008-01-14 22:32 . 2007-03-10 16:33 12,007,296 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys

2008-01-14 22:32 . 2006-12-05 14:22 344,064 --a------ C:\WINDOWS\vsnp2std.exe

2008-01-14 22:32 . 2007-02-13 11:01 262,144 --a------ C:\WINDOWS\tsnp2std.exe

2008-01-14 22:32 . 2007-02-05 15:25 151,552 --a------ C:\WINDOWS\system32\rsnp2std.dll

2008-01-14 22:32 . 2006-11-16 15:57 77,824 --a------ C:\WINDOWS\system32\csnp2std.dll

2008-01-14 22:32 . 2007-01-25 18:48 25,472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys

2008-01-14 22:32 . 2004-12-09 17:23 15,497 --a------ C:\WINDOWS\snp2std.ini

2008-01-14 22:32 . 2004-12-09 17:23 13,022 --a------ C:\WINDOWS\snp2std.src

2008-01-14 13:38 . 2008-01-15 11:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-14 13:38 . 2008-01-14 13:38 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-14 13:02 . 2008-01-14 13:02 <DIR> d-------- C:\Arquivos de programas\WinAVI MP4 Converter

2008-01-04 18:01 . 2008-01-04 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Macrovision

2008-01-04 17:58 . 2008-01-04 17:58 <DIR> d-------- C:\Arquivos de programas\backburner 2

2008-01-04 17:58 . 2008-01-04 17:58 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-01-04 17:58 . 2008-01-04 17:58 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Autodesk Shared

2008-01-04 17:58 . 2008-01-04 17:58 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE

2008-01-04 17:58 . 2008-01-04 17:58 12,464 --a------ C:\WINDOWS\system32\drivers\CDAC15BA.SYS

2008-01-04 17:57 . 2008-01-04 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk

2008-01-02 17:40 . 2008-01-04 23:16 921,624 --a------ C:\snp2sxp-001.raw

2008-01-02 17:13 . 2007-02-13 15:45 69,632 --a------ C:\WINDOWS\system32\vsnp2std.dll

2008-01-02 17:11 . 2006-07-03 10:31 94,208 --a------ C:\WINDOWS\amcap.exe

2008-01-02 17:11 . 2007-02-12 14:50 20,480 --a------ C:\WINDOWS\FixCamera.exe

2008-01-01 22:44 . 2002-10-14 16:23 126,976 --a------ C:\WINDOWS\UNINST32.EXE

2008-01-01 22:44 . 2008-01-01 22:44 0 --a------ C:\WINDOWS\SelSet.INI

2007-12-26 22:48 . 2008-01-11 10:36 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter

2007-12-26 21:51 . 2007-12-26 21:51 <DIR> d-------- C:\WINDOWS\Mozilla

2007-12-26 21:48 . 2007-12-26 22:35 <DIR> d-------- C:\Arquivos de programas\MediaCoder

2007-12-26 21:09 . 2007-12-26 21:09 <DIR> d-------- C:\Arquivos de programas\LiveUpdate

2007-12-26 21:08 . 2007-12-26 21:09 <DIR> d-------- C:\Arquivos de programas\mobile PhoneTools

2007-12-25 17:43 . 2007-12-25 17:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-12-25 17:43 . 2007-12-25 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2007-12-19 23:22 . 2007-12-19 23:22 <DIR> d-------- C:\Audio

2007-12-19 23:05 . 2007-12-19 23:05 <DIR> d-------- C:\Arquivos de programas\NO1 DVD Audio Ripper

2007-12-19 23:05 . 2007-12-20 22:54 67 --a------ C:\WINDOWS\#1 DVD Audio Ripper.INI

2007-12-19 23:04 . 2007-12-19 23:04 <DIR> d-------- C:\Arquivos de programas\Audacity

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-16 11:17 --------- d-----w C:\Documents and Settings\Lawrence\Dados de aplicativos\AVG7

2008-01-16 11:16 --------- d-----w C:\Arquivos de programas\Sfappz

2008-01-15 00:32 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-01-14 00:04 --------- d-----w C:\Documents and Settings\Lawrence\Dados de aplicativos\LimeWire

2008-01-12 22:38 --------- d-----w C:\Arquivos de programas\ImTOO

2008-01-12 18:40 --------- d-----w C:\Arquivos de programas\eMule

2008-01-11 18:00 --------- d-----w C:\Arquivos de programas\FlashGet

2008-01-03 23:41 --------- d-----w C:\Arquivos de programas\Apophysis 2.0

2008-01-03 15:33 --------- d-----w C:\Arquivos de programas\SopCast

2007-12-28 01:47 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2007-12-26 23:10 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2007-12-26 23:07 1,385,744 ----a-w C:\WINDOWS\system32\Msvbvm60.dll

2007-12-21 12:51 --------- d-----w C:\Arquivos de programas\Fraps

2007-12-21 12:51 --------- d-----w C:\Arquivos de programas\DivX

2007-12-21 12:51 --------- d-----w C:\Arquivos de programas\CyberScript32

2007-12-21 12:51 --------- d-----w C:\Arquivos de programas\AudioConvert

2007-12-21 12:51 --------- d-----w C:\Arquivos de programas\AlienGUIse

2007-12-10 03:40 --------- d-----w C:\Arquivos de programas\RivaTuner v2.06

2007-12-10 03:39 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-11-27 13:18 --------- d-----w C:\Arquivos de programas\THQ

2007-11-26 21:19 --------- d-----w C:\Arquivos de programas\EasyPHP1-8

2007-08-22 19:02 32,768 ----a-w C:\Documents and Settings\Lawrence\mspformat.exe

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((( snapshot@2008-01-15_11.57.11,35 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-16 11:15:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5e0.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\arquivos de programas\sfappz\steam.exe" [2007-12-01 14:24 1266936]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

"SysBrand"="C:\ARQUIV~1\iGv6\sysbrand.exe" [ ]

"TelExtreme"="C:\Arquivos de programas\TelExtreme\TelExtreme" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PRONoMgrWired"="C:\Arquivos de programas\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-11-18 11:16 86016]

"Launch Ai Booster"="C:\Arquivos de programas\ASUS\Ai Booster\OverClk.exe" [2005-04-28 15:49 3630080]

"CreativeMouse "="C:\Arquivos de programas\Mouse Driver\MouseDrv.exe" [2004-06-27 15:54 503808]

"tspuf"="C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe" [2004-03-23 13:17 36864]

"PWRISOVM.EXE"="C:\Arquivos de programas\PowerISO\PWRISOVM.EXE" [2006-09-09 07:16 196608]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 09:33 579072]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-01-08 20:04 180269]

"SoundMan"="SOUNDMAN.EXE" [2005-06-14 08:36 77824 C:\WINDOWS\soundman.exe]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]

"ISUSPM"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2006-03-21 03:34 213936]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-10-19 20:16 286720]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]

"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]

"RivaTunerStartupDaemon"="C:\Arquivos de programas\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 16:05 2650112]

"RivaTuner"="C:\Arquivos de programas\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 16:05 2650112]

"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-02-12 14:50 20480]

"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2007-02-13 11:01 262144]

"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-12-05 14:22 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 20:07 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

C:\Arquivos de programas\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Arquivos de programas\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-08-12 14:49]

R2 InterBaseGuardian;InterBase Guardian;C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe [2001-11-28 21:50]

R3 InterBaseServer;InterBase Server;C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe [2001-11-28 21:50]

R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-03-10 16:33]

S3 Hl_mull;Hl_mull;C:\WINDOWS\system32\drivers\hl_mull.SYS [2003-10-10 16:15]

S3 XDva016;XDva016;C:\WINDOWS\system32\XDva016.sys []

S3 XDva021;XDva021;C:\WINDOWS\system32\XDva021.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\Setup\rsrc\Autorun.exe

\Shell\dinstall\command - E:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\Setup\rsrc\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\Setup\rsrc\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc059e0a-dec3-11db-8470-001731e6dc41}]

\Shell\Auto\command - I:\fun.xls.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-16 09:28:02

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-01-16 9:28:47

ComboFix-quarantined-files.txt 2008-01-16 11:28:44

ComboFix2.txt 2008-01-15 13:57:30

.

2007-12-08 20:39:40 --- E O F ---

HJT:

Logfile of HijackThis v1.99.1

Scan saved at 09:37:36, on 16/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AlienGUIse\wbload.exe

C:\Arquivos de programas\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

C:\Arquivos de programas\Mouse Driver\MouseDrv.exe

C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\RivaTuner v2.06\RivaTuner.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe