[Arquivado] Depois do Emule veio o problema

thiagoonweb · Janeiro 21, 2008

Olá mais uma vez venho aqui pedir a ajuda de vocês

O msn também não loga

Gostaria de saber como posso aprender a analisar os logs. Muito obrigado

Logfile of HijackThis v1.99.1

Scan saved at 18:38:05, on 21/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\WINDOWS\system32\msiexec.exe

D:\Thiago\Programas\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{BB983303-80C8-4D97-9CFC-35492032F2FB}: NameServer = 201.10.128.3 201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

jgarcia · Janeiro 23, 2008

Opa thiagoonweb,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

thiagoonweb · Janeiro 23, 2008

ComboFix 08-01-23.2 - Usuario 2008-01-23 20:26:45.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.623 [GMT -3:00]

Executando de: C:\Documents and Settings\Usuario\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_NPF

-------\NPF

((((((((((((((((((((((( Ficheiros criados de 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))

.

2008-01-23 20:26 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-01-23 15:45 . 2008-01-23 15:45 244 --ah----- C:\sqmnoopt08.sqm

2008-01-23 15:45 . 2008-01-23 15:45 244 --ah----- C:\sqmdata08.sqm

2008-01-23 14:42 . 2008-01-23 14:42 <DIR> d-------- C:\Arquivos de programas\Positivo

2008-01-23 07:00 . 2008-01-23 07:00 <DIR> d-------- C:\Arquivos de programas\VistaCodecPack

2008-01-23 06:22 . 2008-01-23 06:22 <DIR> d-------- C:\Arquivos de programas\IObit

2008-01-23 06:15 . 2008-01-23 07:00 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-01-23 01:06 . 2008-01-23 01:06 244 --ah----- C:\sqmnoopt07.sqm

2008-01-23 01:06 . 2008-01-23 01:06 244 --ah----- C:\sqmdata07.sqm

2008-01-23 00:58 . 2008-01-23 00:58 196 --ah----- C:\sqmdata06.sqm

2008-01-23 00:58 . 2008-01-23 00:58 172 --ah----- C:\sqmnoopt06.sqm

2008-01-23 00:40 . 2008-01-23 00:40 <DIR> d-------- C:\Arquivos de programas\Skype

2008-01-23 00:40 . 2008-01-23 00:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-01-23 00:22 . 2008-01-23 00:22 244 --ah----- C:\sqmnoopt05.sqm

2008-01-23 00:22 . 2008-01-23 00:22 244 --ah----- C:\sqmdata05.sqm

2008-01-22 23:06 . 2008-01-22 23:06 <DIR> d-------- C:\Arquivos de programas\AusLogics BoostSpeed

2008-01-22 23:04 . 2008-01-22 23:04 <DIR> d-------- C:\Arquivos de programas\Nsasoft

2008-01-22 18:31 . 2008-01-22 18:31 196 --ah----- C:\sqmdata04.sqm

2008-01-22 18:31 . 2008-01-22 18:31 172 --ah----- C:\sqmnoopt04.sqm

2008-01-22 18:26 . 2008-01-22 18:26 256 --ah----- C:\sqmdata03.sqm

2008-01-22 18:26 . 2008-01-22 18:26 244 --ah----- C:\sqmnoopt03.sqm

2008-01-22 14:59 . 2008-01-22 15:31 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2008-01-22 14:47 . 2008-01-22 14:47 256 --ah----- C:\sqmdata02.sqm

2008-01-22 14:47 . 2008-01-22 14:47 244 --ah----- C:\sqmnoopt02.sqm

2008-01-22 14:34 . 2008-01-23 06:45 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-01-21 22:04 . 2008-01-21 22:20 <DIR> d-------- C:\Arquivos de programas\FastDictionary 2007

2008-01-21 22:04 . 2004-08-04 05:56 741,376 --a------ C:\WINDOWS\system32\sapi.dll

2008-01-21 18:43 . 2008-01-21 18:43 <DIR> d-------- C:\Arquivos de programas\AusLogics Disk Defrag

2008-01-21 17:12 . 2008-01-21 17:13 <DIR> d-------- C:\Arquivos de programas\MSN Apps

2008-01-21 02:40 . 2008-01-21 02:40 244 --ah----- C:\sqmnoopt01.sqm

2008-01-21 02:40 . 2008-01-21 02:40 232 --ah----- C:\sqmdata01.sqm

2008-01-21 02:39 . 2008-01-21 02:39 244 --ah----- C:\sqmnoopt00.sqm

2008-01-21 02:39 . 2008-01-21 02:39 232 --ah----- C:\sqmdata00.sqm

2008-01-20 09:16 . 2008-01-20 09:30 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2008-01-20 09:15 . 2008-01-20 10:19 <DIR> d-------- C:\WINDOWS\Internet Logs

2008-01-20 00:50 . 2008-01-20 00:50 <DIR> d-------- C:\Arquivos de programas\Windows Defender

2008-01-20 00:30 . 2008-01-22 20:24 <DIR> d-------- C:\Arquivos de programas\Norton Security Scan

2008-01-20 00:28 . 2008-01-20 00:28 <DIR> d-------- C:\Arquivos de programas\Google

2008-01-19 23:50 . 2008-01-19 23:50 678 --a------ C:\WINDOWS\ST6UNST.000

2008-01-19 23:50 . 2008-01-19 23:50 0 --a------ C:\WINDOWS\SETUP.LST

2008-01-19 23:29 . 2008-01-22 20:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-01-19 16:42 . 2008-01-23 05:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-19 16:42 . 2008-01-19 16:42 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-19 16:23 . 2008-01-19 16:23 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-01-19 12:31 . 2008-01-22 15:31 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-01-19 12:30 . 2008-01-19 12:30 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-01-19 12:30 . 2008-01-19 12:30 <DIR> d-------- C:\Arquivos de programas\Sony Ericsson

2008-01-19 12:30 . 2008-01-19 12:31 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2008-01-19 11:56 . 2006-05-15 15:45 97,184 -ra------ C:\WINDOWS\system32\drivers\SE30mdm.sys

2008-01-19 11:56 . 2006-05-15 15:45 9,360 -ra------ C:\WINDOWS\system32\drivers\SE30mdfl.sys

2008-01-19 11:56 . 2006-05-15 15:45 6,240 -ra------ C:\WINDOWS\system32\drivers\SE30cmnt.sys

2008-01-19 11:56 . 2006-05-15 15:45 6,240 -ra------ C:\WINDOWS\system32\drivers\SE30cm.sys

2008-01-19 11:54 . 2006-05-15 15:45 61,600 -ra------ C:\WINDOWS\system32\drivers\SE30bus.sys

2008-01-19 11:54 . 2006-05-15 15:45 5,872 -ra------ C:\WINDOWS\system32\drivers\SE30whnt.sys

2008-01-19 11:54 . 2006-05-15 15:45 5,872 -ra------ C:\WINDOWS\system32\drivers\SE30wh.sys

2008-01-17 11:49 . 2007-06-25 15:02 475,136 --a------ C:\WINDOWS\system32\SkinCrafter2.dll

2008-01-17 00:44 . 2008-01-17 00:59 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

2008-01-16 23:34 . 2008-01-16 23:16 218,504 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys

2008-01-16 23:16 . 2008-01-16 23:34 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PC Tools

2008-01-16 23:03 . 2008-01-20 00:39 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-01-16 23:03 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-01-16 23:03 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-01-16 23:03 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-01-16 23:03 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-01-16 22:16 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2008-01-15 16:53 . 2008-01-16 07:17 <DIR> d-------- C:\Arquivos de programas\Java

2008-01-15 16:53 . 2008-01-15 16:53 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-01-15 16:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-01-15 16:49 . 2008-01-19 14:47 <DIR> d-------- C:\Arquivos de programas\FrostWire

2008-01-15 16:49 . 2008-01-15 16:49 <DIR> d-------- C:\Arquivos de programas\AskSBar

2008-01-13 02:23 . 2008-01-18 01:02 <DIR> d-------- C:\Arquivos de programas\Everest Poker

2008-01-13 00:49 . 2008-01-13 00:49 <DIR> d-------- C:\Arquivos de programas\TEXTware

2008-01-13 00:49 . 2008-01-13 00:49 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-01-13 00:49 . 2008-01-13 00:49 <DIR> d-------- C:\Arquivos de programas\IDM

2008-01-13 00:49 . 1998-10-22 05:01 1,888,744 --a------ C:\WINDOWS\system32\VCL40.BPL

2008-01-13 00:49 . 2003-04-29 19:09 205,312 --a------ C:\WINDOWS\system32\Illprs.dll

2008-01-13 00:49 . 2002-08-01 16:44 160,768 --a------ C:\WINDOWS\system32\ILLKRN.DLL

2008-01-13 00:49 . 2008-01-13 00:49 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-01-13 00:49 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe

2008-01-13 00:49 . 2004-06-10 11:29 48,128 --a------ C:\WINDOWS\system32\QFClient.ILX

2008-01-13 00:48 . 2008-01-13 00:48 <DIR> d-------- C:\Arquivos de programas\Oxford

2008-01-13 00:46 . 2008-01-13 00:46 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-01-13 00:44 . 2008-01-13 00:44 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-01-10 23:43 . 2008-01-10 23:43 737,280 --a------ C:\WINDOWS\iun6002.exe

2008-01-10 23:14 . 2008-01-10 23:14 <DIR> d-------- C:\Arquivos de programas\Multimedia Australia

2008-01-06 21:49 . 2008-01-06 21:49 <DIR> d-------- C:\Arquivos de programas\Winamp Alternative

2008-01-06 21:49 . 2008-01-06 21:49 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2008-01-06 21:49 . 2008-01-06 21:49 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\NSV

2008-01-06 18:05 . 2008-01-18 22:54 <DIR> d-------- C:\Arquivos de programas\The KMPlayer

2008-01-01 15:40 . 2008-01-01 15:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DirectX

2008-01-01 15:38 . 2008-01-01 15:38 <DIR> d-------- C:\Arquivos de programas\EA GAMES

2007-12-31 17:30 . 2007-12-31 17:30 18,500 --a------ C:\WINDOWS\Ascd_tmp.ini

2007-12-31 11:34 . 2007-12-31 11:34 <DIR> d-------- C:\Arquivos de programas\PowerQuest

2007-12-30 12:22 . 2007-12-30 12:22 3,082 --a------ C:\WINDOWS\system32\affv208325p1now.sys

2007-12-29 23:22 . 2007-12-29 23:22 <DIR> d--h----- C:\WINDOWS\PIF

2007-12-29 22:11 . 2002-12-25 08:44 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2007-12-29 01:56 . 2007-12-29 01:56 <DIR> d-------- C:\Arquivos de programas\SopCast

2007-12-28 19:34 . 2007-12-28 19:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2007-12-27 18:05 . 2007-12-27 18:05 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-12-26 17:02 . 2007-12-26 17:02 <DIR> d-------- C:\Arquivos de programas\Ultra Video Splitter

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-13 03:49 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-23 21:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-12-23 20:55 --------- d-----w C:\Arquivos de programas\CyberLink DVD Solution

2007-12-23 20:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2007-12-23 20:55 --------- d-----w C:\Arquivos de programas\Ahead

2007-12-23 20:54 --------- d-----w C:\Arquivos de programas\CyberLink

2007-12-23 20:39 --------- d--h--w C:\Arquivos de programas\Uninstall Information

2007-12-23 20:36 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2007-12-23 20:33 --------- d-----w C:\Arquivos de programas\Serviços on-line

2007-12-23 20:33 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-12-23 20:32 --------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-12-23 17:22 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2007-12-23 17:22 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2004-10-01 17:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2008-01-15 16:49 66912 --a------ C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

2008-01-15 16:49 267592 --a------ C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-13 23:51 352256]

"Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-01-20 09:54 579072]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-24 23:33 7323648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-01-20 00:52 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="cmd.exe" [2004-08-04 00:45 400384 C:\WINDOWS\system32\cmd.exe]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 00:34 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-01-16 23:16]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE30bus.sys [2006-05-15 15:45]

S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE30mdfl.sys [2006-05-15 15:45]

S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE30mdm.sys [2006-05-15 15:45]

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-01-23 23:24:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

"2008-01-20 03:30:27 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Arquivos de programas\Norton Security Scan\Nss.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-23 20:29:07

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

Logfile of HijackThis v1.99.1

Scan saved at 20:34, on 2008-01-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Thiago\Programas\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll