[Resolvido!] Não entra na rede e PC está lento

[ComeQuieto 0]

Olá!!

 

Estou tentando arrumar o PC da minha paróquia,, descobri que alguém baixou o tal do Photo_13303

 

Rodei o HiJack Pela primeira vez e obtive isso:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:56:49, on 8/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.exeC:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeC:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\VM303_STI.EXEC:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exeC:\Arquivos de programas\Skype\Phone\Skype.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exeC:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exeC:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeC:\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pnsf.org.br/F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\PrdMgr.exeO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Arquivos de programas\WS_FTP Pro\wsbho2k0.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (file missing)O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://10.1.1.15:8080/cab/OCXChecker_6110.cabO16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cabO16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://10.1.1.15:8080/cab/DownloadFile_7000.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLLO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exeO23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exeO23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe--End of file - 6967 bytes

 

Rodei o SDFix e Obtive isso:

 

[b]SDFix: Version 1.233 [/b]Run by Administrador on qua 08/10/2008 at 16:32Microsoft Windows XP [versÆo 5.1.2600]Running From: C:\SDFix[b]Checking Services [/b]:C:\WINDOWS\system32\Microsoft\backup.ftp FoundC:\WINDOWS\system32\Microsoft\backup.tftp Found[b]Checking files[/b]: [b]Genuine[/b]:C:\WINDOWS\system32\Microsoft\backup.ftpC:\WINDOWS\system32\Microsoft\backup.tftp[b]Dummy[/b]:C:\WINDOWS\system32\ftp.exeC:\WINDOWS\system32\tftp.exeC:\WINDOWS\system32\dllcache\ftp.exeC:\WINDOWS\system32\dllcache\tftp.exe Files copied to SDFix\Backups Restoring files if backups are found [b]Final Check[/b]:[b]Genuine[/b]:C:\WINDOWS\system32\Microsoft\backup.ftpC:\WINDOWS\system32\Microsoft\backup.tftpC:\WINDOWS\system32\ftp.exeC:\WINDOWS\system32\tftp.exeC:\WINDOWS\system32\dllcache\ftp.exeC:\WINDOWS\system32\dllcache\tftp.exe  Restoring Default Security ValuesRestoring Default Hosts FileRebooting[b]Checking Files [/b]: Trojan Files Found:C:\~GLHTTP1.TMP - DeletedC:\WINDOWS\Photo_13301.zip - DeletedC:\WINDOWS\pchealth\helpctr\binaries\svchost.exe - DeletedC:\WINDOWS\system32\Microsoft\backup.ftp - DeletedC:\WINDOWS\system32\Microsoft\backup.tftp - DeletedRemoving Temp Files[b]ADS Check [/b]: 								 [b]Final Check [/b]:catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-10-08 16:47:07Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services & system hive ...[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\111111111111][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\111111111111]scanning hidden registry entries ...scanning hidden files ...scan completed successfullyhidden processes: 0hidden services: 0hidden files: 0[b]Remaining Services [/b]:Authorized Application Key Export:[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Console de gerenciamento Microsoft""C:\\Arquivos de programas\\iTunes\\iTunes.exe"="C:\\Arquivos de programas\\iTunes\\iTunes.exe:*:Enabled:iTunes""C:\\Arquivos de programas\\WS_FTP Pro\\wsftppro.exe"="C:\\Arquivos de programas\\WS_FTP Pro\\wsftppro.exe:*:Enabled:WS_FTP Pro Application""C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"="C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk""C:\\Arquivos de programas\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Arquivos de programas\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service""C:\\Documents and Settings\\Padre Ernestino\\Desktop\\incredimail_install.exe"="C:\\Documents and Settings\\Padre Ernestino\\Desktop\\incredimail_install.exe:*:Enabled:IncrediMail Installer""C:\\Arquivos de programas\\Messenger\\msmsgs.exe"="C:\\Arquivos de programas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger""C:\\Arquivos de programas\\UOL\\UIM\\uim.exe"="C:\\Arquivos de programas\\UOL\\UIM\\uim.exe:*:Enabled:UOL Messenger Beta""C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistˆncia Remota  - Windows Messenger e Voz""E:\\setup\\HPZNET01.EXE"="E:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe""E:\\setup\\hppniprint01.exe"="E:\\setup\\hppniprint01.exe:*:Enabled:hppniprint01.exe""E:\\setup\\HPPNIPRINT64.EXE"="E:\\setup\\HPPNIPRINT64.EXE:*:Enabled:hppniprint64.exe""E:\\setup\\HPPNICIFS01.EXE"="E:\\setup\\HPPNICIFS01.EXE:*:Enabled:hppnicifs01.exe""E:\\setup\\HPNTWKEXE.EXE"="E:\\setup\\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe""C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe""C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe""C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe""C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe""C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe""C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe""C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe""C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe""C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe""C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe""C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe""C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe""C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe""C:\\Arquivos de programas\\ESTsoft\\ALFTP\\ALFTP.exe"="C:\\Arquivos de programas\\ESTsoft\\ALFTP\\ALFTP.exe:*:Enabled:ALFTP""C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)""C:\\windows\\help\\svhost.exe"="C:\\windows\\help\\svhost.exe:*:Enabled:FTP""C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"="C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe""C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"="C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe""C:\\RemoteView\\BcastTcp.exe"="C:\\RemoteView\\BcastTcp.exe:*:Enabled:BcastTcp Application""C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"[b]Remaining Files [/b]:File Backups: - C:\SDFix\backups\backups.zip[b]Files with Hidden Attributes [/b]:Wed 13 Oct 2004	 1,694,208 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"Tue 14 Nov 2006	 4,789,792 ...H. --- "C:\Arquivos de programas\Picasa2\setup.exe"Fri 23 Nov 2007		   952 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"Tue 29 Jul 2008			88 ..SHR --- "C:\Documents and Settings\All Users\Dados de aplicativos\05F7237FEA.sys"Tue 29 Jul 2008		 2,828 A.SH. --- "C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys"Sun 16 Jul 2006		 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"Wed 11 Oct 2006		   401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"Wed  1 Oct 2008		76,288 ..SHR --- "C:\WINDOWS\system32\drivers\FmMgr.exe"Mon 13 Mar 2006	   262,144 ...H. --- "C:\Arquivos de programas\Nero\Nero PhotoShow 4\data\DVDMPEG2Enc.dll"Mon 13 Mar 2006		84,604 ...H. --- "C:\Arquivos de programas\Nero\Nero PhotoShow 4\data\movie_maker.exe"Mon 13 Mar 2006		61,440 ...H. --- "C:\Arquivos de programas\Nero\Nero PhotoShow 4\data\NeASL.dll"Mon 13 Mar 2006		95,892 ...H. --- "C:\Arquivos de programas\Nero\Nero PhotoShow 4\data\Nero PhotoShow Express.exe"Sun 24 Aug 2008			 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"Sun 21 May 2006	   130,048 A..H. --- "C:\Documents and Settings\Padre Ernestino\Desktop\Site\Congrega‡Æo\~WRL0004.tmp"Tue 14 Nov 2006		28,160 A..H. --- "C:\Documentos - Outros Usuarios\Pe. Samuel\Desktop\BIOTICA\Suruah \~WRL2671.tmp"Tue 14 Nov 2006		27,648 A..H. --- "C:\Documentos - Outros Usuarios\Pe. Samuel\Desktop\BIOTICA\Suruah \~WRL4068.tmp"Sat 11 Mar 2006		52,224 A..H. --- "C:\Documents and Settings\Padre Ernestino\Desktop\Site\Fotos Pe Baleeiro\Noviciado 2006\~WRL0002.tmp"Tue 21 Mar 2006	   460,800 A..H. --- "C:\Documents and Settings\Padre Ernestino\Desktop\Site\Fotos Pe Baleeiro\Noviciado 2006\~WRL0351.tmp"Tue 21 Mar 2006		96,256 A..H. --- "C:\Documents and Settings\Padre Ernestino\Desktop\Site\Fotos Pe Baleeiro\Noviciado 2006\~WRL0611.tmp"Tue 21 Mar 2006	   455,680 A..H. --- "C:\Documents and Settings\Padre Ernestino\Desktop\Site\Fotos Pe Baleeiro\Noviciado 2006\~WRL1307.tmp"Tue 21 Mar 2006		97,280 A..H. --- "C:\Documents and Settings\Padre Ernestino\Desktop\Site\Fotos Pe Baleeiro\Noviciado 2006\~WRL2342.tmp"Tue 21 Mar 2006		98,816 A..H. --- "C:\Documents and Settings\Padre Ernestino\Desktop\Site\Fotos Pe Baleeiro\Noviciado 2006\~WRL2673.tmp"Tue 21 Mar 2006	   455,680 A..H. --- "C:\Documents and Settings\Padre Ernestino\Desktop\Site\Fotos Pe Baleeiro\Noviciado 2006\~WRL3836.tmp"Fri 30 Dec 2005		71,168 A..H. --- "C:\Documentos - Outros Usuarios\Pe. Samuel\Desktop\from pen drive\Pe Samuel_MASTER\COCS\OLCS\~WRL0001.tmp"Thu 16 Mar 2006	 5,197,312 A..H. --- "C:\Documentos - Outros Usuarios\Pe. Samuel\Desktop\from pen drive\Pe Samuel_MASTER\COCS\OLCS\~WRL0005.tmp"[b]Finished![/b]

 

Rodei o Hijack de novo e obtive isso:

 

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:05:34, on 8/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exeC:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exeC:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeC:\WINDOWS\system32\wscntfy.exeC:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\VM303_STI.EXEC:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exeC:\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pnsf.org.br/O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Arquivos de programas\WS_FTP Pro\wsbho2k0.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (file missing)O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://10.1.1.15:8080/cab/OCXChecker_6110.cabO16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cabO16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://10.1.1.15:8080/cab/DownloadFile_7000.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLLO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exeO23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exeO23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe--End of file - 6714 bytes

 

Depois que terminou o SDFix ele ficou menos lento mais sem rede... reiniciei o PC e ele voltou ao que era antes...

 

E agora, rodo o que(interrogação)

[PedroN 1]

◘ Faça um scan online em: < Kaspersky >

◘ Utilize para isso, o navegador Internet Explorer.

 

• Acesse o site,e clique em: < >

 

◘ Na próxima página,clique em: I Accept

◘ Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

◘ Na próxima página,clique em: My Computer e faça o scan.

◘ Tenha paciência!

◘ Aguarde a atualização da base de dados,e também do exame,que é demorado.

◘ Terminando, salve e poste o relatório.

◘ Clique em Save Report As... Para salvar o log.

◘ Salve o resultado como .txt,segundo a imagem abaixo:

 

 

◘ Poste, também, HijackThis atualizado.

[ComeQuieto 0]

Olá,,

 

Não tenho rodar essa ferramenta on-line pois o computador está sem rede e sem internet!

 

Alguma outra solução??

 

Obrigado.

 

◘ Faça um scan online em: < Kaspersky >

◘ Utilize para isso, o navegador Internet Explorer.

 

• Acesse o site,e clique em: < >

 

◘ Na próxima página,clique em: I Accept

◘ Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

◘ Na próxima página,clique em: My Computer e faça o scan.

◘ Tenha paciência!

◘ Aguarde a atualização da base de dados,e também do exame,que é demorado.

◘ Terminando, salve e poste o relatório.

◘ Clique em Save Report As... Para salvar o log.

◘ Salve o resultado como .txt,segundo a imagem abaixo:

 

 

◘ Poste, também, HijackThis atualizado.

[PedroN 1]

- O seu log estar limpo,

- Algum problema relacionado a malware?

[ComeQuieto 0]

Vixe,, aí não sei...

 

Antes aparecia a mensagem que faltava o programa Pgrmgr ou algo parecido,, depois de rodar o SDFix parou,, mais ainda está sem rede e lento...

 

daqui a pouco vou á novamente tentar fazer mais coisas..

 

Tem uns 10 anos que eu uso só linux e desacostumei com o Windows,, graças a Deus!!! Mais sempre me chamam pra arrumar lambanças que os outros fazem!!!

 

- O seu log estar limpo,

- Algum problema relacionado a malware?

[PedroN 1]

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

- Abrirá a janela Auto Scan. Aguarde!

- Digite a opção para continuar! >> Enter

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix,tecle "N".

----------------------

- Terminando,poste o relatório: C:\ComboFix.txt

[ComeQuieto 0]

Durante a execução do ComboFix apareceram 3 linhas no pompt com essa mensagem:

 

O sistema não pode encontrar o caminho especificado

 

Depois apareceu essas mensagens de erro em janelas do windows:

 

Não é possível importar C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-BigDogPath.reg.dat: erro ao abrir o arquivo. Pode haver um erro de disco ou do sistema de arquivos.

Não é possível importar C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Hot 8.reg.dat: erro ao abrir o arquivo. Pode haver um erro de disco ou do sistema de arquivos.

Não é possível importar C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Msn 8.reg.dat: erro ao abrir o arquivo. Pode haver um erro de disco ou do sistema de arquivos.

Não é possível importar C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Network Associates Error Reporting Service.reg.dat: erro ao abrir o arquivo. Pode haver um erro de disco ou do sistema de arquivos.

Não é possível importar C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Protector GD.reg.dat: erro ao abrir o arquivo. Pode haver um erro de disco ou do sistema de arquivos.

Não é possível importar C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SymantecFilterCheck.reg.dat: erro ao abrir o arquivo. Pode haver um erro de disco ou do sistema de arquivos.

 

Ao término, ele abriu o bloco de notas com um log e ficou aí.. Tive que dar Ctrl + alt + Del pra reiniciar..

 

Aqui está o log que ele gerou nessa hora:

 

ComboFix 08-10-10.01 - Padre Ernestino 2008-10-10 15:51:46.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1252.1.1046.18.189 [GMT -3:00]Executando de: C:\Documents and Settings\Padre Ernestino\Desktop\ComboFix.exe * Criado um novo ponto de restauro * Resident AV is active[COLOR=RED][B]ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/B][/COLOR].(((((((((((((((((((((((((((((((((((((   Outras Exclusões   ))))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\Help\svhost.txtC:\WINDOWS\start.batC:\WINDOWS\sysedir.datC:\WINDOWS\system32\AutoRun.infC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLLC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\Abn.gpcC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\desktop.iniC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\Download.infC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\Download_7000.ocxC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\dwusplay.dllC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\dwusplay.exeC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\gbieh.gmdC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\gbiehabn.dllC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\GbPluginABN.infC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\isusweb.dllC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\LegitCheckControl.infC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\OCXDownloadChecker.infC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\OCXDownloadChecker_6110.ocxC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\QTPlugin.infC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\setup.infC:\WINDOWS\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\swflash.infC:\WINDOWS\system32\reg_0001.txtC:\WINDOWS\system32\urlmsnlink.datC:\WINDOWS\winload.inf.(((((((((((((((((((((((   Ficheiros criados de 2008-09-10 to 2008-10-10  )))))))))))))))))))))))))))))))).2008-10-09 16:59 . 2008-10-09 16:59	<DIR>	d--------	C:\Documents and Settings\Padre Ernestino\Dados de aplicativos\Thinstall2008-10-08 17:39 . 2008-10-08 17:39	<DIR>	d--------	C:\Documents and Settings\Padre Ernestino\Dados de aplicativos\Malwarebytes2008-10-08 17:39 . 2008-10-08 17:39	<DIR>	d--------	C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes2008-10-08 17:39 . 2008-10-08 17:39	<DIR>	d--------	C:\Arquivos de programas\Malwarebytes' Anti-Malware2008-10-08 17:39 . 2008-09-08 00:11	38,528	--a------	C:\WINDOWS\system32\drivers\mbamswissarmy.sys2008-10-08 17:39 . 2008-09-08 00:11	17,200	--a------	C:\WINDOWS\system32\drivers\mbam.sys2008-10-08 16:28 . 2008-10-08 16:28	<DIR>	d--------	C:\WINDOWS\ERUNT2008-10-08 16:17 . 2008-10-08 17:01	<DIR>	d--------	C:\SDFix2008-10-08 15:55 . 2008-10-08 17:05	<DIR>	d--------	C:\HiJackThis2008-10-08 15:53 . 2008-10-08 15:46	1,429,988	--a------	C:\SDFix.exe2008-10-01 10:37 . 2008-10-01 10:37	76,288	-r-hs----	C:\WINDOWS\system32\drivers\FmMgr.exe2008-09-20 21:09 . 2004-05-14 16:53	462,848	--a------	C:\WINDOWS\system32\ltkrn13n.dll2008-09-20 21:09 . 2004-05-14 16:53	450,560	--a------	C:\WINDOWS\system32\ltimg13n.dll2008-09-20 21:09 . 2004-05-14 16:53	401,408	--a------	C:\WINDOWS\system32\lfcmp13n.dll2008-09-20 21:09 . 2004-05-14 16:53	299,008	--a------	C:\WINDOWS\system32\ltdis13n.dll2008-09-20 21:09 . 2004-01-12 02:09	206,336	--a------	C:\WINDOWS\system32\ltefx13n.dll2008-09-20 21:09 . 2004-05-14 16:53	163,840	--a------	C:\WINDOWS\system32\ltfil13n.dll2008-09-20 21:09 . 2003-11-04 15:10	69,632	--a------	C:\WINDOWS\system32\lfgif13n.dll2008-09-20 21:09 . 2004-05-14 16:53	57,344	--a------	C:\WINDOWS\system32\lfbmp13n.dll2008-09-20 11:13 . 2008-09-20 11:13	<DIR>	d--------	C:\- leandro_arquivos2008-09-20 11:13 . 2008-09-20 11:13	24,746	--a------	C:\- leandro.htm.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-10-08 18:24	---------	d-----w	C:\Documents and Settings\Padre Ernestino\Dados de aplicativos\Skype2008-10-03 19:38	---------	d-----w	C:\Documents and Settings\All Users\Dados de aplicativos\Laconic Software2008-10-03 19:37	---------	d-----w	C:\Documents and Settings\All Users\Dados de aplicativos\avg82008-10-03 19:13	360,064	------w	C:\WINDOWS\system32\drivers\tcpip.sys2008-10-02 23:55	90,112	----a-w	C:\WINDOWS\DUMP5209.tmp2008-10-02 23:51	90,112	----a-w	C:\WINDOWS\DUMP51af.tmp2008-10-02 23:48	90,112	----a-w	C:\WINDOWS\DUMP51d9.tmp2008-10-02 23:45	90,112	----a-w	C:\WINDOWS\DUMP51c9.tmp2008-10-02 23:42	90,112	----a-w	C:\WINDOWS\DUMP5208.tmp2008-10-02 23:39	90,112	----a-w	C:\WINDOWS\DUMP519d.tmp2008-10-02 23:36	90,112	----a-w	C:\WINDOWS\DUMP51ae.tmp2008-10-02 23:33	90,112	----a-w	C:\WINDOWS\DUMP514e.tmp2008-10-02 23:29	90,112	----a-w	C:\WINDOWS\DUMP519c.tmp2008-10-02 23:26	90,112	----a-w	C:\WINDOWS\DUMP5141.tmp2008-10-02 23:23	90,112	----a-w	C:\WINDOWS\DUMP51ba.tmp2008-10-02 23:20	90,112	----a-w	C:\WINDOWS\DUMP519b.tmp2008-10-02 23:17	90,112	----a-w	C:\WINDOWS\DUMP51ad.tmp2008-10-02 23:14	90,112	----a-w	C:\WINDOWS\DUMP516b.tmp2008-10-02 23:11	90,112	----a-w	C:\WINDOWS\DUMP51b9.tmp2008-10-02 23:07	90,112	----a-w	C:\WINDOWS\DUMP5190.tmp2008-10-02 23:04	90,112	----a-w	C:\WINDOWS\DUMP51ac.tmp2008-10-02 23:01	90,112	----a-w	C:\WINDOWS\DUMP518f.tmp2008-10-02 22:58	90,112	----a-w	C:\WINDOWS\DUMP50d1.tmp2008-10-02 22:55	90,112	----a-w	C:\WINDOWS\DUMP515d.tmp2008-10-02 22:52	90,112	----a-w	C:\WINDOWS\DUMP5120.tmp2008-10-02 22:49	90,112	----a-w	C:\WINDOWS\DUMP518e.tmp2008-10-02 22:45	90,112	----a-w	C:\WINDOWS\DUMP514d.tmp2008-10-02 22:42	90,112	----a-w	C:\WINDOWS\DUMP5140.tmp2008-10-02 22:39	90,112	----a-w	C:\WINDOWS\DUMP513f.tmp2008-10-02 22:36	90,112	----a-w	C:\WINDOWS\DUMP512e.tmp2008-10-02 22:33	90,112	----a-w	C:\WINDOWS\DUMP5102.tmp2008-10-02 22:30	90,112	----a-w	C:\WINDOWS\DUMP51ab.tmp2008-10-02 22:27	90,112	----a-w	C:\WINDOWS\DUMP515c.tmp2008-10-02 22:23	90,112	----a-w	C:\WINDOWS\DUMP518d.tmp2008-10-02 22:20	90,112	----a-w	C:\WINDOWS\DUMP511f.tmp2008-10-02 22:17	90,112	----a-w	C:\WINDOWS\DUMP512d.tmp2008-10-02 22:14	90,112	----a-w	C:\WINDOWS\DUMP518c.tmp2008-10-02 22:11	90,112	----a-w	C:\WINDOWS\DUMP518b.tmp2008-10-02 22:08	90,112	----a-w	C:\WINDOWS\DUMP51aa.tmp2008-10-02 22:05	90,112	----a-w	C:\WINDOWS\DUMP519a.tmp2008-10-02 22:01	90,112	----a-w	C:\WINDOWS\DUMP514c.tmp2008-10-02 21:58	90,112	----a-w	C:\WINDOWS\DUMP50d0.tmp2008-10-02 21:55	90,112	----a-w	C:\WINDOWS\DUMP5101.tmp2008-10-02 21:52	90,112	----a-w	C:\WINDOWS\DUMP5100.tmp2008-10-02 21:49	90,112	----a-w	C:\WINDOWS\DUMP513e.tmp2008-10-02 21:46	90,112	----a-w	C:\WINDOWS\DUMP513d.tmp2008-10-02 21:43	90,112	----a-w	C:\WINDOWS\DUMP50f1.tmp2008-10-02 21:39	90,112	----a-w	C:\WINDOWS\DUMP517b.tmp2008-10-02 21:36	90,112	----a-w	C:\WINDOWS\DUMP50ff.tmp2008-10-02 21:33	90,112	----a-w	C:\WINDOWS\DUMP50df.tmp2008-10-02 21:30	90,112	----a-w	C:\WINDOWS\DUMP50f0.tmp2008-10-02 21:27	90,112	----a-w	C:\WINDOWS\DUMP50ef.tmp2008-10-02 21:24	90,112	----a-w	C:\WINDOWS\DUMP50fe.tmp2008-10-02 21:21	90,112	----a-w	C:\WINDOWS\DUMP50ee.tmp2008-10-02 21:17	90,112	----a-w	C:\WINDOWS\DUMP511e.tmp2008-10-02 21:14	90,112	----a-w	C:\WINDOWS\DUMP513c.tmp2008-10-02 21:11	90,112	----a-w	C:\WINDOWS\DUMP511d.tmp2008-10-02 21:08	90,112	----a-w	C:\WINDOWS\DUMP50cf.tmp2008-09-04 14:30	---------	d-----w	C:\Documents and Settings\Padre Ernestino\Dados de aplicativos\skypePM2008-09-04 14:28	---------	d-----w	C:\Documents and Settings\All Users\Dados de aplicativos\Skype2008-09-04 14:28	---------	d-----w	C:\Arquivos de programas\Skype2008-09-04 14:28	---------	d-----w	C:\Arquivos de programas\Arquivos comuns\Skype2008-08-24 20:13	---------	d-----w	C:\Arquivos de programas\Windows Media Connect 22008-08-12 16:14	---------	d--h--w	C:\Arquivos de programas\InstallShield Installation Information2008-07-29 12:02	88	--sh--r	C:\Documents and Settings\All Users\Dados de aplicativos\[u]0[/u]5F7237FEA.sys2008-07-29 12:02	2,828	--sha-w	C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys2008-07-19 01:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll2008-07-19 01:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe2008-07-19 01:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll2008-07-19 01:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll2008-07-19 01:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll2008-07-19 01:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll2008-07-19 01:09	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll2008-07-19 01:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll2008-07-19 01:07	270,880	----a-w	C:\WINDOWS\system32\mucltui.dll2008-07-19 01:07	210,976	----a-w	C:\WINDOWS\system32\muweb.dll2008-04-27 00:11	7,727,880	----a-w	C:\Arquivos de programas\Google_Earth_CZXV.exe2008-03-23 22:02	19,714,576	----a-w	C:\Arquivos de programas\setuppor.exe2007-12-15 13:50	2,920,368	----a-w	C:\Arquivos de programas\ALFTP.exe2006-12-02 00:01	24,192	----a-w	C:\Documents and Settings\Padre Ernestino\usbsermptxp.sys2006-12-02 00:01	22,768	----a-w	C:\Documents and Settings\Padre Ernestino\usbsermpt.sys2007-11-23 18:19	952	--sha-w	C:\WINDOWS\system32\KGyGaAvL.sys.------- Sigcheck -------2006-04-20 09:18  360576  b2220c618b42a2212a59d91ebd6fc4b4	C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys2007-10-30 13:53  360832  64798ecfa43d78c7178375fcdd16d8c8	C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys2008-10-03 16:13  360064  e30aaefe67802e4e319dab246903a609	C:\WINDOWS\system32\dllcache\tcpip.sys2008-10-03 16:13  360064  e30aaefe67802e4e319dab246903a609	C:\WINDOWS\system32\drivers\tcpip.sys.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legítimas por defeito não são mostradas.REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Nero PhotoShow Media Manager"="C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 249856][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]"BigDog303"="C:\WINDOWS\VM303_STI.EXE" [2005-10-25 61440][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.GM20"= GXGM20.dll"vidc.GEOX"= GeoCodec.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnkbackup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnkbackup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnkbackup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Image Zone.lnk]path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Inicialização rápida do HP Image Zone.lnkbackup=C:\WINDOWS\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^PalTalk.lnk]path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\PalTalk.lnkbackup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]--a------ 2005-10-25 12:56 61440 C:\WINDOWS\VM303_STI.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]--a------ 2007-03-11 21:34 49152 C:\Arquivos de programas\HP\HP Software Update\hpwuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]--a------ 2005-03-08 01:42 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]--------- 2002-08-04 21:37 258116 C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]--a------ 2005-08-11 15:30 249856 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]--a------ 2005-08-11 15:30 81920 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]--a------ 2006-02-23 14:45 278528 C:\Arquivos de programas\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]--a------ 2006-11-17 13:39 136768 C:\Arquivos de programas\Network Associates\Common Framework\UdaterUI.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]---hs---- 2004-10-13 13:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]--a------ 2006-05-10 16:52 249856 C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2007-02-22 18:25 155648 C:\Arquivos de programas\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]--a------ 2006-11-30 08:50 112216 C:\Arquivos de programas\McAfee\VirusScan Enterprise\shstat.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]--a------ 2002-10-11 18:26 98304 C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSync - ScheduleSync]--a------ 2005-10-21 16:20 45056 C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2007-03-14 03:43 83608 C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\mmc.exe"="C:\\Arquivos de programas\\iTunes\\iTunes.exe"="C:\\Arquivos de programas\\WS_FTP Pro\\wsftppro.exe"="C:\\Arquivos de programas\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Arquivos de programas\\Messenger\\msmsgs.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Arquivos de programas\\ESTsoft\\ALFTP\\ALFTP.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\RemoteView\\BcastTcp.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-04-04 9344]S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys [2005-07-28 27008][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt	REG_MULTI_SZ   	hpqcxs08[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e36cce7a-1423-11db-9b72-000c6e2345e7}]\Shell\AutoRun\command - F:\mayyuk9g.bat\Shell\explore\Command - F:\mayyuk9g.bat\Shell\open\Command - F:\mayyuk9g.bat*Newly Created Service* - PROCEXP90.- - - - ORFÃOS REMOVIDOS - - - -ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dllMSConfigStartUp-BigDogPath - C:\WINDOWS\VM_STI.EXEMSConfigStartUp-Hot 8 - C:\WINDOWS\help\hot.exeMSConfigStartUp-Msn 8 - C:\WINDOWS\help\msn.exeMSConfigStartUp-Network Associates Error Reporting Service - C:\Arquivos de programas\Arquivos comuns\Network Associates\TalkBack\TBMon.exeMSConfigStartUp-Protector GB - C:\WINDOWS\help\protectgb.exeMSConfigStartUp-swg - C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeMSConfigStartUp-SymantecFilterCheck - C:\WINDOWS\help\svhost.exe.------- Scan Suplementar -------.FireFox -: Profile - C:\Documents and Settings\Padre Ernestino\Dados de aplicativos\Mozilla\Firefox\Profiles\[u]0[/u]g8ow28k.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - www.pnsf.org.br.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-10-10 15:57:51Windows 5.1.2600 Service Pack 2 NTFSProcurando processos ocultos ...Procurando entradas auto inicializáveis ocultas ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run  BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?????????????? Procurando ficheiros/arquivos ocultos ...Varredura completada com sucessoFicheiros ocultos: 0**************************************************************************.Tempo para conclusão: 2008-10-10 16:12:29Pré-execução: 17 pasta(s) 20.407.447.552 bytes disponíveisPós execução: 21 pasta(s) 21,470,044,160 bytes disponíveis279	--- E O F ---	2008-10-03 19:47:42

 

 

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

- Abrirá a janela Auto Scan. Aguarde!

- Digite a opção para continuar! >> Enter

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix,tecle "N".

----------------------

- Terminando,poste o relatório: C:\ComboFix.txt

[PedroN 1]

1) Acesse o site do Virus Total

 

- Faça uma busca pelo arquivo abaixo

 

C:\WINDOWS\DUMP5209.tmp

 

- Clique em Enviar arquivo, poste os resultados.

 

2) Processo com o combofix

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\WINDOWS\system32\drivers\FmMgr.exe

F:\mayyuk9g.bat

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e36cce7a-1423-11db-9b72-000c6e2345e7}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

[ComeQuieto 0]

Agora o computador está mais rápido... Mais continua sem acesso à rede..

 

Ele só está lento para inicializar...

 

Será que o problema do vírus já foi resolvido mais tem outro problema do windows mesmo que me deixou sem rede??

 

Arquivo dump5209.tmp recebido em 2008.10.13 20:46:46 (CET)

Antivírus Versão Última Atualização Resultado

AhnLab-V3 2008.10.14.0 2008.10.13 -

AntiVir 7.8.1.34 2008.10.13 -

Authentium 5.1.0.4 2008.10.13 -

Avast 4.8.1248.0 2008.10.12 -

AVG 8.0.0.161 2008.10.13 -

BitDefender 7.2 2008.10.13 -

CAT-QuickHeal 9.50 2008.10.13 -

ClamAV 0.93.1 2008.10.13 -

DrWeb 4.44.0.09170 2008.10.13 -

eSafe 7.0.17.0 2008.10.12 -

eTrust-Vet 31.6.6146 2008.10.13 -

Ewido 4.0 2008.10.13 -

F-Prot 4.4.4.56 2008.10.12 -

F-Secure 8.0.14332.0 2008.10.13 -

Fortinet 3.113.0.0 2008.10.13 -

GData 19 2008.10.13 -

Ikarus T3.1.1.34.0 2008.10.13 -

K7AntiVirus 7.10.492 2008.10.13 -

Kaspersky 7.0.0.125 2008.10.13 -

McAfee 5403 2008.10.11 -

Microsoft 1.4005 2008.10.13 -

NOD32 3518 2008.10.13 -

Norman 5.80.02 2008.10.13 -

Panda 9.0.0.4 2008.10.13 -

PCTools 4.4.2.0 2008.10.13 -

Prevx1 V2 2008.10.13 -

Rising 20.66.02.00 2008.10.13 -

SecureWeb-Gateway 6.7.6 2008.10.13 -

Sophos 4.34.0 2008.10.13 -

Sunbelt 3.1.1719.1 2008.10.13 -

Symantec 10 2008.10.13 -

TheHacker 6.3.1.0.108 2008.10.11 -

TrendMicro 8.700.0.1004 2008.10.13 -

VBA32 3.12.8.6 2008.10.13 -

ViRobot 2008.10.13.1417 2008.10.13 -

VirusBuster 4.5.11.0 2008.10.13 -

Informações adicionais

File size: 90112 bytes

MD5...: c0b33e986175fef5099b0ec8cef6d93b

SHA1..: c83ac986b2750426638ed575abf49db0217288b2

SHA256: 04d1b1a708aa5a4895192b6dc2463113bc8a2682b5864732a7c0dc31990fb251

SHA512: 42e1d33e52cd2a634281870274122fbfaf340f1aef61a2871faac777a2d225cd<br>5ebae35c6b8e40ad3820433752dfe0d14e7d3a7369ab8b3ceb522fa610bba2a5

PEiD..: -

TrID..: File type identification<br>Windows memory dump (100.0%)

PEInfo: -

 

Antivírus;Versão;Última Atualização;Resultado

AhnLab-V3;2008.10.14.0;2008.10.13;-

AntiVir;7.8.1.34;2008.10.13;-

Authentium;5.1.0.4;2008.10.13;-

Avast;4.8.1248.0;2008.10.12;-

AVG;8.0.0.161;2008.10.13;-

BitDefender;7.2;2008.10.13;-

CAT-QuickHeal;9.50;2008.10.13;-

ClamAV;0.93.1;2008.10.13;-

DrWeb;4.44.0.09170;2008.10.13;-

eSafe;7.0.17.0;2008.10.12;-

eTrust-Vet;31.6.6146;2008.10.13;-

Ewido;4.0;2008.10.13;-

F-Prot;4.4.4.56;2008.10.12;-

F-Secure;8.0.14332.0;2008.10.13;-

Fortinet;3.113.0.0;2008.10.13;-

GData;19;2008.10.13;-

Ikarus;T3.1.1.34.0;2008.10.13;-

K7AntiVirus;7.10.492;2008.10.13;-

Kaspersky;7.0.0.125;2008.10.13;-

McAfee;5403;2008.10.11;-

Microsoft;1.4005;2008.10.13;-

NOD32;3518;2008.10.13;-

Norman;5.80.02;2008.10.13;-

Panda;9.0.0.4;2008.10.13;-

PCTools;4.4.2.0;2008.10.13;-

Prevx1;V2;2008.10.13;-

Rising;20.66.02.00;2008.10.13;-

SecureWeb-Gateway;6.7.6;2008.10.13;-

Sophos;4.34.0;2008.10.13;-

Sunbelt;3.1.1719.1;2008.10.13;-

Symantec;10;2008.10.13;-

TheHacker;6.3.1.0.108;2008.10.11;-

TrendMicro;8.700.0.1004;2008.10.13;-

VBA32;3.12.8.6;2008.10.13;-

ViRobot;2008.10.13.1417;2008.10.13;-

VirusBuster;4.5.11.0;2008.10.13;-

 

Informações adicionais

File size: 90112 bytes

MD5...: c0b33e986175fef5099b0ec8cef6d93b

SHA1..: c83ac986b2750426638ed575abf49db0217288b2

SHA256: 04d1b1a708aa5a4895192b6dc2463113bc8a2682b5864732a7c0dc31990fb251

SHA512: 42e1d33e52cd2a634281870274122fbfaf340f1aef61a2871faac777a2d225cd<br>5ebae35c6b8e40ad3820433752dfe0d14e7d3a7369ab8b3ceb522fa610bba2a5

PEiD..: -

TrID..: File type identification<br>Windows memory dump (100.0%)

PEInfo: -

 

ComboFix 08-10-10.01 - Padre Ernestino 2008-10-13 15:57:45.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.294 [GMT -2:00]

Executando de: C:\Documents and Settings\Padre Ernestino\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\Padre Ernestino\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

C:\WINDOWS\system32\drivers\FmMgr.exe

F:\mayyuk9g.bat

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\drivers\FmMgr.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-09-13 to 2008-10-13 ))))))))))))))))))))))))))))))))

.

 

2008-10-09 17:59 . 2008-10-09 17:59 <DIR> d-------- C:\Documents and Settings\Padre Ernestino\Dados de aplicativos\Thinstall

2008-10-08 18:39 . 2008-10-08 18:39 <DIR> d-------- C:\Documents and Settings\Padre Ernestino\Dados de aplicativos\Malwarebytes

2008-10-08 18:39 . 2008-10-08 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-10-08 18:39 . 2008-10-08 18:39 <DIR> d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-10-08 18:39 . 2008-09-08 01:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-08 18:39 . 2008-09-08 01:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-08 17:28 . 2008-10-08 17:28 <DIR> d-------- C:\WINDOWS\ERUNT

2008-10-08 17:17 . 2008-10-08 18:01 <DIR> d-------- C:\SDFix

2008-10-08 16:55 . 2008-10-08 18:05 <DIR> d-------- C:\HiJackThis

2008-10-08 16:53 . 2008-10-08 16:46 1,429,988 --a------ C:\SDFix.exe

2008-09-20 22:09 . 2004-05-14 17:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-09-20 22:09 . 2004-05-14 17:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-09-20 22:09 . 2004-05-14 17:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-09-20 22:09 . 2004-05-14 17:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-09-20 22:09 . 2004-01-12 03:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-09-20 22:09 . 2004-05-14 17:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-09-20 22:09 . 2003-11-04 16:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-09-20 22:09 . 2004-05-14 17:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2008-09-20 12:13 . 2008-09-20 12:13 <DIR> d-------- C:\- leandro_arquivos

2008-09-20 12:13 . 2008-09-20 12:13 24,746 --a------ C:\- leandro.htm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-08 18:24 --------- d-----w C:\Documents and Settings\Padre Ernestino\Dados de aplicativos\Skype

2008-10-03 19:38 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Laconic Software

2008-10-03 19:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-10-03 19:13 360,064 ------w C:\WINDOWS\system32\drivers\tcpip.sys

2008-10-02 23:55 90,112 ----a-w C:\WINDOWS\DUMP5209.tmp

2008-10-02 23:51 90,112 ----a-w C:\WINDOWS\DUMP51af.tmp

2008-10-02 23:48 90,112 ----a-w C:\WINDOWS\DUMP51d9.tmp

2008-10-02 23:45 90,112 ----a-w C:\WINDOWS\DUMP51c9.tmp

2008-10-02 23:42 90,112 ----a-w C:\WINDOWS\DUMP5208.tmp

2008-10-02 23:39 90,112 ----a-w C:\WINDOWS\DUMP519d.tmp

2008-10-02 23:36 90,112 ----a-w C:\WINDOWS\DUMP51ae.tmp

2008-10-02 23:33 90,112 ----a-w C:\WINDOWS\DUMP514e.tmp

2008-10-02 23:29 90,112 ----a-w C:\WINDOWS\DUMP519c.tmp

2008-10-02 23:26 90,112 ----a-w C:\WINDOWS\DUMP5141.tmp

2008-10-02 23:23 90,112 ----a-w C:\WINDOWS\DUMP51ba.tmp

2008-10-02 23:20 90,112 ----a-w C:\WINDOWS\DUMP519b.tmp

2008-10-02 23:17 90,112 ----a-w C:\WINDOWS\DUMP51ad.tmp

2008-10-02 23:14 90,112 ----a-w C:\WINDOWS\DUMP516b.tmp

2008-10-02 23:11 90,112 ----a-w C:\WINDOWS\DUMP51b9.tmp

2008-10-02 23:07 90,112 ----a-w C:\WINDOWS\DUMP5190.tmp

2008-10-02 23:04 90,112 ----a-w C:\WINDOWS\DUMP51ac.tmp

2008-10-02 23:01 90,112 ----a-w C:\WINDOWS\DUMP518f.tmp

2008-10-02 22:58 90,112 ----a-w C:\WINDOWS\DUMP50d1.tmp

2008-10-02 22:55 90,112 ----a-w C:\WINDOWS\DUMP515d.tmp

2008-10-02 22:52 90,112 ----a-w C:\WINDOWS\DUMP5120.tmp

2008-10-02 22:49 90,112 ----a-w C:\WINDOWS\DUMP518e.tmp

2008-10-02 22:45 90,112 ----a-w C:\WINDOWS\DUMP514d.tmp

2008-10-02 22:42 90,112 ----a-w C:\WINDOWS\DUMP5140.tmp

2008-10-02 22:39 90,112 ----a-w C:\WINDOWS\DUMP513f.tmp

2008-10-02 22:36 90,112 ----a-w C:\WINDOWS\DUMP512e.tmp

2008-10-02 22:33 90,112 ----a-w C:\WINDOWS\DUMP5102.tmp

2008-10-02 22:30 90,112 ----a-w C:\WINDOWS\DUMP51ab.tmp

2008-10-02 22:27 90,112 ----a-w C:\WINDOWS\DUMP515c.tmp

2008-10-02 22:23 90,112 ----a-w C:\WINDOWS\DUMP518d.tmp

2008-10-02 22:20 90,112 ----a-w C:\WINDOWS\DUMP511f.tmp

2008-10-02 22:17 90,112 ----a-w C:\WINDOWS\DUMP512d.tmp

2008-10-02 22:14 90,112 ----a-w C:\WINDOWS\DUMP518c.tmp

2008-10-02 22:11 90,112 ----a-w C:\WINDOWS\DUMP518b.tmp

2008-10-02 22:08 90,112 ----a-w C:\WINDOWS\DUMP51aa.tmp

2008-10-02 22:05 90,112 ----a-w C:\WINDOWS\DUMP519a.tmp

2008-10-02 22:01 90,112 ----a-w C:\WINDOWS\DUMP514c.tmp

2008-10-02 21:58 90,112 ----a-w C:\WINDOWS\DUMP50d0.tmp

2008-10-02 21:55 90,112 ----a-w C:\WINDOWS\DUMP5101.tmp

2008-10-02 21:52 90,112 ----a-w C:\WINDOWS\DUMP5100.tmp

2008-10-02 21:49 90,112 ----a-w C:\WINDOWS\DUMP513e.tmp

2008-10-02 21:46 90,112 ----a-w C:\WINDOWS\DUMP513d.tmp

2008-10-02 21:43 90,112 ----a-w C:\WINDOWS\DUMP50f1.tmp

2008-10-02 21:39 90,112 ----a-w C:\WINDOWS\DUMP517b.tmp

2008-10-02 21:36 90,112 ----a-w C:\WINDOWS\DUMP50ff.tmp

2008-10-02 21:33 90,112 ----a-w C:\WINDOWS\DUMP50df.tmp

2008-10-02 21:30 90,112 ----a-w C:\WINDOWS\DUMP50f0.tmp

2008-10-02 21:27 90,112 ----a-w C:\WINDOWS\DUMP50ef.tmp

2008-10-02 21:24 90,112 ----a-w C:\WINDOWS\DUMP50fe.tmp

2008-10-02 21:21 90,112 ----a-w C:\WINDOWS\DUMP50ee.tmp

2008-10-02 21:17 90,112 ----a-w C:\WINDOWS\DUMP511e.tmp

2008-10-02 21:14 90,112 ----a-w C:\WINDOWS\DUMP513c.tmp

2008-10-02 21:11 90,112 ----a-w C:\WINDOWS\DUMP511d.tmp

2008-10-02 21:08 90,112 ----a-w C:\WINDOWS\DUMP50cf.tmp

2008-09-04 14:30 --------- d-----w C:\Documents and Settings\Padre Ernestino\Dados de aplicativos\skypePM

2008-09-04 14:28 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-09-04 14:28 --------- d-----w C:\Arquivos de programas\Skype

2008-09-04 14:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2008-08-24 20:13 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-07-29 12:02 88 --sh--r C:\Documents and Settings\All Users\Dados de aplicativos\05F7237FEA.sys

2008-07-29 12:02 2,828 --sha-w C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-04-27 00:11 7,727,880 ----a-w C:\Arquivos de programas\Google_Earth_CZXV.exe

2008-03-23 22:02 19,714,576 ----a-w C:\Arquivos de programas\setuppor.exe

2007-12-15 13:50 2,920,368 ----a-w C:\Arquivos de programas\ALFTP.exe

2006-12-02 00:01 24,192 ----a-w C:\Documents and Settings\Padre Ernestino\usbsermptxp.sys

2006-12-02 00:01 22,768 ----a-w C:\Documents and Settings\Padre Ernestino\usbsermpt.sys

2007-11-23 18:19 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

------- Sigcheck -------

 

2006-04-20 10:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 14:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2008-10-03 17:13 360064 e30aaefe67802e4e319dab246903a609 C:\WINDOWS\system32\dllcache\tcpip.sys

2008-10-03 17:13 360064 e30aaefe67802e4e319dab246903a609 C:\WINDOWS\system32\drivers\tcpip.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"BigDog303"="C:\WINDOWS\VM303_STI.EXE" [2005-10-25 61440]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.GM20"= GXGM20.dll

"vidc.GEOX"= GeoCodec.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Image Zone.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Inicialização rápida do HP Image Zone.lnk

backup=C:\WINDOWS\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^PalTalk.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\PalTalk.lnk

backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]

--a------ 2005-10-25 13:56 61440 C:\WINDOWS\VM303_STI.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-03-11 22:34 49152 C:\Arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2005-03-08 02:42 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]

--------- 2002-08-04 22:37 258116 C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 16:30 249856 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 16:30 81920 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2006-02-23 15:45 278528 C:\Arquivos de programas\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]

--a------ 2006-11-17 14:39 136768 C:\Arquivos de programas\Network Associates\Common Framework\UdaterUI.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

---hs---- 2004-10-13 14:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 12:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

--a------ 2006-05-10 17:52 249856 C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-02-22 19:25 155648 C:\Arquivos de programas\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]

--a------ 2006-11-30 09:50 112216 C:\Arquivos de programas\McAfee\VirusScan Enterprise\shstat.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

--a------ 2002-10-11 19:26 98304 C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSync - ScheduleSync]

--a------ 2005-10-21 17:20 45056 C:\ARQUIV~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-03-14 04:43 83608 C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"McTaskManager"=2 (0x2)

"McShield"=2 (0x2)

"McAfeeFramework"=2 (0x2)

"iPodService"=3 (0x3)

"ImapiService"=3 (0x3)

"CiSvc"=3 (0x3)

"BthServ"=2 (0x2)

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"aspnet_state"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\mmc.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Arquivos de programas\\WS_FTP Pro\\wsftppro.exe"=

"C:\\Arquivos de programas\\Network Associates\\Common Framework\\FrameworkService.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\ESTsoft\\ALFTP\\ALFTP.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\RemoteView\\BcastTcp.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-04-04 9344]

S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys [2005-07-28 27008]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-13 16:00:17

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-10-13 16:05:03

 

Pré-execução: 17 pasta(s) 23.935.131.648 bytes disponíveis

Pós execução: 21 pasta(s) 23,924,674,560 bytes disponíveis

 

246 --- E O F --- 2008-10-03 19:47:42

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:14:16, on 13/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\VM303_STI.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pnsf.org.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Arquivos de programas\WS_FTP Pro\wsbho2k0.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (file missing)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://10.1.1.15:8080/cab/OCXChecker_6110.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://10.1.1.15:8080/cab/DownloadFile_7000.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 5270 bytes

[PedroN 1]

- Faça o download do Malwarebytes Anti-Malware

http://www.besttechie.net/tools/mbam-setup.exe

 

◘ Faça a instalação dando um duplo clique em "mbam-setup.exe";

◘ Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;

◘ Marque "Verificação Rápida" e depois clique em Verificar;

◘ Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

◘ Se algo for detectado, veja se tudo está marcado e clique em "Remover";

◘ O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

◘ Copie e cole o conteúdo desse log na sua próxima resposta.

 

- Gere novo log do HijackThis e cole na sua resposta.

[ComeQuieto 0]

Não tive como terminar de arrumar..

 

Cheguei hoje e mandaram formatar o computador..

 

Obrigado pelo apoio Sr. Perfect.

 

- Faça o download do Malwarebytes Anti-Malware

http://www.besttechie.net/tools/mbam-setup.exe

 

◘ Faça a instalação dando um duplo clique em "mbam-setup.exe";

◘ Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;

◘ Marque "Verificação Rápida" e depois clique em Verificar;

◘ Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

◘ Se algo for detectado, veja se tudo está marcado e clique em "Remover";

◘ O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

◘ Copie e cole o conteúdo desse log na sua próxima resposta.

 

- Gere novo log do HijackThis e cole na sua resposta.

[PedroN 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.