[Resolvido!] Explorer abre após algum tempo de pc ligado

Hinten · Julho 28, 2008

Seguinte galera, tava navegando na internet e entrei em um site de videos, disse que precisava instalar um activeX, e eu, inocentemente instalei, e pronto, la estava o avast acusando o trojan... Ja fiz o avast escanear e deletar o vírus no bot, ja passei o ad-aware 2008 para deletar os ad, mas, mesmo assim, ainda tem um malware no meu pc que persiste, e toda vez que eu ligo meu pc, ele inventa de abrir um janela do explorer em um horário aleatório, uma única vez, e mais nada... Queria saber se esse é meu único vírus ou se ainda existe ainda alguns pérfidos que o avast não pegou...

Segue aí o log do Hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:29:14, on 27/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Web Technologies\wcs.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\ATI Technologies\Painel de Controle da ATI\atiptaxx.exe

C:\Arquivos de programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Comodo\Firewall\CPF.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\ARQUIV~1\HPQ\SHARED\HPQTOA~1.EXE

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [synTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Arquivos de programas\ATI Technologies\Painel de Controle da ATI\atiptaxx.exe"

O4 - HKLM\..\Run: [Cpqset] C:\Arquivos de programas\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Arquivos de programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [WatchDog] C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [synTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKLM\..\Policies\Explorer\Run: [this] C:\Arquivos de programas\Web Technologies\wcs.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: DVD Check.lnk = C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216588145683

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--

End of file - 7967 bytes

Desde já agradeço :blush:

PedroN · Julho 28, 2008

Baixe o Combofix e salve no seu desktop.

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

Hinten · Julho 29, 2008

Obrigado pela ajuda :thumbsup:

Segue aqui o relatório do combofix:

ComboFix 08-07-28.4 - Lucas 2008-07-28 21:09:09.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.986 [GMT -3:00]

Executando de: C:\Documents and Settings\Lucas\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\Web Technologies

C:\Arquivos de programas\Web Technologies\wcs.exe

C:\Arquivos de programas\Web Technologies\wcu.exe

C:\Documents and Settings\Lucas\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-28 to 2008-07-29 ))))))))))))))))))))))))))))))))

.

2008-07-27 22:29 . 2008-07-27 22:29 <DIR> d-------- C:\HijackThis

2008-07-27 22:10 . 2008-07-27 22:10 <DIR> d-------- C:\!KillBox

2008-07-27 17:43 . 2008-07-27 22:18 <DIR> d-------- C:\LinhaDefensiva

2008-07-27 11:48 . 2008-07-27 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-07-27 11:48 . 2008-07-27 11:48 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2008-07-27 11:47 . 2008-07-27 11:47 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-07-26 16:33 . 2008-04-13 15:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-07-23 18:22 . 2008-07-23 18:22 <DIR> d-------- C:\Logs

2008-07-22 01:08 . 2008-07-22 01:08 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-07-22 01:07 . 2008-07-27 22:51 <DIR> d-------- C:\Documents and Settings\Lucas\Dados de aplicativos\uTorrent

2008-07-21 23:10 . 2008-07-21 23:10 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-07-21 23:09 . 2008-07-21 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-07-21 22:52 . 2008-07-22 01:04 <DIR> d-------- C:\Documents and Settings\Lucas\Dados de aplicativos\Azureus

2008-07-21 22:52 . 2008-07-21 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Azureus

2008-07-21 22:48 . 2008-07-28 21:04 <DIR> d-------- C:\Documents and Settings\Lucas\Dados de aplicativos\mIRC

2008-07-21 22:48 . 2008-07-28 21:04 <DIR> d-------- C:\Arquivos de programas\mIRC

2008-07-21 22:42 . 2008-07-21 22:42 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2008-07-21 22:42 . 2004-08-04 09:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-07-21 22:42 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-07-21 22:40 . 2008-07-21 22:42 <DIR> d-------- C:\Arquivos de programas\Java

2008-07-21 22:38 . 2008-07-21 22:39 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-07-21 22:30 . 2008-07-21 22:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-07-21 22:26 . 2008-07-22 01:11 <DIR> d-------- C:\Torrents

2008-07-21 21:30 . 2008-07-21 21:30 <DIR> d-------- C:\Arquivos de programas\Microsoft Silverlight

2008-07-21 21:21 . 2008-04-23 04:14 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-07-21 21:21 . 2007-04-17 06:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-07-21 21:21 . 2007-03-08 02:12 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-07-21 21:21 . 2008-04-23 04:14 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-07-21 21:21 . 2008-04-23 04:14 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-07-21 21:21 . 2008-04-23 04:14 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-07-21 21:21 . 2008-04-23 04:14 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-07-21 21:21 . 2008-04-23 04:14 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-07-21 21:21 . 2008-04-22 04:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-07-21 19:29 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-07-21 19:29 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-07-21 08:12 . 2008-07-21 08:12 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-07-21 00:56 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-07-21 00:56 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-07-21 00:56 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-07-21 00:56 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-07-21 00:56 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

2008-07-20 21:18 . 2008-07-21 21:31 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-07-20 21:18 . 2008-07-20 21:18 <DIR> d-------- C:\WINDOWS\system32\bits

2008-07-20 21:18 . 2008-07-20 21:18 <DIR> d-------- C:\WINDOWS\l2schemas

2008-07-20 21:15 . 2008-07-20 21:18 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-07-20 21:01 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys

2008-07-20 21:01 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys

2008-07-20 21:01 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys

2008-07-20 21:01 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

2008-07-20 20:58 . 2008-07-20 20:59 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-07-20 20:20 . 2008-07-20 20:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Blizzard Entertainment

2008-07-20 20:03 . 2008-07-21 22:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-07-20 20:01 . 2008-07-20 20:01 <DIR> d-------- C:\Arquivos de programas\NeroInstall.bak

2008-07-20 19:59 . 2008-07-20 19:59 <DIR> d-------- C:\Documents and Settings\Lucas\Dados de aplicativos\Nero

2008-07-20 19:55 . 2008-07-20 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-07-20 19:55 . 2008-07-20 19:55 <DIR> d-------- C:\Arquivos de programas\Nero

2008-07-20 19:55 . 2008-07-20 19:57 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-07-20 19:49 . 2008-06-14 14:34 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-20 19:49 . 2008-06-14 14:34 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-20 19:26 . 2008-07-20 19:26 <DIR> d-------- C:\Arquivos de programas\BraZip

2008-07-20 19:22 . 2008-05-08 11:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-07-20 19:06 . 2008-07-20 19:06 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-20 18:09 . 2008-07-20 18:09 <DIR> d-------- C:\Arquivos de programas\Microsoft Works

2008-07-20 18:08 . 2008-07-20 18:08 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

2008-07-20 18:05 . 2008-07-20 18:05 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-07-20 18:04 . 2008-07-20 18:04 <DIR> dr-h----- C:\MSOCache

2008-07-20 18:04 . 2008-07-21 08:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-07-20 17:39 . 2008-07-21 21:30 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-07-20 17:30 . 2008-07-20 17:30 <DIR> d--hs---- C:\Documents and Settings\Lucas\UserData

2008-07-20 17:26 . 2008-07-20 17:26 <DIR> d-------- C:\Documents and Settings\Lucas\Dados de aplicativos\Comodo

2008-07-20 17:26 . 2008-07-20 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Comodo

2008-07-20 17:25 . 2008-07-20 17:25 <DIR> d-------- C:\Arquivos de programas\Comodo

2008-07-20 17:25 . 2008-07-20 16:23 211 --a------ C:\boot.ini.comodofirewall

2008-07-20 17:07 . 2008-07-20 17:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-07-20 17:03 . 2005-12-02 10:56 458,752 --a------ C:\WINDOWS\system32\hpqPres.dll

2008-07-20 17:03 . 2005-11-30 15:31 282,624 --a------ C:\WINDOWS\system32\cpqinfo.dll

2008-07-20 17:03 . 2005-12-02 10:56 73,728 --a------ C:\WINDOWS\system32\hpqactn.dll

2008-07-20 17:03 . 2004-04-13 09:30 32,768 --a------ C:\WINDOWS\system32\eabhbrn8.dll

2008-07-20 17:03 . 2005-05-05 10:04 7,936 --a------ C:\WINDOWS\system32\drivers\eabfiltr.sys

2008-07-20 17:03 . 2005-05-05 10:04 5,760 --a------ C:\WINDOWS\system32\drivers\EabUsb.sys

2008-07-20 17:01 . 2002-11-21 10:57 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll

2008-07-20 17:01 . 2002-11-21 10:57 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll

2008-07-20 17:01 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll

2008-07-20 17:01 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll

2008-07-20 17:01 . 2002-11-21 10:57 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll

2008-07-20 17:01 . 2002-11-21 10:57 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll

2008-07-20 17:00 . 2008-07-20 17:01 <DIR> d-------- C:\Arquivos de programas\InterVideo

2008-07-20 17:00 . 2008-07-20 17:00 791 --a------ C:\WINDOWS\system32\InstallUtil.InstallLog

2008-07-20 13:19 . 2008-04-13 23:18 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-07-20 13:18 . 2004-08-04 09:00 180,770 --a--c--- C:\WINDOWS\system32\dllcache\c_20932.nls

2008-07-20 13:15 . 2008-04-13 22:53 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-07-20 13:15 . 2001-08-17 18:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2008-07-20 13:14 . 2008-04-13 23:20 76,288 --a------ C:\WINDOWS\system32\usbui.dll

2008-07-20 13:14 . 2004-08-03 19:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys

2008-07-20 13:14 . 2008-04-13 15:36 14,208 --a------ C:\WINDOWS\system32\drivers\battc.sys

2008-07-20 13:14 . 2008-04-13 15:36 13,952 --a------ C:\WINDOWS\system32\drivers\cmbatt.sys

2008-07-20 13:14 . 2008-04-13 15:36 10,240 --a------ C:\WINDOWS\system32\drivers\compbatt.sys

2008-07-20 13:14 . 2008-04-13 15:36 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys

2008-07-20 13:13 . 2008-07-20 16:25 <DIR> d--h----- C:\Documents and Settings\Default User\Modelos

2008-07-20 13:13 . 2008-07-20 13:13 <DIR> d-------- C:\Documents and Settings\Default User\Meus documentos

2008-07-20 13:13 . 2008-07-20 13:13 <DIR> dr------- C:\Documents and Settings\Default User\Menu Iniciar

2008-07-20 13:13 . 2008-07-20 13:13 <DIR> d-------- C:\Documents and Settings\Default User\Favoritos

2008-07-20 13:13 . 2008-07-20 13:13 <DIR> dr-h----- C:\Documents and Settings\Default User\Configurações locais

2008-07-20 13:13 . 2008-07-20 13:13 <DIR> d--h----- C:\Documents and Settings\Default User\Ambiente de rede

2008-07-20 13:13 . 2008-07-20 13:13 <DIR> d--h----- C:\Documents and Settings\Default User\Ambiente de impressão

2008-07-20 13:13 . 2008-07-21 22:44 <DIR> d--h----- C:\Documents and Settings\All Users\Modelos

2008-07-20 13:13 . 2008-07-21 22:44 <DIR> dr------- C:\Documents and Settings\All Users\Menu Iniciar

2008-07-20 13:13 . 2008-07-20 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Favoritos

2008-07-20 13:13 . 2008-07-20 16:27 <DIR> dr------- C:\Documents and Settings\All Users\Documentos

2008-07-20 13:12 . 2008-07-26 21:13 <DIR> d-------- C:\WINDOWS\system32\CatRoot2

2008-07-20 13:12 . 2008-07-21 22:51 <DIR> d-------- C:\WINDOWS\system32\CatRoot

2008-07-20 13:12 . 2008-07-20 13:13 <DIR> dr-h----- C:\Documents and Settings\Default User\Dados de aplicativos

2008-07-20 13:12 . 2008-07-20 16:52 <DIR> d--h----- C:\Documents and Settings\Default User

2008-07-20 13:12 . 2008-07-27 11:48 <DIR> dr-h----- C:\Documents and Settings\All Users\Dados de aplicativos

2008-07-20 13:12 . 2008-07-20 16:29 <DIR> d-------- C:\Documents and Settings\All Users

2008-07-20 13:12 . 2008-07-20 16:35 <DIR> d-------- C:\Documents and Settings

2008-07-20 13:12 . 2004-08-04 09:00 1,086,058 -ra------ C:\WINDOWS\SET4.tmp

2008-07-20 13:12 . 2004-08-04 09:00 1,014,492 -ra------ C:\WINDOWS\SET3.tmp

2008-07-20 13:12 . 2004-08-04 09:00 14,043 -ra------ C:\WINDOWS\SET8.tmp

2008-07-20 13:11 . 2008-07-20 16:32 237 --a------ C:\WINDOWS\system32\$winnt$.inf

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-20 22:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-20 22:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Sonic Shared

2008-07-20 22:37 --------- d-----w C:\Arquivos de programas\Sonic

2008-07-20 20:03 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-20 20:03 --------- d-----w C:\Arquivos de programas\HPQ

2008-07-20 20:03 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-07-20 20:00 --------- d-----w C:\Arquivos de programas\Windows Media Connect

2008-07-20 19:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2008-07-20 19:48 --------- d-----w C:\Arquivos de programas\Broadcom

2008-07-20 19:47 --------- d-----w C:\Arquivos de programas\ATI Technologies

2008-07-20 19:46 --------- d-----w C:\Arquivos de programas\Synaptics

2008-07-20 19:45 --------- d-----w C:\Arquivos de programas\CONEXANT

2008-07-20 19:43 1,520 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq nx6105 (EV320AV)_YN_0U_QBRB6190422_EU_46_I3096_SQuanta_V47.0E_BF.25_T060323_WXP2_L416_M

1407_J60_7AMD_8Turion 64 Technology ML-32_91.79_#080720_N10EC8139_(EV320AV)_XMOBILE_CN10_Z_2Rev 1_G.MRK

2008-07-20 19:43 --------- d-----w C:\Arquivos de programas\AMD

2008-07-20 19:30 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-07-20 19:29 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-07-20 19:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-06-20 17:48 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-05-16 14:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll

2008-05-09 08:45 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-07 05:11 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 23:20 15360]

"WMPNSCFG"="C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:32 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 09:00 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 09:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 09:00 455168]

"SynTPLpr"="C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 09:12 102492]

"SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27 1015808]

"ATIPTA"="C:\Arquivos de programas\ATI Technologies\Painel de Controle da ATI\atiptaxx.exe" [2005-07-13 21:05 344064]

"Cpqset"="C:\Arquivos de programas\HPQ\Default Settings\cpqset.exe" [2005-02-17 14:01 233534]

"hpWirelessAssistant"="C:\Arquivos de programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45 507904]

"WatchDog"="C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 14:54 184320]

"eabconfg.cpl"="C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 10:56 409600]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 11:38 78008]

"COMODO Firewall Pro"="C:\Arquivos de programas\Comodo\Firewall\CPF.exe" [2008-07-20 17:25 1115728]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"SynTPStart"="C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 23:20 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

DVD Check.lnk - C:\Arquivos de programas\InterVideo\DVD Check\DVDCheck.exe [2008-07-20 17:01:20 184320]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 11:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 11:37]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 16:06]

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

- - - - ORFAOS REMOVIDOS - - - -

HKLM-Explorer_Run-this - C:\Arquivos de programas\Web Technologies\wcs.exe

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.br/

R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.hp.com/

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-28 21:10:48

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Arquivos de programas\HPQ\Default Settings\cpqset.exe??3?7?0??p???? ???B?????????????hLC?0??????

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-07-28 21:11:35

ComboFix-quarantined-files.txt 2008-07-29 00:11:32

Pre-Run: 12 pasta(s) 23,169,392,640 bytes disponíveis

Post-Run: 15 pasta(s) 23,932,731,392 bytes disponíveis

237 --- E O F --- 2008-07-22 01:49:59

Aki o do hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:15:34, on 28/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\ATI Technologies\Painel de Controle da ATI\atiptaxx.exe

C:\Arquivos de programas\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Arquivos de programas\HPQ\Quick Launch Buttons\EabServr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Comodo\Firewall\CPF.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe