[Arquivado] Log para analise.

Carlos_Henrique · Dezembro 1, 2008

Por favor, analizem este log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:09:11, on 1/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Documents and Settings\Carlos_PC\Vistart\ViStart.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

E:\eMule\emule.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Nero\Nero 7\Core\nero.exe

C:\HiJack\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Startup: ViStart.lnk = C:\Documents and Settings\Carlos_PC\Vistart\ViStart.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213451990500

O16 - DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} (CSmartClient Object) - http://www.smart-clip.com/activex/SmartClip.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE68EB07-0993-4B59-BD87-50FE66E1C15D}: NameServer = 200.165.132.147,200.165.132.155

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 7146 bytes

Desde já agradeço a todos!

Muito obrigado.

jgarcia · Dezembro 2, 2008

Opa Carlos_Henrique,

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

Clique sobre “SIM” para continuar a varredura.

5) O ComboFix iniciará o AUTOSCAN (aguarde).

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

Ao término do processo a máquina será reiniciada para a emissão do relatório.

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

Abraços.

Carlos_Henrique · Dezembro 2, 2008

Amigo JGARCIA, obrigado pela ajuda.

Fiz o procedimento que você solicitou, abaixo o log gerado pelo combofix.

ComboFix 08-12-01.01 - Carlos_PC 2008-12-02 7:46:35.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1110 [GMT -3:00]

Executando de: c:\documents and settings\Carlos_PC\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Carlos_PC\Dados de aplicativos\inst.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_XPROTECTOR

-------\Service_XPROTECTOR

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-02 to 2008-12-02 ))))))))))))))))))))))))))))

.

2008-12-01 10:08 . 2008-12-01 10:09 <DIR> d-------- C:\HiJack

2008-11-21 09:24 . 2008-11-21 09:24 236 --a------ C:\sqmdata13.sqm

2008-11-21 09:24 . 2008-11-21 09:24 200 --a------ C:\sqmnoopt13.sqm

2008-11-18 09:51 . 2008-11-18 09:51 <DIR> d-------- c:\arquivos de programas\Vygis

2008-11-16 08:59 . 2008-11-16 08:59 200 --a------ C:\sqmnoopt12.sqm

2008-11-16 08:59 . 2008-11-16 08:59 200 --a------ C:\sqmdata12.sqm

2008-11-14 19:05 . 2008-11-14 19:05 200 --a------ C:\sqmnoopt11.sqm

2008-11-14 19:05 . 2008-11-14 19:05 200 --a------ C:\sqmdata11.sqm

2008-11-13 11:21 . 2008-11-13 11:21 <DIR> d-------- c:\arquivos de programas\Tutoriais Desmontagem

2008-11-08 08:35 . 2008-11-08 08:35 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\PCSuite

2008-11-08 08:35 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll

2008-11-08 08:35 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll

2008-11-08 08:35 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys

2008-11-08 08:35 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys

2008-11-08 08:35 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys

2008-11-08 08:35 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys

2008-11-07 19:19 . 2008-11-07 19:19 200 --a------ C:\sqmnoopt10.sqm

2008-11-07 19:19 . 2008-11-07 19:19 200 --a------ C:\sqmdata10.sqm

2008-11-06 09:16 . 2008-11-06 09:16 0 --a------ c:\windows\gt.INI

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-28 14:43 --------- d-----w c:\documents and settings\Carlos_PC\Dados de aplicativos\Vso

2008-11-27 11:09 --------- d-----w c:\arquivos de programas\Thoosje Sidebar V2.3

2008-11-20 11:28 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-11-13 16:15 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\vsosdk

2008-11-08 11:35 --------- d-----w c:\arquivos de programas\Nokia

2008-11-08 11:35 --------- d-----w c:\arquivos de programas\Arquivos comuns\Nokia

2008-11-08 11:34 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Installations

2008-10-30 20:05 --------- d-----w c:\arquivos de programas\Windows Live Safety Center

2008-10-29 18:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Bluetooth

2008-10-29 11:28 --------- d-----w c:\arquivos de programas\NHL by blackattack

2008-10-27 14:07 --------- d-----w c:\arquivos de programas\Windows Live

2008-10-27 14:07 --------- d-----w c:\arquivos de programas\Microsoft

2008-10-27 14:01 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2008-10-25 19:58 --------- d-----w c:\documents and settings\Carlos_PC\Dados de aplicativos\PC Suite

2008-10-25 12:40 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2008-10-25 12:40 47,360 ----a-w c:\documents and settings\Carlos_PC\Dados de aplicativos\pcouffin.sys

2008-10-25 12:40 --------- d-----w c:\arquivos de programas\VSO

2008-10-25 11:44 --------- d-----w c:\arquivos de programas\SETOOL

2008-10-02 14:26 --------- d-----w c:\documents and settings\Carlos_PC\Dados de aplicativos\InstallShield

2008-10-02 12:30 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-09-09 02:03 51,712 ----a-w c:\windows\system32\sirenacm.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3513344]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-05-08 153136]

"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]

"Nokia.PCSync"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

"nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BlueSoleil.lnk

backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 01:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2006-12-05 22:55 54832 c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]

--a------ 2008-06-17 16:00 1249280 c:\arquivos de programas\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a------ 2008-10-02 07:00 1124352 c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2006-11-23 15:10 56928 c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\GsmServer\\SCout\\SCout.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Arquivos de programas\\Motorola\\PST\\pst.exe"=

"c:\\Arquivos de programas\\Motorola\\RSD Lite\\SDL.exe"=

"d:\\SopCast\\SopCast.exe"=

"d:\\SopCast\\adv\\SopAdver.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"e:\\DreaMule\\emule.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-14 110160]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-06-14 20560]

R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\atl02_xp.sys [2008-06-14 28416]

R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [2006-05-19 15328]

R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [2006-05-19 13440]

R3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\DRIVERS\smccard.sys [2008-07-23 12800]

S3 dmtoolusb;LOCOSTO Flash Interface;c:\windows\system32\Drivers\dmtoolusb.sys [2007-06-25 18304]

S3 DreamBox;Dream Box device;c:\windows\system32\Drivers\DREAMBOX.sys [2008-06-28 16896]

S3 Egatecard;Egatecard;c:\windows\system32\Drivers\egate.sys [2006-05-19 18880]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2007-09-25 13352]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-06-26 18176]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-06-26 7680]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2008-06-26 42112]

S3 MtbUsb;Universal Flashing Interface;c:\windows\system32\Drivers\mtbox.sys [2005-09-07 31452]

S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2008-06-18 3567]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]

S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s916mgmt.sys [2007-11-02 103976]

S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s916obex.sys [2007-11-02 100008]

S3 se3ebus;Sony Ericsson Device 062 (WDM);c:\windows\system32\DRIVERS\se3ebus.sys [2008-06-14 66656]

S3 se3emdfl;Sony Ericsson Device 062 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se3emdfl.sys [2008-06-14 9392]

S3 se3emdm;Sony Ericsson Device 062 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se3emdm.sys [2008-06-14 100736]

S3 se3emgmt;Sony Ericsson Device 062 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se3emgmt.sys [2008-06-14 92304]

S3 se3eobex;Sony Ericsson Device 062 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se3eobex.sys [2008-06-14 90144]

S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2007-02-26 61536]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se44mdfl.sys [2007-02-26 9360]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se44mdm.sys [2007-02-26 97088]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se44mgmt.sys [2007-02-26 88624]

S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);c:\windows\system32\DRIVERS\se44nd5.sys [2007-02-26 18704]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se44obex.sys [2007-02-26 86432]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);c:\windows\system32\DRIVERS\se44unic.sys [2007-02-26 90800]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\DRIVERS\se46bus.sys [2007-06-15 61536]

S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se46mdfl.sys [2007-06-15 9360]

S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se46mdm.sys [2007-06-15 97088]

S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se46mgmt.sys [2007-06-15 88624]

S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\DRIVERS\se46nd5.sys [2007-06-15 18704]

S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se46obex.sys [2007-06-15 86432]

S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\DRIVERS\se46unic.sys [2007-06-15 90800]

S3 token;USB Token Service;c:\windows\system32\DRIVERS\eps2kt1.sys [2008-07-23 21888]

S3 UFS2XX;UFS2XX.SYS UFS2 device driver;c:\windows\system32\drivers\UFS2XX.sys [2008-06-16 53184]

S3 usb2vcom;USB Data Cable;c:\windows\system32\DRIVERS\usb2vcom.sys [2005-01-05 28704]

S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2007-06-15 61504]

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2007-06-15 9328]

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2007-06-15 97056]

S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w200mgmt.sys [2007-06-15 88560]

S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w200obex.sys [2007-06-15 86368]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w300mgmt.sys [2006-12-26 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w300obex.sys [2006-12-26 85696]

S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\DRIVERS\z530bus.sys [2006-12-26 58288]

S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\DRIVERS\z530mdfl.sys [2006-12-26 8336]

S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\DRIVERS\z530mdm.sys [2006-12-26 94064]

S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\z530mgmt.sys [2006-12-26 85408]

S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\z530obex.sys [2006-12-26 83344]

S3 Z550bus;Sony Ericsson Z550 driver (WDM);c:\windows\system32\DRIVERS\Z550bus.sys [2008-06-14 60800]

S3 Z550mdfl;Sony Ericsson Z550 USB WMC Modem Filter;c:\windows\system32\DRIVERS\Z550mdfl.sys [2006-12-26 9264]

S3 Z550mdm;Sony Ericsson Z550 USB WMC Modem Driver;c:\windows\system32\DRIVERS\Z550mdm.sys [2006-12-26 96352]

S3 Z550mgmt;Sony Ericsson Z550 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\Z550mgmt.sys [2006-12-26 87824]

S3 Z550obex;Sony Ericsson Z550 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\Z550obex.sys [2006-12-26 85696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{465375df-8bbd-11dd-900c-001167ab73df}]

\Shell\Auto\Command - H:\program.exe e

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c8a82f4-58d0-11dd-8fb6-001167ab73df}]

\Shell\Auto\command - auto.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

TCP: {CE68EB07-0993-4B59-BD87-50FE66E1C15D} = 200.165.132.147,200.165.132.155

c:\windows\Downloaded Program Files\SmartClip.dll - O16 -: {6ABE4BC3-7253-418E-85E8-F334A73154D3}

hxxp://www.smart-clip.com/activex/SmartClip.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-02 07:51:51

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\scardsvr.exe

c:\windows\system32\LckFldService.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\documents and settings\Carlos_PC\Vistart\ViStart.exe

c:\arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-12-02 7:54:26 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-12-02 10:54:22

Pré-execução: 15 pasta(s) 19.569.147.904 bytes disponíveis

Pós execução: 15 pasta(s) 19,703,169,024 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

232

Abaixo esta outro log do HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:04:25, on 2/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Documents and Settings\Carlos_PC\Vistart\ViStart.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe