Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
jhoeex

PC Lento na Hora da Inicialização!!

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:38:16, on 2008-11-19

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{28ABA7A3-FA26-4BEB-9301-C1513BB8E715}: NameServer = 200.149.55.140,200.165.132.148

O17 - HKLM\System\CCS\Services\Tcpip\..\{E7D60FF9-7D35-4187-BE60-F750C6BA1FBD}: NameServer = 200.149.55.140,200.165.132.148

O17 - HKLM\System\CS1\Services\Tcpip\..\{28ABA7A3-FA26-4BEB-9301-C1513BB8E715}: NameServer = 200.149.55.140,200.165.132.148

O17 - HKLM\System\CS3\Services\Tcpip\..\{28ABA7A3-FA26-4BEB-9301-C1513BB8E715}: NameServer = 200.149.55.140,200.165.132.148

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe (file missing)

O23 - Service: Venturi2 Client (Venturi2) - Unknown owner - C:\Program Files\Venturi2\Client\ventc.exe (file missing)

O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - D:\Meus documentos\Shareaza Downloads\Super Programas\Crack-WiiFi\Crack.WiiFi\WinAircrackPack\WinAircrackPack\WinAircrackPack\wzcook.exe (file missing)

--

End of file - 5150 bytes

ComboFix 08-11-18.A2 - Usuário 2008-11-19 18:10:07.18 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.642 [GMT -3:00]

Executando de: c:\documents and settings\Usuário\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\dlldat.dll

c:\windows\system32\avrt.dll

c:\windows\system32\D3DX10d_39.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-19 to 2008-11-19 ))))))))))))))))))))))))))))

.

2008-11-19 17:40 . 2008-11-19 17:40 <DIR> d-------- C:\LinhaDefensiva

2008-11-19 15:59 . 2008-11-19 15:59 <DIR> d-------- c:\arquivos de programas\Cl1ckClock

2008-11-19 15:50 . 2008-11-19 18:03 <DIR> d-------- c:\arquivos de programas\AutoShutdown

2008-11-19 14:36 . 2008-11-19 14:36 32 --a------ c:\windows\go

2008-11-19 14:31 . 2008-11-19 14:31 <DIR> d-------- c:\arquivos de programas\WinAVI Video Converter 9.0

2008-11-18 10:32 . 2008-11-18 13:30 119,333 --a------ c:\windows\temp.html

2008-11-18 10:21 . 2008-11-18 10:21 <DIR> d-------- c:\windows\Mailr.{00021401-0000-0000-C000-000000000046}

2008-11-18 10:21 . 2007-01-26 11:13 1,773,568 --a------ c:\windows\smsni.exe

2008-11-18 10:21 . 2008-11-18 10:20 675,188 --a------ c:\windows\unins000.exe

2008-11-18 10:21 . 2006-11-10 14:28 139,264 --a------ c:\windows\system32\vbSendMail.dll

2008-11-18 10:21 . 2008-11-18 10:21 3,809 --a------ c:\windows\unins000.dat

2008-11-18 10:21 . 2005-05-13 21:17 3,363 --a------ c:\windows\smtp.html

2008-11-18 10:21 . 2004-05-20 01:40 563 --a------ c:\windows\smsni.exe.manifest

2008-11-16 18:39 . 2008-11-16 18:39 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\IObit

2008-11-15 23:55 . 2008-11-19 17:29 <DIR> d-------- C:\download

2008-11-15 23:34 . 2008-11-15 23:34 155,648 --a------ c:\windows\system32\libssl32.dll

2008-11-14 18:56 . 2008-11-14 19:40 250 --a------ c:\windows\gmer.ini

2008-11-13 18:26 . 2008-11-13 18:26 516 --a------ c:\windows\system32\SYSINFO.DAT

2008-11-12 19:43 . 2008-11-12 19:43 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\DFX

2008-11-12 19:19 . 2008-11-12 19:21 <DIR> d--h-c--- c:\documents and settings\All Users\Dados de aplicativos\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}

2008-11-12 12:38 . 2008-11-12 12:38 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2008-11-12 10:50 . 2008-11-12 10:50 <DIR> d-------- c:\arquivos de programas\Messenger Plus! Live

2008-11-12 10:43 . 2008-11-12 10:43 <DIR> d-------- c:\arquivos de programas\MessengerPlus! 3

2008-11-12 00:09 . 2008-11-12 10:50 <DIR> d-------- c:\arquivos de programas\MSN Messenger

2008-11-11 22:09 . 2008-11-18 20:07 <DIR> d-------- C:\GTA SAN ANDREAS ONLINE

2008-11-11 11:40 . 2008-11-11 11:40 <DIR> d-------- c:\arquivos de programas\Uniblue

2008-11-11 11:34 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

2008-11-11 11:32 . 2008-11-11 11:32 <DIR> d-------- c:\windows\system32\XPSViewer

2008-11-11 11:32 . 2008-11-11 11:32 <DIR> d-------- c:\arquivos de programas\Reference Assemblies

2008-11-11 11:31 . 2008-11-11 11:31 212 --a------ c:\windows\system32\spupdsvc.inf

2008-11-11 11:30 . 2008-11-11 11:37 <DIR> d-------- c:\windows\SxsCaPendDel

2008-11-11 11:30 . 2008-07-06 09:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll

2008-11-11 11:30 . 2008-07-06 09:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll

2008-11-11 11:30 . 2008-07-06 07:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2008-11-11 11:30 . 2008-07-06 09:06 575,488 --------- c:\windows\system32\xpsshhdr.dll

2008-11-11 11:30 . 2008-07-06 09:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll

2008-11-11 11:30 . 2008-07-06 09:06 117,760 --------- c:\windows\system32\prntvpt.dll

2008-11-11 11:30 . 2008-07-06 09:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2008-11-11 11:23 . 2008-11-11 11:23 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\Thinstall

2008-11-11 09:57 . 2008-11-11 09:57 <DIR> dr-h----- C:\AHCache

2008-11-10 21:54 . 2001-09-05 23:20 12,288 --a------ c:\windows\system32\drivers\mouhid.sys

2008-11-10 21:54 . 2001-09-05 23:20 12,288 --a--c--- c:\windows\system32\dllcache\mouhid.sys

2008-11-10 21:54 . 2008-04-13 15:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys

2008-11-10 21:54 . 2008-04-13 15:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys

2008-11-10 11:23 . 2008-11-12 00:01 <DIR> d-------- c:\documents and settings\Usuário\Tracing

2008-11-10 11:23 . 2008-11-12 00:01 <DIR> d-------- c:\documents and settings\Usuário\Tracing

2008-11-09 12:09 . 2008-11-09 12:09 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles

2008-11-07 11:22 . 2008-11-07 11:22 <DIR> d-------- c:\windows\WinAVI Video Converter 9.0

2008-10-31 12:49 . 2008-10-31 12:49 6,144 --ahs---- C:\Thumbs.db

2008-10-30 17:22 . 2008-11-10 00:25 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\ADPHONE

2008-10-28 23:44 . 2008-04-12 07:30 765,952 --a------ c:\windows\system32\xvidcore.dll

2008-10-28 23:43 . 2008-10-31 12:50 <DIR> d-------- c:\arquivos de programas\Xvid

2008-10-28 23:43 . 2008-04-12 07:41 180,224 --a------ c:\windows\system32\xvidvfw.dll

2008-10-28 17:18 . 2008-11-11 11:40 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\Uniblue

2008-10-24 12:09 . 2008-10-24 12:09 4,484 --a------ c:\windows\system32\drivers\cpuidlep.sys

2008-10-23 14:53 . 2008-10-15 13:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-10-23 11:43 . 2008-10-24 11:36 56 --a------ c:\windows\videotoaudio.ini

2008-10-23 11:41 . 2008-10-24 11:36 5 --a------ c:\windows\system32\SySatm.dat

2008-10-22 14:33 . 2008-10-28 17:21 <DIR> d-------- c:\documents and settings\Usuário\Dados de aplicativos\AdobeUM

2008-10-22 14:24 . 2008-10-22 14:24 <DIR> d-------- c:\documents and settings\Usuário\Meus documentos

2008-10-22 14:24 . 2008-10-22 14:24 <DIR> d-------- c:\documents and settings\Usuário\Meus documentos

2008-10-22 11:26 . 2001-09-05 23:27 18,176 --a------ c:\windows\system32\drivers\sermouse.sys

2008-10-22 11:26 . 2001-09-05 23:27 18,176 --a--c--- c:\windows\system32\dllcache\sermouse.sys

2008-10-19 21:09 . 2008-10-19 21:09 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2008-10-19 09:30 . 2008-10-19 09:31 24 ---hs---- c:\windows\S062AC623.tmp

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-18 22:23 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-11-18 22:23 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2008-11-18 22:23 --------- d-----w c:\arquivos de programas\DAP

2008-11-18 22:19 --------- d-----w c:\arquivos de programas\Google

2008-11-18 18:43 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-11-17 13:56 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\Image Zone Express

2008-11-16 21:39 --------- d-----w c:\arquivos de programas\IObit

2008-11-13 22:17 --------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-13 21:30 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\Shareaza

2008-11-12 03:07 --------- d-----w c:\arquivos de programas\Windows Live

2008-11-11 14:43 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\VMware

2008-10-28 20:21 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-22 19:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-22 19:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-10-22 00:25 --------- d-----w c:\arquivos de programas\VDOWNLOADER

2008-10-20 20:28 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-10-18 15:00 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-10-17 16:13 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\Desktopicon

2008-10-17 10:09 602,112 ----a-w c:\windows\system32\nvapi.dll

2008-10-13 16:23 --------- d-----w c:\arquivos de programas\Unlocker

2008-10-13 13:55 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\BinarySense

2008-10-13 13:50 2,150,400 ----a-w c:\windows\system32\kernel1.exe

2008-10-12 23:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\VMware

2008-10-12 23:30 --------- d-----w c:\arquivos de programas\VMware

2008-10-12 22:56 2,287,616 ----a-w c:\windows\system32\KERNEL.TMP

2008-10-12 22:56 --------- d-----w c:\documents and settings\LocalService\Dados de aplicativos\VMware

2008-10-10 17:43 --------- d-----w c:\arquivos de programas\Positivo

2008-10-10 17:42 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2008-10-06 17:48 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2008-10-05 16:36 319,488 ----a-w c:\windows\HideWin.exe

2008-10-05 16:36 --------- d-----w c:\arquivos de programas\Realtek

2008-10-05 16:00 196,608 ----a-w c:\windows\system32\avisynth.dll

2008-10-05 15:59 414,272 ----a-w c:\windows\system32\DivXc32f.dll

2008-10-05 15:59 414,272 ----a-w c:\windows\system32\DivXc32.dll

2008-10-05 15:59 33,280 ----a-w c:\windows\system32\HUFFYUV.DLL

2008-10-05 15:55 --------- d-----w c:\arquivos de programas\CCleaner

2008-10-04 00:45 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\FrmMain

2008-09-30 19:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-30 15:19 --------- d-----w c:\arquivos de programas\Arquivos comuns\Thraex Software

2008-09-25 19:50 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\BVRP Software

2008-09-24 20:32 4,818,432 ----a-w c:\windows\system32\drivers\RtkHDAud.sys

2008-09-24 19:05 16,859,648 ----a-w c:\windows\RTHDCPL.EXE

2008-09-23 23:11 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-09-23 23:11 --------- d-----w c:\documents and settings\Usuário\Dados de aplicativos\DAEMON Tools

2008-09-21 18:28 --------- d-----w c:\arquivos de programas\Lavalys

2008-09-20 22:22 --------- d-----w c:\arquivos de programas\Microsoft Office Outlook Connector

2008-09-20 22:20 --------- d-----w c:\arquivos de programas\Microsoft

2008-09-20 21:28 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2008-09-19 20:48 1,200,128 ----a-w c:\windows\RtlUpd.exe

2008-09-18 18:47 940,304 ----a-w c:\windows\system32\msjava.dll

2008-09-18 18:47 73,728 ----a-w c:\windows\system32\CompressATI2.dll

2008-09-18 18:47 430,088 ----a-w c:\windows\system32\D3D10SDKLayers.DLL

2008-09-18 18:47 1,171,456 ----a-w c:\windows\system32\msvcr80d.dll

2008-09-18 18:17 2,166,272 ----a-w c:\windows\MicCal.exe

2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys

2008-09-10 01:15 1,307,648 -c--a-w c:\windows\system32\msxml6.dll

2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll

2008-08-25 19:17 528,384 ----a-w c:\windows\RtlExUpd.dll

2008-08-19 16:26 77,824 ----a-w c:\windows\SOUNDMAN.EXE

2008-03-09 10:25 236 -c-ha-w c:\arquivos de programas\Arquivos comuns\dx.reg

1764-01-12 09:45 4,263 -csh--w c:\windows\windllreg1c.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-13 7630848]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-13 86016]

"egui"="c:\arquivos de programas\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]

"nwiz"="nwiz.exe" [2007-03-13 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2008-09-24 c:\windows\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoLogoff"= 0 (0x0)

"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.HFYU"= huffyuv.dll

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Usuário^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\Usuário\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Usuário^Menu Iniciar^Programas^Inicializar^MemTurbo.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Usuário^Menu Iniciar^Programas^Inicializar^Venturi 2.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Usuário^Start Menu^Programs^Startup^MemTurbo.lnk]

backup=c:\windows\pss\MemTurbo.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

--a------ 2008-10-22 16:10 399504 c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

-----c--- 2008-04-13 23:21 1695232 c:\arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 c:\arquivos de programas\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

--a------ 2007-11-20 18:15 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

R1 cpuidlep;CpuIdle Pro System Driver;c:\windows\system32\drivers\cpuidlep.sys [2008-10-24 4484]

R2 MBAMService;MBAMService;"c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-07-30 170640]

R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-07-30 15504]

S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2008-05-29 4224]

S3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\atl02_xp.sys [2008-04-19 28416]

S3 PciCon;PciCon;\??\E:\PciCon.sys []

S3 rkhdrv40;Rootkit Unhooker Driver; []

S3 UnlockerDriver4;UnlockerDriver4 Driver;\??\c:\arquivos de programas\Unlocker\UnlockerDriver4.sys []

S3 WZCOOK;WEP/WPA-PMK key recovery service;"d:\meus documentos\Shareaza Downloads\Super Programas\Crack-WiiFi\Crack.WiiFi\WinAircrackPack\WinAircrackPack\WinAircrackPack\wzcook.exe" [2008-11-18 40960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1acfbd46-615e-11dd-903c-001bfc634e90}]

\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4835857c-22b5-11dd-b094-001bfc634e90}]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{983379ce-624b-11dd-9046-001bfc634e90}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-07-24 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\arquivos de programas\Uniblue\SpyEraser\SpyEraser.exe []

.

- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-cFosSpeed - c:\arquivos de programas\cFosSpeed\cFosSpeed.exe

MSConfigStartUp-DownloadAccelerator - c:\arquivos de programas\DAP\DAP.EXE

MSConfigStartUp-Memory Booster Gold - c:\arquivos de programas\Memory Booster Gold\MemoryBoosterGold.exe

MSConfigStartUp-MzCpuAccelerator - c:\program files\Mz_CpuAcc\MzCpuAccelerator.exe

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\documents and settings\Usuário\Dados de aplicativos\Mozilla\Firefox\Profiles\wjdctw3d.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.br/

FF -: plugin - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-19 18:11:29

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-11-19 18:12:02

ComboFix-quarantined-files.txt 2008-11-19 21:12:00

Pré-execução: 15 pasta(s) 17,754,243,072 bytes disponíveis

Pós execução: 15 pasta(s) 17,738,743,808 bytes disponíveis

246 --- E O F --- 2008-11-12 01:05:48

Compartilhar este post


Link para o post
Compartilhar em outros sites

Por gentileza, poste um novo log das ferramentas.

Obs: Não abra um novo tópico, poste seu novo log clicando no botão Responder.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 15:17:35, on 2008-11-22

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16735)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\RTHDCPL.EXE

    C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

    C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\MSN Messenger\usnsvc.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

    O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) -

    O17 - HKLM\System\CCS\Services\Tcpip\..\{28ABA7A3-FA26-4BEB-9301-C1513BB8E715}: NameServer = 200.149.55.140,200.165.132.148

    O17 - HKLM\System\CCS\Services\Tcpip\..\{E7D60FF9-7D35-4187-BE60-F750C6BA1FBD}: NameServer = 200.149.55.140,200.165.132.148

    O17 - HKLM\System\CS1\Services\Tcpip\..\{28ABA7A3-FA26-4BEB-9301-C1513BB8E715}: NameServer = 200.149.55.140,200.165.132.148

    O17 - HKLM\System\CS3\Services\Tcpip\..\{28ABA7A3-FA26-4BEB-9301-C1513BB8E715}: NameServer = 200.149.55.140,200.165.132.148

    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

    O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe (file missing)

    O23 - Service: Venturi2 Client (Venturi2) - Unknown owner - C:\Program Files\Venturi2\Client\ventc.exe (file missing)

    O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - D:\Meus documentos\Shareaza Downloads\Super Programas\Crack-WiiFi\Crack.WiiFi\WinAircrackPack\WinAircrackPack\WinAircrackPack\wzcook.exe (file missing)

    --

    End of file - 6311 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    É um computador pessoal ou de empresa?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • é pessoal..

    eu executei o combofix porque ele tava instalado aqui...

    mas foi pra adiantar o serviço..

    so que não sei se foi removido tudo..

    desculpa qualquer coisa..

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    O ComboFix não deve ser executado sem o devido acompanhamento.

    Configure o Windows para mostrar todos os arquivos

    Acesse este site: http://virusscan.jotti.org/

    Em File to upload coloque: c:\windows\system32\kernel1.exe

    Em seguida clique em Submit

    Copie e poste o resultado deste exame.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • nada foi achado no kernel1.exe ...

    A-Squared

    Found nothing

    AntiVir

    Found nothing

    ArcaVir

    Found nothing

    Avast

    Found nothing

    AVG Antivirus

    Found nothing

    BitDefender

    Found nothing

    ClamAV

    Found nothing

    CPsecure

    Found nothing

    Dr.Web

    Found nothing

    F-Prot Antivirus

    Found nothing

    F-Secure Anti-Virus

    Found nothing

    G DATA

    Found nothing

    Ikarus

    Found nothing

    Kaspersky Anti-Virus

    Found nothing

    NOD32

    Found nothing

    Norman Virus Control

    Found nothing

    Panda Antivirus

    Found nothing

    Sophos Antivirus

    Found nothing

    VirusBuster

    Found nothing

    VBA32

    Found nothing

    gerei um novo log do hijackthis devido o tempo da demora de resposta..

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 20:43:01, on 2008-11-26

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16735)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\SYSTEM32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

    C:\Arquivos de programas\FarStone\VirtualDrive\VDTask.exe

    C:\Arquivos de programas\FarStone\VirtualDrive\VHD\RDTask.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

    C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\MSN Messenger\usnsvc.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\WINDOWS\explorer.exe

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

    O4 - HKLM\..\Run: [VirtualDrive] "C:\Arquivos de programas\FarStone\VirtualDrive\VDTask.exe" /AutoRestore

    O4 - HKLM\..\Run: [RAMDrive] "C:\Arquivos de programas\FarStone\VirtualDrive\VHD\RDTask.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

    O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) -

    O17 - HKLM\System\CCS\Services\Tcpip\..\{28ABA7A3-FA26-4BEB-9301-C1513BB8E715}: NameServer = 200.149.55.140,200.165.132.148

    O17 - HKLM\System\CCS\Services\Tcpip\..\{E7D60FF9-7D35-4187-BE60-F750C6BA1FBD}: NameServer = 200.149.55.140,200.165.132.148

    O17 - HKLM\System\CS1\Services\Tcpip\..\{28ABA7A3-FA26-4BEB-9301-C1513BB8E715}: NameServer = 200.149.55.140,200.165.132.148

    O17 - HKLM\System\CS3\Services\Tcpip\..\{28ABA7A3-FA26-4BEB-9301-C1513BB8E715}: NameServer = 200.149.55.140,200.165.132.148

    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

    O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe (file missing)

    O23 - Service: Venturi2 Client (Venturi2) - Unknown owner - C:\Program Files\Venturi2\Client\ventc.exe (file missing)

    O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - D:\Meus documentos\Shareaza Downloads\Super Programas\Crack-WiiFi\Crack.WiiFi\WinAircrackPack\WinAircrackPack\WinAircrackPack\wzcook.exe (file missing)

    --

    End of file - 6964 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    gerei um novo log do hijackthis devido o tempo da demora de resposta..

    Respondo apenas no meu tempo livre.

    Faça um Online Scan em kaspersky Virusscanner

    • Clique em Clipboard01-1.jpg
    • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
    • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
    • Clique agora em Clipboard016.jpg
    • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
      • Scan using the following Anti-Virus database:

        Extended (if available otherwise Standard)

      • Scan Options:

        Scan Archives
        Scan Mail Bases

      [*]Clique Clipboard014.jpg

      [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

      [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

      [*]No final do Scan, clique no botão Save as Text

      [*]Salve o log com os resultados e poste na sua próxima resposta.

      [*]Gere e cole também um novo log do HijackThis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • --------------------------------------------------------------------------------

    KASPERSKY ONLINE SCANNER 7 REPORT

    Friday, November 28, 2008

    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    Kaspersky Online Scanner 7 version: 7.0.25.0

    Program database last update: Friday, November 28, 2008 17:30:42

    Records in database: 1423999

    --------------------------------------------------------------------------------

    Scan settings:

    Scan using the following database: extended

    Scan archives: yes

    Scan mail databases: yes

    Scan area - My Computer:

    A:\

    C:\

    D:\

    E:\

    Scan statistics:

    Files scanned: 138402

    Threat name: 2

    Infected objects: 3

    Suspicious objects: 0

    Duration of the scan: 01:54:40

    File name / Threat name / Threats count

    C:\Documents and Settings\Usuário\Dados de aplicativos\Mozilla\Firefox\Profiles\wjdctw3d.default\extensions\firebit@firebit\components\firebit.dll Infected: not-a-virus:AdWare.Win32.Kitsune.b 1

    D:\Meus documentos\Jhony\Super Programas\Game_Accelerator_v6.3.95\update.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.jn 1

    D:\Meus documentos\Jhony\Super Programas\Game_Accelerator_v6.3.95.rar Infected: not-a-virus:AdWare.Win32.BetterInternet.jn 1

    The selected area was scanned.

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 21:53:40, on 2008-11-28

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16735)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\SYSTEM32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

    C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Arquivos de programas\MSN Messenger\usnsvc.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe

    C:\Arquivos de programas\Windows Media Player\wmplayer.exe

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) -

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4F8A8C43-C68F-403A-818B-F8EF133366C1}: NameServer = 200.149.55.140,200.165.132.148

    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

    O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe (file missing)

    O23 - Service: Venturi2 Client (Venturi2) - Unknown owner - C:\Program Files\Venturi2\Client\ventc.exe (file missing)

    O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - D:\Meus documentos\Shareaza Downloads\Super Programas\Crack-WiiFi\Crack.WiiFi\WinAircrackPack\WinAircrackPack\WinAircrackPack\wzcook.exe (file missing)

    --

    End of file - 5093 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Rode o HijackThis , clique em Do a system scan only e marque as que encontrar da lista abaixo:

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    Depois de marcar estas entradas, feche todas as janelas e clique em ht-fix.png

    Reincie o computador, e poste um novo log do Hijackthis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 15:59:02, on 2008-11-30

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16735)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\SYSTEM32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

    C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Documents and Settings\Usuário\Configurações locais\temp\RarSFX0\MemTurbo.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Startup: MemTurbo.lnk = ?

    O4 - Global Startup: MemTurbo.lnk = ?

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) -

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4F8A8C43-C68F-403A-818B-F8EF133366C1}: NameServer = 200.149.55.140,200.165.132.148

    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

    O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe (file missing)

    O23 - Service: Venturi2 Client (Venturi2) - Unknown owner - C:\Program Files\Venturi2\Client\ventc.exe (file missing)

    O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - D:\Meus documentos\Shareaza Downloads\Super Programas\Crack-WiiFi\Crack.WiiFi\WinAircrackPack\WinAircrackPack\WinAircrackPack\wzcook.exe (file missing)

    --

    End of file - 5418 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Tem consciência do seguinte programa?

    D:\Meus documentos\Shareaza Downloads\Super Programas\Crack-WiiFi\Crack.WiiFi\WinAircrackPack\WinAircrackPack\ WinAircrackPack\wzcook.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • sim eu tenho consciência do que seja.. -_-

    mas como o computador não é so meu e sim de todos da minha casa.

    e eu não sabia da existência desse crack na pasta do meu irmão.. (_(

    já foi deletado!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Poste um novo log do Hijackthis, por gentileza.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá Renato eu apaguei a pasta que continha o Crack-WiiFi só que no log do hijackthis ela permanece...

    ai vai o novo log!!

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 17:36:55, on 2008-12-03

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16735)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\SYSTEM32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

    C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Windows Media Player\wmplayer.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) -

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4F8A8C43-C68F-403A-818B-F8EF133366C1}: NameServer = 200.149.55.140,200.165.132.148

    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

    O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe (file missing)

    O23 - Service: Venturi2 Client (Venturi2) - Unknown owner - C:\Program Files\Venturi2\Client\ventc.exe (file missing)

    O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - D:\Meus documentos\Shareaza Downloads\Super Programas\Crack-WiiFi\Crack.WiiFi\WinAircrackPack\WinAircrackPack\WinAircrackPack\wzcook.exe (file missing)

    --

    End of file - 5024 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Vá no Iniciar > Executar e coloque:

    sc stop WZCOOK [ENTER]

    Depois faça o mesmo com:

    sc delete WZCOOK [ENTER]

    Após isso poste um novo log do Hijackthis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Renato,desculpa a demora da resposta..

    ai vai o novo log do HT!

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 16:03:38, on 2008-12-07

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16735)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\SYSTEM32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

    C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\MSN Messenger\usnsvc.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) -

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4F8A8C43-C68F-403A-818B-F8EF133366C1}: NameServer = 200.149.55.140,200.165.132.148

    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

    O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe (file missing)

    O23 - Service: Venturi2 Client (Venturi2) - Unknown owner - C:\Program Files\Venturi2\Client\ventc.exe (file missing)

    --

    End of file - 4868 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Parabéns, seu log está limpo.

    De agora em diante fique ALERTA!

    Para finalizar faça o seguinte:

    Vá em Iniciar > Executar e digite combofix /u. Isso desinstalará o ComboFix de sua máquina.

    Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

    • Abra o programa e clique em Executar Limpeza;
    • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

    Sugiro também que consulte este artigo: Proteja seu PC

    Mais algum problema com o computador?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×