Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Ismael_keko

beagle AAW

Recommended Posts

olá

eu fiz um download de um ficheiro do dreamule e quando o abri veio com isto atrás

Win32Rootkit-gen

Win32:Beagle-AAW [Trj]

o antivirus detecta mas não elimina

o pc começou a ficar mais lento que o costume e sempre inicio o pc vem a msg do antivirus

o antivrus que utilizo e o avast tenho tido atualizado

Rodei a ferramenta FXBeagle da symantec e ela não conseguiu localiza-lo.

Aí vai o log:

Logfile of HijackThis v1.99.1

Scan saved at 18:39:52, on 6/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\system32\SnAgOS.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\WINDOWS\system32\SnMgrSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SnLiveUp.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE

C:\WINDOWS\explorer.exe

C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_S9F.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe

O4 - Startup: Reboot.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

Aguardo retorno.

obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça download do Beagled

Salve no seu desktop.

Feche todos os programas (incluindo antivírus, antispyware, firewall) e execute a ferramenta.

Quando terminar aparecerá um log, copie e cole em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Olá amigo.

    Executei a ferramenta como solicitado. Porém não foi gerado um log.

    Estou enviando um novo log gerado por hijackthis:

    Logfile of HijackThis v1.99.1

    Scan saved at 23:51:03, on 7/7/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16674)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

    C:\WINDOWS\system32\SnAgOS.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

    C:\WINDOWS\system32\SnMgrSvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\Explorer.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\VTTimer.exe

    C:\WINDOWS\system32\VTtrayp.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

    C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\SnEngine.EXE

    C:\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

    O4 - HKLM\..\Run: [combofix] cmd /c "C:\DOCUME~1\Ismael\CONFIG~1\Temp\RarSFX0\8agle.cmd"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_S9F.tmp" /EF "HKCU"

    O4 - Startup: Reboot.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

    O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

    Gostaria que você examinasse se possível este outro log que é do nootebook ligado em rede com o pc infectado. Talves ele tb tenha sido infectado e por via das duvidas executei a ferramenta nele tb.

    Logfile of HijackThis v1.99.1

    Scan saved at 23:48:40, on 7/7/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16674)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\SYSTEM32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe

    C:\WINDOWS\system32\SnAgOS.exe

    C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

    C:\WINDOWS\system32\SnMgrSvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\SnLiveUp.exe

    C:\WINDOWS\Explorer.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

    C:\WINDOWS\system32\RunDll32.exe

    C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

    C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    C:\WINDOWS\system32\LVCOMSX.EXE

    C:\WINDOWS\system32\ElkCtrl.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\DOCUME~1\minino\CONFIG~1\Temp\RtkBtMnt.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\WINDOWS\system32\SnEngine.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search-Google-Gateway.php?sa=Search+Here&client=pub-4642981363251965&forid=1&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A11&q=%s

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.unisc.br:3128

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [iNPROCOMMWireless] C:\Arquivos de programas\Atheros\Wireless\Utility\WlanUtil.exe

    O4 - HKLM\..\Run: [CmUsbAudio] RunDll32 cmcnfg2.cpl,CMICtrlWnd

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

    O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

    O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\DOCUME~1\minino\CONFIG~1\Temp\E_S48.tmp" /EF "HKCU"

    O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

    O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://yahoo.atrativa.com.br/games/applets/popcap/chainz2/mjolauncher.cab

    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\arquivos de programas\arquivos comuns\logitech\lvmvfm\LVPrcSrv.exe

    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

    O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

    Obrigado pela atenção.

    No aguardo, Ismael.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Amigo, um log por vez, isso deixa o analista confuso. Vamos falar do seu primeiro log.

    Faça o download do ComboFix

    É importante que o salve no seu desktop (ambiente de trabalho)

    • Feche todas as janelas e programas.
    • Dê um duplo-clique no combofix.exe, marque 1 e dê o enter.
    • É um pouco demorado, por favor seja paciente.
    • Quando a ferramenta terminar de rodar, gerará um log. Poste o arquivo C:\ComboFix.txt.
    • Faça também um novo log do HijackThis para colocar na sua resposta.

    Atenção: Não clique com o mouse enquanto a ferramenta estiver rodando, isso pode fazer com que o PC pare.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Opa, como solicitado:

    ComboFix 08-07-08.9 - Ismael 2008-07-09 13:09:54.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.48 [GMT -3:00]

    Executando de: C:\Documents and Settings\Ismael\Desktop\ComboFix.exe

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\system32\drivers\downld

    C:\WINDOWS\system32\drivers\downld\202375.exe

    C:\WINDOWS\system32\drivers\downld\210078.exe

    C:\WINDOWS\system32\drivers\downld\226140.exe

    C:\WINDOWS\system32\drivers\downld\255812.exe

    C:\WINDOWS\system32\drivers\downld\2915734.exe

    C:\WINDOWS\system32\drivers\downld\2928781.exe

    C:\WINDOWS\system32\drivers\downld\3108156.exe

    C:\WINDOWS\system32\drivers\downld\3225093.exe

    C:\WINDOWS\system32\drivers\downld\3279187.exe

    C:\WINDOWS\system32\drivers\downld\3830812.exe

    C:\WINDOWS\system32\drivers\downld\482343.exe

    C:\WINDOWS\system32\drivers\downld\556593.exe

    C:\WINDOWS\system32\drivers\downld\573875.exe

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_SROSA

    ((((((((((((((((((((((( Ficheiros criados de 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))

    .

    2008-07-09 13:05 . 2008-07-09 13:05 1,003 --a------ C:\BIOSLOCK.INI

    2008-07-09 07:32 . 2008-07-09 07:32 186,240 --a------ C:\WINDOWS\system32\SnAgOS.TMP

    2008-07-07 19:21 . 2008-07-07 19:21 <DIR> d-------- C:\Documents and Settings\Ismael\Dados de aplicativos\Malwarebytes

    2008-07-07 19:20 . 2008-07-07 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

    2008-07-07 19:20 . 2008-07-07 19:21 <DIR> d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware

    2008-07-07 19:20 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

    2008-07-07 19:20 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

    2008-07-06 18:31 . 2008-07-07 23:51 <DIR> d-------- C:\Hijackthis

    2008-06-25 08:37 . 2008-06-25 08:37 <DIR> d-------- C:\Arquivos de programas\Illustrate

    2008-06-25 08:37 . 2008-06-25 08:37 164,352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe

    2008-06-25 08:37 . 2008-06-25 08:37 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp

    2008-06-25 08:37 . 2008-06-25 08:37 20,906 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat

    2008-06-23 00:47 . 2008-06-23 00:47 244 --ah----- C:\sqmnoopt09.sqm

    2008-06-23 00:47 . 2008-06-23 00:47 244 --ah----- C:\sqmnoopt08.sqm

    2008-06-23 00:47 . 2008-06-23 00:47 232 --ah----- C:\sqmdata09.sqm

    2008-06-23 00:47 . 2008-06-23 00:47 232 --ah----- C:\sqmdata08.sqm

    2008-06-23 00:45 . 2008-06-23 00:45 244 --ah----- C:\sqmnoopt07.sqm

    2008-06-23 00:45 . 2008-06-23 00:45 232 --ah----- C:\sqmdata07.sqm

    2008-06-23 00:33 . 2008-06-23 00:33 244 --ah----- C:\sqmnoopt06.sqm

    2008-06-23 00:33 . 2008-06-23 00:33 232 --ah----- C:\sqmdata06.sqm

    2008-06-23 00:28 . 2008-06-23 00:28 244 --ah----- C:\sqmnoopt05.sqm

    2008-06-23 00:28 . 2008-06-23 00:28 232 --ah----- C:\sqmdata05.sqm

    2008-06-18 17:35 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

    2008-06-18 17:35 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

    .

    ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-07-09 16:23 --------- d-----w C:\Arquivos de programas\lg_fwupdate

    2008-07-09 11:01 --------- d-----w C:\Documents and Settings\Ismael\Dados de aplicativos\AdobeUM

    2008-07-04 22:11 --------- d-----w C:\Arquivos de programas\DreMule

    2008-06-25 12:04 --------- d-----w C:\Documents and Settings\Ismael\Dados de aplicativos\CmapTools

    2008-05-19 22:38 --------- d-----w C:\Arquivos de programas\epson

    2008-05-19 22:37 --------- d-----w C:\Arquivos de programas\ABBYY FineReader 6.0 Sprint

    2008-05-19 22:35 --------- d-----w C:\Documents and Settings\Ismael\Dados de aplicativos\ArcSoft

    2008-05-19 22:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ArcSoft

    2008-05-19 22:34 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

    2008-05-19 22:34 --------- d-----w C:\Arquivos de programas\ArcSoft

    2008-05-19 22:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\EPSON

    2008-05-19 22:28 --------- d-----w C:\Documents and Settings\Ismael\Dados de aplicativos\InstallShield

    2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

    2008-04-28 03:07 103,548 ----a-w C:\WINDOWS\MozillaUninstall.exe

    2008-04-28 03:06 103,548 ----a-w C:\WINDOWS\GREUninstall.exe

    2008-04-23 07:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

    2008-04-21 15:48 691,545 ----a-w C:\WINDOWS\unins000.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

    "SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 22:53 692224]

    "EPSON Stylus CX5600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE" [2007-03-01 03:01 180736]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "LGODDFU"="C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" [2005-04-12 10:11 229376]

    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

    "InCD"="C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2004-09-07 11:25 1400944]

    "VTTimer"="VTTimer.exe" [2005-03-07 16:33 53248 C:\WINDOWS\system32\VTTimer.exe]

    "VTTrayp"="VTtrayp.exe" [2005-03-11 06:33 147456 C:\WINDOWS\system32\VTTrayp.exe]

    "SoundMan"="SOUNDMAN.EXE" [2005-06-20 10:42 77824 C:\WINDOWS\soundman.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

    C:\Documents and Settings\Ismael\Menu Iniciar\Programas\Inicializar\

    Reboot.exe [2004-10-01 03:01:50 334336]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

    Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "disableregistrytoosl"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "VIDC.YV12"= yv12vfw.dll

    "msacm.ac3filter"= ac3filter.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

    R1 SNSID;SNSID;C:\WINDOWS\system32\Drivers\SNSID.sys [2007-11-27 16:36]

    R1 SNSMS;SNSMS;C:\WINDOWS\system32\Drivers\SNSMS.sys [2007-11-27 16:44]

    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

    R2 Ps2KSecureKeyboard;SecureKbd;C:\WINDOWS\system32\DRIVERS\psseckbd.sys [2007-05-30 11:21]

    R2 SNMgrSvc;SNMgrSvc;C:\WINDOWS\system32\SnMgrSvc.exe [2007-05-30 11:34]

    R3 vhidmini;Secure Mouse;C:\WINDOWS\system32\DRIVERS\vhsecmou.sys [2007-05-30 11:21]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1cd4b52-1464-11dd-b30a-0016ec51af11}]

    \Shell\AutoRun\command - F:\nideiect.com

    \Shell\explore\Command - F:\nideiect.com

    \Shell\open\Command - F:\nideiect.com

    .

    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-07-09 13:21:01

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializ*veis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe

    -> C:\DOCUME~1\Ismael\CONFIG~1\Temp\catchme.dll

    PROCESS: C:\WINDOWS\system32\lsass.exe

    -> C:\DOCUME~1\Ismael\CONFIG~1\Temp\catchme.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

    C:\WINDOWS\system32\SnAgOS.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\WINDOWS\system32\SnLiveUp.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\system32\SnEngine.EXE

    C:\WINDOWS\system32\imapi.exe

    .

    **************************************************************************

    .

    Tempo para conclusÆo: 2008-07-09 13:25:26 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-07-09 16:25:10

    Pre-Run: 13,002,780,672 bytes disponíveis

    Post-Run: 13,947,170,816 bytes dispon¡veis

    152 --- E O F --- 2008-06-22 22:33:41

    Logfile of HijackThis v1.99.1

    Scan saved at 17:45:16, on 9/7/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16674)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

    C:\WINDOWS\system32\SnAgOS.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

    C:\WINDOWS\system32\SnMgrSvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\WINDOWS\system32\SnLiveUp.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\system32\VTTimer.exe

    C:\WINDOWS\system32\VTtrayp.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

    C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\SnEngine.EXE

    C:\WINDOWS\explorer.exe

    C:\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_S9F.tmp" /EF "HKCU"

    O4 - Startup: Reboot.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

    O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Vá no site da Microsoft -> http://support.microsoft.com/kb/310994

    Selecione o download apropriado para o seu Sistema Operacional:

    crecuperacaorz4.jpg

    Faça download do arquivo e salve no seu desktop.

    rc1.gif

    Agora feche todos os seus programas abertos, inclusive antivírus e programa antimalwares para que eles não interfiram a execução do ComboFix.

    • Arraste o setup baixado do site da Microsoft para dentro do ComboFix.exe conforme mostra a figura acima.
    • Siga as mensagens que aparecem na tela para iniciar o ComboFix, concorde com o contrato da Microsoft para instalar o "Console de Recuperação da Microsoft".
    • Na próxima mensagem clique em "SIM" para realizar um scan completo com o ComboFix.
      RC_whatnext.gif
    • Quando a ferramenta acabar aparecerá um log.

    Poste em sua próxima resposta o conteúdo do arquivo C:\ComboFix.txt junto com um novo log do Hijackthis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá.....os logs combofix e hijackthis.....

    ComboFix 08-07-08.9 - Ismael 2008-07-11 11:20:20.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.67 [GMT -3:00]

    Executando de: C:\Documents and Settings\Ismael\Desktop\ComboFix.exe

    Command switches used :: C:\Documents and Settings\Ismael\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

    * Criado um novo ponto de restauro

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-06-11 to 2008-07-11 ))))))))))))))))))))))))))))))))

    .

    2008-07-11 08:55 . 2008-07-11 08:55 186,240 --a------ C:\WINDOWS\system32\SnAgOS.TMP

    2008-07-09 13:25 . 2008-07-09 13:25 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

    2008-07-09 13:25 . 2008-07-09 13:25 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

    2008-07-09 13:25 . 2008-07-09 13:25 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

    2008-07-09 13:25 . 2008-07-09 13:25 <DIR> d-------- C:\Documents and Settings\Ismael\Configuraþ§es locais

    2008-07-09 13:05 . 2008-07-09 13:05 1,003 --a------ C:\BIOSLOCK.INI

    2008-07-07 19:21 . 2008-07-07 19:21 <DIR> d-------- C:\Documents and Settings\Ismael\Dados de aplicativos\Malwarebytes

    2008-07-07 19:20 . 2008-07-07 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

    2008-07-07 19:20 . 2008-07-07 19:21 <DIR> d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware

    2008-07-07 19:20 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

    2008-07-07 19:20 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

    2008-07-06 18:31 . 2008-07-09 17:45 <DIR> d-------- C:\Hijackthis

    2008-06-25 08:37 . 2008-06-25 08:37 <DIR> d-------- C:\Arquivos de programas\Illustrate

    2008-06-25 08:37 . 2008-06-25 08:37 164,352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe

    2008-06-25 08:37 . 2008-06-25 08:37 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp

    2008-06-25 08:37 . 2008-06-25 08:37 20,906 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat

    2008-06-23 00:47 . 2008-06-23 00:47 244 --ah----- C:\sqmnoopt09.sqm

    2008-06-23 00:47 . 2008-06-23 00:47 244 --ah----- C:\sqmnoopt08.sqm

    2008-06-23 00:47 . 2008-06-23 00:47 232 --ah----- C:\sqmdata09.sqm

    2008-06-23 00:47 . 2008-06-23 00:47 232 --ah----- C:\sqmdata08.sqm

    2008-06-23 00:45 . 2008-06-23 00:45 244 --ah----- C:\sqmnoopt07.sqm

    2008-06-23 00:45 . 2008-06-23 00:45 232 --ah----- C:\sqmdata07.sqm

    2008-06-23 00:33 . 2008-06-23 00:33 244 --ah----- C:\sqmnoopt06.sqm

    2008-06-23 00:33 . 2008-06-23 00:33 232 --ah----- C:\sqmdata06.sqm

    2008-06-23 00:28 . 2008-06-23 00:28 244 --ah----- C:\sqmnoopt05.sqm

    2008-06-23 00:28 . 2008-06-23 00:28 232 --ah----- C:\sqmdata05.sqm

    2008-06-18 17:35 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

    2008-06-18 17:35 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-07-11 11:56 --------- d-----w C:\Arquivos de programas\lg_fwupdate

    2008-07-09 11:01 --------- d-----w C:\Documents and Settings\Ismael\Dados de aplicativos\AdobeUM

    2008-07-04 22:11 --------- d-----w C:\Arquivos de programas\DreMule

    2008-06-25 12:04 --------- d-----w C:\Documents and Settings\Ismael\Dados de aplicativos\CmapTools

    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

    2008-05-19 22:38 --------- d-----w C:\Arquivos de programas\epson

    2008-05-19 22:37 --------- d-----w C:\Arquivos de programas\ABBYY FineReader 6.0 Sprint

    2008-05-19 22:35 --------- d-----w C:\Documents and Settings\Ismael\Dados de aplicativos\ArcSoft

    2008-05-19 22:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ArcSoft

    2008-05-19 22:34 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

    2008-05-19 22:34 --------- d-----w C:\Arquivos de programas\ArcSoft

    2008-05-19 22:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\EPSON

    2008-05-19 22:28 --------- d-----w C:\Documents and Settings\Ismael\Dados de aplicativos\InstallShield

    2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

    2008-04-28 03:07 103,548 ----a-w C:\WINDOWS\MozillaUninstall.exe

    2008-04-28 03:06 103,548 ----a-w C:\WINDOWS\GREUninstall.exe

    2008-04-23 07:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

    2008-04-21 15:48 691,545 ----a-w C:\WINDOWS\unins000.exe

    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-09_13.23.51.45 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2008-07-09 16:19:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat

    + 2008-07-11 11:55:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat

    - 2008-06-19 01:19:12 593,920 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

    + 2008-07-10 01:14:41 593,920 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

    - 2008-06-19 01:19:13 12,288 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

    + 2008-07-10 01:14:41 12,288 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

    - 2008-06-19 01:19:13 86,016 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

    + 2008-07-10 01:14:41 86,016 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

    - 2008-06-19 01:19:12 135,168 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

    + 2008-07-10 01:14:40 135,168 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

    - 2008-06-19 01:19:13 11,264 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

    + 2008-07-10 01:14:41 11,264 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

    - 2008-06-19 01:19:13 27,136 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

    + 2008-07-10 01:14:41 27,136 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

    - 2008-06-19 01:19:13 4,096 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

    + 2008-07-10 01:14:41 4,096 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

    - 2008-06-19 01:19:13 794,624 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

    + 2008-07-10 01:14:41 794,624 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

    - 2008-06-19 01:19:12 249,856 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

    + 2008-07-10 01:14:40 249,856 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

    - 2008-06-19 01:19:12 61,440 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

    + 2008-07-10 01:14:40 61,440 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

    - 2008-06-19 01:19:14 23,040 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

    + 2008-07-10 01:14:41 23,040 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

    - 2008-06-19 01:19:11 286,720 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

    + 2008-07-10 01:14:40 286,720 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

    - 2008-06-19 01:19:11 409,600 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

    + 2008-07-10 01:14:40 409,600 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

    - 2004-08-04 02:14:16 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys

    + 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys

    - 2008-02-20 05:37:59 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

    + 2008-06-20 17:41:07 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

    - 2004-08-04 03:45:26 247,808 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll

    + 2008-06-20 17:41:07 247,808 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll

    - 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys

    + 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys

    - 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

    + 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

    - 2008-02-20 05:37:59 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

    + 2008-06-20 17:41:07 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

    - 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe

    + 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe

    - 2007-11-30 11:18:16 18,296 ------w C:\WINDOWS\system32\spmsg.dll

    + 2007-11-30 12:39:04 18,296 ------w C:\WINDOWS\system32\spmsg.dll

    + 2008-07-11 11:55:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5d4.dat

    .

    -- Snapshot reset to current date --

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

    "SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 22:53 692224]

    "EPSON Stylus CX5600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE" [2007-03-01 03:01 180736]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "LGODDFU"="C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" [2005-04-12 10:11 229376]

    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

    "InCD"="C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2004-09-07 11:25 1400944]

    "VTTimer"="VTTimer.exe" [2005-03-07 16:33 53248 C:\WINDOWS\system32\VTTimer.exe]

    "VTTrayp"="VTtrayp.exe" [2005-03-11 06:33 147456 C:\WINDOWS\system32\VTTrayp.exe]

    "SoundMan"="SOUNDMAN.EXE" [2005-06-20 10:42 77824 C:\WINDOWS\soundman.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

    C:\Documents and Settings\Ismael\Menu Iniciar\Programas\Inicializar\

    Reboot.exe [2004-10-01 03:01:50 334336]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

    Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "disableregistrytoosl"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "VIDC.YV12"= yv12vfw.dll

    "msacm.ac3filter"= ac3filter.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

    R1 SNSID;SNSID;C:\WINDOWS\system32\Drivers\SNSID.sys [2007-11-27 16:36]

    R1 SNSMS;SNSMS;C:\WINDOWS\system32\Drivers\SNSMS.sys [2007-11-27 16:44]

    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

    R2 Ps2KSecureKeyboard;SecureKbd;C:\WINDOWS\system32\DRIVERS\psseckbd.sys [2007-05-30 11:21]

    R2 SNMgrSvc;SNMgrSvc;C:\WINDOWS\system32\SnMgrSvc.exe [2007-05-30 11:34]

    R3 vhidmini;Secure Mouse;C:\WINDOWS\system32\DRIVERS\vhsecmou.sys [2007-05-30 11:21]

    *Newly Created Service* - CATCHME

    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-07-11 11:26:09

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-07-11 11:29:45

    ComboFix-quarantined-files.txt 2008-07-11 14:29:32

    ComboFix2.txt 2008-07-09 16:25:30

    Pre-Run: 14,135,193,600 bytes disponíveis

    Post-Run: 14,111,948,800 bytes disponíveis

    WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    173 --- E O F --- 2008-07-10 09:26:07

    Logfile of HijackThis v1.99.1

    Scan saved at 18:45:04, on 14/7/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16674)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

    C:\WINDOWS\system32\SnAgOS.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

    C:\WINDOWS\system32\SnMgrSvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\Explorer.exe

    C:\WINDOWS\system32\VTTimer.exe

    C:\WINDOWS\system32\VTtrayp.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

    C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\SnEngine.EXE

    C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

    C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

    C:\Arquivos de programas\internet explorer\iexplore.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_S9F.tmp" /EF "HKCU"

    O4 - Startup: Reboot.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

    O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Vá em Iniciar -> Executar e digite notepad.

    Copie (Ctrl + C) e cole (Ctrl + V) o texto abaixo entre CODE:

    REGEDIT4

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1cd4b52-1464-11dd-b30a-0016ec51af11}]

    Vá em Arquivo -> Salvar como..., na opção "Salvar como tipo" escolha "Todos os arquivos" e dê o nome de FixReg.reg. Salve no seu desktop.

    Agora execute o arquivo FixReg.reg. Aceite a inserção no registro.

    Faça um Online Scan em kaspersky Virusscanner

    • Clique em Clipboard01-1.jpg
    • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
    • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
    • Clique agora em Clipboard016.jpg
    • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
      • Scan using the following Anti-Virus database:

        Extended (if available otherwise Standard)

      • Scan Options:

        Scan Archives
        Scan Mail Bases

      [*]Clique Clipboard014.jpg

      [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

      [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

      [*]No final do Scan, clique no botão Save as Text

      [*]Salve o log com os resultados e poste na sua próxima resposta.

      [*]Gere e cole também um novo log do HijackThis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×