[Arquivado] Analise de Log

Akire · Fevereiro 28, 2008

Olá, mais uma vez estou aqui pedindo uma ajuda. Dessa vez a Spyware Doctor, ferramenta baixada do Google, detectou o KAVO0.DLL no C:\W..\System32. Tudo que tento abrir, como os programas, a ferramenta acusa que o KAVO0 doi bloqueando por tentar acessar o arquibo .exe, dificuldando o acesso aos aplicativos. O Avast também havia detectado, enviei para quarentena, mandei excluir, mas ele surgiu novamente. Como podemos remover essa praga?

Logfile of HijackThis v1.99.1

Scan saved at 15:23:57, on 28/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O1 - Hosts: 170.66.1.60 www14.bancobrasil.com.br # GbPlugin

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137690154209

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

Desde já agradeço,

Att. Érika

DigRam · Fevereiro 29, 2008

Boa Dia Akire!

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

________________________

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

Akire · Fevereiro 29, 2008

Olá, conforme solicitado: ComboFix e HJT

ComboFix 08-03-01 - PC 2008-02-29 17:24:39.1 - NTFSx86

Executando de: C:\Documents and Settings\PC\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

C:\WINDOWS\system32\kavo.exe

C:\WINDOWS\system32\kavo0.dll

C:\WINDOWS\system32\kavo1.dll

E:\Autorun.inf

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))))

.

2008-02-29 17:21 . 2004-08-04 00:45 400,384 --a------ C:\CF8446.exe

2008-02-28 15:19 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe

2008-02-28 14:36 . 2008-02-29 13:01 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-28 14:27 . 2008-02-28 14:27 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS

2008-02-28 14:27 . 2008-02-28 14:27 <DIR> d-------- C:\Arquivos de programas\Picasa2

2008-02-28 14:27 . 2006-10-04 23:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-02-28 14:27 . 2006-10-04 23:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-02-28 14:23 . 2008-02-29 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-02-28 07:54 . 2008-02-29 17:11 81,408 -r-hs---- C:\WINDOWS\system32\tavo0.dll

2008-02-27 14:59 . 2008-02-27 19:10 116,261 -r-hs---- C:\cfv90h.com

2008-02-27 14:59 . 2008-02-27 19:10 81,408 -r-hs---- C:\WINDOWS\system32\tavo1.dll

2008-02-26 12:25 . 2008-02-07 11:15 112,991 -r-hs---- C:\e.bat

2008-02-26 12:25 . 2008-02-27 19:10 112,496 -r-hs---- C:\WINDOWS\system32\tavo.exe

2008-02-25 17:24 . 2008-02-25 17:24 <DIR> d-------- C:\Arquivos de programas\MP3 Player Utilities 4.15

2008-02-25 01:05 . 2008-02-25 18:44 <DIR> d-------- C:\Documents and Settings\PC\Dados de aplicativos\LimeWire

2008-02-25 01:01 . 2008-02-25 01:01 <DIR> d-------- C:\Arquivos de programas\Java

2008-02-25 01:01 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-02-25 00:50 . 2008-02-25 00:50 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-02-25 00:49 . 2008-02-25 01:01 <DIR> d-------- C:\Arquivos de programas\LimeWire

2008-02-24 12:55 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-02-24 12:55 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-02-21 10:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-02-21 10:53 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-02-21 10:53 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-02-20 07:39 . 2008-02-20 07:39 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-20 07:39 . 2008-02-20 07:39 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-02-20 07:39 . 2008-02-20 07:46 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-20 07:05 . 2008-02-20 07:05 <DIR> d-------- C:\Documents and Settings\PC\Contacts

2008-02-19 15:40 . 2008-02-19 15:40 341 --a------ C:\WINDOWS\FGCAN.ini

2008-02-19 01:22 . 2008-02-19 01:22 <DIR> d-------- C:\Documents and Settings\PC\Dados de aplicativos\CyberLink

2008-02-19 01:21 . 2008-02-19 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-02-18 21:01 . 2008-02-18 21:01 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-02-18 21:01 . 2008-02-18 21:01 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-02-18 20:34 . 2008-02-18 20:34 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-02-18 20:33 . 2005-03-08 01:52 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys

2008-02-18 20:33 . 2005-03-08 01:52 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

2008-02-18 20:32 . 2005-03-15 16:36 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll

2008-02-18 20:32 . 2005-05-05 08:51 37,376 --a------ C:\WINDOWS\system32\hpz3l3xu.dll

2008-02-18 20:32 . 2005-03-08 01:52 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys

2008-02-18 20:32 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-02-18 20:32 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-02-18 20:25 . 2008-02-18 20:26 <DIR> d-------- C:\Arquivos de programas\HP

2008-02-18 20:25 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-02-18 20:25 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-02-18 20:24 . 2008-02-18 20:24 <DIR> d-------- C:\Documents and Settings\PC\Dados de aplicativos\HP

2008-02-18 20:24 . 2008-02-18 20:38 88,544 --a------ C:\WINDOWS\hpoins06.dat

2008-02-18 20:24 . 2005-06-03 00:31 5,389 --------- C:\WINDOWS\hpomdl06.dat

2008-02-18 20:22 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-02-18 20:22 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-02-18 20:09 . 2008-02-18 20:15 <DIR> d-------- C:\Arquivos de programas\Jogos

2008-02-18 15:47 . 2008-02-21 11:39 268 --ah----- C:\sqmdata19.sqm

2008-02-18 15:47 . 2008-02-21 11:39 244 --ah----- C:\sqmnoopt19.sqm

2008-02-18 15:44 . 2008-02-21 10:51 244 --ah----- C:\sqmnoopt18.sqm

2008-02-18 15:44 . 2008-02-21 10:51 232 --ah----- C:\sqmdata18.sqm

2008-02-18 14:58 . 2008-02-19 01:41 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-02-18 14:53 . 2008-02-20 06:38 244 --ah----- C:\sqmnoopt17.sqm

2008-02-18 14:53 . 2008-02-20 06:38 232 --ah----- C:\sqmdata17.sqm

2008-02-18 14:34 . 2008-02-20 06:31 244 --ah----- C:\sqmnoopt16.sqm

2008-02-18 14:34 . 2008-02-20 06:31 232 --ah----- C:\sqmdata16.sqm

2008-02-18 14:27 . 2008-02-19 15:46 268 --ah----- C:\sqmdata15.sqm

2008-02-18 14:27 . 2008-02-19 15:46 244 --ah----- C:\sqmnoopt15.sqm

2008-02-18 14:26 . 2008-02-19 15:23 244 --ah----- C:\sqmnoopt14.sqm

2008-02-18 14:26 . 2008-02-19 15:23 232 --ah----- C:\sqmdata14.sqm

2008-02-18 14:21 . 2008-02-19 12:13 244 --ah----- C:\sqmnoopt13.sqm

2008-02-18 14:21 . 2008-02-19 12:13 232 --ah----- C:\sqmdata13.sqm

2008-02-18 14:20 . 2008-02-19 11:51 244 --ah----- C:\sqmnoopt12.sqm

2008-02-18 14:20 . 2008-02-19 11:51 232 --ah----- C:\sqmdata12.sqm

2008-02-18 14:14 . 2008-02-18 22:50 244 --ah----- C:\sqmnoopt11.sqm

2008-02-18 14:14 . 2008-02-18 22:50 232 --ah----- C:\sqmdata11.sqm

2008-02-18 14:09 . 2008-02-18 22:50 244 --ah----- C:\sqmnoopt10.sqm

2008-02-18 14:09 . 2008-02-18 22:50 232 --ah----- C:\sqmdata10.sqm

2008-02-18 14:08 . 2008-02-18 21:04 244 --ah----- C:\sqmnoopt09.sqm

2008-02-18 14:08 . 2008-02-18 21:04 232 --ah----- C:\sqmdata09.sqm

2008-02-18 14:04 . 2008-02-18 21:02 244 --ah----- C:\sqmnoopt08.sqm

2008-02-18 14:04 . 2008-02-18 21:02 232 --ah----- C:\sqmdata08.sqm

2008-02-18 13:56 . 2008-02-18 20:48 244 --ah----- C:\sqmnoopt07.sqm

2008-02-18 13:56 . 2008-02-18 20:48 232 --ah----- C:\sqmdata07.sqm

2008-02-18 13:03 . 2008-02-18 20:45 244 --ah----- C:\sqmnoopt06.sqm

2008-02-18 13:03 . 2008-02-18 20:45 232 --ah----- C:\sqmdata06.sqm

2008-02-18 12:56 . 2008-02-28 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-02-18 12:56 . 2008-02-28 16:31 <DIR> d-------- C:\Arquivos de programas\GbPlugin

2008-02-18 12:43 . 2008-02-18 20:03 244 --ah----- C:\sqmnoopt05.sqm

2008-02-18 12:43 . 2008-02-18 20:03 232 --ah----- C:\sqmdata05.sqm

2008-02-18 12:42 . 2008-02-18 19:58 244 --ah----- C:\sqmnoopt04.sqm

2008-02-18 12:42 . 2008-02-18 19:58 232 --ah----- C:\sqmdata04.sqm

2008-02-18 12:41 . 2008-02-18 12:41 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2008-02-18 12:40 . 2008-02-18 12:40 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-02-18 12:40 . 2008-02-18 12:40 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-02-18 12:11 . 2008-02-18 19:56 244 --ah----- C:\sqmnoopt03.sqm

2008-02-18 12:11 . 2008-02-18 19:56 232 --ah----- C:\sqmdata03.sqm

2008-02-11 07:07 . 2008-02-18 19:55 244 --ah----- C:\sqmnoopt02.sqm

2008-02-11 07:07 . 2008-02-18 19:55 232 --ah----- C:\sqmdata02.sqm

2008-02-11 06:52 . 2008-02-18 19:54 244 --ah----- C:\sqmnoopt01.sqm

2008-02-11 06:52 . 2008-02-18 19:54 232 --ah----- C:\sqmdata01.sqm

2008-02-11 06:50 . 2008-02-11 06:54 <DIR> d-------- C:\Tg98SE

2008-02-11 06:50 . 1999-07-06 11:00 617,472 --a------ C:\WINDOWS\system32\Vcf132.ocx

2008-02-11 06:50 . 1999-07-06 11:00 103,744 --a------ C:\WINDOWS\system32\Mscomm32.ocx

2008-02-11 06:50 . 2000-01-24 09:46 10,827 --a------ C:\WINDOWS\system32\Proteq.vxd

2008-02-11 06:50 . 2008-02-18 19:47 244 --ah----- C:\sqmnoopt00.sqm

2008-02-11 06:50 . 2008-02-18 19:47 232 --ah----- C:\sqmdata00.sqm

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-28 17:23 --------- d-----w C:\Arquivos de programas\Google

2008-02-26 02:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-02-25 20:24 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-20 10:32 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-02-19 02:08 --------- d-----w C:\Arquivos de programas\Discador itelefonica

2008-02-09 23:12 --------- d-----w C:\Arquivos de programas\Web Publish

2007-12-07 02:09 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2006-09-12 11:08 185480]

"AnyDVD"="C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe" [2005-11-29 01:12 499712]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"tava"="C:\WINDOWS\system32\tavo.exe" [2008-02-27 19:10 112496]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-30 19:35 7634944]

"nwiz"="nwiz.exe" [2006-10-30 19:35 1622016 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-30 19:35 86016]

"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 04:03 16125440 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe]

"Motive SmartBridge"="C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 13:46 397312]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Tecnico Speedy.lnk - C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2008-02-09 22:06:27 217088]

AutoCAD Startup Accelerator.lnk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe [2006-03-05 03:43:54 11000]

Google Updater.lnk - C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe [2008-02-28 14:23:26 125624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 16:30 347976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 16:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Event Reminder.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Event Reminder.lnk

backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-26 23:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

C:\Arquivos de programas\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]

--a------ 2001-09-05 23:50 86016 C:\WINDOWS\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

C:\Arquivos de programas\VIA\RAID\raid_t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 20:24 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]

-ra------ 2005-08-25 08:05 49152 C:\WINDOWS\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msncall.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

R2 Proteq;Proteq;C:\WINDOWS\system32\drivers\Proteq.sys [2003-07-17 15:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{123d8941-42b8-11db-9812-806d6172696f}]

\Shell\AutoRun\command - D:\ASUSACPI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ce58eb5-6b2a-11dc-ae42-806d6172696f}]

\Shell\AutoRun\command - D:\Bin\assetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8900db52-890b-11da-b50d-806d6172696f}]

\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9aaf5aeb-e2e5-11dc-b009-001d60837a32}]

\Shell\AutoRun\command - F:\e.bat

\Shell\explore\Command - F:\e.bat

\Shell\open\Command - F:\e.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3303e93-88f6-11da-817b-806d6172696f}]

\Shell\AutoRun\command - D:\Bin\Assetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c61c3ce8-3838-11db-9d6a-806d6172696f}]

\Shell\AutoRun\command - D:\AutoRun\Demo.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-02-29 20:13:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-01 17:25:59

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-03-01 17:26:17

ComboFix-quarantined-files.txt 2008-03-01 20:26:15

.

2008-02-26 02:22:55 --- E O F ---

****************************** HJT *****************************

Logfile of HijackThis v1.99.1

Scan saved at 17:38:51, on 29/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Java\jre1.6.0_04\bin\jusched.exe

C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\MotiveBrowser.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe