[Resolvido!] Análise de Log Hijackthis - Extremamente Complicado

Ibus · Dezembro 21, 2009

Bom dia,

Peguei aquele vírus que não para de enviar emails de Viagra etc.... e tenho o Avast....

Vi em alguns topicos que é necessario utilizar o hijackthis para fazer o log... o fiz... e achei um arquivo que era virus... exclui... e nada....... baixei um antimalware e ele achou 12 virus.... e nada de tirar este que envia email...

tbm pude notar... que o avast me informa de vez em quando que tem um arquivo que pode ser malware... c:\\windows\system32\drivers\eqdtoxn.sys...mas n o consigo deletar em modo normal.... é virus?

segue abaixo log para analise...

por favor.. peço ajuda ...

caso n seja mto chato... alguem pode me explicar passo a passo como fazer os processos para resolver o problema?

muito obrigado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:25:29, on 20/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\3M\PSNLite\PsnLite.exe

C:\ARQUIV~1\3M\PSNLite\PSNGive.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Anti Virus Log HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Arquivos de programas\free-downloads\tbfree.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Arquivos de programas\free-downloads\tbfree.dll

O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Arquivos de programas\free-downloads\tbfree.dll

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [EPSON Stylus CX4700 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /F "C:\WINDOWS\TEMP\E_S79D.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [EPSON Stylus CX4700 Series (cópia 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADL.EXE /P36 "EPSON Stylus CX4700 Series (cópia 2)" /O6 "USB002" /M "Stylus CX4700"

O4 - HKLM\..\Run: [EPSON Stylus CX4700 Series (cópia 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADL.EXE /P36 "EPSON Stylus CX4700 Series (cópia 3)" /O5 "LPT1:" /M "Stylus CX4700"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_S852.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [EPSON Stylus CX4700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /F "C:\WINDOWS\TEMP\E_S794.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.13\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .mid: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin2.dll

O12 - Plugin for .mov: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/applets/popcap/chuzzle/popcaploader.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--

End of file - 11154 bytes

wings · Dezembro 21, 2009

Bom dia Ibus

*Baixe o DDS e salve-o no desktop

*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Duplo clique em dds e aguarde

*Ao término surgirá um relatório (DDS.txt). Salve-o no desktop.

*Uma nova janela surgirá ("D.D.S - Optional_Scan"), clique em [NÃO]

*Ao término clique [OK]

*Cole o relatório DDS.txt

Ibus · Dezembro 21, 2009

Bom dia Ibus

*Baixe o DDS'>http://download.bleepingcomputer.com/sUBs/dds.scr"]DDS e salve-o no desktop

*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Duplo clique em dds e aguarde

*Ao término surgirá um relatório (DDS.txt). Salve-o no desktop.

*Uma nova janela surgirá ("D.D.S - Optional_Scan"), clique em [NÃO]

*Ao término clique [OK]

*Cole o relatório DDS.txt

cara... segue abaixo relatorio... esta mto estranho meu pc... ele n quis entrar no forum... tive que instalar o mozilla para conseguir...

DDS (Ver_09-12-01.01) - NTFSx86

Run by Douglas at 21:13:19,31 on seg 21/12/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1424 [GMT -2:00]

AV: avast! antivirus 4.8.1335 [VPS 091221-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\3M\PSNLite\PsnLite.exe

C:\ARQUIV~1\3M\PSNLite\PSNGive.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Douglas\desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com.br/

uURLSearchHooks: free-downloads Toolbar: {d3e23b4b-f153-4687-82c2-816319dd3c5a} - c:\arquivos de programas\free-downloads\tbfree.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\arquivos de programas\scpad\scpsssh2.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\arquivos de programas\java\jre1.6.0_03\bin\ssv.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: free-downloads Toolbar: {d3e23b4b-f153-4687-82c2-816319dd3c5a} - c:\arquivos de programas\free-downloads\tbfree.dll

BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\arquivos de programas\zonealarmsb\bar\1.bin\SPYBLOCK.DLL

TB: free-downloads Toolbar: {d3e23b4b-f153-4687-82c2-816319dd3c5a} - c:\arquivos de programas\free-downloads\tbfree.dll

TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\arquivos de programas\zonealarmsb\bar\1.bin\SPYBLOCK.DLL

TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File

TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [siSUSBRG] c:\windows\SiSUSBrg.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe

mRun: [<NO NAME>]

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre1.6.0_03\bin\jusched.exe"

mRun: [EPSON Stylus CX4700 Series (cópia 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiadp.exe /f "c:\windows\temp\E_S79D.tmp" /EF "HKLM"

mRun: [EPSON Stylus CX4700 Series (cópia 2)] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADL.EXE /P36 "EPSON Stylus CX4700 Series (cópia 2)" /O6 "USB002" /M "Stylus CX4700"

mRun: [EPSON Stylus CX4700 Series (cópia 3)] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADL.EXE /P36 "EPSON Stylus CX4700 Series (cópia 3)" /O5 "LPT1:" /M "Stylus CX4700"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [EPSON Stylus DX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiade.exe /f "c:\windows\temp\E_S852.tmp" /EF "HKLM"

mRun: [EPSON Stylus CX4700 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiadp.exe /f "c:\windows\temp\E_S794.tmp" /EF "HKLM"

mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~1.lnk - c:\arquivos de programas\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\hpdigi~1.lnk - c:\arquivos de programas\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\post-i~1.lnk - c:\arquivos de programas\3m\psnlite\PsnLite.exe

IE: Add to AMV Converter... - c:\arquivos de programas\mp3 player utilities 4.13\amvconverter\grab.html

IE: Baixar link usando &BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddLink.htm

IE: Baixar todos os links usando BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddAllLink.htm

IE: Baixar todos os vídeos usando BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddVideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - c:\arquivos de programas\mp3 player utilities 4.13\mediamanager\grab.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_03\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.atrativa.com.br/games/applets/popcap/chuzzle/popcaploader.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll

STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\arquivos de programas\scpad\scpLIB.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-4 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-4 20560]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast4\ashServ.exe [2005-7-21 138680]

R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2009-10-13 26752]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast4\ashMaiSv.exe [2005-7-21 254040]

S3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast4\ashWebSv.exe [2005-7-21 352920]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2009-12-20 19:39:04 0 d-----w- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2009-12-20 19:39:03 0 d-----w- c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-12-20 19:39:02 0 d-----w- c:\arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-12-20 19:39:02 0 d-----w- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2009-12-20 16:47:43 0 d-----w- c:\docume~1\douglas\dadosd~1\Malwarebytes

2009-12-20 16:47:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-20 16:47:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-20 16:47:32 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-12-20 16:47:02 0 d-----w- C:\Anti Malware

2009-12-20 16:11:35 0 d-----w- C:\Anti Virus Log HiJackThis

2009-12-19 14:54:15 0 d-----w- c:\arquivos de programas\ESET

2009-12-19 02:23:14 0 d-sh--w- c:\documents and settings\douglas\IECompatCache

2009-12-18 23:27:21 734208 ----a-w- c:\windows\system32\drivers\eqdtoxn.sys

2009-12-05 22:43:54 0 d-sh--w- c:\documents and settings\douglas\PrivacIE

2009-12-05 22:41:29 0 d-sh--w- c:\documents and settings\douglas\IETldCache

2009-12-05 20:18:31 0 d-----w- c:\windows\ie8updates

2009-12-05 20:14:58 0 dc-h--w- c:\windows\ie8

2009-12-05 20:10:49 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-12-05 20:10:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-12-05 20:10:36 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-12-05 20:10:35 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-12-05 20:10:35 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-12-05 20:10:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-12-05 20:10:33 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-11-28 18:04:08 0 d-----w- c:\arquivos de programas\Microsoft

2009-11-24 01:02:15 0 d--h--w- c:\arquivos de programas\Scpad

==================== Find3M ====================

2009-12-19 19:28:22 150618 ----a-w- c:\windows\hpoins15.dat

2009-12-09 19:26:15 80198 ----a-w- c:\windows\system32\perfc016.dat

2009-12-09 19:26:15 471376 ----a-w- c:\windows\system32\perfh016.dat

2009-11-15 23:43:40 219648 ----a-w- c:\windows\system32\uxtheme.dll

2009-10-29 07:42:04 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:39:39 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39:39 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-13 10:34:00 271360 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:39:20 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:39:19 79872 ----a-w- c:\windows\system32\raschap.dll

============= FINISH: 21:13:57,65 ===============

wings · Dezembro 22, 2009

Boa noite Ibus

*Baixe o SystemLook e salve-o no desktop

*Selecione e copie (Ctrl+c) o código abaixo:

:file
c:\windows\system32\drivers\eqdtoxn.sys

*Duplo clique em SystemLook.exe

*Cole (Ctrl+v) o código no espaço em branco

*Clique em [Look]

*Cole o relatório apresentado em SystemLook.txt localizado no desktop

Ibus · Dezembro 22, 2009

Boa noite Ibus

*Baixe o SystemLook'>http://jpshortstuff.247fixes.com/SystemLook.exe"]SystemLook e salve-o no desktop

*Selecione e copie (Ctrl+c) o código abaixo:

:file
c:\windows\system32\drivers\eqdtoxn.sys

*Duplo clique em SystemLook.exe

*Cole (Ctrl+v) o código no espaço em branco

*Clique em [Look]

*Cole o relatório apresentado em SystemLook.txt localizado no desktop

Boa noite Wings

Segue abaixo o relatório gerado... creio que nao tenha dado certo...

Entrei no arquivo... e pude verificar que a data de criação do eqdtoxn bate com a data que peguei o virus dia 18/12/09 e ele sempre é atualizado de minuto em minuto...

.....

SystemLook v1.0 by jpshortstuff (29.08.09)

Log created at 00:27 on 22/12/2009 by Douglas (Administrator - Elevation successful)

No Context: c:\windows\system32\drivers\eqdtoxn.sys

-=End Of File=-

wings · Dezembro 24, 2009

*Desative temporariamente seu antivírus

*Baixe o ComboFix e salve-o no desktop

*Duplo clique no arquivo Combofix.exe

*Aceite o contrato

*Se o console de recuperação do Windows já estiver instalado, o ComboFix irá continuar o processo automaticamente. Caso não esteja uma janela, conforme abaixo, será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

*Após a instalação, clique em [sIM] para continuar.

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

*O programa será fechado automaticamente

*Cole o relatório criado em C:\combofix.txt

Ibus · Dezembro 24, 2009

*Desative temporariamente seu antivírus

*Baixe o ComboFix'>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]ComboFix e salve-o no desktop

*Duplo clique no arquivo Combofix.exe

*Aceite o contrato

*Se o console de recuperação do Windows já estiver instalado, o ComboFix irá continuar o processo automaticamente. Caso não esteja uma janela, conforme abaixo, será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

*Após a instalação, clique em [sIM] para continuar.

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

Bom dia Wings...

Segue relatário:

ComboFix 09-12-23.02 - Douglas 24/12/2009 6:29.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1612 [GMT -2:00]

Executando de: c:\documents and settings\Douglas\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 091223-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Douglas\Dados de aplicativos\inst.exe

c:\recycler\NPROTECT

C:\Thumbs.db

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\AutoRun.inf

c:\windows\system32\driVERs\eqdtoxn.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_eqdtoxn

-------\Service_eqdtoxn

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-24 to 2009-12-24 ))))))))))))))))))))))))))))

.

2009-12-21 23:21 . 2009-12-21 23:22 -------- d-----w- c:\arquivos de programas\Mozilla

2009-12-20 19:39 . 2009-12-20 19:39 -------- d-----w- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2009-12-20 19:39 . 2009-12-20 19:39 -------- d-----w- c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-12-20 19:39 . 2009-12-20 19:39 -------- d-----w- c:\arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-12-20 19:39 . 2009-12-20 19:39 -------- d-----w- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2009-12-20 16:47 . 2009-12-20 16:47 -------- d-----w- c:\documents and settings\Douglas\Dados de aplicativos\Malwarebytes

2009-12-20 16:47 . 2009-12-03 18:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-20 16:47 . 2009-12-20 16:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-12-20 16:47 . 2009-12-03 18:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-20 16:47 . 2009-12-20 16:47 -------- d-----w- C:\Anti Malware

2009-12-20 16:11 . 2009-12-20 20:25 -------- d-----w- C:\Anti Virus Log HiJackThis

2009-12-19 14:54 . 2009-12-19 14:54 -------- d-----w- c:\arquivos de programas\ESET

2009-12-19 02:23 . 2009-12-19 02:23 -------- d-sh--w- c:\documents and settings\Douglas\IECompatCache

2009-12-09 02:57 . 2009-12-09 02:57 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2009-12-05 22:43 . 2009-12-05 22:43 -------- d-sh--w- c:\documents and settings\Douglas\PrivacIE

2009-12-05 22:41 . 2009-12-05 22:41 -------- d-sh--w- c:\documents and settings\Douglas\IETldCache

2009-12-05 20:18 . 2009-12-09 03:00 -------- d-----w- c:\windows\ie8updates

2009-12-05 20:14 . 2009-12-20 17:41 -------- dc-h--w- c:\windows\ie8

2009-12-05 20:10 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-12-05 20:10 . 2009-10-29 07:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-12-05 20:10 . 2009-10-29 07:42 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-12-05 20:10 . 2009-10-29 07:42 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-12-05 20:10 . 2009-10-29 07:42 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-12-05 20:10 . 2009-10-29 07:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-12-05 20:10 . 2009-10-29 07:42 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-11-28 18:04 . 2009-11-28 18:04 -------- d-----w- c:\arquivos de programas\Microsoft

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-20 19:34 . 2006-03-01 18:26 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-12-19 19:28 . 2009-09-25 21:50 150618 ----a-w- c:\windows\hpoins15.dat

2009-12-18 23:26 . 2009-12-18 23:26 16 ----a-w- c:\windows\system32\config\systemprofile\Dados de aplicativos\fvgqad.dat

2009-12-09 19:26 . 1980-01-01 00:00 80198 ----a-w- c:\windows\system32\perfc016.dat

2009-12-09 19:26 . 1980-01-01 00:00 471376 ----a-w- c:\windows\system32\perfh016.dat

2009-12-09 02:59 . 2009-06-09 02:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-12-08 00:11 . 2008-09-05 23:18 -------- d-----w- c:\documents and settings\Douglas\Dados de aplicativos\Vso

2009-12-03 02:55 . 2006-06-21 13:19 -------- d-----w- c:\arquivos de programas\Corel

2009-11-24 01:08 . 2009-11-24 01:02 -------- d--h--w- c:\arquivos de programas\Scpad

2009-11-20 20:59 . 2009-11-20 20:59 -------- d-----w- c:\documents and settings\Douglas\Dados de aplicativos\3M

2009-11-20 20:58 . 2009-11-20 20:58 -------- d-----w- c:\arquivos de programas\3M

2009-11-15 23:43 . 1980-01-01 00:00 219648 ----a-w- c:\windows\system32\uxtheme.dll

2009-11-08 04:00 . 2008-09-06 00:19 -------- d-----w- c:\arquivos de programas\DreaMule

2009-11-07 23:06 . 2006-08-27 22:13 -------- d-----w- c:\documents and settings\Douglas\Dados de aplicativos\Autodesk

2009-11-07 23:06 . 2006-08-27 22:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk

2009-11-03 03:15 . 2003-01-01 03:39 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-10-29 07:42 . 1980-01-01 00:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:39 . 1980-01-01 00:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 1980-01-01 00:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:34 . 1980-01-01 00:00 271360 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:39 . 1980-01-01 00:00 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:39 . 1980-01-01 00:00 79872 ----a-w- c:\windows\system32\raschap.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{d3e23b4b-f153-4687-82c2-816319dd3c5a}"= "c:\arquivos de programas\free-downloads\tbfree.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

2007-07-31 19:33 1391640 ----a-w- c:\arquivos de programas\free-downloads\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{d3e23b4b-f153-4687-82c2-816319dd3c5a}"= "c:\arquivos de programas\free-downloads\tbfree.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D3E23B4B-F153-4687-82C2-816319DD3C5A}"= "c:\arquivos de programas\free-downloads\tbfree.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]

"SoundMan"="SOUNDMAN.EXE" [2004-02-09 65024]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]

"nwiz"="nwiz.exe" [2007-06-29 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-12 110592]

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

Post-it© Software Notes Lite.lnk - c:\arquivos de programas\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Registration Brothers In Arms.LNK]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Registration Brothers In Arms.LNK

backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^KODAK Software Updater.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\KODAK Software Updater.lnk

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk

backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21 1695232 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 12:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

"c:\\Arquivos de programas\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=

"c:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

"c:\\Arquivos de programas\\Sports Interactive\\Football Manager 2009\\fm.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2228:UDP"= 2228:UDP:Windows Media Format SDK (iexplore.exe)

"2232:UDP"= 2232:UDP:Windows Media Format SDK (iexplore.exe)

"2233:UDP"= 2233:UDP:Windows Media Format SDK (iexplore.exe)

"19155:TCP"= 19155:TCP:BitComet 19155 TCP

"19155:UDP"= 19155:UDP:BitComet 19155 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/10/2007 18:48 685816]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/8/2008 10:27 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/8/2008 10:27 20560]

R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [13/10/2009 14:39 26752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.msn.com.br/

IE: Add to AMV Converter... - c:\arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html

IE: Baixar link usando &BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm

IE: Baixar todos os links usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

IE: Baixar todos os vídeos usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.13\MediaManager\grab.html

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-EPSON Stylus CX4700 Series (cópia 2) - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADL.EXE

HKLM-Run-EPSON Stylus CX4700 Series (cópia 3) - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADL.EXE

MSConfigStartUp-Atualizador - Puxa Rápido - c:\arquivos de programas\Puxa Rápido\Atualiza.exe

MSConfigStartUp-Babylon Client - c:\arquivos de programas\Babylon\Babylon.exe

AddRemove-ActualSpy_is1 - c:\arquivos de programas\ASMonitor\unins000.exe

AddRemove-HijackThis - c:\docume~1\Douglas\CONFIG~1\Temp\Rar$EX00.047\HijackThis.exe

AddRemove-IRPF2009 - Declaração de Ajuste Anual e Final de Espólio - c:\arquiv~2\IRPF2009\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-24 06:40

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: error reading MBR

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8AB0B8AC]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf764bf28

\Driver\ACPI -> ACPI.sys @ 0xf74accb8

\Driver\atapi -> atapi.sys @ 0xf7832b40

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: ENCORE 10/100Mbps Fast Ethernet PCI Adapter -> SendCompleteHandler -> NDIS.sys @ 0xba75cbd4

PacketIndicateHandler -> NDIS.sys @ 0xba768a21

SendHandler -> NDIS.sys @ 0xba75cd44

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3132)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\arquivos de programas\ArcSoft\PhotoImpression 5\share\pihook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\drivers\CDAC11BA.EXE

c:\windows\system32\drivers\KodakCCS.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\ScsiAccess.EXE

c:\windows\SOUNDMAN.EXE

c:\windows\system32\RUNDLL32.EXE

c:\arquiv~1\3M\PSNLite\PSNGive.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

c:\arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-12-24 06:50:27 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-12-24 08:50

Pré-execução: 7.642.078.720 bytes disponíveis

Pós execução: 8.622.773.248 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\="Microsoft Windows"

Current=6 Default=6 Failed=5 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8

- - End Of File - - B4E457BF6AC809A76D41B37F2BA03F1C

*O programa será fechado automaticamente

*Cole o relatório criado em C:\combofix.txt

wings · Dezembro 24, 2009

Bom dia...

1. Delete o DDS e seus relatórios

2. Delete o SystemLook e seu relatório

3.

*Abra o bloco de notas, copie e cole nele todo o código abaixo:

File::
c:\windows\system32\config\systemprofile\Dados de aplicativos\fvgqad.dat

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o combofix conforme a ilustração abaixo:

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!

*O programa será fechado automaticamente

*Cole o relatório criado em C:\combofix.txt

4. Troque a senha do MSN

Ibus · Dezembro 24, 2009

Bom dia...

1. Delete o DDS e seus relatórios

2. Delete o SystemLook e seu relatório

3.

*Abra o bloco de notas, copie e cole nele todo o código abaixo:

File::
c:\windows\system32\config\systemprofile\Dados de aplicativos\fvgqad.dat

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o combofix conforme a ilustração abaixo:

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!

*O programa será fechado automaticamente

*Cole o relatório criado em C:\combofix.txt

4. Troque a senha do MSN

Ok.

Segue abaixo relatório gerado...

ComboFix 09-12-23.06 - Douglas 24/12/2009 13:45:45.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1590 [GMT -2:00]

Executando de: c:\documents and settings\Douglas\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Douglas\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1335 [VPS 091224-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-24 to 2009-12-24 ))))))))))))))))))))))))))))

.

2009-12-21 23:21 . 2009-12-21 23:22 -------- d-----w- c:\arquivos de programas\Mozilla

2009-12-20 19:39 . 2009-12-20 19:39 -------- d-----w- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2009-12-20 19:39 . 2009-12-20 19:39 -------- d-----w- c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-12-20 19:39 . 2009-12-20 19:39 -------- d-----w- c:\arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-12-20 19:39 . 2009-12-20 19:39 -------- d-----w- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2009-12-20 16:47 . 2009-12-20 16:47 -------- d-----w- c:\documents and settings\Douglas\Dados de aplicativos\Malwarebytes

2009-12-20 16:47 . 2009-12-03 18:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-20 16:47 . 2009-12-20 16:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-12-20 16:47 . 2009-12-03 18:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-20 16:47 . 2009-12-20 16:47 -------- d-----w- C:\Anti Malware

2009-12-20 16:11 . 2009-12-20 20:25 -------- d-----w- C:\Anti Virus Log HiJackThis

2009-12-19 14:54 . 2009-12-19 14:54 -------- d-----w- c:\arquivos de programas\ESET

2009-12-19 02:23 . 2009-12-19 02:23 -------- d-sh--w- c:\documents and settings\Douglas\IECompatCache

2009-12-09 02:57 . 2009-12-09 02:57 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2009-12-05 22:43 . 2009-12-05 22:43 -------- d-sh--w- c:\documents and settings\Douglas\PrivacIE

2009-12-05 22:41 . 2009-12-05 22:41 -------- d-sh--w- c:\documents and settings\Douglas\IETldCache

2009-12-05 20:18 . 2009-12-09 03:00 -------- d-----w- c:\windows\ie8updates

2009-12-05 20:14 . 2009-12-20 17:41 -------- dc-h--w- c:\windows\ie8

2009-12-05 20:10 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-12-05 20:10 . 2009-10-29 07:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-12-05 20:10 . 2009-10-29 07:42 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-12-05 20:10 . 2009-10-29 07:42 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-12-05 20:10 . 2009-10-29 07:42 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-12-05 20:10 . 2009-10-29 07:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-12-05 20:10 . 2009-10-29 07:42 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-11-28 18:04 . 2009-11-28 18:04 -------- d-----w- c:\arquivos de programas\Microsoft

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-20 19:34 . 2006-03-01 18:26 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-12-19 19:28 . 2009-09-25 21:50 150618 ----a-w- c:\windows\hpoins15.dat

2009-12-18 23:26 . 2009-12-18 23:26 16 ----a-w- c:\windows\system32\config\systemprofile\Dados de aplicativos\fvgqad.dat

2009-12-09 19:26 . 1980-01-01 00:00 80198 ----a-w- c:\windows\system32\perfc016.dat

2009-12-09 19:26 . 1980-01-01 00:00 471376 ----a-w- c:\windows\system32\perfh016.dat

2009-12-09 02:59 . 2009-06-09 02:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-12-08 00:11 . 2008-09-05 23:18 -------- d-----w- c:\documents and settings\Douglas\Dados de aplicativos\Vso

2009-12-03 02:55 . 2006-06-21 13:19 -------- d-----w- c:\arquivos de programas\Corel

2009-11-24 01:08 . 2009-11-24 01:02 -------- d--h--w- c:\arquivos de programas\Scpad

2009-11-20 20:59 . 2009-11-20 20:59 -------- d-----w- c:\documents and settings\Douglas\Dados de aplicativos\3M

2009-11-20 20:58 . 2009-11-20 20:58 -------- d-----w- c:\arquivos de programas\3M

2009-11-15 23:43 . 1980-01-01 00:00 219648 ----a-w- c:\windows\system32\uxtheme.dll

2009-11-08 04:00 . 2008-09-06 00:19 -------- d-----w- c:\arquivos de programas\DreaMule

2009-11-07 23:06 . 2006-08-27 22:13 -------- d-----w- c:\documents and settings\Douglas\Dados de aplicativos\Autodesk

2009-11-07 23:06 . 2006-08-27 22:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk

2009-11-03 03:15 . 2003-01-01 03:39 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-10-29 07:42 . 1980-01-01 00:00 916480 ------w- c:\windows\system32\wininet.dll

2009-10-21 05:39 . 1980-01-01 00:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 1980-01-01 00:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:34 . 1980-01-01 00:00 271360 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:39 . 1980-01-01 00:00 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:39 . 1980-01-01 00:00 79872 ----a-w- c:\windows\system32\raschap.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{d3e23b4b-f153-4687-82c2-816319dd3c5a}"= "c:\arquivos de programas\free-downloads\tbfree.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

2007-07-31 19:33 1391640 ----a-w- c:\arquivos de programas\free-downloads\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{d3e23b4b-f153-4687-82c2-816319dd3c5a}"= "c:\arquivos de programas\free-downloads\tbfree.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D3E23B4B-F153-4687-82C2-816319DD3C5A}"= "c:\arquivos de programas\free-downloads\tbfree.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]

"SoundMan"="SOUNDMAN.EXE" [2004-02-09 65024]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]

"nwiz"="nwiz.exe" [2007-06-29 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-12 110592]

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Registration Brothers In Arms.LNK]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Registration Brothers In Arms.LNK

backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^KODAK Software Updater.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\KODAK Software Updater.lnk

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk

backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21 1695232 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 12:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

"c:\\Arquivos de programas\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=

"c:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

"c:\\Arquivos de programas\\Sports Interactive\\Football Manager 2009\\fm.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2228:UDP"= 2228:UDP:Windows Media Format SDK (iexplore.exe)

"2232:UDP"= 2232:UDP:Windows Media Format SDK (iexplore.exe)

"2233:UDP"= 2233:UDP:Windows Media Format SDK (iexplore.exe)

"19155:TCP"= 19155:TCP:BitComet 19155 TCP

"19155:UDP"= 19155:UDP:BitComet 19155 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/8/2008 10:27 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/8/2008 10:27 20560]

R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [13/10/2009 14:39 26752]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/10/2007 18:48 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.msn.com.br/

IE: Add to AMV Converter... - c:\arquivos de programas\MP3 Player Utilities 4.13\AMVConverter\grab.html

IE: Baixar link usando &BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm

IE: Baixar todos os links usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

IE: Baixar todos os vídeos usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.13\MediaManager\grab.html

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-24 13:55

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(2296)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-12-24 13:59:13

ComboFix-quarantined-files.txt 2009-12-24 15:58

ComboFix2.txt 2009-12-24 08:50

Pré-execução: 8.613.242.368 bytes disponíveis

Pós execução: 8.574.564.864 bytes disponíveis

Current=6 Default=6 Failed=5 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8

- - End Of File - - D55953DAA5AE536800290F98589A6628

wings · Dezembro 26, 2009

Ok...o log está limpo.

1.

*Clique em Iniciar > Executar > digite: combofix /uninstall

*Clique OK

*Delete o arquivo C:\combofix.txt

Como está seu problema?...foi corrigido?

Ibus · Dezembro 27, 2009

Ok...o log está limpo.

1.

*Clique em Iniciar > Executar > digite: combofix /uninstall

*Clique OK

*Delete o arquivo C:\combofix.txt

Como está seu problema?...foi corrigido?

Boa tarde Wings....

Resolvido!!!

Muito obrigado!!!

Grde Abraço!

wings · Dezembro 27, 2009

PROBLEMA RESOLVIDO!

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Arquivado

[Resolvido!] Análise de Log Hijackthis - Extremamente Complicado

Recommended Posts

Ibus 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Ibus 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Ibus 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Ibus 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Ibus 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Ibus 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Fixar div até atingir uma certa altura

Ajuda com Extends e envio para o banco

PHP+Codeginiter - Orientação para Impressão

Fóruns

Tempo Real

Informação importante