[Resolvido!] Estou com virus =/

Dihhs2Mahh · Setembro 20, 2008

olá... eu sou novo aqui mais eu li tudo direitinho antes de postar ... vou postar o meu log ... axo que clickei aond não devia e tah acusando de virus ... so consigo navegar pelo google chrome pelo IE nem entra mais trava tudo tah super lerdo e fica falando pra mim fazer o download do Total Secure 2009 eu até baixei mais prescisa do codigo de ativação tentei procurar tbm ... emfim @_@ espero que vocês possam me ajudar, por favor

Aqui está meu log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:05:52, on 20/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSync2.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE

C:\Documents and Settings\Luiz\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Luiz\Meus documentos\Downloads\HiJackThis (1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 189.17.203.102 L2authd.lineage2.com

O1 - Hosts: 189.17.203.102 L2testauthd.lineage2.com

O1 - Hosts: 216.107.250.194 nProtect.lineage2.com

O1 - Hosts: 216.107.250.194 update.nProtect.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Adom.To - {0F95467C-AB44-4274-BEEA-2A75AB01B77E} - C:\WINDOWS\system32\pgyss.dll

O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll (file missing)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [CoolSMS] C:\Arquivos de programas\CoolSMS\CoolSMS.exe /minimized

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_S9F.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Luiz\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [TotalSecure2009] C:\Arquivos de programas\TS2009\scan.exe

O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Arquivos de programas\Perfect Codec\isamonitor.exe

O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Arquivos de programas\Perfect Codec\pmsngr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Image Transfer.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_34.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_47.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect1.gravity.co.kr/nprotect/nPKeyCrypt/npkcx.cab

O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_35.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://200.212.184.212/g_bin/eng/billardt_2_0_0_35.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3682504-BAB2-424D-A62A-B296BCE1B26D}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O21 - SSODL: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - (no file)

O22 - SharedTaskScheduler: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - (no file)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NNServ - Unknown owner - C:\Arquivos de programas\NewDotNet\nnrun.exe (file missing)

O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Se for ajudar em alguma coisa tah aih a foto do que o TS2009 acusa porem num posso tirar poq pede chave de ativação e blá blá blá

Grato

PedroN · Setembro 20, 2008

Baixe o Combofix e salve no seu desktop.

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

Dihhs2Mahh · Setembro 20, 2008

Farei isso e postarei aqui mto obrigado pela sua atenção e paciencia até breve

Dihhs2Mahh · Setembro 21, 2008

Olá fiz tudo que foi pedido e voltei para postar os resultados ... espero que tenha melhorado nossa quando apareceu excluindo arquivo Windowns system 32 lah eu gelei @_@ pensei fodeu uhsauhasuhasuhasuhas quando reinicio deu um alivio uhasuhsauhasuhasuhas bom está aqui os resultados :

ComboFix :

ComboFix 08-09-20.05 - Luiz 2008-09-20 23:15:18.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.231 [GMT -3:00]

Executando de: C:\Documents and Settings\Luiz\Meus documentos\Downloads\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\Arquivos comuns\dbmmgr32.dll

C:\Documents and Settings\All Users\Menu Iniciar\Online Security Guide.url

C:\Documents and Settings\All Users\Menu Iniciar\Security Troubleshooting.url

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\system32\pgyss.dll

C:\WINDOWS\system32\stera.job

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NNSERV

-------\Service_NNServ

-------\Service_vspf

-------\Service_vspf_hk

((((((((((((((((((((((( Ficheiros criados de 2008-08-21 to 2008-09-21 ))))))))))))))))))))))))))))))))

.

2008-09-20 13:20 . 2008-09-20 13:20 <DIR> d-------- C:\Arquivos de programas\TS2009

2008-09-20 12:48 . 2008-09-20 12:49 39,878 --a------ C:\WINDOWS\system32\c.ico

2008-09-20 01:48 . 2008-09-20 01:48 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI

2008-09-19 21:13 . 2008-09-19 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2008-09-19 21:09 . 2008-09-19 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-09-19 21:09 . 2008-09-19 21:09 <DIR> d-------- C:\Arquivos de programas\Nero

2008-09-19 21:09 . 2008-09-19 21:12 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-09-18 00:20 . 2008-09-18 00:20 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter

2008-09-05 17:22 . 2008-09-05 17:22 <DIR> d-------- C:\Documents and Settings\Luiz\Dados de aplicativos\ArcSoft

2008-09-05 17:22 . 2008-09-05 17:22 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\ArcSoft

2008-09-05 17:22 . 2008-09-05 17:23 <DIR> d-------- C:\Arquivos de programas\ABBYY FineReader 6.0 Sprint

2008-09-05 17:22 . 2004-08-04 07:52 413,696 -ra------ C:\WINDOWS\system32\msvc8377.rra

2008-09-05 17:22 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL

2008-09-05 17:22 . 2006-10-26 09:29 126,976 --a------ C:\WINDOWS\system32\PhotoImpression Slideshow.scr

2008-09-05 17:22 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys

2008-09-05 17:21 . 2008-09-05 17:22 <DIR> d-------- C:\WINDOWS\system32\PhotoImpression Slideshow

2008-09-05 17:21 . 2008-09-05 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON

2008-09-05 17:21 . 2008-09-05 17:21 <DIR> d-------- C:\Arquivos de programas\ArcSoft

2008-09-05 17:20 . 2006-12-07 23:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAL.DLL

2008-09-05 17:20 . 2006-04-18 23:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAL.DLL

2008-09-05 17:20 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-09-05 17:20 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-09-05 17:20 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-09-05 17:20 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-09-05 17:20 . 2007-06-07 23:00 306 --a------ C:\WINDOWS\EPBUYINK.RTF

2008-09-05 17:19 . 2008-09-05 17:19 <DIR> d-------- C:\Documents and Settings\Luiz\Dados de aplicativos\InstallShield

2008-09-05 17:18 . 2006-12-28 00:00 208,896 --a------ C:\WINDOWS\system32\esint7e.dll

2008-09-05 17:18 . 2006-12-28 00:00 66,560 --a------ C:\WINDOWS\system32\eswia7e.dll

2008-09-05 17:18 . 2006-03-10 00:00 3,584 --a------ C:\WINDOWS\system32\eswiaml.dll

2008-09-05 17:18 . 2008-09-05 17:24 79 --a------ C:\WINDOWS\EPCX5600.ini

2008-09-02 21:47 . 2008-09-02 21:48 <DIR> d-------- C:\Documents and Settings\Luiz\Dados de aplicativos\Megacubo

2008-09-02 21:47 . 2008-09-02 21:47 <DIR> d-------- C:\Arquivos de programas\SopCast

2008-09-02 21:47 . 2008-09-13 08:55 <DIR> d-------- C:\Arquivos de programas\Megacubo

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-20 02:33 --------- d-----w C:\Documents and Settings\Luiz\Dados de aplicativos\Ahead

2008-09-19 23:52 --------- d-----w C:\Arquivos de programas\Ahead

2008-09-18 03:20 3,082 ----a-w C:\WINDOWS\system32\affv208325p1now.sys

2008-09-11 22:27 --------- d-----w C:\Arquivos de programas\Lineage][

2008-09-06 21:33 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-05 20:23 --------- d-----w C:\Arquivos de programas\EPSON

2008-09-05 20:21 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-01 02:52 --------- d-----w C:\Documents and Settings\Luiz\Dados de aplicativos\LimeWire

2008-08-17 16:33 159,291 ----a-w C:\WINDOWS\GBL Server Uninstaller.exe

2008-08-12 17:19 --------- d-----w C:\Arquivos de programas\Anime

2008-08-12 16:08 --------- d-----w C:\Arquivos de programas\Pivot Stickfigure Animator

2008-08-11 00:53 --------- d-----w C:\Arquivos de programas\SubEdit-Player

2008-08-01 23:15 --------- d-----w C:\Arquivos de programas\OnGame

2008-07-30 21:38 --------- d-----w C:\Documents and Settings\Luiz\Dados de aplicativos\Nokia Multimedia Player

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-10 13:10 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-07-08 22:30 65,536 ----a-w C:\WINDOWS\IFinst27.exe

2008-07-02 01:49 1,718 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg

2008-06-24 00:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"CoolSMS"="C:\Arquivos de programas\CoolSMS\CoolSMS.exe" [2007-08-28 1067520]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]

"PC Suite Tray"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]

"EPSON Stylus CX5600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE" [2007-03-01 180736]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

"TotalSecure2009"="C:\Arquivos de programas\TS2009\scan.exe" [2008-09-20 7223808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 40960]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-03-28 413696]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-03-30 267048]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-09-06 1235736]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-24 113664]

Image Transfer.lnk - C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe [2006-11-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"vidc.DIVF"= DivX412.dll

"VIDC.HFYU"= huffyuv.dll

"msacm.divxa32"= DivXa32.acm

"msacm.l3codec"= L3codecp.acm

"vidc.yv12"= yv12vfw.dll

"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Nexon\\KartRider\\NMService.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10914:TCP"= 10914:TCP:BitComet 10914 TCP

"10914:UDP"= 10914:UDP:BitComet 10914 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-06 97928]

R2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-09-06 875288]

R2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-09-06 231704]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-10 76040]

R3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\slnt.sys [2003-11-20 18004]

S3 npkycryp;npkycryp;C:\Arquivos de programas\Gravity\RO\npkycryp.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afd5bdc1-41da-11dc-98d6-00173176e47d}]

\Shell\Auto\command - Cn911.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

.

Conte£do da pasta 'Tarefas Agendadas'

.

- - - - ORFAOS REMOVIDOS - - - -

BHO-{0F95467C-AB44-4274-BEEA-2A75AB01B77E} - C:\WINDOWS\system32\pgyss.dll

HKCU-Run-Google Update - C:\Documents and Settings\Luiz\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

HKCU-Run-DriverMax - (no file)

HKLM-Run-AudioDeck - C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

SharedTaskScheduler-{ab340860-fd81-4a65-b345-82eb77a66b5e} - (no file)

SSODL-featherweed-{ab340860-fd81-4a65-b345-82eb77a66b5e} - (no file)

Notify-WgaLogon - (no file)

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Luiz\Dados de aplicativos\Mozilla\Firefox\Profiles\xipuxspt.default\

FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-20 23:22:17

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

"ImagePath"="\??\C:\Arquivos de programas\Lineage]

[\system\npkcrypt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npkcrypt]

"ImagePath"="\??\C:\Arquivos de programas\Lineage]

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-09-20 23:32:08 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-09-21 02:32:00

Pre-Run: 3.735.474.176 bytes disponíveis

Post-Run: 5,860,462,592 bytes dispon¡veis

216

hijackthis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:38:03, on 20/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\CoolSMS\CoolSMS.exe

C:\Documents and Settings\Luiz\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Documents and Settings\Luiz\Meus documentos\Downloads\HiJackThis.exe