[Arquivado] pc estranho =/

[«†»-=Åñúß¡§=-«†» 0]

Olá. ^^

 

Meu pc está muito estranho... As vezes fica meio lerdo... Uso do CPU fica 100% sem ter nada aberto...

... Reinicia de vez em quando..e da ultima vez ele quase não ligou denovo... tipo reiniciou..só q fico tudo preto no munitor...e antes dele chegar a ligar... a cpu desligou e não queria ligar mais... ai eu desliguei da tomada e liguei depois de uns minutos... ai ligou só que ficou como se tivesse "tentando mas não conseguia" ligar... ai depois ligou e apareceu a telinha de erro > pra apertar F1 pra continuar ou F2 pra usar "defalty confing" algo assim :S

Por Favorr Vejam pra mim ^^

 

Logfile of HijackThis v1.99.1

Scan saved at 12:27:26, on 30/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Avast4\ashWebSv.exe

C:\ARQUIV~1\Avast4\ashDisp.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

D:\AntiMerdas\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 222.235.64.181:80

O2 - BHO: (no name) - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)

O2 - BHO: TBSB07218 - {3AF93A29-A296-4AB0-9011-D85A559203B3} - C:\Arquivos de programas\TurboUpload\TurboUpload Toolbar\turboupload.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\AntiMerdas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - (no file)

O2 - BHO: (no name) - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: (no name) - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSPM] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKLM\..\Run: [NetPumper] "C:\Arquivos de programas\NetPumper\NetPumperIEProxy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [aol] "C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ManyCam] "C:\Arquivos de programas\ManyCam 2.1\ManyCam.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Pando] "C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [DAEMON Tools] "D:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [Camfrog] "C:\Arquivos de programas\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 1 C:\Arquivos de programas\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: LNSS Status Monitor.lnk = C:\Arquivos de programas\GFI\LANguard Network Security Scanner 7.0\statusmonitor.exe

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O15 - Trusted Zone: http://www.fotolog.com

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_01) -

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -

O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.5.0_03) -

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Arquivos de programas\xampp\service.exe

[jgarcia 1]

Opa «†»-=Åñúß¡§=-«†»,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[«†»-=Åñúß¡§=-«†» 0]

Combofix

ComboFix 08-01-31.3 - Victor 2008-01-31 3:15:40.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.173 [GMT -3:00]

Executando de: D:\AntiMerdas\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))))

.

 

2008-01-31 03:13 . 2008-01-31 03:13 268 --ah----- C:\sqmdata01.sqm

2008-01-31 03:13 . 2008-01-31 03:13 244 --ah----- C:\sqmnoopt01.sqm

2008-01-30 21:19 . 2008-01-30 21:19 80 --a------ C:\WINDOWS\my.ini

2008-01-30 21:02 . 2008-01-30 21:02 1,024 --a------ C:\.rnd

2008-01-30 12:54 . 2008-01-30 12:54 173,162 --a------ C:\WINDOWS\system32\z4123xff

2008-01-30 11:04 . 2008-01-30 11:04 <DIR> d-------- C:\WINDOWS\Gravity

2008-01-26 10:29 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\system32\Startup.cpl

2008-01-26 01:31 . 2007-05-29 07:54 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-01-26 01:31 . 2007-03-21 16:21 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-01-26 01:31 . 2007-03-21 16:21 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-01-26 01:31 . 2007-03-21 16:21 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-01-26 01:31 . 2007-03-21 16:21 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-01-26 01:31 . 2008-01-26 01:31 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-01-26 01:31 . 2007-03-21 16:21 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-01-26 01:31 . 2007-03-21 16:21 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-01-25 17:52 . 2008-01-27 19:25 <DIR> d-------- C:\Kanario

2008-01-25 15:14 . 2008-01-25 15:14 <DIR> d-------- C:\Snapshot

2008-01-24 20:42 . 2008-01-26 00:52 <DIR> d-------- C:\WINDOWS\system32\hanbiton

2008-01-23 11:14 . 2008-01-23 11:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-23 11:14 . 2008-01-23 11:14 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-23 06:56 . 2004-01-21 03:22 106,542 --a------ C:\WINDOWS\system32\system86ta.dll

2008-01-22 22:54 . 2008-01-24 01:03 1,087 --a------ C:\WINDOWS\eReg.dat

2008-01-22 22:48 . 2004-01-23 12:22 106,542 --a------ C:\WINDOWS\system32\system86tt.dll

2008-01-22 22:48 . 2004-01-23 12:22 106,542 --a------ C:\WINDOWS\system\system86tt.dll

2008-01-22 16:35 . 2008-01-26 01:00 50 --a------ C:\WINDOWS\MegaManager.INI

2008-01-22 16:32 . 2008-01-22 16:32 <DIR> d-------- C:\Documents and Settings\Victor\Dados de aplicativos\Megaupload

2008-01-14 00:35 . 2008-01-14 00:43 <DIR> d-------- C:\Arquivos de programas\ManyCam 2.1

2008-01-11 01:03 . 2008-01-11 01:04 <DIR> d-------- C:\Arquivos de programas\Sony

2008-01-11 01:02 . 2008-01-11 01:02 <DIR> d-------- C:\Arquivos de programas\Sony Setup

2008-01-09 14:30 . 2008-01-09 14:30 <DIR> d-------- C:\WINDOWS\system32\EXP

2008-01-09 14:30 . 2008-01-09 14:30 <DIR> d-------- C:\Arquivos de programas\Expstudio

2008-01-09 14:30 . 2008-01-09 14:30 161,236 --a------ C:\WINDOWS\Expstudio Audio Editor FREE Uninstaller.exe

2008-01-09 05:26 . 2008-01-27 20:11 <DIR> d-------- C:\WINDOWS\Lhsp

2008-01-09 05:25 . 2008-01-27 19:21 <DIR> d-------- C:\WINDOWS\speech

2008-01-09 05:24 . 2008-01-27 19:20 67 --a------ C:\WINDOWS\iltwain.ini

2008-01-05 17:23 . 2008-01-05 17:23 <DIR> d-------- C:\Documents and Settings\Victor\Configuraþ§es locais

2008-01-05 12:12 . 2008-01-05 12:12 <DIR> d-------- C:\Documents and Settings\Iracema\Dados de aplicativos\Camfrog

2007-12-21 12:10 . 2007-12-21 13:46 <DIR> d-------- C:\Arquivos de programas\Games

2007-12-19 21:24 . 2008-01-26 16:38 <DIR> d-------- C:\Documents and Settings\Iracema\Tracing

2007-12-19 12:02 . 2008-01-05 16:21 <DIR> d-------- C:\Games

2007-12-19 02:52 . 2008-01-31 03:12 <DIR> d-------- C:\Documents and Settings\Victor\Tracing

2007-12-19 00:27 . 2007-12-19 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PY_Software

2007-12-18 23:45 . 2007-11-30 18:15 301,696 --a------ C:\WINDOWS\system32\drivers\wwsplit.sys

2007-12-18 23:45 . 2002-02-01 16:00 293,888 --a------ C:\WINDOWS\system32\midas.dll

2007-12-18 07:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2007-12-18 02:07 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-12-17 23:46 . 2007-12-17 23:54 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2007-12-17 23:45 . 2007-12-18 00:26 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2007-12-11 21:42 . 2008-01-30 11:02 2,048 --a------ C:\pumpprex3.ini

2007-12-11 13:00 . 2008-01-26 00:56 <DIR> d-------- C:\Documents and Settings\Victor\Dados de aplicativos\Lavasoft

2007-12-07 12:53 . 2007-12-07 12:53 <DIR> d-------- C:\Documents and Settings\Iracema\Dados de aplicativos\DivX

2007-12-06 02:45 . 2007-12-06 05:53 <DIR> d-------- C:\Documents and Settings\Victor\Dados de aplicativos\mIRC

2007-12-06 02:45 . 2007-12-06 02:45 <DIR> d-------- C:\Arquivos de programas\mIRC

2007-12-05 23:52 . 2007-12-05 23:52 <DIR> d-------- C:\Arquivos de programas\URUSoft

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-31 00:18 --------- d-----w C:\Arquivos de programas\xampp

2008-01-30 23:39 --------- d-----w C:\Arquivos de programas\Gravity

2008-01-30 15:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-01-30 13:33 --------- d-----w C:\Arquivos de programas\Soulseek-Test

2008-01-30 12:30 --------- d-----w C:\Documents and Settings\Victor\Dados de aplicativos\MegauploadToolbar

2008-01-27 01:52 --------- d-----w C:\Documents and Settings\Iracema\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-01-26 08:05 --------- d-----w C:\Arquivos de programas\eMule

2008-01-26 04:00 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-01-26 04:00 --------- d-----w C:\Arquivos de programas\MessengerDiscovery

2008-01-26 03:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-01-25 20:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-01-24 13:31 --------- d-----w C:\Documents and Settings\Victor\Dados de aplicativos\uTorrent

2008-01-23 14:26 --------- d-----w C:\Arquivos de programas\Winamp

2008-01-22 19:20 --------- d-----w C:\Arquivos de programas\MegauploadToolbar

2008-01-19 06:20 --------- d-----w C:\Documents and Settings\Victor\Dados de aplicativos\Screenshot Sender

2008-01-18 12:05 --------- d-----w C:\Arquivos de programas\Avast4

2008-01-03 19:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2007-12-19 06:04 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-19 06:04 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-12-19 05:50 --------- d-----w C:\Arquivos de programas\Windows Live

2007-12-18 08:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2007-12-06 05:13 --------- d-----w C:\Arquivos de programas\Valve

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-11-28 00:34 --------- d-----w C:\Arquivos de programas\TurboUpload

2007-11-07 18:34 51,736 ----a-w C:\WINDOWS\system32\sirenacm.dll

2007-11-07 09:28 724,480 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-27 13:37 204,019 ----a-w C:\WINDOWS\ADDONS SITECS (NONSTEAM) Uninstaller.exe

2007-10-25 12:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-24 04:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll

2007-10-24 04:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll

2007-10-24 04:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll

2007-10-24 04:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll

2007-10-23 20:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR

2007-10-10 23:50 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-10-07 13:57 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-07-22 19:48 32 ----a-r C:\Documents and Settings\All Users\hash.dat

2007-07-11 22:40 2,568 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AF93A29-A296-4AB0-9011-D85A559203B3}]

2007-10-09 11:33 2265088 --a------ C:\Arquivos de programas\TurboUpload\TurboUpload Toolbar\turboupload.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 15:34 3739672]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"ManyCam"="C:\Arquivos de programas\ManyCam 2.1\ManyCam.exe" [2007-08-20 07:44 1515520]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"Camfrog"="C:\Arquivos de programas\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 03:22 36352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

"nwiz"="nwiz.exe" [2005-07-21 01:07 1519616 C:\WINDOWS\system32\nwiz.exe]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-21 01:07 86016]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-21 01:07 7110656]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\Iracema\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\Arquivos de programas\GbPlugin\gbiehabn.dll [2007-07-23 22:39 339376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

C:\Arquivos de programas\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Arquivos de programas\AlienGUIse\fastload.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^LNSS Status Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\LNSS Status Monitor.lnk

backup=C:\WINDOWS\pss\LNSS Status Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Victor^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Victor^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

path=C:\Documents and Settings\Victor\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

backup=C:\WINDOWS\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aol]

C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a--c--- 2007-09-18 11:16 171464 D:\Arquivos de programas\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

--a------ 2006-05-16 11:58 213936 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2006-05-16 11:58 213936 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 13:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetPumper]

C:\Arquivos de programas\NetPumper\NetPumperIEProxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]

C:\Arquivos de programas\Pando Networks\Pando\Pando.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--a------ 2005-05-31 01:04 1415824 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"GFI LANguard N.S.S. 7.0 Attendant Service"=2 (0x2)

"Adobe LM Service"=3 (0x3)

"aawservice"=2 (0x2)

 

R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 10:49]

R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2004-07-08 15:58]

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-03-25 04:33]

R2 Apache2.2;Apache2.2;"C:\Arquivos de programas\xampp\apache\bin\apache.exe" [2007-12-20 23:00]

R2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe [2007-07-23 22:52]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 09:17]

R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 15:24]

S2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys [2005-02-21 15:09]

S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys []

S3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2005-02-21 15:12]

S3 DCamUSBPremier;DC E30;C:\WINDOWS\system32\Drivers\mpixvid.sys []

S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys []

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-31 06:15:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{87C35ABB-214F-48F5-ACC9-56AD5DF022EE}.job"

- C:\WINDOWS\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-31 03:18:05

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-01-31 3:19:30

.

2008-01-26 06:04:19 --- E O F ---

 

Hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 03:23:42, on 31/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\xampp\apache\bin\apache.exe

C:\Arquivos de programas\xampp\mysql\bin\mysqld-nt.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\Avast4\ashDisp.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ManyCam 2.1\ManyCam.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\xampp\apache\bin\apache.exe

C:\Arquivos de programas\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe

D:\AntiMerdas\HijackThis\HijackThis.exe

C:\Arquivos de programas\Avast4\setup\avast.setup

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 222.235.64.181:80

O2 - BHO: (no name) - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)

O2 - BHO: TBSB07218 - {3AF93A29-A296-4AB0-9011-D85A559203B3} - C:\Arquivos de programas\TurboUpload\TurboUpload Toolbar\turboupload.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\AntiMerdas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: (no name) - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - (no file)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ManyCam] "C:\Arquivos de programas\ManyCam 2.1\ManyCam.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Camfrog] "C:\Arquivos de programas\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 1 C:\Arquivos de programas\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O15 - Trusted Zone: http://www.fotolog.com

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_01) -

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -

O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.5.0_03) -

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{740D8397-A7FF-4BFA-8D9B-EEC0F6340D6F}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Apache2.2 - Unknown owner - C:\Arquivos de programas\xampp\apache\bin\apache.exe" -k runservice (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: mysql - Unknown owner - C:\Arquivos de programas\xampp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Arquivos de programas\xampp\mysql\bin\my.cnf" mysql (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

 

Obrigado pela ajuda ^^

abraço

[jgarcia 1]

Opa «†»-=Åñúß¡§=-«†»,

 

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão ;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.