Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
FeMorais

Computador lento

Recommended Posts

Fala pessoal tudo bem???

meu computador esta lento d+++, demora a abrir janelas, msn, etc.

sera q rola de vocês darem uma olhada no meu log??

valeu pessoal..

Logfile of HijackThis v1.99.1

Scan saved at 15:18:46, on 11/8/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\htpatch.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\windows\system32\wwhxkd.exe

C:\windows\system32\ggis.exe

C:\windows\system32\efuv.exe

C:\windows\system32\eemcntu.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe

C:\WINDOWS\System32\ZBBOV.exe

C:\WINDOWS\System32\AUFDJVS.exe

C:\WINDOWS\System32\VTQL.exe

C:\WINDOWS\System32\HWRLGNQZ.exe

C:\windows\system32\cmd.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superesportes.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\System32\ALiUSB20.exe

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

O4 - HKLM\..\Run: [Remote_Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [GGIS] c:\windows\system32\ggis.exe

O4 - HKLM\..\Run: [VTQL] c:\windows\system32\vtql.exe

O4 - HKLM\..\Run: [AUFDJVS] c:\windows\system32\aufdjvs.exe

O4 - HKLM\..\Run: [HWRLGNQZ] c:\windows\system32\hwrlgnqz.exe

O4 - HKLM\..\Run: [ZBBOV] c:\windows\system32\zbbov.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [K-Lite Nitro BETA] C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide

O4 - Startup: reminder-Registro do produto ScanSoft.lnk = C:\Arquivos de programas\TextBridge Classic 2.0\Ereg\REMIND32.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AB8992C6-9397-488C-84AC-2C4194B9BA94}: NameServer = 200.165.132.147 200.165.132.155

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

FeMorais,

@- Faça o download do(s) programa(s) relacionado(s) abaixo(s), mas não execute ainda.

- Copie as instruções para o bloco de notas ou imprima!

- Faça a descompactação do KillBox e reserve-o numa pasta ou em seu desktop;

- Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em vermelho, selecionando-a e clicando com o botão direito do mouse -> copiar...

C:\windows\system32\wwhxkd.exe

C:\windows\system32\ggis.exe

C:\windows\system32\efuv.exe

C:\windows\system32\eemcntu.exe

C:\WINDOWS\System32\ZBBOV.exe

C:\WINDOWS\System32\AUFDJVS.exe

C:\WINDOWS\System32\VTQL.exe

C:\WINDOWS\System32\HWRLGNQZ.exe

...No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no X... e responda Não à pergunta.

Caso o Killbox não encontre algum arquivo, não tem problema. Continue...

@- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

- Execute o HijackThis - Clique em Do a System Scan Only. Marque a(s) caixinha(s) referente(s) à(s) entrada(s) relacionada(s) abaixo(s) em azul. Ao final da seleção, clique em Fix Checked...

O4 - HKLM\..\Run: [GGIS] c:\windows\system32\ggis.exe

O4 - HKLM\..\Run: [VTQL] c:\windows\system32\vtql.exe

O4 - HKLM\..\Run: [AUFDJVS] c:\windows\system32\aufdjvs.exe

O4 - HKLM\..\Run: [HWRLGNQZ] c:\windows\system32\hwrlgnqz.exe

O4 - HKLM\..\Run: [ZBBOV] c:\windows\system32\zbbov.exe

- Execute a Ferramenta ATF-Cleaner.exe. Marque a opção Select All e clique em Empty Selected. Aparecerá uma janela "Done Cleaning". Clique em OK e Exit.

@- Reinicie em modo normal.

- Se o problema continuar, faça um scan on-line no kASPERSKY

- Post os logs do Hijack (atualizado), do scan on-line e cole-os na sequência.

Um forte abraço,

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Cara, o scan on line do kaspersky eu não estou conseguindo postar de jeito nenhum. Trava o PC todo. Não consigo enviar por e-mail pra ninguém nem pra postar por outro PC. Tem mais de uma semana que to na luta pra resolver isso, mas não consegui mesmo.

    Veja o que pode fazer por mim através do log do hijack atualizado. Mais uma vez, valeu ai!

    Logfile of HijackThis v1.99.1

    Scan saved at 22:36:27, on 19/8/2007

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\htpatch.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

    C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    C:\WINDOWS\System32\RUNDLL32.EXE

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

    C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe

    C:\WINDOWS\System32\RGAYXP.exe

    C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

    C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

    C:\Arquivos de programas\K-LiteNitro\giFT\giFTl.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Hijack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superesportes.com.br/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\System32\ALiUSB20.exe

    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

    O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

    O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    O4 - HKLM\..\Run: [Remote_Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [VSUXLTKJ] c:\windows\system32\vsuxltkj.exe

    O4 - HKLM\..\Run: [RGAYXP] c:\windows\system32\rgayxp.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    O4 - HKCU\..\Run: [K-Lite Nitro BETA] C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide

    O4 - Startup: reminder-Registro do produto ScanSoft.lnk = C:\Arquivos de programas\TextBridge Classic 2.0\Ereg\REMIND32.EXE

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB8992C6-9397-488C-84AC-2C4194B9BA94}: NameServer = 200.165.132.147 200.165.132.155

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    FeMorais, gere o log abaixo então...

    @- Baixe o Combofix;

    - Copie as instruções para o bloco de notas ou imprima!

    :: Desabilite/Feche o seu antivirus antes de fazer os procedimentos abaixos ::

    @- Feche todas as janelas abertas e execute a Ferramenta ComboFix.

    • Digite a opção para continuar e <ENTER>.
    • Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

    - Se necessário, o programa vai reiniciar o seu computador. Reinicie em modo normal...

    - Log reservado: C:\ComboFix.txt

    @- Copie os logs do Hijack (atualizado), ComboFix.txt e cole-os na sequência.

    Mr. Coruj@

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Mr. Coruja, ai vai:

    Log do Hijack:

    Logfile of HijackThis v1.99.1

    Scan saved at 23:01:39, on 22/8/2007

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\cmd.exe

    C:\WINDOWS\htpatch.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

    C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

    C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe

    C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

    C:\Arquivos de programas\K-LiteNitro\giFT\giFTl.exe

    C:\WINDOWS\System32\LCPH.exe

    C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superesportes.com.br/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\System32\ALiUSB20.exe

    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

    O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

    O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    O4 - HKLM\..\Run: [Remote_Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [VSUXLTKJ] c:\windows\system32\vsuxltkj.exe

    O4 - HKLM\..\Run: [LCPH] c:\windows\system32\lcph.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    O4 - HKCU\..\Run: [K-Lite Nitro BETA] C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide

    O4 - Startup: reminder-Registro do produto ScanSoft.lnk = C:\Arquivos de programas\TextBridge Classic 2.0\Ereg\REMIND32.EXE

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB8992C6-9397-488C-84AC-2C4194B9BA94}: NameServer = 200.165.132.147 200.165.132.155

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    Log do ComboFix:

    ComboFix 07-08-17.2 - "Fernanda" 2007-08-22 22:45:27.1 - NTFSx86

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system\msn.dat

    C:\WINDOWS\system\msn.dll

    C:\WINDOWS\system\svchost.dat

    ((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))

    2007-08-22 22:44 51,200 --a------ C:\WINDOWS\nircmd.exe

    2007-08-22 22:03 1,424,812 --a------ C:\ComboFix.exe

    2007-08-16 21:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

    2007-08-16 21:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab

    2007-08-16 18:29 <DIR> d-------- C:\KillBox

    2007-08-16 18:26 50,688 --a------ C:\ATF-Cleaner.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\XWGD.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\SCMAU.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\LJPQ.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\IAWU.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\EOHDRULI.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\DGHTDTJT.exe

    2007-07-30 14:55 1,188 --a------ C:\WINDOWS\mozver.dat

    2007-07-28 10:50 <DIR> d-------- C:\DOCUME~1\Charlie\DADOSD~1\Shareaza

    2007-07-28 10:50 <DIR> d-------- C:\Arquivos de programas\Shareaza

    2007-07-28 10:38 0 --a------ C:\WINDOWS\nsreg.dat

    2007-07-22 20:55 5,814,272 ---hs---- C:\Arquivos de programas\Windowsupdate.exe

    2007-07-22 20:55 0 --a------ C:\WINDOWS\System32OpenGL.dat

    2007-07-22 20:54 5,814,272 ---hs---- C:\WINDOWS\system32\Plugin.exe

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-11 14:04 --------- d-------- C:\Arquivos de programas\K-LiteNitro

    2007-07-27 17:25 --------- d-------- C:\Arquivos de programas\Championship Manager 2007

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ALiUSBfix"="C:\WINDOWS\System32\ALiUSB20.exe" [2002-08-30 07:47]

    "HTpatch"="C:\WINDOWS\htpatch.exe" [2003-03-27 02:50]

    "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 07:50]

    "pccguide.exe"="C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe" [2003-03-26 10:00]

    "PCCClient.exe"="C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe" [2003-03-26 09:52]

    "Pop3trap.exe"="C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe" [2003-03-26 09:56]

    "AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-08-17 09:32]

    "Creative WebCam Tray"="C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE" [1999-04-27 02:00]

    "Smapp"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]

    "nwiz"="nwiz.exe" [2001-12-16 14:55 C:\WINDOWS\system32\nwiz.exe]

    "TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2006-09-27 14:38]

    "Agent"="C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe" [2001-06-18 09:49]

    "Remote_Agent"="C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe" [2001-06-11 09:52]

    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2001-12-16 14:55]

    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2001-12-16 14:55]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-10-01 17:58]

    "VSUXLTKJ"="c:\windows\system32\vsuxltkj.exe" []

    "LCPH"="c:\windows\system32\lcph.exe" [2007-08-15 18:32]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 14:08]

    "PcSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21]

    "K-Lite Nitro BETA"="C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe" [2006-11-27 20:22]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^msnmsg.exe]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\msnmsg.exe

    backup=C:\WINDOWS\pss\msnmsg.exeCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windowsupdate.exe]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windowsupdate.exe

    backup=C:\WINDOWS\pss\Windowsupdate.exeCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charlie^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

    path=C:\Documents and Settings\Charlie\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]

    C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

    C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\explore]

    C:\WINDOWS\System32\explore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\K-Lite Nitro BETA]

    C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

    C:\TBridge\FLATBED.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsg]

    C:\WINDOWS\System32\msnmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

    "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

    RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

    C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]

    C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

    C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SymantecFilterCheck]

    C:\WINDOWS\System32\gmilogon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windowsupdate]

    C:\Arquivos de programas\Windowsupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-08-22 22:52:52

    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\LCPH.exe

    scan completed successfully

    hidden files: 1

    **************************************************************************

    Completion time: 2007-08-22 22:55:53 - machine was rebooted

    C:\ComboFix-quarantined-files.txt ... 2007-08-22 22:55

    --- E O F ---

    Mais uma vez, valeu pela ajuda!

    Abraço.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    FeMorais,

    @- Faça o download do(s) programa(s) relacionado(s) abaixo, mas não execute ainda.

    - Copie as instruções para o bloco de notas ou imprima!

    @- Faça a descompactação e execute a Ferramenta avenger.exe. Confirme: OK.

    • Dentre as opções em "Script file to execute", selecione "Input Script Manually".
    • Clique no ícone da lupa.
    • Copie (Ctrl+C) o conteúdo (em vermelho) do "Código" abaixo e cole-o (Ctrl+V) em "View/edit script".
      [color=#993300][b]Files to delete:
      C:\WINDOWS\system32\XWGD.exe
      C:\WINDOWS\system32\SCMAU.exe
      C:\WINDOWS\system32\LJPQ.exe
      C:\WINDOWS\system32\IAWU.exe
      C:\WINDOWS\system32\EOHDRULI.exe
      C:\WINDOWS\system32\DGHTDTJT.exe
      C:\WINDOWS\system32\Plugin.exe
      C:\WINDOWS\System32\LCPH.exe
      c:\windows\system32\vsuxltkj.exe

      Registry values to delete:
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | VSUXLTKJ
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run | LCPH[/b][/color]

    • Clique em "Done".
    • Clique no ícone do semáforo para começar o script de remoção. Confirme: OK.

    - O computador reiniciará automaticamente. Já reinicie em modo normal, ok?

    - Log reservado: C:\avenger.txt

    @- Reinicie em modo normal.

    @- Copie os logs do Hijack (atualizado), Avenger.txt, ComboFix (Novo) e cole-os na sequência.

    Mr. Coruj@

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Seguindo orientações.

    Log do Hijack (atualizado):

    Logfile of HijackThis v1.99.1

    Scan saved at 10:46:26, on 25/8/2007

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\htpatch.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

    C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\System32\RUNDLL32.EXE

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    C:\windows\system32\zchrw.exe

    C:\windows\system32\hnchus.exe

    C:\windows\system32\hniixzrrn.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

    C:\WINDOWS\System32\VZCLB.exe

    C:\WINDOWS\System32\NQPNNZJXO.exe

    C:\WINDOWS\System32\NQPNNZJXO.exe

    C:\WINDOWS\System32\ZSITVAQFO.exe

    C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe

    C:\Arquivos de programas\K-LiteNitro\giFT\giFTl.exe

    C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superesportes.com.br/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\System32\ALiUSB20.exe

    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

    O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

    O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    O4 - HKLM\..\Run: [Remote_Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [VSUXLTKJ] c:\windows\system32\vsuxltkj.exe

    O4 - HKLM\..\Run: [NQPNNZJXO] c:\windows\system32\nqpnnzjxo.exe

    O4 - HKLM\..\Run: [VZCLB] c:\windows\system32\vzclb.exe

    O4 - HKLM\..\Run: [ZSITVAQFO] c:\windows\system32\zsitvaqfo.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    O4 - HKCU\..\Run: [K-Lite Nitro BETA] C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide

    O4 - Startup: reminder-Registro do produto ScanSoft.lnk = C:\Arquivos de programas\TextBridge Classic 2.0\Ereg\REMIND32.EXE

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    Avenger.txt:

    Logfile of The Avenger version 1, by Swandog46

    Running from registry key:

    \Registry\Machine\System\CurrentControlSet\Services\luncbwpm

    *******************

    Script file located at: snjijkob

    Could not open script file! Error

    Could not open script file! Status: 0xc000003b Abort!

    ComboFix:

    ComboFix 07-08-17.2 - "Fernanda" 2007-08-25 10:46:57.2 - NTFSx86

    ((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))

    2007-08-22 22:44 51,200 --a------ C:\WINDOWS\nircmd.exe

    2007-08-22 22:03 1,424,812 --a------ C:\ComboFix.exe

    2007-08-16 21:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

    2007-08-16 21:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab

    2007-08-16 18:29 <DIR> d-------- C:\KillBox

    2007-08-16 18:26 50,688 --a------ C:\ATF-Cleaner.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\ZSITVAQFO.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\ZCHRW.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\XWGD.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\VZCLB.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\SCMAU.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\PRDFHBKQN.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\PLRRHJN.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\OMHS.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\NZQR.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\NQPNNZJXO.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\LJPQ.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\KHOYK.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\KFGF.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\IAWU.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\HNIIXZRRN.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\HNCHUS.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\HBBG.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\EOHDRULI.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\EEYA.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\DGIYECM.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\CWPRETI.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\ATLA.exe

    2007-07-30 14:55 1,188 --a------ C:\WINDOWS\mozver.dat

    2007-07-28 10:50 <DIR> d-------- C:\DOCUME~1\Charlie\DADOSD~1\Shareaza

    2007-07-28 10:50 <DIR> d-------- C:\Arquivos de programas\Shareaza

    2007-07-28 10:38 0 --a------ C:\WINDOWS\nsreg.dat

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-11 14:04 --------- d-------- C:\Arquivos de programas\K-LiteNitro

    2007-07-27 17:25 --------- d-------- C:\Arquivos de programas\Championship Manager 2007

    2007-07-22 20:55 5814272 ---hs---- C:\WINDOWS\system32\Plugin.exe

    2007-07-22 20:55 5814272 ---hs---- C:\Arquivos de programas\Windowsupdate.exe

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ALiUSBfix"="C:\WINDOWS\System32\ALiUSB20.exe" [2002-08-30 07:47]

    "HTpatch"="C:\WINDOWS\htpatch.exe" [2003-03-27 02:50]

    "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 07:50]

    "pccguide.exe"="C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe" [2003-03-26 10:00]

    "PCCClient.exe"="C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe" [2003-03-26 09:52]

    "Pop3trap.exe"="C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe" [2003-03-26 09:56]

    "AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-08-17 09:32]

    "Creative WebCam Tray"="C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE" [1999-04-27 02:00]

    "Smapp"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]

    "nwiz"="nwiz.exe" [2001-12-16 14:55 C:\WINDOWS\system32\nwiz.exe]

    "TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2006-09-27 14:38]

    "Agent"="C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe" [2001-06-18 09:49]

    "Remote_Agent"="C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe" [2001-06-11 09:52]

    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2001-12-16 14:55]

    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2001-12-16 14:55]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-10-01 17:58]

    "VSUXLTKJ"="c:\windows\system32\vsuxltkj.exe" []

    "NQPNNZJXO"="c:\windows\system32\nqpnnzjxo.exe" [2007-08-15 18:32]

    "VZCLB"="c:\windows\system32\vzclb.exe" [2007-08-15 18:32]

    "ZSITVAQFO"="c:\windows\system32\zsitvaqfo.exe" [2007-08-15 18:32]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 14:08]

    "PcSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21]

    "K-Lite Nitro BETA"="C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe" [2006-11-27 20:22]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^msnmsg.exe]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\msnmsg.exe

    backup=C:\WINDOWS\pss\msnmsg.exeCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windowsupdate.exe]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windowsupdate.exe

    backup=C:\WINDOWS\pss\Windowsupdate.exeCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charlie^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

    path=C:\Documents and Settings\Charlie\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]

    C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

    C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\explore]

    C:\WINDOWS\System32\explore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\K-Lite Nitro BETA]

    C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

    C:\TBridge\FLATBED.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsg]

    C:\WINDOWS\System32\msnmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

    "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

    RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

    C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]

    C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

    C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SymantecFilterCheck]

    C:\WINDOWS\System32\gmilogon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windowsupdate]

    C:\Arquivos de programas\Windowsupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-08-25 10:49:15

    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    Completion time: 2007-08-25 10:50:16

    C:\ComboFix-quarantined-files.txt ... 2007-08-25 10:49

    C:\ComboFix2.txt ... 2007-08-22 22:55

    --- E O F ---

    Mais uma vez, obrigada pela ajuda.

    Abraço.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Meu computador agora, além de lento não desliga mais, só se ficar apertando o botão de desligar por uns oito segundos!

    Bom, como sugerido, fiz os procedimentos. Ai vão os logs:

    Relatório do Scan:

    BitDefender Online Scanner - Real Time Virus Report

    Generated at: Mon, Sep 03, 2007 - 20:31:48

    --------------------------------------------------------------------------------

    Scan Info

    Scanned Files

    277656

    Infected Files

    0

    Virus Detected

    No virus found.

    --------------------------------------------------------------------------------

    This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

    Log do ComboFix:

    ComboFix 07-08-17.2 - "Fernanda" 2007-09-03 20:35:31.4 - NTFSx86

    ((((((((((((((((((((((((( Files Created from 2007-08-03 to 2007-09-03 )))))))))))))))))))))))))))))))

    2007-09-02 10:30 709,095 --a------ C:\WINDOWS\system32\hork.exe

    2007-09-02 10:30 183,085 --a------ C:\WINDOWS\rnxntup.exe

    2007-08-29 22:17 <DIR> d-------- C:\WINDOWS\BDOSCAN8

    2007-08-25 11:04 <DIR> d-------- C:\!KillBox

    2007-08-22 22:44 51,200 --a------ C:\WINDOWS\nircmd.exe

    2007-08-22 22:03 1,424,812 --a------ C:\ComboFix.exe

    2007-08-16 21:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

    2007-08-16 21:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab

    2007-08-16 18:29 <DIR> d-------- C:\KillBox

    2007-08-16 18:26 50,688 --a------ C:\ATF-Cleaner.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\ZXEC.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\ZSITVAQFO.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\ZRSD.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\ZQNT.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\ZHSY.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\ZCHRW.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\YUMZ.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\XWGD.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\WTVO.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\WSKY.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\WOTCQOJCP.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\WNLJ.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\VZCLB.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\UIMN.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\UHQBZU.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\UGIH.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\UFZK.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\TYJJJGSCK.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\TNHGSTX.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\SGAB.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\SCMAU.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\SBSW.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\RWHQ.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\RKUSBHTJ.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\RCAPBJNIX.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\PVUIZNRTV.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\PTMPO.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\PRDFHBKQN.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\PLRRHJN.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\PFQAZRRO.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\OMHS.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\OLBQT.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\OKGH.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\OJFV.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\NZQR.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\NQPNNZJXO.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\NKNOSG.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\NBPPZ.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\MPYMBMH.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\LPIYHTZC.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\LJPQ.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\KYMGAOK.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\KHOYK.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\KFGF.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\KDMUPPQO.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\JUGMRJWVI.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\JTZSH.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\JJOO.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\JIGVVQ.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\IWES.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\IVKKXCTM.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\IURC.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\IPBZ.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\INTGSAA.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\IAWU.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\HXPO.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\HNIIXZRRN.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\HNCHUS.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\HCUYCCIE.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\HBBG.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\GIZT.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\GAJJ.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\FYSY.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\FHXC.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\EZYO.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\EZARSRX.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\EOHDRULI.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\EEYA.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\ECFO.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\EBGHWKQG.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\EBAS.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\DJOP.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\DGIYECM.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\CWPRETI.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\BTONGK.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\BKOUYFG.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\BEFI.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\ATLA.exe

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-11 14:04 --------- d-------- C:\Arquivos de programas\K-LiteNitro

    2007-07-28 10:50 --------- d-------- C:\Arquivos de programas\Shareaza

    2007-07-27 17:25 --------- d-------- C:\Arquivos de programas\Championship Manager 2007

    2007-07-22 20:55 5814272 ---hs---- C:\WINDOWS\system32\Plugin.exe

    2007-07-22 20:55 5814272 ---hs---- C:\Arquivos de programas\Windowsupdate.exe

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ALiUSBfix"="C:\WINDOWS\System32\ALiUSB20.exe" [2002-08-30 07:47]

    "HTpatch"="C:\WINDOWS\htpatch.exe" [2003-03-27 02:50]

    "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 07:50]

    "pccguide.exe"="C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe" [2003-03-26 10:00]

    "PCCClient.exe"="C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe" [2003-03-26 09:52]

    "Pop3trap.exe"="C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe" [2003-03-26 09:56]

    "AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-08-17 09:32]

    "Creative WebCam Tray"="C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE" [1999-04-27 02:00]

    "Smapp"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]

    "nwiz"="nwiz.exe" [2001-12-16 14:55 C:\WINDOWS\system32\nwiz.exe]

    "TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2006-09-27 14:38]

    "Agent"="C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe" [2001-06-18 09:49]

    "Remote_Agent"="C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe" [2001-06-11 09:52]

    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2001-12-16 14:55]

    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2001-12-16 14:55]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-10-01 17:58]

    "VSUXLTKJ"="c:\windows\system32\vsuxltkj.exe" []

    "sjduwiwx"="C:\WINDOWS\rnxntup.exe" [2007-09-02 10:30]

    "DJOP"="c:\windows\system32\djop.exe" [2007-08-15 18:32]

    "RCAPBJNIX"="c:\windows\system32\rcapbjnix.exe" [2007-08-15 18:32]

    "SBSW"="c:\windows\system32\sbsw.exe" [2007-08-15 18:32]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 14:08]

    "PcSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21]

    "K-Lite Nitro BETA"="C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe" [2006-11-27 20:22]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^msnmsg.exe]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\msnmsg.exe

    backup=C:\WINDOWS\pss\msnmsg.exeCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windowsupdate.exe]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windowsupdate.exe

    backup=C:\WINDOWS\pss\Windowsupdate.exeCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charlie^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

    path=C:\Documents and Settings\Charlie\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]

    C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

    C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\explore]

    C:\WINDOWS\System32\explore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\K-Lite Nitro BETA]

    C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

    C:\TBridge\FLATBED.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsg]

    C:\WINDOWS\System32\msnmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

    "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

    RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

    C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]

    C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

    C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SymantecFilterCheck]

    C:\WINDOWS\System32\gmilogon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windowsupdate]

    C:\Arquivos de programas\Windowsupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    *Newly Created Service* - PCIVP

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-09-03 20:40:29

    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    Completion time: 2007-09-03 20:43:18

    C:\ComboFix-quarantined-files.txt ... 2007-09-03 20:42

    C:\ComboFix2.txt ... 2007-09-03 18:45

    --- E O F ---

    Log do Hijack:

    Logfile of HijackThis v1.99.1

    Scan saved at 20:47:35, on 3/9/2007

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\htpatch.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

    C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\WINDOWS\System32\RUNDLL32.EXE

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    C:\WINDOWS\rnxntup.exe

    C:\windows\system32\djop.exe

    C:\windows\system32\hcuyccie.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

    C:\WINDOWS\System32\RCAPBJNIX.exe

    C:\WINDOWS\System32\SBSW.exe

    C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\jvms.exe

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\mxjxde.exe

    C:\Arquivos de programas\K-LiteNitro\giFT\giFTl.exe

    C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

    C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\explorer.exe

    C:\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superesportes.com.br/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\System32\ALiUSB20.exe

    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

    O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

    O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    O4 - HKLM\..\Run: [Remote_Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [VSUXLTKJ] c:\windows\system32\vsuxltkj.exe

    O4 - HKLM\..\Run: [sjduwiwx] C:\WINDOWS\rnxntup.exe

    O4 - HKLM\..\Run: [DJOP] c:\windows\system32\djop.exe

    O4 - HKLM\..\Run: [RCAPBJNIX] c:\windows\system32\rcapbjnix.exe

    O4 - HKLM\..\Run: [sBSW] c:\windows\system32\sbsw.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    O4 - HKCU\..\Run: [K-Lite Nitro BETA] C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide

    O4 - Startup: reminder-Registro do produto ScanSoft.lnk = C:\Arquivos de programas\TextBridge Classic 2.0\Ereg\REMIND32.EXE

    O4 - Global Startup: jvms.exe

    O4 - Global Startup: mxjxde.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB8992C6-9397-488C-84AC-2C4194B9BA94}: NameServer = 200.165.132.147 200.165.132.155

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    Mais uma vez, valeu pela ajuda!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    FeMorais,

    - Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em vermelho, selecionando-a e clicando com o botão direito do mouse -> copiar...

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\jvms.exe

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\mxjxde.exe

    C:\WINDOWS\system32\hork.exe

    C:\WINDOWS\rnxntup.exe

    C:\WINDOWS\system32\ZXEC.exe

    C:\WINDOWS\system32\ZSITVAQFO.exe

    C:\WINDOWS\system32\ZRSD.exe

    C:\WINDOWS\system32\ZQNT.exe

    C:\WINDOWS\system32\ZHSY.exe

    C:\WINDOWS\system32\ZCHRW.exe

    C:\WINDOWS\system32\YUMZ.exe

    C:\WINDOWS\system32\XWGD.exe

    C:\WINDOWS\system32\WTVO.exe

    C:\WINDOWS\system32\WSKY.exe

    C:\WINDOWS\system32\WOTCQOJCP.exe

    C:\WINDOWS\system32\WNLJ.exe

    C:\WINDOWS\system32\VZCLB.exe

    C:\WINDOWS\system32\UIMN.exe

    C:\WINDOWS\system32\UHQBZU.exe

    C:\WINDOWS\system32\UGIH.exe

    C:\WINDOWS\system32\UFZK.exe

    C:\WINDOWS\system32\TYJJJGSCK.exe

    C:\WINDOWS\system32\TNHGSTX.exe

    C:\WINDOWS\system32\SGAB.exe

    C:\WINDOWS\system32\SCMAU.exe

    C:\WINDOWS\system32\SBSW.exe

    C:\WINDOWS\system32\RWHQ.exe

    C:\WINDOWS\system32\RKUSBHTJ.exe

    C:\WINDOWS\system32\RCAPBJNIX.exe

    C:\WINDOWS\system32\PVUIZNRTV.exe

    C:\WINDOWS\system32\PTMPO.exe

    C:\WINDOWS\system32\PRDFHBKQN.exe

    C:\WINDOWS\system32\PLRRHJN.exe

    C:\WINDOWS\system32\PFQAZRRO.exe

    C:\WINDOWS\system32\OMHS.exe

    C:\WINDOWS\system32\OLBQT.exe

    C:\WINDOWS\system32\OKGH.exe

    C:\WINDOWS\system32\OJFV.exe

    C:\WINDOWS\system32\NZQR.exe

    C:\WINDOWS\system32\NQPNNZJXO.exe

    C:\WINDOWS\system32\NKNOSG.exe

    C:\WINDOWS\system32\NBPPZ.exe

    C:\WINDOWS\system32\MPYMBMH.exe

    C:\WINDOWS\system32\LPIYHTZC.exe

    C:\WINDOWS\system32\LJPQ.exe

    C:\WINDOWS\system32\KYMGAOK.exe

    C:\WINDOWS\system32\KHOYK.exe

    C:\WINDOWS\system32\KFGF.exe

    C:\WINDOWS\system32\KDMUPPQO.exe

    C:\WINDOWS\system32\JUGMRJWVI.exe

    C:\WINDOWS\system32\JTZSH.exe

    C:\WINDOWS\system32\JJOO.exe

    C:\WINDOWS\system32\JIGVVQ.exe

    C:\WINDOWS\system32\IWES.exe

    C:\WINDOWS\system32\IVKKXCTM.exe

    C:\WINDOWS\system32\IURC.exe

    C:\WINDOWS\system32\IPBZ.exe

    C:\WINDOWS\system32\INTGSAA.exe

    C:\WINDOWS\system32\IAWU.exe

    C:\WINDOWS\system32\HXPO.exe

    C:\WINDOWS\system32\HNIIXZRRN.exe

    C:\WINDOWS\system32\HNCHUS.exe

    C:\WINDOWS\system32\HCUYCCIE.exe

    C:\WINDOWS\system32\HBBG.exe

    C:\WINDOWS\system32\GIZT.exe

    C:\WINDOWS\system32\GAJJ.exe

    C:\WINDOWS\system32\FYSY.exe

    C:\WINDOWS\system32\FHXC.exe

    C:\WINDOWS\system32\EZYO.exe

    C:\WINDOWS\system32\EZARSRX.exe

    C:\WINDOWS\system32\EOHDRULI.exe

    C:\WINDOWS\system32\EEYA.exe

    C:\WINDOWS\system32\ECFO.exe

    C:\WINDOWS\system32\EBGHWKQG.exe

    C:\WINDOWS\system32\EBAS.exe

    C:\WINDOWS\system32\DJOP.exe

    C:\WINDOWS\system32\DGIYECM.exe

    C:\WINDOWS\system32\CWPRETI.exe

    C:\WINDOWS\system32\BTONGK.exe

    C:\WINDOWS\system32\BKOUYFG.exe

    C:\WINDOWS\system32\BEFI.exe

    C:\WINDOWS\system32\ATLA.exe

    C:\WINDOWS\system32\Plugin.exe

    C:\Arquivos de programas\Windowsupdate.exe

    ...No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no X... e responda Não à pergunta.

    Caso o Killbox não encontre algum arquivo, não tem problema. Continue...

    - Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

    - Execute o HijackThis - Clique em Do a System Scan Only. Marque a(s) caixinha(s) referente(s) à(s) entrada(s) relacionada(s) abaixo(s) em azul. Ao final da seleção, clique em Fix Checked...

    O4 - HKLM\..\Run: [VSUXLTKJ] c:\windows\system32\vsuxltkj.exe

    O4 - HKLM\..\Run: [sjduwiwx] C:\WINDOWS\rnxntup.exe

    O4 - HKLM\..\Run: [DJOP] c:\windows\system32\djop.exe

    O4 - HKLM\..\Run: [RCAPBJNIX] c:\windows\system32\rcapbjnix.exe

    O4 - HKLM\..\Run: [sBSW] c:\windows\system32\sbsw.exe

    O4 - Global Startup: jvms.exe

    O4 - Global Startup: mxjxde.exe

    - Execute a Ferramenta ATF-Cleaner.exe. Marque a opção Select All e clique em Empty Selected. Aparecerá uma janela "Done Cleaning". Clique em OK e Exit.

    - Reinicie em modo normal.

    - Copie o(s) log(s) do Hijack (atualizado), ComboFix (novo) e cole-o(s) na sequência.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Mr. Coruja,

    No Hijackthis, só havia as três primeiras opções, as quais eu selecionei.

    Ai vai o log atualizado:

    Logfile of HijackThis v1.99.1

    Scan saved at 18:19:25, on 4/9/2007

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superesportes.com.br/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\System32\ALiUSB20.exe

    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

    O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

    O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    O4 - HKLM\..\Run: [Remote_Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [KGWI] c:\windows\system32\kgwi.exe

    O4 - HKLM\..\Run: [RRIW] c:\windows\system32\rriw.exe

    O4 - HKLM\..\Run: [LPWO] c:\windows\system32\lpwo.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    O4 - HKCU\..\Run: [K-Lite Nitro BETA] C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide

    O4 - Startup: reminder-Registro do produto ScanSoft.lnk = C:\Arquivos de programas\TextBridge Classic 2.0\Ereg\REMIND32.EXE

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    Scan do Combofix atualizado:

    ComboFix 07-08-17.2 - "Fernanda" 2007-09-04 18:20:02.5 - NTFSx86 MINIMAL

    ((((((((((((((((((((((((( Files Created from 2007-08-04 to 2007-09-04 )))))))))))))))))))))))))))))))

    2007-08-29 22:17 <DIR> d-------- C:\WINDOWS\BDOSCAN8

    2007-08-25 11:04 <DIR> d-------- C:\!KillBox

    2007-08-22 22:44 51,200 --a------ C:\WINDOWS\nircmd.exe

    2007-08-22 22:03 1,424,812 --a------ C:\ComboFix.exe

    2007-08-16 21:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

    2007-08-16 21:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab

    2007-08-16 18:29 <DIR> d-------- C:\KillBox

    2007-08-16 18:26 50,688 --a------ C:\ATF-Cleaner.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\RRIW.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\LPWO.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\KHECQQDVN.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\KGWI.exe

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-11 14:04 --------- d-------- C:\Arquivos de programas\K-LiteNitro

    2007-07-28 10:50 --------- d-------- C:\Arquivos de programas\Shareaza

    2007-07-27 17:25 --------- d-------- C:\Arquivos de programas\Championship Manager 2007

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ALiUSBfix"="C:\WINDOWS\System32\ALiUSB20.exe" [2002-08-30 07:47]

    "HTpatch"="C:\WINDOWS\htpatch.exe" [2003-03-27 02:50]

    "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 07:50]

    "pccguide.exe"="C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe" [2003-03-26 10:00]

    "PCCClient.exe"="C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe" [2003-03-26 09:52]

    "Pop3trap.exe"="C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe" [2003-03-26 09:56]

    "AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-08-17 09:32]

    "Creative WebCam Tray"="C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE" [1999-04-27 02:00]

    "Smapp"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]

    "nwiz"="nwiz.exe" [2001-12-16 14:55 C:\WINDOWS\system32\nwiz.exe]

    "TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2006-09-27 14:38]

    "Agent"="C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe" [2001-06-18 09:49]

    "Remote_Agent"="C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe" [2001-06-11 09:52]

    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2001-12-16 14:55]

    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2001-12-16 14:55]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-10-01 17:58]

    "KGWI"="c:\windows\system32\kgwi.exe" [2007-08-15 18:32]

    "RRIW"="c:\windows\system32\rriw.exe" [2007-08-15 18:32]

    "LPWO"="c:\windows\system32\lpwo.exe" [2007-08-15 18:32]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 14:08]

    "PcSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21]

    "K-Lite Nitro BETA"="C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe" [2006-11-27 20:22]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^msnmsg.exe]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\msnmsg.exe

    backup=C:\WINDOWS\pss\msnmsg.exeCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windowsupdate.exe]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windowsupdate.exe

    backup=C:\WINDOWS\pss\Windowsupdate.exeCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charlie^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

    path=C:\Documents and Settings\Charlie\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]

    C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

    C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\explore]

    C:\WINDOWS\System32\explore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\K-Lite Nitro BETA]

    C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

    C:\TBridge\FLATBED.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsg]

    C:\WINDOWS\System32\msnmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

    "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

    RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

    C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]

    C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

    C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SymantecFilterCheck]

    C:\WINDOWS\System32\gmilogon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windowsupdate]

    C:\Arquivos de programas\Windowsupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-09-04 18:22:08

    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    Completion time: 2007-09-04 18:22:45

    C:\ComboFix-quarantined-files.txt ... 2007-09-04 18:22

    C:\ComboFix2.txt ... 2007-09-03 20:43

    C:\ComboFix3.txt ... 2007-09-03 18:45

    --- E O F ---

    Agradeço a atenção!!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    FeMorais, já melhorou bastante... OK! Mas, deixa eu te explicar o que acontece. Como estes arquivos são aleatórios, muito provavelmente alguns novos estão sendo criados neste momento. Sendo assim, para que possamos pegar todos ou impedir que eles sejam criados após você reiniciar, você precisará me ajudar da seguinte maneira:

    Veja as características das entradas que você deverá marcar no HijackThis antes de reiniciar o computador:

    O4 - HKLM\..\Run: [?QUALQUER COMBINAÇÂO DE LETRA?] c:\windows\system32\?A MESMA COMBINAÇÂO DE LETRA?.exe

    O importante é não deixa que eles reiniciem, ok?

    Exemplo:

    Atual:

    O4 - HKLM\..\Run: [KGWI] c:\windows\system32\kgwi.exe

    O4 - HKLM\..\Run: [RRIW] c:\windows\system32\rriw.exe

    O4 - HKLM\..\Run: [LPWO] c:\windows\system32\lpwo.exe

    Mas poderia ser:

    O4 - HKLM\..\Run: [ABCD] c:\windows\system32\ABCD.exe

    O4 - HKLM\..\Run: [ZZER] c:\windows\system32\ZZER.exe

    --|--

    Entradas (O4 - ...) que não devem ou não precisam ser marcadas:

    O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\System32\ALiUSB20.exe

    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

    O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

    O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    O4 - HKLM\..\Run: [Remote_Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    O4 - HKCU\..\Run: [K-Lite Nitro BETA] C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide

    O4 - Startup: reminder-Registro do produto ScanSoft.lnk = C:\Arquivos de programas\TextBridge Classic 2.0\Ereg\REMIND32.EXE

    --|--

    Faça o procedimento abaixo:

    - Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em vermelho, selecionando-a e clicando com o botão direito do mouse -> copiar...

    C:\WINDOWS\system32\RRIW.exe

    C:\WINDOWS\system32\LPWO.exe

    C:\WINDOWS\system32\KHECQQDVN.exe

    C:\WINDOWS\system32\KGWI.exe

    ...No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no X... e responda Não à pergunta.

    Caso o Killbox não encontre algum arquivo, não tem problema. Continue...

    - Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

    - Execute o HijackThis - Clique em Do a System Scan Only. Marque a(s) caixinha(s) referente(s) à(s) entrada(s) relacionada(s) abaixo(s) em azul. Ao final da seleção, clique em Fix Checked...

    O4 - HKLM\..\Run: [KGWI] c:\windows\system32\kgwi.exe

    O4 - HKLM\..\Run: [RRIW] c:\windows\system32\rriw.exe

    O4 - HKLM\..\Run: [LPWO] c:\windows\system32\lpwo.exe

    +

    O4 - HKLM\..\Run: [????] c:\windows\system32\????.exe

    - Execute a Ferramenta ATF-Cleaner.exe. Marque a opção Select All e clique em Empty Selected. Aparecerá uma janela "Done Cleaning". Clique em OK e Exit.

    - Reinicie em modo normal.

    - Copie o(s) log(s) do Hijack (atualizado), ComboFix (novo) e cole-o(s) na sequência.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue abaixo os logs do hijack e combofix

    Hijack:

    Logfile of HijackThis v1.99.1

    Scan saved at 14:05:32, on 7/9/2007

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\htpatch.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

    C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    C:\WINDOWS\System32\RUNDLL32.EXE

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

    C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe

    C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

    C:\Arquivos de programas\K-LiteNitro\giFT\giFTl.exe

    C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\Arquivos de programas\internet explorer\iexplore.exe

    C:\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superesportes.com.br/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\System32\ALiUSB20.exe

    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

    O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

    O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    O4 - HKLM\..\Run: [Remote_Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    O4 - HKCU\..\Run: [K-Lite Nitro BETA] C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide

    O4 - Startup: reminder-Registro do produto ScanSoft.lnk = C:\Arquivos de programas\TextBridge Classic 2.0\Ereg\REMIND32.EXE

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB8992C6-9397-488C-84AC-2C4194B9BA94}: NameServer = 200.165.132.147 200.165.132.155

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    ======================================================

    Combofix:

    ComboFix 07-08-17.2 - "Fernanda" 2007-09-07 14:06:28.6 - NTFSx86

    ((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 )))))))))))))))))))))))))))))))

    2007-08-29 22:17 <DIR> d-------- C:\WINDOWS\BDOSCAN8

    2007-08-25 11:04 <DIR> d-------- C:\!KillBox

    2007-08-22 22:44 51,200 --a------ C:\WINDOWS\nircmd.exe

    2007-08-22 22:03 1,424,812 --a------ C:\ComboFix.exe

    2007-08-16 21:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

    2007-08-16 21:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab

    2007-08-16 18:29 <DIR> d-------- C:\KillBox

    2007-08-16 18:26 50,688 --a------ C:\ATF-Cleaner.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\SWVKSPG.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\QVSIWQL.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\KKRLTYXNE.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\JNHXPFRO.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\HYEN.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\FFOXBH.exe

    2007-08-15 18:32 193,024 --a------ C:\WINDOWS\system32\FDGD.exe

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-11 14:04 --------- d-------- C:\Arquivos de programas\K-LiteNitro

    2007-07-28 10:50 --------- d-------- C:\Arquivos de programas\Shareaza

    2007-07-27 17:25 --------- d-------- C:\Arquivos de programas\Championship Manager 2007

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ALiUSBfix"="C:\WINDOWS\System32\ALiUSB20.exe" [2002-08-30 07:47]

    "HTpatch"="C:\WINDOWS\htpatch.exe" [2003-03-27 02:50]

    "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 07:50]

    "pccguide.exe"="C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe" [2003-03-26 10:00]

    "PCCClient.exe"="C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe" [2003-03-26 09:52]

    "Pop3trap.exe"="C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe" [2003-03-26 09:56]

    "AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-08-17 09:32]

    "Creative WebCam Tray"="C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE" [1999-04-27 02:00]

    "Smapp"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]

    "nwiz"="nwiz.exe" [2001-12-16 14:55 C:\WINDOWS\system32\nwiz.exe]

    "TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2006-09-27 14:38]

    "Agent"="C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe" [2001-06-18 09:49]

    "Remote_Agent"="C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe" [2001-06-11 09:52]

    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2001-12-16 14:55]

    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2001-12-16 14:55]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-10-01 17:58]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 14:08]

    "PcSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21]

    "K-Lite Nitro BETA"="C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe" [2006-11-27 20:22]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^msnmsg.exe]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\msnmsg.exe

    backup=C:\WINDOWS\pss\msnmsg.exeCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windowsupdate.exe]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windowsupdate.exe

    backup=C:\WINDOWS\pss\Windowsupdate.exeCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Charlie^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

    path=C:\Documents and Settings\Charlie\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]

    C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

    C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\explore]

    C:\WINDOWS\System32\explore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\K-Lite Nitro BETA]

    C:\Arquivos de programas\K-LiteNitro\K-LiteNitro.exe /hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

    C:\TBridge\FLATBED.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsg]

    C:\WINDOWS\System32\msnmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

    "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

    RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

    C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]

    C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

    C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SymantecFilterCheck]

    C:\WINDOWS\System32\gmilogon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windowsupdate]

    C:\Arquivos de programas\Windowsupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    *Newly Created Service* - PCIVP

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-09-07 14:09:36

    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    Completion time: 2007-09-07 14:11:14

    C:\ComboFix-quarantined-files.txt ... 2007-09-07 14:10

    C:\ComboFix2.txt ... 2007-09-04 18:22

    C:\ComboFix3.txt ... 2007-09-03 20:43

    --- E O F ---

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Muito bom FeMorais.. :) Eles não iniciaram. Agora com este próximos passos deverá terminar com o problema.

    - Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em vermelho, selecionando-a e clicando com o botão direito do mouse -> copiar...

    C:\WINDOWS\system32\SWVKSPG.exe

    C:\WINDOWS\system32\QVSIWQL.exe

    C:\WINDOWS\system32\KKRLTYXNE.exe

    C:\WINDOWS\system32\JNHXPFRO.exe

    C:\WINDOWS\system32\HYEN.exe

    C:\WINDOWS\system32\FFOXBH.exe

    C:\WINDOWS\system32\FDGD.exe

    ...No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no X... e responda Não à pergunta.

    Caso o Killbox não encontre algum arquivo, não tem problema. Continue...

    - Reinicie em modo normal.

    - Copie um novo log do Hijack e cole-o. Informe se ainda tem algum problema no PC.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Mais uma vez, obrigada Mr. Coruja!

    Bom o log do hijack tá ai:

    Logfile of HijackThis v1.99.1

    Scan saved at 23:42:49, on 9/9/2007

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\htpatch.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe

    C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe

    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

    C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    C:\WINDOWS\System32\RUNDLL32.EXE

    C:\Arquivos de programas\QuickTime\qttask.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

    C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

    C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superesportes.com.br/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\System32\ALiUSB20.exe

    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

    O4 - HKLM\..\Run: [pccguide.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\pccguide.exe"

    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCClient.exe"

    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Pop3trap.exe"

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Arquivos de programas\Creative\WebCam Control\CAMTRAY.EXE

    O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe

    O4 - HKLM\..\Run: [Remote_Agent] C:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    O4 - Startup: reminder-Registro do produto ScanSoft.lnk = C:\Arquivos de programas\TextBridge Classic 2.0\Ereg\REMIND32.EXE

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB8992C6-9397-488C-84AC-2C4194B9BA94}: NameServer = 200.165.132.147 200.165.132.155

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\PCCPFW.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

    Fora isso, parece que por enquanto não há problemas.

    Mas gostaria de saber um antivírus bom, que eu possa baixar de graça pra colocar no meu pc. Eu tenho o AVG, mas não sei se é suficiente.

    Valeu ai a força.

    Um grande abraço!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×