[Arquivado] Meu Log

[fainsil 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:13:57, on 15/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\logonui.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\TWAIN_32\Vivid\VIVID.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\PrevxCSI\prevxcsi.exe

C:\Arquivos de programas\PrevxCSI\prevxcsi.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.barbacena.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F3 - REG:win.ini: load=C:\WINDOWS\TWAIN_32\Vivid\VIVID.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{57652091-60C6-4DDF-B675-F6D4831C9657}: NameServer = 201.57.163.1,200.251.137.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{9B8B1EBE-D0F0-4A31-BB0E-C7AB59DB7274}: NameServer = 201.57.163.1,200.251.137.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{57652091-60C6-4DDF-B675-F6D4831C9657}: NameServer = 201.57.163.1,200.251.137.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{57652091-60C6-4DDF-B675-F6D4831C9657}: NameServer = 201.57.163.1,200.251.137.3

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: CSIScanner - Prevx - C:\Arquivos de programas\PrevxCSI\prevxcsi.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 6375 bytes

[PedroN 1]

Baixe o Combofix e salve no seu desktop.

 

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

 

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

 

Para parar ou sair do ComboFix, tecle "2" e Enter.

 

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

[fainsil 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:00:09, on 15/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\TWAIN_32\Vivid\VIVID.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\PrevxCSI\prevxcsi.exe

C:\Arquivos de programas\PrevxCSI\prevxcsi.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.barbacena.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{57652091-60C6-4DDF-B675-F6D4831C9657}: NameServer = 201.57.163.1,200.251.137.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{9B8B1EBE-D0F0-4A31-BB0E-C7AB59DB7274}: NameServer = 201.57.163.1,200.251.137.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{57652091-60C6-4DDF-B675-F6D4831C9657}: NameServer = 201.57.163.1,200.251.137.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{57652091-60C6-4DDF-B675-F6D4831C9657}: NameServer = 201.57.163.1,200.251.137.3

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: CSIScanner - Prevx - C:\Arquivos de programas\PrevxCSI\prevxcsi.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 5795 bytes

 

 

 

 

ComboFix 08-07-14.2 - user 2008-07-15 20:47:17.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.197 [GMT -3:00]

Executando de: C:\Documents and Settings\user\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

C:\DOCUME~1\user\CONFIG~1\Temp\scw.dll

C:\k6wkwon2.exe

C:\WINDOWS\system32\28463

C:\WINDOWS\system32\28463\AISS.001

C:\WINDOWS\system32\28463\AISS.002

C:\WINDOWS\system32\28463\AISS.005

C:\WINDOWS\system32\28463\AISS.006

C:\WINDOWS\system32\ckvo.exe

C:\WINDOWS\system32\ckvo0.dll

E:\Autorun.inf

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-15 to 2008-07-15 ))))))))))))))))))))))))))))))))

.

 

2008-07-15 14:13 . 2008-07-15 14:13 <DIR> d-------- C:\hijack

2008-07-15 14:13 . 2008-07-15 14:13 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-07-15 14:00 . 2008-07-15 16:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PrevxCSI

2008-07-15 14:00 . 2008-07-15 14:00 <DIR> d-------- C:\Arquivos de programas\PrevxCSI

2008-07-15 14:00 . 2008-07-15 14:00 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys

2008-07-15 10:05 . 2008-07-15 09:52 116,862 -r-hs---- C:\k.com

2008-07-14 10:00 . 2008-07-14 19:47 118,512 -r-hs---- C:\fi.cmd

2008-07-14 10:00 . 2008-07-15 09:52 77,312 -r-hs---- C:\WINDOWS\system32\ckvo1.dll

2008-07-08 12:54 . 2008-07-08 12:54 7,168 --ahs---- C:\WINDOWS\system32\Thumbs.db

2008-06-17 17:06 . 2008-06-17 18:38 <DIR> d-------- C:\Documents and Settings\user\Dados de aplicativos\Hamachi

2008-06-17 17:05 . 2008-06-17 17:06 <DIR> d-------- C:\Arquivos de programas\Hamachi

2008-06-17 17:05 . 2008-06-17 17:05 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-15 16:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-07-15 16:49 --------- d-----w C:\Arquivos de programas\Spyware Terminator

2008-07-15 16:49 --------- d-----w C:\Arquivos de programas\Real Alternative

2008-07-15 16:49 --------- d-----w C:\Arquivos de programas\Cheat Engine

2008-07-15 16:28 --------- d-----w C:\Arquivos de programas\WinClamAVShield

2008-07-15 15:09 --------- d-----w C:\Arquivos de programas\Windows Live

2008-07-15 15:01 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-07-15 14:06 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\Spyware Terminator

2008-06-30 00:57 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\Skype

2008-06-28 10:51 --------- d-----w C:\Arquivos de programas\LogMeIn

2008-06-11 20:27 --------- d-----w C:\Arquivos de programas\CrossLoop

2008-06-08 22:01 9,085,415 ----a-w C:\Arquivos de programas\LogMeIn.rar

2008-06-08 21:45 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn

2008-05-28 15:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll

2008-05-28 15:33 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll

2008-05-28 15:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll

2008-05-28 15:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll

2008-05-28 15:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll

2008-02-28 17:30 8,784 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\ractrlkeyhook.dll

2008-02-28 17:33 245,408 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\unicows.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-10-04 21:33 190024]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 15:34 3739672]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2006-12-02 21:11 929280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43 86016]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 12:46 172032]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]

"avast!"="E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 20:19 79224]

"SpywareTerminator"="C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-02-19 18:44 2957824]

"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]

"SoundMan"="SOUNDMAN.EXE" [2004-12-01 04:54 77824 C:\WINDOWS\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

--a------ 2007-10-04 10:25 459264 C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Documents and Settings\\user\\Meus documentos\\Jogos\\Super Nintendo\\Emulador do Super nintendo) ZSNESW.EXE"=

"C:\\Arquivos de programas\\DAP\\DAP.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=

"C:\\Arquivos de programas\\Laryon\\ScanRn\\ScanRn.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"E:\\Arquivos de programas\\Tactical Ops\\System\\TacticalOps.exe"=

"E:\\Arquivos de programas\\iMesh Applications\\iMesh\\iMesh.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aom.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\OnGame\\WYD\\WYD.exe"=

"E:\\Arquivos de programas\\Teamspeak2_RC2\\TeamSpeak.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"24564:TCP"= 24564:TCP:BitComet 24564 TCP

"24564:UDP"= 24564:UDP:BitComet 24564 UDP

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-07-15 14:00]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-19 18:44]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

R2 CSIScanner;CSIScanner;C:\Arquivos de programas\PrevxCSI\prevxcsi.exe [2008-07-15 14:00]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]

R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-04-02 09:16]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42cf18bc-f2ac-11dc-95dc-00161788e24f}]

\Shell\AutoRun\command - J:\vmhr.bat

\Shell\explore\Command - J:\vmhr.bat

\Shell\open\Command - J:\vmhr.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2884d98-3a31-11dd-9731-0008a1664dba}]

\Shell\AutoRun\command - G:\k.com

\Shell\explore\Command - G:\k.com

\Shell\open\Command - G:\k.com

 

*Newly Created Service* - CATCHME

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe

Notify-WgaLogon - (no file)

MSConfigStartUp-DAEMON Tools Lite - C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-15 20:54:59

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

**************************************************************************

.

Tempo para conclusão: 2008-07-15 20:57:59

ComboFix-quarantined-files.txt 2008-07-15 23:56:55

 

Pre-Run: 5,096,259,584 bytes disponíveis

Post-Run: 5,403,803,648 bytes disponíveis

 

157 --- E O F --- 2008-02-13 14:13:10

[PedroN 1]

Desculpa a demora ;)

 

• Antes de qualquer medida, faça a instalação do RC!

---------------------------------------

• Vá ao site da Microsoft: < Link >

 

• Selecione o download, que seja adequado, ao seu Sistema Operacional!

 

 

• Faça o download, do arquivo, e salve-o no seu desktop.

• Feche todos os programas, que estejam abertos!

• Feche, também, seus programas de proteção! ( Antivírus,Antispywares e Firewall )

• Arraste o setup, baixado do site da Microsoft, para o interior do ComboFix.exe

• Veja, abaixo, a demonstração!

 

 

• Siga as mensagens que aparecem na tela,para iniciar o ComboFix.

• Aceite o contrato da Microsoft, para instalar o "Console de Recuperação da Microsoft".

• Na próxima mensagem, clique em "Yes", para realizar um scan com o ComboFix.

 

 

• Terminando, poste os relatórios:

 

• C:\ComboFix.txt mais o log do HijackThis, atualizado.

 

Abraços

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.