[Arquivado] Preciso de !

Penny · Maio 22, 2008

Olá, sempre vinha espiar os posts muitos foram de grande ajuda, mas como sou leiga tem coisas que não consigo resolver sozinha. Se puderem diagnosticar meu log e orientar o que devo fazer, tem "bichos" que por mais que eu passe anti vírus, e outros programas que achei no baixaki não saem da minha máquina. Obrigada e parabéns para os criadores desse espaço!!!

logfile of HijackThis v1.99.1

Scan saved at 15:37:34, on 22/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\UAService7.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

C:\Arquivos de programas\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe

C:\Arquivos de programas\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe

C:\Arquivos de programas\Symantec\Norton AntiBot\agent\Bin\NABMonitor.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SSU.EXE

C:\Documents and Settings\Marta\Configurações locais\Temporary Internet Files\Content.IE5\0L6JO92R\FixEnvid[1].exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Marta\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)

O4 - HKLM\..\Run: [msnappau] "C:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [TrojanScanner] "C:\Arquivos de programas\Trojan Remover\Trjscan.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [NortonAntiBot] "C:\Arquivos de programas\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Hitman2SilentAssassinSetup.exe] /r

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://evidenceeraserpro.com/landings-aff/...InstallerPt.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: Domain = @

O17 - HKLM\System\CCS\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: NameServer = 200.175.5.139,200.175.182.139

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3444060-BA69-4623-8460-1F50E32388C0}: NameServer = 200.175.5.139 200.175.182.139

O17 - HKLM\System\CS1\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: Domain = @

O17 - HKLM\System\CS1\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: NameServer = 200.175.5.139,200.175.182.139

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: SymantecAntiBotAgent - Unknown owner - C:\Arquivos de programas\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe" SymantecAntiBotAgent (file missing)

O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Arquivos de programas\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

Vinicius Ianni · Maio 22, 2008

Boa Noite !

De estranho, notei isso :

C:\Documents and Settings\Marta\Configurações locais\Temporary Internet Files\Content.IE5\0L6JO92R\FixEnvid[1].exe

O que é isso ?

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Marta\Desktop\HijackThis.exe

E esses 2 ?

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

Pelo jeito andou instalando uma barra para poder baixar alguma coisa ou um pacote de emoticons...

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Verifica essa chave, se não souber usa o regclean

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)

A tal barra de novo ....

O17 - HKLM\System\CCS\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: Domain = @

O17 - HKLM\System\CCS\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: NameServer = 200.175.5.139,200.175.182.139

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3444060-BA69-4623-8460-1F50E32388C0}: NameServer = 200.175.5.139 200.175.182.139

O17 - HKLM\System\CS1\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: Domain = @

O17 - HKLM\System\CS1\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: NameServer = 200.175.5.139,200.175.182.139

O que é isso ? Esse endereço aponta para onde ?

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

e isso o que é ?

Abraços,

Vinicius Ianni

Silas Martins · Maio 22, 2008

Olá Penny

Baixe o ComboFix e salve na área de trabalho.

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

Aguardo Retorno

Penny · Maio 23, 2008

Obrigada, como sou leiga vou fazer com tempo amanhã e dou retorno a você.

Boa Noite !
De estranho, notei isso :

C:\Documents and Settings\Marta\Configurações locais\Temporary Internet Files\Content.IE5\0L6JO92R\FixEnvid[1].exe

O que é isso ?

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Marta\Desktop\HijackThis.exe

E esses 2 ?

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

Pelo jeito andou instalando uma barra para poder baixar alguma coisa ou um pacote de emoticons...

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Verifica essa chave, se não souber usa o regclean

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)

A tal barra de novo ....

O17 - HKLM\System\CCS\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: Domain = @

O17 - HKLM\System\CCS\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: NameServer = 200.175.5.139,200.175.182.139

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3444060-BA69-4623-8460-1F50E32388C0}: NameServer = 200.175.5.139 200.175.182.139

O17 - HKLM\System\CS1\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: Domain = @

O17 - HKLM\System\CS1\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: NameServer = 200.175.5.139,200.175.182.139

O que é isso ? Esse endereço aponta para onde ?

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

e isso o que é ?

Abraços,

Vinicius Ianni

Olá Silas, vou fazer isso amanhã, me parece mais fácil pra quem não entende quase nada como eu, a tua orientação, obrigada te dou retorno.

Olá Penny
Baixe o ComboFix e salve na área de trabalho.

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

Aguardo Retorno

Penny · Maio 23, 2008

Olá Vinicius, eu não sei o q é nada disso, bgda.

Boa Noite !
De estranho, notei isso :

C:\Documents and Settings\Marta\Configurações locais\Temporary Internet Files\Content.IE5\0L6JO92R\FixEnvid[1].exe

O que é isso ?

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Marta\Desktop\HijackThis.exe

E esses 2 ?

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

Pelo jeito andou instalando uma barra para poder baixar alguma coisa ou um pacote de emoticons...

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Verifica essa chave, se não souber usa o regclean

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)

A tal barra de novo ....

O17 - HKLM\System\CCS\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: Domain = @

O17 - HKLM\System\CCS\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: NameServer = 200.175.5.139,200.175.182.139

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3444060-BA69-4623-8460-1F50E32388C0}: NameServer = 200.175.5.139 200.175.182.139

O17 - HKLM\System\CS1\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: Domain = @

O17 - HKLM\System\CS1\Services\Tcpip\..\{374127EC-83A6-40B5-9AA8-6676EDC2E32A}: NameServer = 200.175.5.139,200.175.182.139

O que é isso ? Esse endereço aponta para onde ?

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

e isso o que é ?

Abraços,

Vinicius Ianni

Penny · Maio 23, 2008

Olá, Silas, olha só eu fiz o q você disse, só q não reiniciou o micro dpois do scan do combofix, não sei se fiz certinho. Aí vai os logs atuais:

ComboFix 08-05-21.3 - Marta 2008-05-22 23:50:28.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.134 [GMT -3:00]

Executando de: C:\Documents and Settings\Marta\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\Google\googletoolbar1.dll

C:\WINDOWS\system32\tavo1.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))

.

2008-05-22 15:18 . 2008-05-22 15:18 <DIR> d-------- C:\Arquivos de programas\Symantec

2008-05-22 15:17 . 2008-05-22 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Downloaded Installations

2008-05-22 01:54 . 2008-05-22 01:54 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-05-22 01:28 . 2008-05-22 01:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-05-19 23:33 . 2008-05-19 23:33 <DIR> d-------- C:\Documents and Settings\Marta\Dados de aplicativos\Webroot

2008-05-19 23:33 . 2008-05-19 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Webroot

2008-05-19 23:33 . 2008-05-19 23:33 <DIR> d-------- C:\Arquivos de programas\Webroot

2008-05-19 23:33 . 2008-05-19 23:33 <DIR> d-------- C:\Arquivos de programas\AskSBar

2008-05-19 23:33 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll

2008-05-19 23:33 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys

2008-05-19 23:33 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys

2008-05-19 23:33 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys

2008-05-19 23:33 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys

2008-05-19 23:31 . 2008-05-19 23:31 164 --a------ C:\install.dat

2008-05-19 22:50 . 2008-05-20 20:26 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-05-19 22:35 . 2008-05-19 22:35 <DIR> d-------- C:\Arquivos de programas\Trojan Remover

2008-05-19 22:26 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-05-19 22:26 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll

2008-05-19 22:26 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-05-19 22:26 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-05-19 22:26 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll

2008-05-19 22:25 . 2008-05-19 22:35 <DIR> d-------- C:\Documents and Settings\Marta\Dados de aplicativos\Simply Super Software

2008-05-19 22:25 . 2008-05-19 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Simply Super Software

2008-05-14 10:25 . 2008-05-17 09:20 118,678 -r-hs---- C:\v3pif.bat

2008-05-02 17:13 . 2008-05-19 16:21 113,054 --a------ C:\WINDOWS\system32\tavo.exe.vir

2008-05-02 17:13 . 2008-05-19 16:21 81,408 --a------ C:\WINDOWS\system32\tavo0.dll.vir

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-23 02:51 --------- d-----w C:\Arquivos de programas\Google

2008-05-22 18:18 --------- d-----w C:\Documents and Settings\Marta\Dados de aplicativos\Symantec

2008-05-22 01:57 --------- d-----w C:\Arquivos de programas\Atrativa Games

2008-05-22 01:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-05-22 01:50 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-05-19 19:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:49 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-02-26 04:14 1,901 -c--a-w C:\WINDOWS\panose.bin

2005-03-01 19:27 266 -csh--w C:\Arquivos de programas\desktop.ini

2005-03-01 19:27 11,280 -c-ha-w C:\Arquivos de programas\folder.htt

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2008-05-19 23:33 66912 --a------ C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL" [ ]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL [ ]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"Hitman2SilentAssassinSetup.exe"=" /r" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnappau"="C:\Arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe" [2004-08-13 17:41 86016]

"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 07:50 155648]

"TrojanScanner"="C:\Arquivos de programas\Trojan Remover\Trjscan.exe" [2008-05-18 14:19 877136]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 20:19 79224]

"NortonAntiBot"="C:\Arquivos de programas\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe" [2007-11-12 22:59 1378840]

"SpySweeper"="C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:45 15360]

"Symantec NetDriver Warning"="C:\ARQUIV~1\SYMNET~1\SNDWarn.exe" [2005-07-29 10:37 218232]

C:\Documents and Settings\Marta\Menu Iniciar\Programas\Inicializar\

Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-03 22:34:54 344064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehCef.dll [2007-07-12 14:54 322120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a--c--- 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

R2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe [2007-07-12 14:56]

S3 ATE_PROCMON;ATE_PROCMON;C:\Arquivos de programas\Anti Trojan Elite\ATEPMon.sys []

S3 DCamUSBET151;Etoms USB CIF Camera Capture;C:\WINDOWS\system32\Drivers\et151.sys [2006-02-17 14:22]

S3 DCamUSBMR;CMOS 100K-R Rev. 1.90;C:\WINDOWS\system32\DRIVERS\MR97110.sys [2001-08-21 13:47]

S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\System32\PavSRK.sys []

S3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-05-20 21:25:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-22 23:59:11

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\WINDOWS\system32\imon.dll

.

Tempo para conclusão: 2008-05-23 0:05:46

ComboFix-quarantined-files.txt 2008-05-23 03:04:40

Pre-Run: 28,253,110,272 bytes disponíveis

Post-Run: 28,359,008,256 bytes disponíveis

128 --- E O F --- 2008-05-16 00:23:59

Agora o do HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 00:07:35, on 23/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Arquivos de programas\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe

C:\Arquivos de programas\Symantec\Norton AntiBot\agent\bin\NABMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

C:\WINDOWS\System32\UAService7.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SSU.EXE

C:\WINDOWS\system32\CF7510.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\regedit.exe

C:\Documents and Settings\Marta\Desktop\Proteção\HijackThis.exe