Ai vai o Log com HijackThis, só que eu dei um Mole porque eu sai excluindo um monte de entrada e perdi o primeiro Log que tava todo infectado sobrando apenas esse que já ta com tudo removido
Mas o Vírus continua Intacto:
Logfile of HijackThis v1.99.1
Scan saved at 17:02:16, on 27/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS.0\ctfmon.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\slserv.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS.0\system32\wuauclt.exe
E:\achei.exe
C:\Arquivos de programas\Windows NT\Acessórios\WORDPAD.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O20 - Winlogon Notify: winctrl32 - C:\WINDOWS.0\SYSTEM32\WinCtrl32.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (antivirscheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner (avast! web scanner) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ccevtsvc - Unknown owner - C:\WINDOWS.0\System32\CcEvtSvc.exe (file missing)
O23 - Service: COMSysApp COMSysAppRemoteRegistry (comsysappremoteregistry) - Unknown owner - C:\WINDOWS.0\system32\accessq.exe (file missing)
O23 - Service: LPTRDC server (lptrdcsrv) - Unknown owner - C:\WINDOWS.0\ctfmon.exe
O23 - Service: Plug and Play PlugPlaySCardSvr (plugplayscardsvr) - Unknown owner - C:\WINDOWS.0\system32\1041e.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS.0\SYSTEM32\slserv.exe
O23 - Service: Serviço de Número de Série de Mídia Portátil WmdmPmSNTapiSrv (wmdmpmsntapisrv) - Unknown owner - C:\WINDOWS.0\system32\a3do.exe
Instalei também o AVIRA e não removeu o Vírus.
Continua sem acesso a internet, pra fazer um Scan online!
EDIT: Se ajuda, ai estão as entradas que eu havia Removido pelo Hijakthis e recuperei atraves do Backup:
O2 - BHO: C:\WINDOWS.0\system32\hdxjd4g.dll - {b5ac49a2-94f2-42bd-f434-2604812c897d} - C:\WINDOWS.0\system32\hdxjd4g.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS.0\system32\userinit.exe,userinit.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService.AUTORIDADE NT\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [Hhjg5jfd93dftdf] C:\Temp\winlagon.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS.0\system32\drivers\spools.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\Temp\csrssc.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O4 - HKCU\..\Run: [Hhjg5jfd93dftdf] C:\Temp\winlagon.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212032005890
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winctrl32 - C:\WINDOWS.0\SYSTEM32\WinCtrl32.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O21 - SSODL: yhEAyAqZbyN - {589200DE-F238-AA74-9BDA-721C75DF0341} - C:\WINDOWS.0\system32\osu.dll (file missing)
O23 - Service: browserwinmgmt - Unknown owner - C:\WINDOWS.0\system32\accesst.exe
O23 - Service: cisvchelpsvc - Unknown owner - C:\WINDOWS.0\system32\accessda.exe
O23 - Service: CiSvc - Unknown owner - C:\Temp\1.EXE (file missing)
O23 - Service: clr_optimization_v2.0.50727_32 - Unknown owner - C:\Temp\1.EXE (file missing)
O23 - Service: COMSysApp COMSysAppRemoteRegistry (comsysappremoteregistry) - Unknown owner - C:\WINDOWS.0\system32\accessq.exe
O23 - Service: Dhcp - Unknown owner - C:\Temp\1.EXE (file missing)
O23 - Service: HTTPFilter - Unknown owner - C:\Temp\1.EXE (file missing)
O23 - Service: fci - Unknown owner - C:\WINDOWS.0\system32\svchost.exe:ext.exe (file missing)
O23 - Service: Google Online Services - Unknown owner - C:\Temp\1.EXE (file missing)
O23 - Service: lanmanserver - Unknown owner - C:\Temp\1.EXE (file missing)
O23 - Service: icf - Unknown owner - C:\Temp\1.EXE (file missing)
O23 - Service: LPTRDC server (lptrdcsrv) - Unknown owner - C:\WINDOWS.0\ctfmon.exe
O23 - Service: ImapiService - Unknown owner - C:\Temp\1.EXE (file missing)
O23 - Service: MSIServer - Unknown owner - C:\Temp\1.EXE (file missing)
O23 - Service: NtLmSsp - Unknown owner - C:\Temp\1.EXE (file missing)
O23 - Service: ose - Unknown owner - C:\Temp\1.EXE (file missing)
O23 - Service: Plug and Play PlugPlaySCardSvr (plugplayscardsvr) - Unknown owner - C:\WINDOWS.0\system32\1041e.exe
O23 - Service: PolicyAgent - Unknown owner - C:\Temp\1.EXE (file missing)
O23 - Service: RDSessMgr - Unknown owner - C:\Temp\1.EXE (file missing)
O23 - Service: RSVP - Unknown owner - C:\WINDOWS.0\system32\rsvp.exe (file missing)
O23 - Service: Alocador Remote Procedure Call (RPC) (RpcLocator) - Unknown owner - C:\WINDOWS.0\system32\locator.exe
O23 - Service: Schedule - Unknown owner - C:\WINDOWS.0\system32\drivers\spools.exe
O23 - Service: Serviço de Número de Série de Mídia Portátil WmdmPmSNTapiSrv (wmdmpmsntapisrv) - Unknown owner - C:\WINDOWS.0\system32\a3do.exe
O23 - Service: ccevtsvc - Unknown owner - C:\WINDOWS.0\System32\CcEvtSvc.exe (file missing)
O23 - Service: LPTRDC server (lptrdcsrv) - Unknown owner - C:\WINDOWS.0\ctfmon.exe
O23 - Service: COMSysApp COMSysAppRemoteRegistry (comsysappremoteregistry) - Unknown owner - C:\WINDOWS.0\system32\accessq.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS.0\SYSTEM32\slserv.exe
O23 - Service: Plug and Play PlugPlaySCardSvr (plugplayscardsvr) - Unknown owner - C:\WINDOWS.0\system32\1041e.exe
O23 - Service: Serviço de Número de Série de Mídia Portátil WmdmPmSNTapiSrv (wmdmpmsntapisrv) - Unknown owner - C:\WINDOWS.0\system32\a3do.exe