[Arquivado] Log do meu pc

[thiagoonweb 0]

Logfile of HijackThis v1.99.1

Scan saved at 11:02:37, on 25/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\WinLogT.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgui.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\AVG\AVG8\avgscanx.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Cliente\Desktop\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 67.228.214.231 wwws.nossacaixa.com.br

O1 - Hosts: 67.228.214.230 internetbanking.caixa.gov.br

O1 - Hosts: 67.228.214.229 www2.bancobrasil.com.br

O1 - Hosts: 67.228.214.228 www2.infoseg.gov.br

O1 - Hosts: 67.228.214.228 portal.credicarditau.com.br

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Arquivos de programas\Zango\bin\10.3.35.0\HostIE.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Arquivos de programas\Zango\bin\10.3.35.0\HostIE.dll

O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Arquivos de programas\Babylon\Babylon Toolbar\BabylonIEToolBar.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Arquivos de programas\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{4C3573BC-D9DE-44AB-B7CB-54E736CB462A}: NameServer = 201.10.128.3 201.10.120.3

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: a1b - C:\WINDOWS\system32\drivers\1205853026\WlNotify.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[Silas Martins 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

[thiagoonweb 0]

ComboFix 08-04-24.1 - Cliente 2008-04-26 13:05:28.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.709 [GMT -3:00]

Executando de: C:\Documents and Settings\Cliente\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\zango

C:\Arquivos de programas\zango\bin\10.3.35.0\arrow.ico

C:\Arquivos de programas\zango\bin\10.3.35.0\CntntCntr.dll

C:\Arquivos de programas\zango\bin\10.3.35.0\copyright.txt

C:\Arquivos de programas\zango\bin\10.3.35.0\CoreSrv.dll

C:\Arquivos de programas\zango\bin\10.3.35.0\firefox\extensions\chrome.manifest

C:\Arquivos de programas\zango\bin\10.3.35.0\firefox\extensions\components\npclntax.xpt

C:\Arquivos de programas\zango\bin\10.3.35.0\firefox\extensions\install.rdf

C:\Arquivos de programas\zango\bin\10.3.35.0\firefox\extensions\plugins\npclntax_ZangoSA.dll

C:\Arquivos de programas\zango\bin\10.3.35.0\HostIE.dll

C:\Arquivos de programas\zango\bin\10.3.35.0\HostOE.dll

C:\Arquivos de programas\zango\bin\10.3.35.0\HostOL.dll

C:\Arquivos de programas\zango\bin\10.3.35.0\InstIE.dll

C:\Arquivos de programas\zango\bin\10.3.35.0\link.ico

C:\Arquivos de programas\zango\bin\10.3.35.0\OEAddOn.exe

C:\Arquivos de programas\zango\bin\10.3.35.0\Srv.exe

C:\Arquivos de programas\zango\bin\10.3.35.0\Toolbar.dll

C:\Arquivos de programas\zango\bin\10.3.35.0\Wallpaper.dll

C:\Arquivos de programas\zango\bin\10.3.35.0\Weather.exe

C:\Arquivos de programas\zango\bin\10.3.35.0\WeSkin.dll

C:\Arquivos de programas\zango\bin\10.3.35.0\ZangoSA.exe

C:\Arquivos de programas\zango\bin\10.3.35.0\ZangoSAAX.dll

C:\Arquivos de programas\zango\bin\10.3.35.0\ZangoSADF.exe

C:\Arquivos de programas\zango\bin\10.3.35.0\ZangoSAHook.dll

C:\Arquivos de programas\zango\bin\10.3.35.0\ZangoUninstaller.exe

C:\Documents and Settings\All Users\Dados de aplicativos\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

C:\Documents and Settings\Renato\Dados de aplicativos\ShoppingReport

C:\Documents and Settings\Renato\Dados de aplicativos\ShoppingReport\cs\Config.xml

C:\Documents and Settings\Renato\Dados de aplicativos\ShoppingReport\cs\db\Aliases.dbs

C:\Documents and Settings\Renato\Dados de aplicativos\ShoppingReport\cs\db\Sites.dbs

C:\Documents and Settings\Renato\Dados de aplicativos\ShoppingReport\cs\dwld\WhiteList.xip

C:\Documents and Settings\Renato\Dados de aplicativos\ShoppingReport\cs\report\aggr_storage.xml

C:\Documents and Settings\Renato\Dados de aplicativos\ShoppingReport\cs\report\send_storage.xml

C:\Documents and Settings\Renato\Dados de aplicativos\ShoppingReport\cs\res1\WhiteList.dbs

C:\Documents and Settings\Renato\Dados de aplicativos\WeatherDPA

C:\Documents and Settings\Renato\Dados de aplicativos\WeatherDPA\Weather\WeatherStartup.xml

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))))

.

 

2008-04-26 11:41 . 2008-04-26 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-04-26 11:41 . 2008-04-26 11:41 <DIR> d-------- C:\Arquivos de programas\Avira

2008-04-25 11:41 . 2008-04-25 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-04-25 10:45 . 2008-04-25 10:47 192 --a------ C:\WINDOWS\SIERRA.INI

2008-04-25 10:44 . 2008-04-25 10:44 <DIR> d-------- C:\Arquivos de programas\AVG

2008-04-05 19:56 . 2008-04-16 11:49 38 --a------ C:\WINDOWS\avisplitter.INI

2008-04-02 13:57 . 2008-04-21 21:58 <DIR> d-------- C:\Documents and Settings\Renato\Dados de aplicativos\LimeWire

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-25 13:53 --------- d-----w C:\Arquivos de programas\AdVantage

2008-04-23 00:22 --------- d-----w C:\Documents and Settings\Renato\Dados de aplicativos\MegauploadToolbar

2008-04-22 14:10 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\LimeWire

2008-04-19 22:16 --------- d-----w C:\Arquivos de programas\MegauploadToolbar

2008-04-06 00:08 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-04-03 00:43 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-04-02 12:25 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-04-01 18:36 --------- d-----w C:\Documents and Settings\Renato\Dados de aplicativos\FrostWire

2008-03-22 16:23 78,848 ----a-w C:\wo.exe

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-14 11:33 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ZangoSA

2008-03-14 11:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

2008-03-11 15:21 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-03-11 02:51 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\BSplayer

2008-03-11 02:50 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\BSplayer Pro

2008-03-11 02:50 --------- d-----w C:\Arquivos de programas\Webteh

2008-03-11 00:16 --------- d-----w C:\Arquivos de programas\Programas RFB

2008-03-08 16:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NCH Software

2008-03-08 16:25 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\NCH Software

2008-03-08 15:53 --------- d-----w C:\Arquivos de programas\BMPtoJPG

2008-03-08 13:42 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\Babylon

2008-03-07 09:16 --------- d-----w C:\Arquivos de programas\Innovative Solutions

2008-03-06 17:38 --------- d-----w C:\Arquivos de programas\Positivo

2008-03-04 17:07 --------- d-----w C:\Documents and Settings\Renato\Dados de aplicativos\Babylon

2008-03-04 14:24 --------- d-----w C:\Arquivos de programas\Babylon

2008-03-03 02:38 --------- d-----w C:\Arquivos de programas\CyberScript32

2008-03-02 05:56 --------- d-----w C:\Documents and Settings\Renato\Dados de aplicativos\oald7

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-03-01 04:08 --------- d-----w C:\Arquivos de programas\Ultra Video Splitter

2008-03-01 03:53 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\Zango

2008-02-29 17:02 --------- d-----w C:\Documents and Settings\Renato\Dados de aplicativos\Zango

2008-02-29 08:06 --------- d-----w C:\Arquivos de programas\LimeWire

2008-02-28 17:40 --------- d-----w C:\Arquivos de programas\FrostWire

2008-02-28 09:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\QuickTime

2008-02-27 12:12 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\FrostWire

2008-02-27 11:59 --------- d-----w C:\Arquivos de programas\Java

2008-02-27 11:59 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-02-26 10:24 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\Ahead

2008-02-24 18:45 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-01-29 05:53 612,864 ----a-w C:\WINDOWS\system32\x264vfw.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= "C:\Arquivos de programas\Babylon\Babylon Toolbar\BabylonIEToolBar.dll" [2008-02-27 11:18 267488]

 

[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]

[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]

[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]

[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 15:34 3739672]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinLogT"="C:\WINDOWS\WinLogT.exe" [2006-03-30 15:45 500224]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-26 12:06 262401]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ a1b]

C:\WINDOWS\system32\drivers\1205853026\WlNotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\agentsvr]

C:\WINDOWS\system32\1205853026\agentsvr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

--a------ 2008-02-27 11:19 3551456 C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-02-13 20:09 486856 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]

-r------- 2006-08-13 23:51 352256 C:\WINDOWS\system32\JMRaidTool.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-11-07 15:34 3739672 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 16:40 155648 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-02-24 15:44 98304 C:\Arquivos de programas\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2005-09-07 15:35 716800 C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

-ra------ 2005-05-19 22:11 925696 C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]

C:\Arquivos de programas\Zango\bin\10.3.35.0\OEAddOn.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]

C:\Arquivos de programas\Zango\bin\10.3.35.0\ZangoSA.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Spooler"=2 (0x2)

"SCardSvr"=3 (0x3)

"ose"=3 (0x3)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\IEXPLORE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\FrostWire\\FrostWire.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4100:UDP"= 4100:UDP:uPNP Router Control Port

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

S2 StudioPro;StudioPro webcam;C:\WINDOWS\system32\DRIVERS\StudioPro.sys [2007-01-05 21:18]

S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2007-04-22 19:27]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59cac9f2-e14b-11dc-8ed5-001a928a5e50}]

\Shell\Auto\command - msnmsgr.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcf34056-0f39-11dd-8fc0-001a928a5e50}]

\Shell\AutoRun\command - fooool.exe

\Shell\explore\Command - fooool.exe

\Shell\open\Command - fooool.exe

 

*Newly Created Service* - CATCHME

*Newly Created Service* - SSMDRV

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-26 13:07:18

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 1

 

**************************************************************************

.

Tempo para conclusão: 2008-04-26 13:07:53

ComboFix-quarantined-files.txt 2008-04-26 16:07:48

 

Pre-Run: 111,977,857,024 bytes disponíveis

Post-Run: 112,805,863,424 bytes disponíveis

 

215 --- E O F --- 2008-04-10 12:39:33

 

----------------------------------------------------------------------------------------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 13:11:11, on 26/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Cliente\Desktop\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 67.228.214.231 wwws.nossacaixa.com.br

O1 - Hosts: 67.228.214.230 internetbanking.caixa.gov.br

O1 - Hosts: 67.228.214.229 www2.bancobrasil.com.br

O1 - Hosts: 67.228.214.228 www2.infoseg.gov.br

O1 - Hosts: 67.228.214.228 portal.credicarditau.com.br

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Arquivos de programas\Babylon\Babylon Toolbar\BabylonIEToolBar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{4C3573BC-D9DE-44AB-B7CB-54E736CB462A}: NameServer = 201.10.128.3 201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: a1b - C:\WINDOWS\system32\drivers\1205853026\WlNotify.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[Silas Martins 0]

Siga as instruções abaixo:

 

Baixe o Killbox

Execute o KillBox,clique em Delete on Reboot.

Copie a lista abaixo:

C:\WINDOWS\WinLogT.exe

 

Vá ao Killbox.E clique em File > Paste from clipboard. Clique em All Files.

 

Pressione "X". Responda "NÃO" à pergunta.

 

Reinicie

o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O20 - Winlogon Notify: a1b - C:\WINDOWS\system32\drivers\1205853026\WlNotify.dll (file missing)

Clique em Fix Checked

Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.

 

Aguardo retorno.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.