Windows corrompido Virus

12 de dezembro de 2005

Gente fui passar o AVG aqui no meu PC e ele encontrou 26 virus, cavalos de troia etc, pra eu me livra de todos eles acabei deletando um arquivo do Windows e peço desesperadamente que alguem me mandem esse arquivo, é esse (C:\Windows\inet20002\services.exe) Meu e-mail [email protected] não posso farmatar o PC porque to com os dois HD quase cheio, não posso perder as informações.

JoseMelo · 12 de dezembro de 2005

O arquivo em questão é malicioso.

- Faça o download do HijackThis

- Crie uma nova pasta em C:\ e coloque o programa dentro dela;

- Abra o HijackThis, clique em Do a system scan and save a logfile;

- Copie o log salvo na pasta HijackThis e cole na sua resposta.

Douglas · 12 de dezembro de 2005

Tentou utilizar a Restauração do Sistema?

Outra coisa importante, creio que o mesmo não dará certo pois no meu Windows XP não existe essa Pasta com esse Arquivo como citado acima isso não poderia ser um Vírus em seu Computador?

12 de dezembro de 2005

Postado Originalmente por douglasc12@12 de dezembro de 2005, 20:48
Tentou utilizar a Restauração do Sistema?

Outra coisa importante, creio que o mesmo não dará certo pois no meu Windows XP não existe essa Pasta com esse Arquivo como citado acima isso não poderia ser um Vírus em seu Computador?

←

já tentei, mas o arquivo foi escluido, não ta mais no PC, para você achar essa pasta vai em pesquisar e digite ( inet ) acho que assim você vai achar a pasta. Dentro vai ter o arquivo services.exe

Douglas · 12 de dezembro de 2005

No meu eu não localizei nada, acredito que isto é um vírus como mencionou o josemelo, baixe o HijackThis e vamos ver se é algum tipo de Malware.

12 de dezembro de 2005

É isso aqui ?

Logfile of HijackThis v1.99.1

Scan saved at 21:10:27, on 12/12/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\ARQUIV~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\D-Link AirPlus\AirPlus.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\DAP\DAP.EXE

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Net. 3\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

F3 - REG:win.ini: run=C:\WINDOWS\inet20002\services.exe

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Arquivos de programas\DAP\DAPBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\System32\scpsssh2.dll

O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Arquivos de programas\DAP\DAPIEBar.dll

O4 - HKLM\..\Run: [MBM 5] "C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - Global Startup: D-Link AirPlus.lnk = ?

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0000.1110\pt-br\msntabres.dll/229?869bc137a4a46879d3aecb3a292fe19

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0000.1110\pt-br\msntabres.dll/230?869bc137a4a46879d3aecb3a292fe19

O8 - Extra context menu item: Download &all with DAP - C:\ARQUIV~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\ARQUIV~1\DAP\DAP.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128982202484

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B0795B9-5CBF-41CD-8A5B-7DDF020CBEEB}: NameServer = 200.150.70.2,200.195.159.66

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D697F09-5BE7-4D95-8D1E-C71651F1E54A}: NameServer = 200.150.70.2,200.195.159.66

O17 - HKLM\System\CCS\Services\Tcpip\..\{59792D17-235D-4932-8825-D739B08D2F8C}: NameServer = 200.150.70.2,200.195.159.66

O17 - HKLM\System\CS1\Services\Tcpip\..\{3B0795B9-5CBF-41CD-8A5B-7DDF020CBEEB}: NameServer = 200.150.70.2,200.195.159.66

O17 - HKLM\System\CS2\Services\Tcpip\..\{3B0795B9-5CBF-41CD-8A5B-7DDF020CBEEB}: NameServer = 200.150.70.2,200.195.159.66

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Groove Games Licensing Service - Groove Games - C:\Arquivos de programas\Arquivos comuns\Groove Games Shared\Service\ggameslicsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\SPEEDD~1\nopdb.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

12 de dezembro de 2005

Eu estava casando algum arquivo services.exe no Windows e acabei achando, dai eu copiei e colei na pasta que estava faltando, Agora quando eu inicio o Windows ele não pede mais o arquivo, entes ele ficava pedindo quando iniciava, agora ta normal,,,,,,,,,, sera que eu fiz alguma gambiara no Windows

JoseMelo · 12 de dezembro de 2005

Preciso de mais dois logs:

- Abra o HijackThis e clique em Open the Misc Tools Section. Clique em Open Process Manager. Na lista localize o explorer.exe. Marque a caixa "Show DLLs" e clique no "disquete". Salve o processlist.txt e cole-o na sua resposta.

- Abra novamente o HijackThis, clique em Open the Misc Tools Section, em Generate StartupList log marque os dois quadros, clique em Generate StartupList log, aguarde a geração do log e cole também na sua resposta.

13 de dezembro de 2005

Process list saved on 22:26:54, on 12/12/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]

632 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation

712 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation

756 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation

768 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation

904 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation

1052 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation

1420 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation

1544 C:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation

1588 C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe 7.1.0.364 GRISOFT, s.r.o.

1640 C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe 7.0.0.346 GRISOFT, s.r.o.

1684 C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe 7.1.0.368 GRISOFT, s.r.o.

1872 C:\WINDOWS\system32\nvsvc32.exe 6.14.10.7777 NVIDIA Corporation

1916 C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe 3.2.6.0 Analog Devices, Inc.

1936 C:\ARQUIV~1\NORTON~1\SPEEDD~1\nopdb.exe 7.0.0.24 Symantec Corporation

1956 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation

112 C:\WINDOWS\system32\UAService7.exe

1120 C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE 5.3.7.0 Alex van Kaam

1264 C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe 7.1.0.355 GRISOFT, s.r.o.

1376 C:\Arquivos de programas\D-Link AirPlus\AirPlus.exe 4.0.0.0 D-Link

2824 C:\Arquivos de programas\eMule\emule.exe 0.46.2.26 http://www.emule-project.net

3360 C:\Arquivos de programas\Shareaza\Shareaza.exe 2.2.1.0 Shareaza Development Team

3588 C:\Arquivos de programas\Outlook Express\msimn.exe 6.0.2900.2180 Microsoft Corporation

3992 C:\Arquivos de programas\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation

3308 C:\Net. 3\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.

DLLs loaded by process C:\WINDOWS\Explorer.EXE:

[full path to filename] [file version] [company name]

C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\GDI32.dll 5.1.2600.2770 Microsoft Corporation

C:\WINDOWS\system32\USER32.dll 5.1.2600.2622 Microsoft Corporation

C:\WINDOWS\system32\SHLWAPI.dll 6.0.2900.2753 Microsoft Corporation

C:\WINDOWS\system32\SHELL32.dll 6.0.2900.2763 Microsoft Corporation

C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 Microsoft Corporation

C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\BROWSEUI.dll 6.0.2900.2753 Microsoft Corporation

C:\WINDOWS\system32\SHDOCVW.dll 6.0.2900.2753 Microsoft Corporation

C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\WININET.dll 6.0.2900.2753 Microsoft Corporation

C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\UxTheme.dll 6.0.2900.2180 Microsoft Corporation

C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\LPK.DLL 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\USP10.dll 1.420.2600.2180 Microsoft Corporation

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0.2900.2180 Microsoft Corporation

C:\WINDOWS\system32\comctl32.dll 5.82.2900.2180 Microsoft Corporation

C:\WINDOWS\system32\SYNCOR11.DLL 0.1.2.3 SoundMAX

C:\WINDOWS\system32\msctfime.ime 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\appHelp.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308 Microsoft Corporation

C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258 Microsoft Corporation

C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\System32\themeui.dll 6.0.2900.2180 Microsoft Corporation

C:\WINDOWS\System32\Secur32.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\ntshrui.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\ATL.DLL 3.5.2284.0 Microsoft Corporation

C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.2751 Microsoft Corporation

C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\credui.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\MLANG.dll 6.0.2900.2180 Microsoft Corporation

C:\Arquivos de programas\Microsoft AntiSpyware\shellextension.dll 1.0.614.10 Microsoft Corporation

C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\System32\webcheck.dll 6.0.2900.2180 Microsoft Corporation

C:\WINDOWS\System32\WSOCK32.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\urlmon.dll 6.0.2900.2753 Microsoft Corporation

C:\WINDOWS\System32\stobject.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\System32\BatMeter.dll 6.0.2900.2180 Microsoft Corporation

C:\WINDOWS\System32\POWRPROF.dll 6.0.2900.2180 Microsoft Corporation

C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 Microsoft Corporation

C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 Microsoft Corporation

C:\WINDOWS\system32\msi.dll 3.1.4000.2435 Microsoft Corporation

C:\WINDOWS\system32\WZCSAPI.DLL 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\wzcdlg.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\System32\drprov.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\System32\ntlanman.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\System32\NETUI0.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\System32\NETUI1.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\System32\NETRAP.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\System32\davclnt.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\SXS.DLL 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\browselc.dll 6.0.2900.2180 Microsoft Corporation

C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 7.0.5.172 Adobe Systems Incorporated

C:\WINDOWS\system32\MSVCR71.dll 7.10.3052.4 Microsoft Corporation

C:\WINDOWS\System32\jscript.dll 5.6.0.8820 Microsoft Corporation

C:\WINDOWS\system32\DUSER.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\MSGINA.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\ODBC32.dll 3.525.1117.0 Microsoft Corporation

C:\WINDOWS\system32\comdlg32.dll 6.0.2900.2180 Microsoft Corporation

C:\WINDOWS\system32\odbcint.dll 3.525.1117.0 Microsoft Corporation

C:\WINDOWS\System32\zipfldr.dll 6.0.2900.2180 Microsoft Corporation

C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 7.0.0.0 Adobe Systems, Inc.

C:\WINDOWS\system32\nvcpl.dll 6.14.10.7777 NVIDIA Corporation

C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\OLEACC.dll 4.2.5406.0 Microsoft Corporation

C:\WINDOWS\system32\MSVCP60.dll 6.2.3104.0 Microsoft Corporation

C:\WINDOWS\system32\NVRSPTB.DLL 6.14.10.7777 NVIDIA Corporation

C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\nvshell.dll 6.14.10.10531 NVIDIA Corporation

C:\WINDOWS\system32\RASAPI32.DLL 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\rasman.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\TAPI32.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\msv1_0.dll 5.1.2600.2180 Microsoft Corporation

C:\WINDOWS\system32\sensapi.dll 5.1.2600.2180 Microsoft Corporation

C:\Arquivos de programas\Grisoft\AVG7\avgse.dll 7.0.0.337 GRISOFT, s.r.o.

C:\Arquivos de programas\BraZip\szShell.dll

C:\Arquivos de programas\DVD Region+CSS Free\DVDShell.dll 5.5.0.8 Fengtao Software Inc.

C:\WINDOWS\System32\msxml3.dll 8.50.2162.0 Microsoft Corporation

C:\WINDOWS\system32\shdoclc.dll 6.0.2900.2180 Microsoft Corporation

13 de dezembro de 2005

StartupList report, 12/12/2005, 22:30:12

StartupList version: 1.52.2

Started from : C:\Net. 3\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\ARQUIV~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\D-Link AirPlus\AirPlus.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\Shareaza\Shareaza.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Net. 3\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Documents and Settings\Dirceu H B\Menu Iniciar\Programas\Inicializar]

*No files*

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

*Folder not found*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar]

D-Link AirPlus.lnk = ?

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

*Folder not found*

User shell folders Alternate Common Startup:

*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MBM 5 = "C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE"

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

nwiz = nwiz.exe /install

NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

AVG7_CC = C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]

*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=C:\WINDOWS\inet20002\services.exe

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Editor do Registro'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Arquivos de programas\DAP\DAPBHO.dll - {0000CC75-ACF3-4cac-A0A9-DD3868E06852}

(no name) - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

CompSegIB - C:\WINDOWS\System32\scpsssh2.dll - {2E3C3651-B19C-4DD9-A979-901EC3E930AF}

(no name) - C:\Arquivos de programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AB45AA6691EA2076.job

One Button Checkup do Norton SystemWorks.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[ssh2 Class]

InProcServer32 = C:\WINDOWS\System32\scpsssh2.dll

CODEBASE = https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

[{33564D57-9980-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab

[{41564D57-9980-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/0/A...01F/wmvadvd.cab

[MUWebControl Class]

InProcServer32 = C:\WINDOWS\system32\muweb.dll

CODEBASE = http://update.microsoft.com/microsoftupdat...b?1128982202484

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

Protocol #19: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)

aeaudio: system32\drivers\aeaudio.sys (manual start)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

Ambiente de suporte a redes AFD: \SystemRoot\System32\drivers\afd.sys (system)

D-Link AirPlus Wireless Adapter: System32\DRIVERS\airplus.sys (manual start)

Alerta: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)

Serviço 'Gateway de camada de aplicativo': %SystemRoot%\System32\alg.exe (manual start)

AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)

Gerenciamento de aplicativo: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

aslm75: \??\C:\WINDOWS\system32\drivers\aslm75.sys (system)

Driver de mídia assíncrona RAS: System32\DRIVERS\asyncmac.sys (manual start)

Controlador de disco rígido padrão IDE/ESDI: System32\DRIVERS\atapi.sys (system)

Protocolo de cliente ATM ARP: System32\DRIVERS\atmarpc.sys (manual start)

Áudio do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver de fragmento de código de áudio: System32\DRIVERS\audstub.sys (manual start)

AVG7 Alert Manager Server: C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe (autostart)

AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)

AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)

AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)

AVG7 Update Service: C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe (autostart)

AVG E-mail Scanner: C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe (autostart)

AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)

Serviço de transferência inteligente de plano de fundo: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Localizador de computadores: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)

Driver de CD-ROM: System32\DRIVERS\cdrom.sys (system)

Serviço de indexação: C:\WINDOWS\System32\cisvc.exe (manual start)

Área de armazenamento: %SystemRoot%\system32\clipsrv.exe (disabled)

Aplicativo de sistema COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Serviços de criptografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Inicializador de Processo de Servidor DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

Cliente DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver de disco: System32\DRIVERS\disk.sys (system)

Serviço administrativo do gerenciador de disco lógico: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager Driver: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Gerenciador de discos lógicos: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

Cliente DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

ENTECH: \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS (manual start)

Erro ao informar o serviço: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Log de eventos: %SystemRoot%\system32\services.exe (autostart)

Sistema de eventos COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

Compatibilidade com 'Troca rápida de usuário': %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver de controlador de disquete: System32\DRIVERS\fdc.sys (manual start)

VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver: System32\DRIVERS\fetnd5.sys (manual start)

VIA Rhine Family Fast Ethernet Adapter Driver Service: System32\DRIVERS\fetnd5b.sys (manual start)

Driver de disquete: System32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\drivers\fltmgr.sys (system)

Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)

Enumerador de portas de jogos: System32\DRIVERS\gameenum.sys (manual start)

Classificador genérico de pacotes: System32\DRIVERS\msgpc.sys (manual start)

Groove Games Licensing Service: "C:\Arquivos de programas\Arquivos comuns\Groove Games Shared\Service\ggameslicsvc.exe" (manual start)

Ajuda e suporte: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Acesso a dispositivo de interface humana: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)

InstallDriver Table Manager: "C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)

IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)

Driver de IPv6 do Firewall do Windows: system32\drivers\ip6fw.sys (manual start)

Driver de filtro de tráfego IP: System32\DRIVERS\ipfltdrv.sys (manual start)

Driver de encapsulamento IP em IP: System32\DRIVERS\ipinip.sys (manual start)

Conversor de endereços de rede IP: System32\DRIVERS\ipnat.sys (manual start)

Driver IPSEC: System32\DRIVERS\ipsec.sys (system)

Serviço enumerador IR: System32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)

Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Servidor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Estação de trabalho: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Auxiliar NetBIOS TCP/IP: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

mbmiodrvr: \??\C:\WINDOWS\System32\mbmiodrvr.sys (system)

Mensageiro: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Compartilhamento remoto da área de trabalho do NetMeeting

: C:\WINDOWS\System32\mnmsrvc.exe (manual start)

Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)

Redirecionador do cliente WebDav: System32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Coordenador de transações distribuídas: C:\WINDOWS\System32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Proxy de serviço de fluxo contínuo Microsoft: system32\drivers\MSKSSRV.sys (manual start)

Proxy do relógio de fluxo contínuo Microsoft: system32\drivers\MSPCLOCK.sys (manual start)

Proxy de gerenciador de qualidade de fluxo contínuo Microsoft: system32\drivers\MSPQM.sys (manual start)

Driver de BIOS de Gerenciamento de Sistema Microsoft: System32\DRIVERS\mssmbios.sys (manual start)

Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)

NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)

Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)

Driver TAPI NDIS de acesso remoto: System32\DRIVERS\ndistapi.sys (manual start)

Protocolo de modo de usuário E/S em dispositivos NDIS: System32\DRIVERS\ndisuio.sys (manual start)

Driver de rede remota NDIS de acesso remoto: System32\DRIVERS\ndiswan.sys (manual start)

Interface NetBIOS: System32\DRIVERS\netbios.sys (system)

NetBios em Tcpip: System32\DRIVERS\netbt.sys (system)

DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)

DSDM de DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)

Logon de rede: %SystemRoot%\System32\lsass.exe (manual start)

Conexões de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Reconhecimento de local da rede (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

NPPTNT2: \??\C:\WINDOWS\system32\npptNT2.sys (system)

Fornecedor de suporte de segurança NT LM: %SystemRoot%\System32\lsass.exe (manual start)

Armazenamento removível: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

NTSIM: \??\C:\WINDOWS\System32\ntsim.sys (manual start)

nv: system32\DRIVERS\nv4_mini.sys (manual start)

NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)

Driver de filtro de tráfego IPX: System32\DRIVERS\nwlnkflt.sys (manual start)

Driver encaminhador de tráfego IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)

O&O Defrag: C:\WINDOWS\system32\oodag.exe (manual start)

Parallel port driver: System32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: System32\DRIVERS\pci.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

Serviços IPSEC: %SystemRoot%\System32\lsass.exe (autostart)

Miniporta de rede remota (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Driver de processador: System32\DRIVERS\processr.sys (system)

StarForce Protection Environment Driver v6: \SystemRoot\System32\drivers\prodrv06.sys (system)

StarForce Protection Helper Driver v2: System32\drivers\prohlp02.sys (system)

Armazenamento protegido: %SystemRoot%\system32\lsass.exe (autostart)

Agendador de pacotes QoS: System32\DRIVERS\psched.sys (manual start)

Psx Hid to Gamepad Port Enabler: system32\drivers\psxpad.sys (manual start)

Psx Port Enumerator: System32\Drivers\psxenum.sys (manual start)

Driver de link paralelo direto: System32\DRIVERS\ptilink.sys (manual start)

PxHelp20: System32\Drivers\PxHelp20.sys (system)

Driver de conexão automática de acesso remoto: System32\DRIVERS\rasacd.sys (system)

Gerenciador de conexão de acesso remoto automático: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Miniporta de rede remota (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Gerenciador de conexão de acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver PPPOE de acesso remoto: System32\DRIVERS\raspppoe.sys (manual start)

Paralelo direto: System32\DRIVERS\raspti.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Driver redirecionador de dispositivos doTerminal Server: System32\DRIVERS\rdpdr.sys (manual start)

Gerenciador de sessão de ajuda de área de trabalho remota: C:\WINDOWS\system32\sessmgr.exe (manual start)

Driver de filtro de reprodução de áudio digital de CD: System32\DRIVERS\redbook.sys (system)

Roteamento e acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Registro remoto: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

RivaTuner32: \??\C:\Arquivos de programas\RivaTuner v2.0 RC 15.7\RivaTuner32.sys (manual start)

Alocador Remote Procedure Call (RPC): %SystemRoot%\System32\locator.exe (manual start)

Chama de procedimento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)

Gerenciador de contas de segurança: %SystemRoot%\system32\lsass.exe (autostart)

Cartão inteligente: %SystemRoot%\System32\SCardSvr.exe (manual start)

Agendador de tarefas: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Secdrv: System32\DRIVERS\secdrv.sys (autostart)

Logon secundário: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Notificação de eventos de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)

Serial port driver: System32\DRIVERS\serial.sys (system)

StarForce Protection Helper Driver: System32\drivers\sfhlp01.sys (system)

Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Detecção do hardware do shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)

smwdm: system32\drivers\smwdm.sys (manual start)

PC Camera (6025 VGA): system32\DRIVERS\snpt513.sys (manual start)

SoundMAX Agent Service: C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe (autostart)

Speed Disk service: C:\ARQUIV~1\NORTON~1\SPEEDD~1\nopdb.exe (autostart)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Spooler de impressão: %SystemRoot%\system32\spoolsv.exe (autostart)

Driver de filtro de restauração do sistema: System32\DRIVERS\sr.sys (system)

Serviço de restauração do sistema: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

Serviço de descoberta SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Assistente de aquisição de imagens do Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)

BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)

Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{E92D2E19-D1EA-4224-8E4C-8F3C14D6816B} (manual start)

SymEvent: \??\C:\Arquivos de programas\Symantec\SYMEVENT.SYS (manual start)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Logs e alertas de desempenho: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver de protocolo TCP/IP: System32\DRIVERS\tcpip.sys (system)

Driver de dispositivo de terminal: System32\DRIVERS\termdd.sys (system)

Serviços de terminal: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Temas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)

Cliente de rastreamento de link distribuído: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)

Microcode Update Driver: System32\DRIVERS\update.sys (manual start)

Host de dispositivo Plug and Play universal: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Sistema de alimentação ininterrupta: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)

USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)

Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)

Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)

SecuROM User Access Service (V7): C:\WINDOWS\system32\UAService7.exe (autostart)

User Privilege Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Controlador de vídeo VGA.: \SystemRoot\System32\drivers\vga.sys (system)

VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system)

ViaIde: system32\DRIVERS\viaide.sys (system)

viamraid: system32\DRIVERS\viamraid.sys (system)

viasraid: System32\DRIVERS\viasraid.sys (system)

Cópia de volume em memória: %SystemRoot%\System32\vssvc.exe (manual start)

Horário do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver ARP IP de acesso remoto: System32\DRIVERS\wanarp.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

Cliente da Web: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Testador de instrumentação de gerenciam. do Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Serviço de Número de Série de Mídia Portátil: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Extensões de driver de instrum. gerenc. do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Adaptador de desempenho WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)

Central de Segurança: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)

Atualizações automáticas: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Configuração zero sem fio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Serviço de Configuração de Rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 33.813 bytes

Report generated in 0,078 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

13 de dezembro de 2005

Oloco, tu vai le tudo isso isso sim que é ajuda

JoseMelo · 13 de dezembro de 2005

- Faça o download do Killbox e execute-o.

Marque a opção Delete on Reboot. Agora copie a lista em negrito abaixo para área de transferência (selecione e clique em Editar > Copiar).

C:\WINDOWS\inet20002\services.exe

Volte ao KillBox. Clique em File > Paste from clipboard.
Clique no X. Responda Sim na primeira pergunta e Não na segunda.

- Reinicie o computador em modo seguro (pressione F8 durante a inicialização);

- Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

F3 - REG:win.ini: run=C:\WINDOWS\inet20002\services.exe

- Reinicie em modo normal, gere novo log e cole na sua resposta.

13 de dezembro de 2005

Pronto

Logfile of HijackThis v1.99.1

Scan saved at 19:14:17, on 13/12/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\ARQUIV~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\D-Link AirPlus\AirPlus.exe

C:\WINDOWS\system32\wuauclt.exe