[Arquivado] Pc perdendo desempenho

[DidoLaco 0]

Meu pc está perdendo desempenho do nada

Acredito que seja algum malware

Não tenho anti-virus, me recomendam algum?

 

 

Segue Log HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:40:34, on 17/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\system32\nvsvc32.exe

C:\Alcohol 120\StarWind\StarWindService.exe

F:\WINDOWS\system32\wscntfy.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\RUNDLL32.EXE

F:\WINDOWS\SOUNDMAN.EXE

F:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

C:\Claro\Claro.exe

F:\WINDOWS\system32\wuauclt.exe

C:\Tibia\Tibia.exe

F:\WINDOWS\system32\wuauclt.exe

F:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Avg\avgssie.dll (file missing)

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - F:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - F:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "F:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ScreenHunter 5.0 Free.lnk = F:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - F:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AF3832E-9C5E-4519-A02E-8286071CDB6F}: NameServer = 200.169.116.22 200.169.116.23

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 5075 bytes

[Silas Martins 0]

1º Passo: Baixe e instale o Avira AntiVir Personal 8.2.0.334

 

2º Passo:

Baixe e execute o HostsXpert.

 

→Execute o HostsXpert, por meio do arquivo HostsXpert.exe,

→clique em Restore Microsoft's Hosts File e aperte em OK.

→Depois disso, finalize o programa.

 

3º Passo

Baixe o Malwarebytes Anti-Malware

 

 

* Inicie a instalação clique em "mbam-setup.exe";

* Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir.

* Marque "Verificação Rápida" e depois clique em Verificar.

* Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

* Se algo for detectado, veja se tudo está marcado e clique em "Remover";

* O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

* Copie e cole esse log, juntamente com o novo log do hijacktihis .

Aguado o retorno.

[DidoLaco 0]

1º Passo: Baixe e instale o Avira AntiVir Personal 8.2.0.334

 

2º Passo:

Baixe e execute o HostsXpert.

 

→Execute o HostsXpert, por meio do arquivo HostsXpert.exe,

→clique em Restore Microsoft's Hosts File e aperte em OK.

→Depois disso, finalize o programa.

 

3º Passo

Baixe o Malwarebytes Anti-Malware

 

 

* Inicie a instalação clique em "mbam-setup.exe";

* Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir.

* Marque "Verificação Rápida" e depois clique em Verificar.

* Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

* Se algo for detectado, veja se tudo está marcado e clique em "Remover";

* O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

* Copie e cole esse log, juntamente com o novo log do hijacktihis .

Aguado o retorno.

 

 

1º Passo:

 

Realizado com sucesso.

 

2º Passo:

 

Realizado com sucesso.

 

3º Passo:

 

Programa deu erro ao ser iniciado pela primeira vez

Tentei iniciar de novo e consegui fazer o Scan.

Logo após gerar o Log o programa se fechou novamente.

 

 

 

Segue Logs Malware e HJT

 

Malwarebytes' Anti-Malware 1.34

Versão do banco de dados: 1749

Windows 5.1.2600 Service Pack 2

 

17/3/2009 20:34:54

mbam-log-2009-03-17 (20-34-54).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 57083

Tempo decorrido: 3 minute(s), 49 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

 

____________________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:43:07, on 17/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

F:\WINDOWS\system32\nvsvc32.exe

C:\Alcohol 120\StarWind\StarWindService.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\wscntfy.exe

F:\WINDOWS\system32\RUNDLL32.EXE

F:\WINDOWS\SOUNDMAN.EXE

F:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

C:\Claro\Claro.exe

C:\Firefox\firefox.exe

F:\WINDOWS\system32\taskmgr.exe

F:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Avg\avgssie.dll (file missing)

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - F:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - F:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [avgnt] "F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "F:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ScreenHunter 5.0 Free.lnk = F:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - F:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AF3832E-9C5E-4519-A02E-8286071CDB6F}: NameServer = 200.169.116.22 200.169.116.23

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 5830 bytes

[Silas Martins 0]

Baixe o Norman Malware Cleaner aqui:http://superdownloads.uol.com.br/redir.cfm?softid=63672

Depois de instalado execute e adicione todas as áreas físicas e removiveis do seu pc ( ex: Ec: F: e outras) só então clique em StartScan.

Apos isso poste o log do Hijackthis,juntamente com o log do Norman

[DidoLaco 0]

Novamente tive problemas ao executar o procedimento.

 

Tive de rodar o Norman por 2 vezes segue as Logs.

 

Norman Malware Cleaner

Copyright © 1990 - 2009, Norman ASA. Built 2009/03/26 05:17:51

 

Norman Scanner Engine Version: 6.00.06

Nvcbin.def Version: 6.00.00, Date: 2009/03/26 05:17:51, Variants: 3045527

 

Scan started: 26/03/2009 21:06:36

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2

Logged on user: FERNANDO\Administrador

 

 

 

Scanning running processes and process memory...

 

F:\WINDOWS\system32\DRIVERS\ithsgt.sys (Infected with W32/Vundo.FTH)

Removed driver: ithsgt

Deleted file

 

F:\WINDOWS\system32\DRIVERS\lilsgt.sys (Infected with W32/Vundo.FTI)

Removed driver: lilsgt

Deleted file

 

Number of processes/threads found: 1263

Number of processes/threads scanned: 1263

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 47s

 

 

Scanning file system...

 

Scanning: C:\*.*

 

Scanning: D:\*.*

 

D:\Documents and Settings\Dido\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\kg0fxrq9.default\Cache\8D835389d01/unknown0 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\Documents and Settings\Dido\Desktop\Incoming\Doce Encontro - Ja´ Virou Rotina.mp3 (Error opening file: Not found)

 

D:\Documents and Settings\Dido\Desktop\Incoming\Tim Maia - Coletânea.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\Breath of Fire 2 (U)_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\Dragon Ball Z - The Legacy Of Goku (U)_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\Final Fantasy Tactics Advance (U) (Eurasia)_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\Pokemon Ruby (U) (Intro Hack) (Mugs)_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\Project64_1_6.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\Star Wars - Flight of the Falcon (EUR)_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

A fatal error occured whilst scanning.

0xC0000005 (42D4AA)

 

 

 

Segunda Log

 

Norman Malware Cleaner

Copyright © 1990 - 2009, Norman ASA. Built 2009/03/26 05:17:51

 

Norman Scanner Engine Version: 6.00.06

Nvcbin.def Version: 6.00.00, Date: 2009/03/26 05:17:51, Variants: 3045527

 

Scan started: 28/03/2009 18:08:26

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2

Logged on user: FERNANDO\Administrador

 

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 1279

Number of processes/threads scanned: 1269

Number of processes/threads not scanned: 10

Number of infected processes/threads terminated: 0

Total scanning time: 49s

 

 

Scanning file system...

 

Scanning: C:\*.*

 

Scanning: D:\*.*

 

D:\Arquivos de programas\Java\jre1.6.0_03\lib\rt.jar/sun/security/x509/DistributionPoint.class (Error whilst scanning file: I/O Error (0x00220005))

 

D:\Arquivos de programas\Java\jre1.6.0_03\lib\rt.jar/sun/security/a509/Distributio÷PointName.classZþº¾ (Error whilst scanning file: I/O Error (0x00220005))

 

D:\Documents and Settings\Dido\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\kg0fxrq9.default\Cache\8D835389d01/unknown0 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\Documents and Settings\Dido\Desktop\Incoming\Doce Encontro - Ja´ Virou Rotina.mp3 (Error opening file: Not found)

 

D:\Documents and Settings\Dido\Desktop\Incoming\Tim Maia - Coletânea.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\Breath of Fire 2 (U)_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\Dragon Ball Z - The Legacy Of Goku (U)_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\Final Fantasy Tactics Advance (U) (Eurasia)_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\Pokemon Ruby (U) (Intro Hack) (Mugs)_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\Project64_1_6.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\Star Wars - Flight of the Falcon (EUR)_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\Star Wars - Jedi Power Battles (E) (Rocket)_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\Star Wars - The New Droid Army (E) (Patience).rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\Star Wars Episode II - Attack Of The Clones (U)_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

D:\Documents and Settings\Dido\Desktop\Programas\TibiaMC.zip/Tibia.exe (Infected with W32/Tibia.ACE)

Deleted file

 

D:\Documents and Settings\Dido\Desktop\Programas\TibiaMC.zip (Empty archive after cleaning)

Deleted file

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown6 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown7 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown8 (Error whilst scanning file: I/O Error (0x00000000))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown9 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown10 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown11 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown12 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown13 (Error whilst scanning file: I/O Error (0x00000000))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown14 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown15 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown16 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown17 (Error whilst scanning file: I/O Error (0x00000000))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown18 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown19 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown20 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown21 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown22 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown23 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown24 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown25 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown26 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown27 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown28 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown29 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown30 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown31 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown32 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown33 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown34 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown35 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown36 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown37 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown38 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown39 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown40 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown41 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown42 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown43 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown44 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown45 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown46 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown47 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown48 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown49 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown50 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown51 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown52 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown53 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown54 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown55 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown56 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown57 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown58 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown59 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown60 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown61 (Error whilst scanning file: I/O Error (0x00000000))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown62 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown63 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown64 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown65 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown66 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown67 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown68 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown69 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown70 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown71 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown72 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown73 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown74 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown75 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown76 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown77 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown78 (Error whilst scanning file: I/O Error (0x00000000))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown79 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown80 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\fp40ext.cab/unknown81 (Error whilst scanning file: I/O Error (0x00220005))

 

D:\WINDOWS\system32\drivers\ithsgt.sys (Infected with W32/Vundo.FTH)

Deleted file

 

D:\WINDOWS\system32\drivers\lilsgt.sys (Infected with W32/Vundo.FTI)

Deleted file

 

D:\WINDOWS\system32\drivers\uteznzew.sys (Infected with W32/Bagle.GEX)

Deleted file

 

Scanning: E:\*.*

 

Scanning: F:\*.*

 

F:\Documents and Settings\Administrador\Desktop\Emulador Ps1\sstates\SCUS_942.54.001/unknown0 (Error whilst scanning file: I/O Error (0x00220005))

 

F:\Documents and Settings\Administrador\Desktop\Visual Boy Advanced\Breath of Fire 2 (U)_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

F:\Documents and Settings\Administrador\Desktop\Visual Boy Advanced\Pokemon Ruby (U) (Intro Hack) (Mugs)_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

F:\Documents and Settings\Administrador\Desktop\Visual Boy Advanced\Project64_1_6.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

F:\Documents and Settings\Administrador\Desktop\Visual Boy Advanced\X-Men%202%20-%20Wolverine%B4s%20Revenge%20%28U%29%20%28Lightforce%29_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

F:\Documents and Settings\Administrador\Desktop\Visual Boy Advanced\Yu-Gi-Oh! Worldwide Edition (U) (RDG)_emulabr.com.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

F:\Documents and Settings\Administrador\Meus documentos\AdbeRdr90_pt_BR.exe (Infected with W32/Smalltroj.LVUH)

Deleted file

 

F:\System Volume Information\_restore{54A31BC4-8424-412A-A85C-A66F2EDB60AB}\RP121\A0111042.sys (Infected with W32/Vundo.FTH)

Deleted file

 

F:\System Volume Information\_restore{54A31BC4-8424-412A-A85C-A66F2EDB60AB}\RP121\A0111043.sys (Infected with W32/Vundo.FTI)

Deleted file

 

Scanning: d:\System Volume Information\*.*

 

d:\System Volume Information\_restore{54A31BC4-8424-412A-A85C-A66F2EDB60AB}\RP122\A0111065.sys (Infected with W32/Vundo.FTH)

Deleted file

 

d:\System Volume Information\_restore{54A31BC4-8424-412A-A85C-A66F2EDB60AB}\RP122\A0111066.sys (Infected with W32/Vundo.FTI)

Deleted file

 

d:\System Volume Information\_restore{54A31BC4-8424-412A-A85C-A66F2EDB60AB}\RP122\A0111067.sys (Infected with W32/Bagle.GEX)

Deleted file

 

 

Running post-scan cleanup routine:

 

Number of files found: 139308

Number of archives unpacked: 1198

Number of files scanned: 139199

Number of files not scanned: 109

Number of files skipped due to exclude list: 0

Number of infected files found: 11

Number of infected files repaired/deleted: 11

Number of infections removed: 11

Total scanning time: 1h 4m 20s

 

 

 

Log HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:45:40, on 31/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

F:\WINDOWS\system32\nvsvc32.exe

C:\Alcohol 120\StarWind\StarWindService.exe

F:\WINDOWS\system32\wscntfy.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\RUNDLL32.EXE

F:\WINDOWS\SOUNDMAN.EXE

F:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

F:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

C:\Claro\Claro.exe

C:\Firefox\firefox.exe

F:\WINDOWS\system32\wuauclt.exe

F:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Avg\avgssie.dll (file missing)

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - F:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - F:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [avgnt] "F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "F:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ScreenHunter 5.0 Free.lnk = F:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - F:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AF3832E-9C5E-4519-A02E-8286071CDB6F}: NameServer = 200.169.116.22 200.169.116.23

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 5780 bytes

[Silas Martins 0]

SDFix:

Baixe o SDFix e e arquive na sua área de trabalho.

 

*Execute o SDFix.exe clicando duas vezes sobre ele.

* Permitam-lo para instalar na localização padrão, que é normalmente c: \ SDFix

* Agora, por favor, reinicie o computador em modo de segurança (Reinicie o computador e segure a tecla F8 sem solta-la até que seja disponibilizada a tela onde você opte por modo de segurança)

* Depois de ter arrancado em modo seguro, abra o C: \ SDFix pasta e dê um duplo clique em RunThis.bat para iniciar o script.

* Aperte Y para iniciar a limpeza do processo.

* Ele irá remover qualquer Tróia ou Serviços Secretaria entradas encontradas e, em seguida, pedir-lhe para pressione qualquer tecla para reiniciar.

* Pressione qualquer tecla e ele irá reiniciar o PC.

* Quando o PC reinicia a Fixtool irá correr de novo e completar o processo de remoção exibição terminados em seguida, pressione qualquer tecla para terminar o script e carregar seu desktop ícones.

* Depois de a carregar os ícones desktop SDFix relatório será aberta a tela e também em salvar a pasta SDFix como Report.txt.

*Poste o Report.txt juntamente com novo log do hijackthis gerado em modo normal.

[DidoLaco 0]

Log SD FIX:

 

 

SDFix: Version 1.240

Run by Administrador on qui 02/04/2009 at 21:43

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: F:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-02 21:56:29

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:1f5507ee

"s2"=dword:78b69d4f

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="C:\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:16,7e,1c,e0,6c,30,2e,46,e7,d0,a9,4d,b1,3d,8f,19,8d,01,9f,e7,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="C:\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:16,7e,1c,e0,6c,30,2e,46,e7,d0,a9,4d,b1,3d,8f,19,8d,01,9f,e7,2f,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

F:\WINDOWS\SoftwareDistribution\Download\286c254ee4e7710365274c10a063b3f3\spcompat.dll 438272 bytes executable

F:\WINDOWS\SoftwareDistribution\Download\286c254ee4e7710365274c10a063b3f3\spdelta.cat 36549 bytes

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 2

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\Ares\\Ares.exe"="C:\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"

"F:\\WINDOWS\\system32\\sessmgr.exe"="F:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\\Tibia\\Tibia.exe"="C:\\Tibia\\Tibia.exe:*:Enabled:Tibia Player"

"F:\\Arquivos de programas\\Messenger\\msmsgs.exe"="F:\\Arquivos de programas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\LimeWire\\LimeWire.exe"="C:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\eMule\\emule.exe"="C:\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\CM\\cm0102.exe"="C:\\CM\\cm0102.exe:*:Enabled:cm0102"

"F:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Age of Empires\\age2_x1.exe"="C:\\Age of Empires\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"

"C:\\CM + Patch 3.9.68\\cm0102.exe"="C:\\CM + Patch 3.9.68\\cm0102.exe:*:Enabled:cm0102"

"C:\\CM + Patch 3.9.68\\cm0102_GDI.exe"="C:\\CM + Patch 3.9.68\\cm0102_GDI.exe:*:Enabled:cm0102_GDI"

"C:\\CM\\cm0102_GDI.exe"="C:\\CM\\cm0102_GDI.exe:*:Enabled:cm0102_GDI"

"F:\\Documents and Settings\\Administrador\\Desktop\\CM + Patch 3.9.68\\cm0102_GDI.exe"="F:\\Documents and Settings\\Administrador\\Desktop\\CM + Patch 3.9.68\\cm0102_GDI.exe:*:Enabled:cm0102_GDI"

"F:\\Documents and Settings\\Administrador\\Dados de aplicativos\\GameRanger\\GameRanger\\GameRanger.exe"="F:\\Documents and Settings\\Administrador\\Dados de aplicativos\\GameRanger\\GameRanger\\GameRanger.exe:*:Enabled:GameRanger"

"F:\\WINDOWS\\system32\\dplaysvr.exe"="F:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"F:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Tue 3 Aug 2004 1,667,584 ..SH. --- "F:\Arquivos de programas\Messenger\msmsgs.exe"

Tue 4 Nov 2008 0 A.SH. --- "F:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Wed 14 Jan 2009 4,751,728 A..H. --- "F:\WINDOWS\SoftwareDistribution\Download\23ac33309500c041ab1d5d13788065b9\BIT1.tmp"

Sat 21 Mar 2009 55,499,652 A..H. --- "F:\WINDOWS\SoftwareDistribution\Download\db1c3fb24aa213771b47fcd71e31a77b\BIT4.tmp"

 

Finished!

 

LOG HJT:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:11:53, on 2/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

F:\WINDOWS\system32\nvsvc32.exe

C:\Alcohol 120\StarWind\StarWindService.exe

F:\WINDOWS\system32\wscntfy.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\wuauclt.exe

F:\WINDOWS\system32\RUNDLL32.EXE

F:\WINDOWS\SOUNDMAN.EXE

F:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

F:\Arquivos de programas\Sony Ericsson\Sony Ericsson Wireless Manager 5\WirelessManager.exe

C:\Firefox\firefox.exe

F:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Avg\avgssie.dll (file missing)

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - F:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - F:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [avgnt] "F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "F:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ScreenHunter 5.0 Free.lnk = F:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - F:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 5667 bytes

[Silas Martins 0]

ComboFix

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt e do novo log Hijackthis em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

Aguardo retorno

[DidoLaco 0]

Realizei os procedimentos como pedido.

 

LOG ComboFix

 

ComboFix 09-04-04.01 - Administrador 2009-04-07 17:09:47.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1023.736 [GMT -3:00]

Executando de: f:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: *On-access scanning enabled* (Outdated)

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-07 to 2009-04-07 ))))))))))))))))))))))))))))

.

 

2009-04-05 11:53 . 2009-04-05 11:53 <DIR> d-------- f:\windows\system32\KB905474

2009-04-05 11:53 . 2009-03-10 22:26 1,434,496 --a------ f:\windows\system32\KB905474\wganotifypackageinner.exe

2009-04-05 11:53 . 2009-03-10 22:18 454,536 --a------ f:\windows\system32\KB905474\wgasetup.exe

2009-04-05 11:53 . 2009-02-09 18:51 14,318 --a------ f:\windows\system32\KB905474\wga_eula.txt

2009-04-02 21:40 . 2009-04-02 21:40 <DIR> d-------- f:\windows\ERUNT

2009-04-02 21:34 . 2009-04-02 21:58 <DIR> d-------- F:\SDFix

2009-04-01 21:37 . 2009-04-01 21:37 <DIR> d-------- f:\documents and settings\Administrador\Dados de aplicativos\Sony Ericsson

2009-04-01 17:19 . 2008-02-06 16:15 380,672 -ra------ f:\windows\system32\drivers\sembmdm2.sys

2009-04-01 17:19 . 2008-02-06 16:16 344,064 -ra------ f:\windows\system32\drivers\sembunic.sys

2009-04-01 17:19 . 2008-02-06 16:15 343,680 -ra------ f:\windows\system32\drivers\sembmgmt.sys

2009-04-01 17:19 . 2008-02-06 16:16 337,408 -ra------ f:\windows\system32\drivers\sembwwan.sys

2009-04-01 17:19 . 2008-02-06 16:14 337,408 -ra------ f:\windows\system32\drivers\sembcard.sys

2009-04-01 17:19 . 2008-02-06 16:15 84,992 -ra------ f:\windows\system32\sembir32.dll

2009-04-01 17:19 . 2008-02-06 16:16 24,960 -ra------ f:\windows\system32\drivers\sembnd5.sys

2009-04-01 17:19 . 2008-02-06 16:15 14,976 -ra------ f:\windows\system32\drivers\sembmdfl2.sys

2009-04-01 17:19 . 2007-08-14 10:15 12,672 -ra------ f:\windows\system32\drivers\sesc.sys

2009-04-01 17:19 . 2008-02-06 16:14 12,160 -ra------ f:\windows\system32\drivers\sembcmnt.sys

2009-04-01 17:19 . 2008-02-06 16:14 12,160 -ra------ f:\windows\system32\drivers\sembcm.sys

2009-04-01 17:19 . 2008-02-06 16:15 10,752 -ra------ f:\windows\system32\drivers\sembcr.sys

2009-04-01 17:15 . 2008-02-15 19:04 17,408 -ra------ f:\windows\system32\drivers\semcreserved.sys

2009-04-01 17:14 . 2009-04-01 17:14 <DIR> d----c--- f:\windows\system32\DRVSTORE

2009-04-01 17:14 . 2008-02-06 16:14 260,992 -ra------ f:\windows\system32\drivers\sembbus.sys

2009-04-01 17:14 . 2008-02-06 16:16 12,160 -ra------ f:\windows\system32\drivers\sembwhnt.sys

2009-04-01 17:14 . 2008-02-06 16:16 12,160 -ra------ f:\windows\system32\drivers\sembwh.sys

2009-04-01 17:13 . 2009-04-01 21:37 <DIR> d-------- f:\arquivos de programas\Sony Ericsson

2009-03-31 13:15 . 2009-03-31 13:18 <DIR> d-------- f:\documents and settings\Administrador\Dados de aplicativos\GameRanger

2009-03-17 20:28 . 2009-03-17 20:28 <DIR> d-------- f:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-03-17 20:28 . 2009-03-17 20:28 <DIR> d-------- f:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-03-17 20:28 . 2009-02-11 10:19 38,496 --a------ f:\windows\system32\drivers\mbamswissarmy.sys

2009-03-17 20:28 . 2009-02-11 10:19 15,504 --a------ f:\windows\system32\drivers\mbam.sys

2009-03-17 19:54 . 2009-03-17 19:54 <DIR> d-------- f:\arquivos de programas\Avira

2009-03-17 16:34 . 2009-04-02 22:11 <DIR> d-------- F:\HiJackThis

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-17 20:06 --------- d-----w f:\arquivos de programas\PokerStars

2009-02-15 23:00 --------- d-----w f:\documents and settings\Administrador\Dados de aplicativos\Tibia

2009-02-09 14:17 1,846,400 ----a-w f:\windows\system32\win32k.sys

2009-02-06 21:52 49,504 ----a-w f:\windows\system32\sirenacm.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"msnmsgr"="f:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2006-07-24 5898240]

"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2006-07-24 86016]

"SunJavaUpdateSched"="f:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Easy-PrintToolBox"="f:\arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-16 398944]

"nwiz"="nwiz.exe" [2006-07-24 f:\windows\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 f:\windows\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

f:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

ScreenHunter 5.0 Free.lnk - f:\arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe [2008-10-19 4878336]

 

f:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\office10\OSA.EXE [2001-02-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Ares\\Ares.exe"=

"f:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Tibia\\Tibia.exe"=

"f:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"f:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Age of Empires\\age2_x1.exe"=

"c:\\CM + Patch 3.9.68\\cm0102.exe"=

"c:\\CM + Patch 3.9.68\\cm0102_GDI.exe"=

"f:\\Documents and Settings\\Administrador\\Dados de aplicativos\\GameRanger\\GameRanger\\GameRanger.exe"=

"f:\\WINDOWS\\system32\\dplaysvr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1626:UDP"= 1626:UDP:Windows Media Format SDK (firefox.exe)

"1627:UDP"= 1627:UDP:Windows Media Format SDK (firefox.exe)

 

R3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;f:\windows\system32\drivers\sesc.sys [2009-04-01 12672]

S3 sembbus;SEMC WMC Composite Device driver (WDM);f:\windows\system32\drivers\sembbus.sys [2009-04-01 260992]

S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);f:\windows\system32\drivers\sembcard.sys [2009-04-01 337408]

S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;f:\windows\system32\drivers\sembmdfl2.sys [2009-04-01 14976]

S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;f:\windows\system32\drivers\sembmdm2.sys [2009-04-01 380672]

S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);f:\windows\system32\drivers\sembmgmt.sys [2009-04-01 343680]

S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);f:\windows\system32\drivers\sembnd5.sys [2009-04-01 24960]

S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);f:\windows\system32\drivers\sembunic.sys [2009-04-01 344064]

S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);f:\windows\system32\drivers\sembwwan.sys [2009-04-01 337408]

S3 SEMCReserved;SEMC Reserved Interface;f:\windows\system32\drivers\semcreserved.sys [2009-04-01 17408]

 

--- ---

 

*Deregistered* - avgio

*Deregistered* - avipbb

*Deregistered* - ssmdrv

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\SETUP.EXE -autorun

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37de151e-bce8-11dd-83df-0040ca9a278a}]

\Shell\AutoRun\command - I:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37de1521-bce8-11dd-83df-0040ca9a278a}]

\Shell\AutoRun\command - I:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ec58d04-dddf-11dd-8449-0040ca9a278a}]

\Shell\AutoRun\command - I:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55c97b82-c16f-11dd-83e9-0040ca9a278a}]

\Shell\AutoRun\command - I:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f659506-b5dc-11dd-83cd-0040ca9a278a}]

\Shell\AutoRun\command - xih9.cmd

\Shell\explore\Command - xih9.cmd

\Shell\open\Command - xih9.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db56f8bc-f2c3-11dd-848d-0040ca9a278a}]

\Shell\AutoRun\command - I:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f9eb34-cd1d-11dd-840c-0040ca9a278a}]

\Shell\AutoRun\command - I:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f9eb37-cd1d-11dd-840c-0040ca9a278a}]

\Shell\AutoRun\command - I:\AutoRun.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-07 f:\windows\Tasks\WGASetup.job

- f:\windows\system32\KB905474\wgasetup.exe [2009-03-10 22:18]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\office10\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - f:\arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - f:\arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - f:\arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

IE: Easy-WebPrint Print - f:\arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

FF - ProfilePath - f:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\kg0fxrq9.default\

FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - plugin: c:\firefox\plugins\npFoxitReaderPlugin.dll

 

---- FIREFOX POLICIES ----

c:\firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-07 17:10:48

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2009-04-07 17:12:11

ComboFix-quarantined-files.txt 2009-04-07 20:11:58

 

Pré-execução: 11 pasta(s) 40.528.248.832 bytes disponíveis

Pós execução: 10 pasta(s) 40,523,841,536 bytes disponíveis

 

159 --- E O F --- 2009-04-05 14:53:39

 

 

LOG HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:29:11, on 7/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\system32\nvsvc32.exe

C:\Alcohol 120\StarWind\StarWindService.exe

F:\WINDOWS\system32\wscntfy.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\RUNDLL32.EXE

F:\WINDOWS\SOUNDMAN.EXE

F:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

F:\HiJackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Avg\avgssie.dll (file missing)

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - F:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - F:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "F:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ScreenHunter 5.0 Free.lnk = F:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - F:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 4878 bytes

[Silas Martins 0]

1º Passo

 

CFScript

 

Copie,todo conteúdo citado abaixo e cole no Bloco de Notas. (NÃO COPIE A PALAVRA QUOTE)

Salve o arquivo na área de trabalho com o nome de: CFScript.txt

File::

f:\windows\system32\KB905474\wganotifypackageinner.exe

f:\windows\system32\KB905474\wgasetup.exe

f:\windows\system32\KB905474\wga_eula.txt

Folder::

f:\windows\system32\KB905474

 

Arraste o CFScript.txt até o ícone do Combofix, conforme ilustração abaixo:

 

Atenda à solicitação,que deverá surgir,para rodar o ComboFix

OBS: Arraste o CFScript até para o ícone até que apareça a janela(pequena) do combofix

Ao final poste o ComboFix.txt juntamente com o novo log do hijackthis

 

Obs.: Execute a ação com o seu pendrive conectado ao PC.

 

 

 

2º Passo

 

*Baixe o USBFix e salve-o no desktop

 

*Desative temporariamente seu antivírus

*Instale o programa (Suivant > Aceite o contrato > Suivant > Suivant > Démarrer > Quitter)

*Duplo clique no ícone criado no desktop

*O PC será reiniciado. Mantenha o Pendrive no local. Não remova!!

*Ao reiniciar o PC a ferramenta será executada automaticamente. Clique "Continue" e aguarde...

*Ao receber a mensagem "Nettoyage effectue!", tecle ENTER

*Cole o resultado criado em C:\UsbFix.txt e novo log do hijack

Aguardo retorno

[DidoLaco 0]

Ao rodar o Combo Fix deu vários erros no sistema é normal?

 

Log Combo Fix!

 

ComboFix 09-04-23.A3 - Administrador 23/04/2009 10:50.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.729 [GMT -3:00]

Executando de: f:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: f:\documents and settings\Administrador\Desktop\CFScript.txt

AV: *On-access scanning enabled* (Outdated)

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

f:\windows\system32\KB905474\wga_eula.txt

f:\windows\system32\KB905474\wganotifypackageinner.exe

f:\windows\system32\KB905474\wgasetup.exe

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-23 to 2009-4-23 ))))))))))))))))))))))))))))

.

 

2009-04-23 02:15 . 2009-04-23 13:25 -------- d-----w f:\documents and settings\Administrador\Dados de aplicativos\Tibia

2009-04-22 02:48 . 2009-04-22 02:48 -------- d-----w f:\documents and settings\Administrador\Dados de aplicativos\Cópia de Tibia

2009-04-12 01:48 . 2009-04-12 01:48 -------- d-----w f:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools Pro

2009-04-12 01:47 . 2009-04-12 01:47 -------- d-----w f:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2009-04-12 01:44 . 2009-04-12 01:44 -------- d-----w f:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools Lite

2009-04-11 00:30 . 2009-04-11 00:30 -------- d-----w F:\EVIDENCE

2009-04-03 00:40 . 2009-04-03 00:40 -------- d-----w f:\windows\ERUNT

2009-04-03 00:34 . 2009-04-03 00:58 -------- d-----w F:\SDFix

2009-04-02 00:37 . 2009-04-02 00:37 -------- d-----w f:\documents and settings\Administrador\Dados de aplicativos\Sony Ericsson

2009-04-01 20:19 . 2008-02-06 19:16 24960 ----a-r f:\windows\system32\drivers\sembnd5.sys

2009-04-01 20:19 . 2008-02-06 19:16 344064 ----a-r f:\windows\system32\drivers\sembunic.sys

2009-04-01 20:19 . 2008-02-06 19:15 10752 ----a-r f:\windows\system32\drivers\sembcr.sys

2009-04-01 20:19 . 2007-08-14 13:15 12672 ----a-r f:\windows\system32\drivers\sesc.sys

2009-04-01 20:19 . 2008-02-06 19:14 337408 ----a-r f:\windows\system32\drivers\sembcard.sys

2009-04-01 20:19 . 2008-02-06 19:16 337408 ----a-r f:\windows\system32\drivers\sembwwan.sys

2009-04-01 20:19 . 2008-02-06 19:15 343680 ----a-r f:\windows\system32\drivers\sembmgmt.sys

2009-04-01 20:19 . 2008-02-06 19:15 84992 ----a-r f:\windows\system32\sembir32.dll

2009-04-01 20:19 . 2008-02-06 19:15 380672 ----a-r f:\windows\system32\drivers\sembmdm2.sys

2009-04-01 20:19 . 2008-02-06 19:15 14976 ----a-r f:\windows\system32\drivers\sembmdfl2.sys

2009-04-01 20:19 . 2008-02-06 19:14 12160 ----a-r f:\windows\system32\drivers\sembcmnt.sys

2009-04-01 20:19 . 2008-02-06 19:14 12160 ----a-r f:\windows\system32\drivers\sembcm.sys

2009-04-01 20:15 . 2008-02-15 22:04 17408 ----a-r f:\windows\system32\drivers\semcreserved.sys

2009-04-01 20:14 . 2008-02-06 19:16 12160 ----a-r f:\windows\system32\drivers\sembwhnt.sys

2009-04-01 20:14 . 2008-02-06 19:16 12160 ----a-r f:\windows\system32\drivers\sembwh.sys

2009-04-01 20:14 . 2008-02-06 19:14 260992 ----a-r f:\windows\system32\drivers\sembbus.sys

2009-04-01 20:14 . 2009-04-01 20:14 -------- dc----w f:\windows\system32\DRVSTORE

2009-03-31 16:15 . 2009-03-31 16:18 -------- d-----w f:\documents and settings\Administrador\Dados de aplicativos\GameRanger

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-23 02:44 . 2009-04-23 02:14 -------- d-----w f:\arquivos de programas\Tibia

2009-04-21 03:08 . 2001-10-28 12:07 67232 ----a-w f:\windows\system32\perfc016.dat

2009-04-21 03:08 . 2001-10-28 12:07 425072 ----a-w f:\windows\system32\perfh016.dat

2009-04-19 00:53 . 2009-04-10 14:27 -------- d-----w f:\documents and settings\Administrador\Dados de aplicativos\Winamp

2009-04-12 01:48 . 2008-10-19 19:07 -------- d-----w f:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools

2009-04-12 01:44 . 2008-10-19 17:43 717296 ----a-w f:\windows\system32\drivers\sptd.sys

2009-04-02 00:37 . 2009-04-01 20:13 -------- d-----w f:\arquivos de programas\Sony Ericsson

2009-03-17 23:28 . 2009-03-17 23:28 -------- d-----w f:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-03-17 23:28 . 2009-03-17 23:28 -------- d-----w f:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-03-17 20:06 . 2009-01-05 03:21 -------- d-----w f:\arquivos de programas\PokerStars

2009-02-09 14:17 . 2004-08-04 03:38 1846400 ----a-w f:\windows\system32\win32k.sys

2009-02-06 21:52 . 2009-02-06 21:52 49504 ----a-w f:\windows\system32\sirenacm.dll

2009-02-02 11:50 . 2008-10-19 17:40 14912 ----a-w f:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

1389-31889-66 00:51 . 2001-10-28 12:07 235008 ----a-w f:\windows\system32\netevent.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"msnmsgr"="f:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"DAEMON Tools Lite"="c:\daemon tools lite\daemon.exe" [2008-12-29 687560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2006-07-25 5898240]

"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2006-07-25 86016]

"SunJavaUpdateSched"="f:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Easy-PrintToolBox"="f:\arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]

"nwiz"="nwiz.exe" - f:\windows\system32\nwiz.exe [2006-07-25 1519616]

"SoundMan"="SOUNDMAN.EXE" - f:\windows\soundman.exe [2007-04-16 577536]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

f:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

ScreenHunter 5.0 Free.lnk - f:\arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe [2008-10-19 4878336]

 

f:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\office10\OSA.EXE [2001-2-13 83360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Ares\\Ares.exe"=

"f:\\WINDOWS\\system32\\sessmgr.exe"=

"f:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"f:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Age of Empires\\age2_x1.exe"=

"f:\\Documents and Settings\\Administrador\\Dados de aplicativos\\GameRanger\\GameRanger\\GameRanger.exe"=

"f:\\WINDOWS\\system32\\dplaysvr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1626:UDP"= 1626:UDP:Windows Media Format SDK (firefox.exe)

"1627:UDP"= 1627:UDP:Windows Media Format SDK (firefox.exe)

 

S3 sembbus;SEMC WMC Composite Device driver (WDM);f:\windows\system32\DRIVERS\sembbus.sys [2008-02-06 260992]

S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);f:\windows\system32\DRIVERS\sembcard.sys [2008-02-06 337408]

S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;f:\windows\system32\DRIVERS\sembmdfl2.sys [2008-02-06 14976]

S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;f:\windows\system32\DRIVERS\sembmdm2.sys [2008-02-06 380672]

S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);f:\windows\system32\DRIVERS\sembmgmt.sys [2008-02-06 343680]

S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);f:\windows\system32\DRIVERS\sembnd5.sys [2008-02-06 24960]

S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);f:\windows\system32\DRIVERS\sembunic.sys [2008-02-06 344064]

S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);f:\windows\system32\DRIVERS\sembwwan.sys [2008-02-06 337408]

S3 SEMCReserved;SEMC Reserved Interface;f:\windows\system32\DRIVERS\semcreserved.sys [2008-02-15 17408]

S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;f:\windows\system32\DRIVERS\sesc.sys [2007-08-14 12672]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\SETUP.EXE -autorun

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37de151e-bce8-11dd-83df-0040ca9a278a}]

\Shell\AutoRun\command - I:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37de1521-bce8-11dd-83df-0040ca9a278a}]

\Shell\AutoRun\command - I:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ec58d04-dddf-11dd-8449-0040ca9a278a}]

\Shell\AutoRun\command - I:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55c97b82-c16f-11dd-83e9-0040ca9a278a}]

\Shell\AutoRun\command - I:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f659506-b5dc-11dd-83cd-0040ca9a278a}]

\Shell\AutoRun\command - xih9.cmd

\Shell\explore\Command - xih9.cmd

\Shell\open\Command - xih9.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db56f8bc-f2c3-11dd-848d-0040ca9a278a}]

\Shell\AutoRun\command - I:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f9eb34-cd1d-11dd-840c-0040ca9a278a}]

\Shell\AutoRun\command - I:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f9eb37-cd1d-11dd-840c-0040ca9a278a}]

\Shell\AutoRun\command - J:\AutoRun.exe

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\office10\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - f:\arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - f:\arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - f:\arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

IE: Easy-WebPrint Print - f:\arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

FF - ProfilePath - f:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\kg0fxrq9.default\

FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - plugin: c:\firefox\plugins\npFoxitReaderPlugin.dll

 

---- FIREFOX POLICIES ----

c:\firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-23 10:52

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(1040)

f:\windows\system32\msi.dll

f:\windows\system32\WPDShServiceObj.dll

f:\windows\system32\PortableDeviceTypes.dll

f:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-04-23 10:55

ComboFix-quarantined-files.txt 2009-04-23 13:55

ComboFix2.txt 2009-04-07 20:12

 

Pré-execução: 12 pasta(s) 38.804.160.512 bytes disponíveis

Pós execução: 11 pasta(s) 38.801.715.200 bytes disponíveis

 

164 --- E O F --- 2009-04-05 14:53

 

LOG HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:58:13, on 23/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\system32\nvsvc32.exe

C:\Alcohol 120\StarWind\StarWindService.exe

F:\WINDOWS\system32\wscntfy.exe

F:\WINDOWS\system32\RUNDLL32.EXE

F:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

F:\Arquivos de programas\Sony Ericsson\Sony Ericsson Wireless Manager 5\WirelessManager.exe

F:\WINDOWS\explorer.exe

C:\Firefox\firefox.exe

F:\HiJackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Avg\avgssie.dll (file missing)

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - F:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - F:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "F:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ScreenHunter 5.0 Free.lnk = F:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://F:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - F:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 5053 bytes

[DidoLaco 0]

Porque não a mais respostas ao meu tópico??

[Mário Monteiro 179]

O analista que estava com o mesmo precisou se ausentar do forum

 

Algum outro analista pode seguir com a resolucao?

 

Por hora DidoLaco sugiro que coloque um log atualizado

[PedroN 1]

O analista que estava com o mesmo precisou se ausentar do forum

 

Algum outro analista pode seguir com a resolucao?

 

Por hora DidoLaco sugiro que coloque um log atualizado

 

Excelentíssimo Mário, pode deixar que eu continuo com esse tópico.

 

DidoLaco, como já descrito pelo Mario, poste um novo log atualizado do hijackthis e combofix.

[DidoLaco 0]

O analista que estava com o mesmo precisou se ausentar do forum

 

Algum outro analista pode seguir com a resolucao?

 

Por hora DidoLaco sugiro que coloque um log atualizado

 

Excelentíssimo Mário, pode deixar que eu continuo com esse tópico.

 

DidoLaco, como já descrito pelo Mario, poste um novo log atualizado do hijackthis e combofix.

 

 

Desculpe a demora na resposta.

 

O computador em questão é o da minha residência e lá estou sem internet para poder lhe enviar os logs atualizados.

Logo, postarei o necessário para que possamos terminar a solução para o meu problema.

 

Agradeço pela atenção!

[PedroN 1]

Ok, fico no aguardo de sua resposta! Um forte abraço.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.