[Resolvido!] com meu log!

paulogbevilaqua · Outubro 31, 2008

Oi, pessoal!

Preciso de uma ajuda com um log que fiz no hijack. Fiz ele pq meu comp está diferente. Primeiro, foi encontrado um vírus no programa manager de arquivos do meu celular. Durante um dia ele ficou aparecendo e reaparecendo depois de excluí-lo por várias vezes. Depois sumiu, mas alguns processos, como carregamento da lista de servidores do emule ficaram desativadas. Hj, ao usar a net, o sygate firewall detectou tentativa de acesso do arquivo lsass.exe à rede. além de outra tentativas que eu não percebia a um tempo atrás. Além disso, uso meu mp3 na faculdade e lá tem muito vírus rolando. Quando abro meu mp3 aparece uma opção "open files...", que segundo um amigo seria vírus.

Bom, pessoal, é isso! Mandei esses dados acima pq talvez algum possa ser importante para entender o que testá acontecendo. Se puderem me ajudar, agradeço!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:55:05, on 31/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Sygate\SPF\smc.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft

Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Arquivos de programas\Arquivos comuns\Sonic\Update

Manager\sgtray.exe

C:\Arquivos de programas\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

&http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.uol.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Arquivos de programas\Adobe\Acrobat

5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de

programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de

programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

file)

O2 - BHO: ZoneAlarm Spy Blocker BHO -

{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de

programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: ZoneAlarm Spy Blocker -

{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de

programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Arquivos de programas\Arquivos

comuns\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de

programas\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de

programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos

comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de

programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de

programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32

Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot -

Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel -

res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de

programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra button: PartyPoker.net -

{F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de

programas\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net -

{F4430FE8-2638-42e5-B849-800749B94EED} - C:\Arquivos de

programas\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de

programas\Messenger\msmsgs.exe

O14 - IERESET.INF:

SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

http://appldnld.apple.com.edgesuite.net/co...le.com/QuickTim

e/qtactivex/qtplugin.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime

Environment 1.6.0) -

http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...-windows-i586-j

c.cab?AuthParam=1224105134_645e0c2c5442b44c6d1059dc36482caf&GroupName=J

SC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-wind

ows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab

O17 -

HKLM\System\CCS\Services\Tcpip\..\{D3B03361-CCB7-4AB3-BAE3-8BAB2B34B1FB

}: NameServer = 200.204.0.138 200.204.0.10

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH -

C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de

programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de

programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de

programas\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC

Connectivity Solution\ServiceLayer.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate

Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe

--

End of file - 7977 bytes

PedroN · Novembro 1, 2008

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

- Na solicitação: "Negação de garantia de software" --> Clique em Sim!

-- Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

- Abrir-se-á a janela Auto Scan. --> Aguarde!

- Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix,tecle "N".

----------------------

- Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

paulogbevilaqua · Novembro 2, 2008

ComboFix 08-11-01.04 - Notebook 2008-11-02 1:37:25.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.241 [GMT -2:00]

Executando de: C:\Documents and Settings\Notebook\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\IE4 Error Log.txt

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-02 to 2008-11-02 ))))))))))))))))))))))))))))

.

2008-10-31 20:54 . 2008-10-31 20:54 396,288 --a------ C:\HijackThis.exe

2008-10-31 20:40 . 2008-10-31 20:40 812,344 --a------ C:\HJTInstall.exe

2008-10-31 01:39 . 2008-10-31 04:41 <DIR> d-------- C:\Arquivos de programas\a-squared Free

2008-10-30 20:53 . 2008-10-30 20:53 <DIR> d-------- C:\Arquivos de programas\Lanefi

2008-10-30 20:51 . 2008-04-14 00:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-10-28 17:26 . 2008-10-28 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-10-28 17:26 . 2008-10-28 17:26 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2008-10-28 17:18 . 2008-10-28 17:18 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-10-28 17:18 . 2008-10-28 17:18 <DIR> d-------- C:\Arquivos de programas\ESET

2008-10-23 19:48 . 2008-10-15 14:36 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-15 19:30 . 2008-10-15 19:30 <DIR> d-------- C:\WINDOWS\Sun

2008-10-15 19:29 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-10-15 19:28 . 2008-10-15 19:29 <DIR> d-------- C:\Arquivos de programas\Java

2008-10-15 19:20 . 2008-10-15 19:20 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-10-14 20:13 . 2008-09-08 08:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-14 20:10 . 2008-09-15 13:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-14 20:08 . 2008-08-14 11:24 2,193,408 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-14 20:08 . 2008-08-14 11:24 2,149,376 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-14 20:08 . 2008-08-14 11:24 2,070,272 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-14 20:08 . 2008-08-14 11:24 2,028,032 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-07 18:38 . 2008-05-09 08:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll

2008-10-07 18:38 . 2008-05-09 08:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll

2008-10-07 18:38 . 2008-05-09 08:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-10-07 18:38 . 2008-05-09 08:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-10-07 18:38 . 2008-05-08 09:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-10-07 18:38 . 2008-05-09 06:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-10-07 18:38 . 2008-05-09 08:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

2008-10-07 01:16 . 2008-10-07 01:16 <DIR> d-------- C:\WINDOWS\system32\bits

2008-10-07 01:16 . 2008-10-07 01:16 <DIR> d-------- C:\WINDOWS\l2schemas

2008-10-07 01:10 . 2008-10-07 01:17 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-10-06 23:23 . 2008-10-06 23:23 <DIR> d-------- C:\Documents and Settings\Notebook\Dados de aplicativos\Uniblue

2008-10-06 23:22 . 2008-10-06 23:22 <DIR> d-------- C:\Arquivos de programas\Uniblue

2008-10-06 23:20 . 2008-10-06 23:22 <DIR> d--h-c--- C:\Documents and Settings\All Users\Dados de aplicativos\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}

2008-10-02 01:06 . 2008-10-02 01:06 <DIR> d--hs---- C:\Documents and Settings\NetworkService\UserData

2008-10-02 00:17 . 2008-10-02 00:17 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritos

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-02 01:48 --------- d-----w C:\Arquivos de programas\eMule

2008-10-28 19:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-10-27 22:03 --------- d-----w C:\Arquivos de programas\sXe Injected

2008-10-27 22:02 --------- d-----w C:\Arquivos de programas\Valve

2008-10-24 01:52 --------- d-----w C:\Documents and Settings\Notebook\Dados de aplicativos\Nokia Multimedia Player

2008-10-15 00:17 15,621 ----a-w C:\WINDOWS\Fonts\alfabetix.zip

2008-10-15 00:14 24,951 ----a-w C:\WINDOWS\Fonts\futhark.zip

2008-10-02 00:36 --------- d-----w C:\Arquivos de programas\Sygate

2008-09-26 03:07 --------- d-----w C:\Arquivos de programas\ZoneAlarmSB

2008-09-26 03:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\MailFrontier

2008-09-25 23:42 --------- d-----w C:\Arquivos de programas\MSECache

2008-09-24 00:13 --------- d-----w C:\Arquivos de programas\QuickTime

2008-09-24 00:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Apple

2008-09-24 00:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-09-24 00:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-09-24 00:11 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-09 23:39 --------- d-----w C:\Arquivos de programas\sXeInjectedClient6.3

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-04 04:00 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-09-03 04:43 --------- d-----w C:\Arquivos de programas\iGv6

2008-09-02 22:46 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-01 03:35 1,128,110 ----a-w C:\Arquivos de programas\sXeInjected.exe

2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-20 23:14 880,973 ----a-w C:\Arquivos de programas\sXeInjectedClient6.3.rar

2008-08-14 13:24 2,193,408 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:24 2,070,272 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 122939]

"UpdateManager"="C:\Arquivos de programas\Arquivos comuns\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

"DVDLauncher"="C:\Arquivos de programas\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]

"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2007-03-10 270336]

"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 827392]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-08-12 185896]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-09-23 413696]

"SmcService"="C:\ARQUIV~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 171520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Bluetooth Manager.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Bluetooth Manager.lnk

backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]

*Newly Created Service* - PROCEXP90

.

- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-PCSuiteTrayApplication - C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

.

------- Scan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.uol.com.br/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://farejador.ig.com.br/query.cgi?utf8&query={searchTerms}

R0 -: HKLM-Main,Search Bar =

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O17 -: HKLM\CCS\Interface\{D3B03361-CCB7-4AB3-BAE3-8BAB2B34B1FB}: NameServer = 200.204.0.138 200.204.0.10

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-02 01:39:19

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

Tempo para conclusão: 2008-11-02 1:40:51

ComboFix-quarantined-files.txt 2008-11-02 03:40:46

Pré-execução: 9 pasta(s) 33.086.451.712 bytes disponíveis

Pós execução: 9 pasta(s) 33,722,298,368 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

154 --- E O F --- 2008-10-24 02:48:50

PedroN · Novembro 2, 2008

- Faça o download do Malwarebytes Anti-Malware

http://www.besttechie.net/tools/mbam-setup.exe

◘ Faça a instalação dando um duplo clique em "mbam-setup.exe";

◘ Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;

◘ Marque "Verificação Rápida" e depois clique em Verificar;

◘ Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

◘ Se algo for detectado, veja se tudo está marcado e clique em "Remover";

◘ O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

◘ Copie e cole o conteúdo desse log na sua próxima resposta.

- Gere novo log do HijackThis e cole na sua resposta.

paulogbevilaqua · Novembro 2, 2008

Então, só pra saber: o soutros logs que você deu uma olhada não encontraram nada. É isso?

Agradeço a disponibilidade de me ajudar.

Aqui vão os logs do malware bytes e do hijack:

Malwarebytes' Anti-Malware 1.30

Versão do banco de dados: 1357

Windows 5.1.2600 Service Pack 3

2/11/2008 19:59:53

mbam-log-2008-11-02 (19-59-53).txt

Tipo de Verificação: Rápida

Objetos verificados: 44292

Tempo decorrido: 3 minute(s), 24 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados: