[Arquivado] Já não sei o que fazer! =\

EuMicheL · Fevereiro 15, 2008

resolvi me cadastar no fórum, por indicação de meu primo...

ele disse que eu deveria baixar um programa chamado "hijack"...

(algo assim...)

e postar o log gerado pelo mesmo...

espero que os senhores possam me ajudar,

grato desde já!

----------------------------

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 20:48:12, on 15/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\AppServ\Apache\Apache.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\AppServ\Apache\Apache.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\Grisoft\AVG7\avgwb.dat

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\ok\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 70.86.202.132 L2authd.lineage2.com

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AAWTray] C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] c:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Registration Call of Juarez.LNK = C:\Arquivos de programas\Ubisoft\Techland\Call of Juarez\Register\RegistrationReminder.exe

O4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\..\{7F22679E-4F6B-419F-9822-9BDF8DC40179}: NameServer = 200.204.0.10 200.204.0.138

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe

O23 - Service: Apache2 - Unknown owner - C:\AppServ\Apache\bin\Apache.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 9743 bytes

jgarcia · Fevereiro 17, 2008

Opa EuMicheL,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

EuMicheL · Fevereiro 17, 2008

Log do ComboFix...

...o Pc não reiniciou.

--

ComboFix 08-02-17.2 - ok 2008-02-17 16:29:52.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.522 [GMT -2:00]

Executando de: C:\Documents and Settings\ok\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\.protected

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\system32\launcher.exe

C:\WINDOWS\system32\pskill.exe

----- BITS: Possible infected sites -----

hxxp://www.thenmnetwork.com

hxxp://onlinesafepro.com

hxxp://thenmnetwork.com

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))

.

2008-02-17 16:26 . 2008-02-17 16:25 218,112 --a------ C:\HijackThis.exe

2008-02-16 11:22 . 2008-02-16 18:58 <DIR> d-------- C:\Arquivos de programas\SopCast

2008-02-16 11:21 . 2008-02-17 16:23 <DIR> d-------- C:\Arquivos de programas\MegaCubo

2008-02-04 20:44 . 2008-02-04 20:44 <DIR> d-------- C:\Arquivos de programas\KeepV Converter

2008-02-03 02:52 . 2008-02-03 02:52 <DIR> d-------- C:\Arquivos de programas\Maxis

2008-02-02 20:31 . 2008-02-02 20:31 3,120 --a------ C:\WINDOWS\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll

2008-02-02 20:31 . 2008-02-02 20:31 3,120 --a------ C:\WINDOWS\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx

2008-01-31 20:41 . 2008-01-31 20:43 <DIR> d-------- C:\Arquivos de programas\NetLog

2008-01-31 10:59 . 2008-01-31 10:59 <DIR> d-------- C:\Level Up! Games

2008-01-25 18:26 . 2004-08-18 01:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

2008-01-24 00:25 . 2008-01-24 00:26 <DIR> d-------- C:\Documents and Settings\ok\Dados de aplicativos\Nokia

2008-01-24 00:24 . 2008-01-24 00:24 <DIR> d-------- C:\Arquivos de programas\PC Connectivity Solution

2008-01-24 00:23 . 2008-01-24 00:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Installations

2008-01-24 00:09 . 2008-01-24 00:25 <DIR> d-------- C:\Arquivos de programas\Nokia

2008-01-24 00:09 . 2008-01-24 00:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nokia

2008-01-22 18:27 . 2008-01-24 00:25 <DIR> d-------- C:\Arquivos de programas\DIFX

2008-01-22 18:26 . 2008-01-22 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2008-01-22 18:26 . 2008-01-24 00:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PCSuite

2008-01-22 18:26 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-01-22 18:22 . 2008-01-24 00:11 <DIR> d-------- C:\Arquivos de programas\ArkMicro

2008-01-22 17:50 . 2008-01-22 17:50 8,704 --ahs---- C:\WINDOWS\system32\Thumbs.db

2008-01-22 14:57 . 2008-01-22 14:57 <DIR> d-------- C:\Documents and Settings\ok\Dados de aplicativos\PC Suite

2008-01-22 14:49 . 2008-01-22 14:49 20,992 --a------ C:\WINDOWS\jestertb.dll

2008-01-18 14:40 . 2004-01-10 18:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-17 18:22 --------- d-----w C:\Documents and Settings\ok\Dados de aplicativos\AVG7

2008-02-17 00:25 --------- d-----w C:\Documents and Settings\ok\Dados de aplicativos\MegauploadToolbar

2008-02-07 00:00 --------- d-----w C:\Arquivos de programas\Spyware Terminator

2008-02-04 21:45 --------- d-----w C:\Arquivos de programas\StepMania

2008-02-02 19:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-01 01:13 --------- d-----w C:\Arquivos de programas\Trojan Killer

2008-02-01 00:45 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-02-01 00:45 --------- d-----w C:\Arquivos de programas\MessengerPlus! 3

2008-01-31 22:44 38 ----a-w C:\Arquivos de programas\error_message.txt

2008-01-29 22:29 --------- d-----w C:\Arquivos de programas\Call of Duty

2008-01-26 20:58 --------- d-----w C:\Arquivos de programas\dvdSanta

2008-01-26 05:41 --------- d-----w C:\Documents and Settings\ok\Dados de aplicativos\LimeWire

2008-01-24 10:45 --------- d-----w C:\Documents and Settings\ok\Dados de aplicativos\Hamachi

2008-01-23 17:12 --------- d-----w C:\Arquivos de programas\Valve

2008-01-23 15:15 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-01-22 20:49 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-01-17 12:42 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-01-17 01:28 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-01-16 03:12 --------- d-----w C:\Arquivos de programas\MegauploadToolbar

2008-01-15 18:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-01-15 17:35 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-01-14 08:26 --------- d-----w C:\Arquivos de programas\Frets on Fire

2008-01-13 06:05 --------- d-----w C:\Documents and Settings\ok\Dados de aplicativos\teamspeak2

2008-01-13 06:03 --------- d-----w C:\Arquivos de programas\Talisman

2008-01-13 03:51 --------- d-----w C:\Arquivos de programas\CureROM

2008-01-13 02:58 --------- d-----w C:\Documents and Settings\ok\Dados de aplicativos\fretsonfire

2008-01-12 02:45 --------- d-----w C:\Arquivos de programas\Tony Hawk's Pro Skater 2

2008-01-11 19:50 --------- d-----w C:\Documents and Settings\ok\Dados de aplicativos\DAEMON Tools

2008-01-11 19:37 --------- d-----w C:\Arquivos de programas\Ubisoft

2008-01-11 19:29 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-01-11 06:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-01-11 06:35 --------- d-----w C:\Arquivos de programas\LevelUpGames

2008-01-10 20:40 --------- d-----w C:\Arquivos de programas\LimeWire

2008-01-10 11:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-01-10 11:02 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-01-10 10:48 --------- d-----w C:\Arquivos de programas\CCleaner

2008-01-10 10:30 --------- d-----w C:\Arquivos de programas\Outspark

2008-01-09 01:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-01-09 01:17 --------- d-----w C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2008-01-09 01:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-01-07 09:49 --------- d-----w C:\Arquivos de programas\Tony Hawk's Underground 2

2007-12-27 18:41 197,120 ----a-w C:\WINDOWS\system32\fudencio_setup.scr

2007-12-27 18:26 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2007-12-26 21:42 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-26 21:42 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-12-24 02:16 --------- d-----w C:\Arquivos de programas\XP Codec Pack(2)

2007-12-21 10:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-10-14 17:34 20 ----a-w C:\Documents and Settings\ok\cryp.dll

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 14:24 1694208]

"PcSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

"AdobeUpdater"="C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]

"PC Suite Tray"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-08-03 04:53 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2006-08-25 03:52 176128 C:\WINDOWS\system32\VTTrayp.exe]

"AudioDeck"="C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 08:28 540672]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-06 14:08 132760]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2006-07-12 07:58 1397760]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07 69632]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-01-08 23:29 579072]

"AAWTray"="C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53 88024]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

"ISUSPM Startup"="c:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 13:41 196608]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-09-27 23:17 443968]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-01-08 23:29 219136]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Service Manager.lnk - C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2007-07-23 21:47:30 69632]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 01:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 01:39]

R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;C:\WINDOWS\system32\drivers\psxpad.sys [2002-05-15 13:24]

R3 PsxPortEnumerator;Psx Port Enumerator;C:\WINDOWS\system32\Drivers\psxenum.sys [2002-09-26 05:36]

R3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-04-05 15:14]

S3 puma1;puma1;C:\Documents and Settings\ok\Desktop\Puma_engine\Puma engine\PumaByZé\puma.sys []

S3 Revolution1;Revolution1;C:\Documents and Settings\ok\Desktop\Revolution_engine_6.2\Revolution engine 6.2\rv 6.2 mais bypassed\SHAK3.sys []

S3 XDva012;XDva012;C:\WINDOWS\system32\XDva012.sys []

S3 XDva019;XDva019;C:\WINDOWS\system32\XDva019.sys []

S3 XDva031;XDva031;C:\WINDOWS\system32\XDva031.sys []

S3 XDva033;XDva033;C:\WINDOWS\system32\XDva033.sys []

S3 XDva063;XDva063;C:\WINDOWS\system32\XDva063.sys []

S3 XDva068;XDva068;C:\WINDOWS\system32\XDva068.sys []

S3 XDva074;XDva074;C:\WINDOWS\system32\XDva074.sys []

S3 XDva075;XDva075;C:\WINDOWS\system32\XDva075.sys []

S3 XDva081;XDva081;C:\WINDOWS\system32\XDva081.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1bc59c2-c07b-11dc-b7c6-001a4da01e57}]

\Shell\AutoRun\command - E:\CojLauncher.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-17 16:33:27

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AudioDeck = C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???d:\audio\via???????|???|?????????????????????????

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-02-17 16:35:40

ComboFix-quarantined-files.txt 2008-02-17 18:35:39

.

2007-07-27 01:53:15 --- E O F ---

--

Log do HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 16:38:13, on 17/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\AppServ\Apache\Apache.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\AppServ\Apache\Apache.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe