Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
topelv

PC com série de problemas (malware na certa...)

Posts recomendados

Fala Galera!

Meu PC está com alguns problemas, os que mais encomodam é a demora para carregá-lo quando é inicializado e o IE (tá bom, pode rir, mas eu gosto) que às vezes não carrega as páginas e é necessário reiniciar.

Espero que me ajudem, estou enviando o log do HiJack.

Abraços!

________________________________________

Logfile of HijackThis v1.99.1

Scan saved at 11:46:50, on 29/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\lost\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\i386kd.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [sDTray] "C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {3F201636-B199-11D5-B444-0040C7A63343} (QuizNetX Control) - http://www.centraldejogos.com.br/QuiznetWeb/QuiznetWeb.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198370925859

O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab

O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{02CE6E91-866D-41DF-B16C-050D3003279A}: NameServer = 201.10.120.3 201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{02CE6E91-866D-41DF-B16C-050D3003279A}: NameServer = 201.10.120.3 201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

No menu executar digite MSCONFIG. Vá na aba inicializar e desative os programas desnecessários com cuidado (um de cada vez)

Se você usa o IE7 (rsrsrs) junto com o Speedy, desinstale o Assistente técnico do speedy. Se não, use o Firefox, sem zuar.

Abrçs

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu sei como faz isso cara...

Eu já desativei algumas coisas pelo msconfig, mas só desativar não adianta, gostaria de remover as inecções também.

Se alguém puder analisar meu log agradeço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado José!

_______________________________

ComboFix 07-12-31.4 - lost 2007-12-31 11:41:41.1 - NTFSx86

Executando de: C:\Documents and Settings\lost\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\Fonts\acrsec.fon

C:\WINDOWS\Fonts\acrsecB.fon

C:\WINDOWS\Fonts\acrsecI.fon

C:\WINDOWS\ntfyapp.config

C:\WINDOWS\system32\1_exception.nls

C:\WINDOWS\system32\drivers\smtpdrv.sys

C:\WINDOWS\system32\drivers\symavc32.sys

C:\WINDOWS\system32\drivers\TQV50.sys

C:\WINDOWS\system32\svcp.csv

C:\WINDOWS\system32\winsub.xml

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_FCI

-------\LEGACY_SMTPDRV

-------\LEGACY_TQV50

-------\smtpdrv

((((((((((((((((((((((( Ficheiros criados de 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))))

.

2007-12-31 11:53 . 2007-12-31 11:53 0 --a------ C:\WINDOWS\system32\6_exception.nls

2007-12-31 11:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-12-31 09:28 . 2007-12-31 09:28 <DIR> d-------- C:\Documents and Settings\NetworkService\Dados de aplicativos\AVG7

2007-12-31 09:08 . 2007-12-31 09:08 <DIR> d-------- C:\Arquivos de programas\MSConfig CleanUp

2007-12-30 11:34 . 2007-12-30 11:34 <DIR> d-------- C:\Arquivos de programas\[V] Text Speed Reader

2007-12-29 15:23 . 2007-12-29 15:23 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2007-12-25 22:16 . 2007-12-25 22:16 <DIR> d-------- C:\Documents and Settings\lost\Dados de aplicativos\CyberLink

2007-12-23 15:16 . 2007-12-23 15:16 249,856 --------- C:\WINDOWS\Setup1.exe

2007-12-23 15:16 . 2007-12-23 15:16 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2007-12-23 11:04 . 2007-12-29 15:25 <DIR> d-------- C:\WINDOWS\system32\pt-br

2007-12-23 11:03 . 2001-10-28 16:07 68,608 --a------ C:\WINDOWS\system32\plugin.ocx

2007-12-23 11:03 . 2001-10-28 16:07 68,608 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx

2007-12-23 11:01 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-12-23 10:58 . 2007-12-23 10:58 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-12-22 23:36 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-12-22 23:35 . 2007-12-22 23:36 <DIR> d-------- C:\Arquivos de programas\Java

2007-12-22 22:49 . 2007-12-22 22:49 988 --a------ C:\WINDOWS\Active Setup Log.BAK

2007-12-22 12:59 . 2007-12-22 13:38 21,760 --a------ C:\WINDOWS\Vyc36.sys

2007-12-22 12:52 . 2007-12-22 22:28 <DIR> d-------- C:\Documents and Settings\Marise\Dados de aplicativos\MEGAUPLOADTOOLBAR

2007-12-22 11:15 . 2007-12-24 11:37 358,699 --a------ C:\WINDOWS\Tradu‡Æo do Diablo VersÆo 2.05 PARA BR Uninstaller.exe

2007-12-22 09:46 . 2007-12-22 09:46 29 --a------ C:\WINDOWS\system32\tqspgawr.tmp

2007-12-22 09:44 . 2007-12-22 09:44 0 --a------ C:\14.tmp

2007-12-22 09:44 . 2007-12-22 09:44 0 --a------ C:\13.tmp

2007-12-22 09:43 . 2007-12-22 09:43 21,760 --a------ C:\WINDOWS\system32\drivers\Vyc36.sys

2007-12-22 09:43 . 2007-12-22 09:43 540 --a------ C:\8.tmp

2007-12-22 09:43 . 2007-12-22 09:43 0 --a------ C:\F.tmp

2007-12-22 09:43 . 2007-12-22 09:43 0 --a------ C:\D.tmp

2007-12-22 09:43 . 2007-12-22 09:43 0 --a------ C:\C.tmp

2007-12-22 09:43 . 2007-12-22 09:43 0 --a------ C:\B.tmp

2007-12-22 09:43 . 2007-12-22 09:43 0 --a------ C:\A.tmp

2007-12-22 09:43 . 2007-12-22 09:43 0 --a------ C:\9.tmp

2007-12-22 09:43 . 2007-12-22 09:43 0 --a------ C:\4.tmp

2007-12-22 09:43 . 2007-12-22 09:43 0 --a------ C:\12.tmp

2007-12-21 19:56 . 2007-12-21 19:56 66,936 --ahs---- C:\WINDOWS\dlinfo_0.drv

2007-12-21 19:54 . 2007-12-21 19:55 66,936 --ahs---- C:\WINDOWS\slinfo_0.drv

2007-12-21 19:42 . 2007-12-30 10:50 <DIR> d-------- C:\Arquivos de programas\Diablo

2007-12-21 19:42 . 2007-12-21 19:50 86,528 --a------ C:\WINDOWS\bnetunin.exe

2007-12-21 19:42 . 2007-12-21 19:50 61,440 --a------ C:\WINDOWS\diabunin.exe

2007-12-21 11:47 . 2007-12-21 11:47 <DIR> d-------- C:\Documents and Settings\lost\Dados de aplicativos\RetroRecords

2007-12-19 19:50 . 2007-12-19 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2007-12-19 19:43 . 2007-12-27 12:09 <DIR> d-------- C:\WINDOWS\NV23243564.TMP

2007-12-19 19:43 . 2001-12-31 14:04 4,130,560 -ra------ C:\WINDOWS\system32\SET4B.tmp

2007-12-19 19:30 . 2007-12-27 12:09 <DIR> d-------- C:\WINDOWS\NV26924000.TMP

2007-12-19 19:30 . 2001-12-31 14:04 4,130,560 -ra------ C:\WINDOWS\system32\SET2A.tmp

2007-12-19 18:05 . 2007-12-19 18:05 <DIR> d-------- C:\Arquivos de programas\Green Land Studios

2007-12-17 14:11 . 2006-07-04 16:44 778,752 --a------ C:\WINDOWS\system\rgss102e.dll

2007-12-17 11:34 . 2007-12-27 12:09 <DIR> d-------- C:\Documents and Settings\lost\Dados de aplicativos\MegauploadToolbar

2007-12-15 21:16 . 2007-12-17 14:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-12-15 10:36 . 2007-12-15 10:36 268 --ah----- C:\sqmdata06.sqm

2007-12-15 10:36 . 2007-12-15 10:36 244 --ah----- C:\sqmnoopt06.sqm

2007-12-14 17:25 . 2007-12-27 12:09 <DIR> d-------- C:\Arquivos de programas\Add Remove Cleaner

2007-12-14 17:18 . 2007-12-14 17:18 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2007-12-12 10:51 . 2007-12-27 12:09 <DIR> d-------- C:\Arquivos de programas\Guitar Pro 5

2007-12-08 16:40 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2007-12-08 16:40 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2007-12-08 16:40 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2007-12-08 16:40 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2007-12-08 16:40 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2007-12-08 16:40 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2007-12-08 16:40 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2007-12-08 16:40 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2007-11-26 09:43 . 2007-11-26 09:43 244 --ah----- C:\sqmnoopt05.sqm

2007-11-26 09:43 . 2007-11-26 09:43 232 --ah----- C:\sqmdata05.sqm

2007-11-24 22:17 . 2007-11-24 22:17 268 --ah----- C:\sqmdata04.sqm

2007-11-24 22:17 . 2007-11-24 22:17 244 --ah----- C:\sqmnoopt04.sqm

2007-11-17 22:33 . 2007-11-24 22:18 <DIR> d-------- C:\WINDOWS\HAPPYHR

2007-11-08 15:43 . 2007-11-08 15:43 244 --ah----- C:\sqmnoopt03.sqm

2007-11-08 15:43 . 2007-11-08 15:43 232 --ah----- C:\sqmdata03.sqm

2007-11-02 14:54 . 2007-11-02 14:54 <DIR> d-------- C:\Arquivos de programas\positivo

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-31 13:36 --------- d-----w C:\Documents and Settings\lost\Dados de aplicativos\AVG7

2007-12-31 12:36 --------- d-----w C:\Arquivos de programas\eMule

2007-12-31 10:58 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2007-12-30 17:02 --------- d-----w C:\Documents and Settings\Marise\Dados de aplicativos\AVG7

2007-12-30 13:34 --------- d-----w C:\Arquivos de programas\[V] Text Speed Reader

2007-12-30 12:47 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2007-12-27 14:09 --------- d-----w C:\Arquivos de programas\VDMSound

2007-12-27 14:09 --------- d-----w C:\Arquivos de programas\Spyware Doctor

2007-12-27 14:09 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-27 14:09 --------- d-----w C:\Arquivos de programas\LimeWire

2007-12-27 14:09 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2007-12-27 14:09 --------- d-----w C:\Arquivos de programas\Google

2007-12-27 14:09 --------- d-----w C:\Arquivos de programas\DAP

2007-12-27 14:09 --------- d-----w C:\Arquivos de programas\DAEMON Tools

2007-12-27 14:09 --------- d-----w C:\Arquivos de programas\Azureus

2007-12-24 13:37 358,699 ----a-w C:\WINDOWS\Tradução do Diablo Versão 2.05 PARA BR Uninstaller.exe

2007-12-22 11:44 14,336 ----a-w C:\WINDOWS\system32\svchost.exe

2007-12-20 13:14 --------- d-----w C:\Documents and Settings\lost\Dados de aplicativos\Azureus

2007-12-18 19:58 --------- d-----w C:\Documents and Settings\lost\Dados de aplicativos\LimeWire

2007-10-03 00:41 22 ----a-w C:\RAP.BAT

2007-09-22 01:43 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-12-27 10:03 579072]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2001-12-31 14:04 3756032]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2001-12-31 14:04 46080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-12-27 10:03 219136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vyc36.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"sdCoreService"=3 (0x3)

"sdAuxService"=2 (0x2)

"ose"=3 (0x3)

R0 Vyc36;Vyc36;C:\WINDOWS\system32\Drivers\Vyc36.sys [2007-12-22 09:43]

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-31 11:57:29

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ*veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusÆo: 2007-12-31 12:01:35 - machine was rebooted

C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 14:01:32

_______________________________________________________________

Logfile of HijackThis v1.99.1

Scan saved at 12:10:14, on 31/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\lost\CONFIG~1\Temp\Rar$EX00.312\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://br.search.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL (file missing)

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {3F201636-B199-11D5-B444-0040C7A63343} (QuizNetX Control) - http://www.centraldejogos.com.br/QuiznetWeb/QuiznetWeb.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198370925859

O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab

O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui está!

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

A:\

C:\

D:\

E:\

F:\

Scan Statistics

Total number of scanned objects 102632

Number of viruses found 1

Number of infected objects 1

Number of suspicious objects 0

Duration of the scan process 02:10:27

Infected Object Name Virus Name Last Action

C:\Arquivos de programas\DAP\History\Marise\_lasthist.dat Object is locked skipped

C:\Arquivos de programas\eMule\Temp\001.part Object is locked skipped

C:\Arquivos de programas\eMule\Temp\002.part Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\lost\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\lost\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\lost\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\lost\Configurações locais\Histórico\History.IE5\MSHist012008010120080102\index.dat Object is locked skipped

C:\Documents and Settings\lost\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\lost\Configurações locais\Temporary Internet Files\Content.IE5\QRATUDWB\in[1].htm Infected: Trojan-Downloader.JS.Psyme.le skipped

C:\Documents and Settings\lost\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\lost\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\lost\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{7C459804-69F5-4EE0-89C3-FB4A206347DD}\RP4\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\smtpdrv.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\Vyc36.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Vyc36.sys Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Abra Opções da Internet > Geral\Histórico de navegação > Excluir e clique em "Excluir tudo";

- No mais, o log está limpo :)

- Atualize o Internet Explorer:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir Erros

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Jose, creio que meu problema não foi resolvido...

Como o lugar adequado para postar não seria nesta área criei um tópico em http://forum.clubedohardware.com.br/virus-gerado-quando/490909

Obrigado pela ajuda até agora!

Abraço!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...