Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
coldlord

Com Problema Para Remover Alguns Arquivos Chatos

Posts recomendados

Faço scan com o removeit pro v4 - se

Ele diz que esses arquivos estão infectados

Svhost

Unistall_cds

Mas quando vou remover, ele da erro, e diz pra mim tentar reiniciar em modo de segurança e remover os arquivos. Eu reinicio em modo de segurança, só que quando clico no removeit pro v4 - se ele não quer abrir. Da um erro de sistema. Por favor me ajudem... :(

Logfile of HijackThis v1.99.1

Scan saved at 10:56:16, on 4/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\AppServ\Apache2.2\bin\httpd.exe

C:\ARQUIV~1\MICROS~3\MSSQL$~1\binn\sqlservr.exe

C:\AppServ\Apache2.2\bin\httpd.exe

C:\ARQUIV~1\MICROS~3\MSSQL\binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\svchost.exe

C:\ARQUIV~1\MICROS~3\MSSQL\binn\sqlagent.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\MuServer\MUServerStartUP.exe

d:\muserver\dataserver1\dataserver.exe

d:\muserver\dataserver2\dataserver.exe

d:\muserver\cs\cs.exe

d:\muserver\joinserver\joinserver.exe

d:\muserver\mu2003_event_server\wz_mu2003_event_server.exe

d:\muserver\rankingserver\devilsqure_eventserver.exe

d:\muserver\exdb\exdb.exe

d:\muserver\gameserver\gameserver.exe

D:\MuServer\PortBloker\pblock.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mukanon.vai.la/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE LG webpro Camera

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [GYJY Agent] C:\WINDOWS\system32\28463\GYJY.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [dark] C:\WINDOWS\kwxini.lnk

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179089983421

O17 - HKLM\System\CCS\Services\Tcpip\..\{64929279-7B58-49C4-84C0-56A38FCEFA42}: NameServer = 200.165.132.155 200.149.55.140

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Apache2.2 - Unknown owner - C:\AppServ\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe (file missing)

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe (file missing)

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

O keylogger foi você quem instalou?

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 00:11:19, on 7/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\AppServ\Apache2.2\bin\httpd.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\svchost.exe

C:\AppServ\Apache2.2\bin\httpd.exe

C:\ARQUIV~1\MICROS~3\MSSQL$~1\binn\sqlservr.exe

C:\ARQUIV~1\MICROS~3\MSSQL\binn\sqlservr.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mukanon.vai.la/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [GYJY Agent] C:\WINDOWS\system32\28463\GYJY.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179089983421

O17 - HKLM\System\CCS\Services\Tcpip\..\{64929279-7B58-49C4-84C0-56A38FCEFA42}: NameServer = 200.165.132.155 200.149.55.140

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Apache2.2 - Unknown owner - C:\AppServ\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe (file missing)

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe (file missing)

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Me socorre por favor. Agora meu SQLSERVER deu pau, quando eu clico em start ele não responde, o que eu faço? :(:unsure:

post-273533-13884945524806_thumb.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ja resolvi o problema do SQLSERVER, :)

Espero e agradeço por diagnosticar meu Log.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ja consertei o SQLSERVER.

Fico no aguardo do diagnóstico do último log que coloquei e desde já agradeço.

valeu Jose Melo

:)

Compartilhar este post


Link para o post
Compartilhar em outros sites

AI VAI ELE..

ComboFix 08-01-04.1 - Administrador 2008-01-07 0:00:34.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1050 [GMT -2:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\toolbar.exe

C:\WINDOWS\ktd32.atm

C:\WINDOWS\services.exe

C:\WINDOWS\svchost.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_POWERMANAGER

-------\PowerManager

((((((((((((((((((((((( Ficheiros criados de 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))))

.

2008-01-06 23:59 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-06 00:34 . 2008-01-06 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\LogSys

2008-01-06 00:34 . 2008-01-06 00:34 <DIR> d--h----- C:\Documents and Settings\All Users\Dados de aplicativos\{3A7FD077-F0B4-4276-BE42-175DEF23CA39}

2008-01-06 00:34 . 2008-01-06 00:34 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\LogSys

2008-01-06 00:34 . 2008-01-06 00:43 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Blueberry

2008-01-06 00:34 . 2008-01-06 00:34 <DIR> d-------- C:\Arquivos de programas\Blueberry Software

2008-01-06 00:34 . 2008-01-06 00:34 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Blueberry Software

2008-01-06 00:34 . 2008-01-06 00:34 27,776 --a------ C:\WINDOWS\system32\bbcap.dll

2008-01-06 00:34 . 2008-01-06 00:34 4,608 --a------ C:\WINDOWS\system32\bbchlp.dll

2008-01-06 00:34 . 2008-01-06 00:34 2,944 --a------ C:\WINDOWS\system32\drivers\bbcap.sys

2008-01-05 14:54 . 2008-01-06 16:24 <DIR> d-------- C:\Arquivos de programas\Mu Shop

2008-01-05 14:18 . 2008-01-05 14:46 23,510,720 --a------ C:\dotnetfx.exe

2008-01-03 14:37 . 2008-01-03 14:37 <DIR> d-------- C:\Arquivos de programas\BreakPoint Software

2008-01-03 13:43 . 2008-01-03 13:43 <DIR> d-------- C:\Arquivos de programas\InCode Solutions

2008-01-03 13:41 . 2008-01-03 13:43 1,872,971 --a------ C:\removeit_pro.exe

2007-12-30 23:40 . 2007-12-30 23:41 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2007-12-26 12:19 . 2007-12-28 17:08 <DIR> d-------- C:\Arquivos de programas\SQL Shield

2007-12-26 12:19 . 2006-08-13 08:32 720,896 --a------ C:\WINDOWS\sqlshield.dll

2007-12-25 15:09 . 2007-12-25 15:13 77 --a------ C:\WINDOWS\HEDIT.INI

2007-12-24 18:31 . 2007-12-24 18:31 <DIR> d-------- C:\Arquivos de programas\DivX

2007-12-16 17:26 . 2007-12-16 17:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-12-16 14:26 . 2007-12-16 14:26 <DIR> d-------- C:\Arquivos de programas\HHD Software

2007-12-14 11:39 . 2007-12-14 11:39 <DIR> d-------- C:\Arquivos de programas\WinUHA

2007-12-14 11:37 . 2007-12-14 11:38 1,130,117 --a------ C:\WinUHA 2.0 Build 2003.12.31 Beta.exe

2007-12-12 18:08 . 2007-12-12 18:09 41,888 --a------ C:\WINDOWS\system32\drivers\Oreans.sys

2007-12-11 18:34 . 2007-12-11 18:34 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Vbox

2007-12-11 18:34 . 2007-12-11 18:34 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macromedia

2007-12-11 18:33 . 2007-12-11 18:34 <DIR> d-------- C:\Arquivos de programas\Macromedia

2007-12-11 17:46 . 2007-12-11 17:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-12-11 17:46 . 2007-12-11 17:46 560,640 --a------ C:\WINDOWS\system32\DivXsm.exe

2007-12-11 17:46 . 2007-12-11 17:46 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

2007-12-11 17:45 . 2007-12-11 17:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-12-11 17:45 . 2007-12-11 17:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-12-11 17:43 . 2007-12-11 17:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

2007-12-11 16:22 . 2007-12-11 16:22 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Nvu

2007-12-11 14:57 . 2007-12-11 14:57 <DIR> d-------- C:\AppServ

2007-12-11 10:32 . 2007-12-11 10:54 <DIR> d-------- C:\WINDOWS\nview

2007-12-11 10:32 . 2008-01-07 00:05 26,682 --a------ C:\WINDOWS\system32\nvapps.xml

2007-12-11 10:32 . 2005-06-15 17:20 14,757 --a------ C:\WINDOWS\system32\nvdisp.nvu

2007-12-11 09:48 . 2007-12-11 10:23 30,084,248 --a------ C:\77.72_win2kxp_international_whql.exe

2007-12-10 21:33 . 2007-12-10 21:33 <DIR> d-------- C:\Arquivos de programas\LauncherFacilMx

2007-12-10 21:33 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe

2007-12-10 17:51 . 2007-12-10 17:55 138 --a------ C:\WINDOWS\system32\{4E4477A4-649B-4506-9AD1-44DDB6B9BB68}

2007-12-10 17:50 . 2007-12-10 17:50 438,784 --a------ C:\WINDOWS\system32\V22004810.EPE

2007-12-10 16:36 . 2007-12-21 22:48 64 --a------ C:\WINDOWS\ItemFinder.cfg

2007-12-10 11:30 . 2007-12-10 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Comodo

2007-12-10 11:30 . 2007-12-10 11:30 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Comodo

2007-12-10 11:27 . 2007-12-11 10:54 <DIR> d-------- C:\Arquivos de programas\Comodo

2007-12-07 17:58 . 2007-12-07 17:58 <DIR> d-------- C:\Arquivos de programas\OnGame

2007-12-07 14:26 . 2007-12-11 11:31 385,580 --a------ C:\WINDOWS\system32\lncom.exe

2007-12-07 14:26 . 2007-12-11 11:31 51,712 --a------ C:\WINDOWS\system32\lncom_.exe

2007-12-07 14:02 . 2007-12-07 14:02 <DIR> d-------- C:\WINDOWS\MU-KAX TEEN

2007-12-07 13:01 . 2000-08-06 01:50 36,939 --a------ C:\WINDOWS\system32\insrepim.exe

2007-12-07 13:00 . 2000-07-07 12:20 81,920 --a------ C:\WINDOWS\system32\mdt2fw95.dll

2007-12-07 13:00 . 2000-08-06 01:51 28,734 --a------ C:\WINDOWS\system32\dbmslpcn.dll

2007-12-07 12:08 . 2007-12-07 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\AntiVir PersonalEdition Classic

2007-12-07 11:33 . 2000-08-06 01:51 192,569 --a------ C:\WINDOWS\system32\msrpjt40.dll

2007-12-07 11:33 . 1997-07-19 17:00 129,808 --a------ C:\WINDOWS\system32\comdlg32.ocx

2007-12-07 11:33 . 2007-12-08 11:11 1,744 --a------ C:\WINDOWS\sql.mif

2007-12-07 11:32 . 2000-08-06 01:51 274,489 --a------ C:\WINDOWS\system32\ntwdblib.dll

2007-12-07 11:32 . 2000-08-06 01:51 32,830 --a------ C:\WINDOWS\system32\dbmsshrn.dll

2007-12-07 11:31 . 2007-12-08 11:11 1,277 --a------ C:\WINDOWS\setup.iss

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-07 00:26 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\MegauploadToolbar

2008-01-04 21:06 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Skype

2007-12-29 10:24 18,480 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-12-21 17:27 0 ----a-w C:\WINDOWS\Fonts\Log JOB.log

2007-12-15 11:20 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-15 11:20 --------- d-----w C:\Arquivos de programas\CyberLink DVD Solution

2007-12-15 11:19 --------- d-----w C:\Arquivos de programas\Velox

2007-12-13 15:05 --------- d-----w C:\Arquivos de programas\MegauploadToolbar

2007-12-11 19:46 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-12-11 19:46 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2007-12-11 19:46 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-12-11 19:46 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-12-11 19:44 193,344 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-12-10 10:11 --------- d-----w C:\Documents and Settings\Administrador.PC\Dados de aplicativos\MEGAUPLOADTOOLBAR

2007-12-08 13:09 --------- d-----w C:\Arquivos de programas\Microsoft SQL Server

2007-12-07 14:01 --------- d-----w C:\Arquivos de programas\No-IP

2007-12-06 21:29 --------- d-----w C:\Arquivos de programas\UltraVNC

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-07 18:36 --------- d-----w C:\Documents and Settings\Administrador.PC\Dados de aplicativos\Nero

2007-11-05 00:55 3,252,981 ----a-w C:\vdownloader.zip

2007-11-05 00:51 636,090 ----a-w C:\digitv105.exe

2007-11-04 20:50 368,412,613 ----a-w C:\Haste_S3_20070818.exe

2007-11-04 14:41 5,418,176 ----a-w C:\tvc.exe

2007-11-04 12:42 189,365,600 ----a-w C:\Nero-8.1.1.0b_ptb_trial.exe

2007-11-04 12:04 1,619,759 ----a-w C:\digitv.exe

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-20 08:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-07-20 04:19 855,886 ----a-w C:\Arquivos de programas\AUG2007_d3dx10_35_x64.cab

2007-07-20 04:19 800,467 ----a-w C:\Arquivos de programas\AUG2007_d3dx10_35_x86.cab

2007-07-20 04:19 1,803,760 ----a-w C:\Arquivos de programas\AUG2007_d3dx9_35_x64.cab

2007-07-20 04:18 44,684 ----a-w C:\Arquivos de programas\dxdllreg_x86.cab

2007-07-20 04:18 201,696 ----a-w C:\Arquivos de programas\AUG2007_XACT_x64.cab

2007-07-20 04:18 156,612 ----a-w C:\Arquivos de programas\AUG2007_XACT_x86.cab

2007-07-20 04:18 1,711,752 ----a-w C:\Arquivos de programas\AUG2007_d3dx9_35_x86.cab

2007-07-20 03:48 976,020 ----a-w C:\Arquivos de programas\BDAXP.cab

2007-07-20 03:48 917,318 ----a-w C:\Arquivos de programas\Apr2006_MDX1_x86.cab

2007-07-20 03:48 88,102 ----a-w C:\Arquivos de programas\AUG2006_xinput_x64.cab

2007-07-20 03:48 87,989 ----a-w C:\Arquivos de programas\Apr2006_xinput_x64.cab

2007-07-20 03:48 86,925 ----a-w C:\Arquivos de programas\Oct2005_xinput_x64.cab

2007-07-20 03:48 86,709 ----a-w C:\Arquivos de programas\dxupdate.cab

2007-07-20 03:48 77,160 ----a-w C:\Arquivos de programas\DSETUP.dll

2007-07-20 03:48 702,644 ----a-w C:\Arquivos de programas\JUN2007_d3dx10_34_x64.cab

2007-07-20 03:48 702,212 ----a-w C:\Arquivos de programas\APR2007_d3dx10_33_x64.cab

2007-07-20 03:48 702,072 ----a-w C:\Arquivos de programas\JUN2007_d3dx10_34_x86.cab

2007-07-20 03:48 699,465 ----a-w C:\Arquivos de programas\APR2007_d3dx10_33_x86.cab

2007-07-20 03:48 56,902 ----a-w C:\Arquivos de programas\APR2007_xinput_x86.cab

2007-07-20 03:48 539,496 ----a-w C:\Arquivos de programas\DXSETUP.exe

2007-07-20 03:48 47,018 ----a-w C:\Arquivos de programas\AUG2006_xinput_x86.cab

2007-07-20 03:48 46,898 ----a-w C:\Arquivos de programas\Apr2006_xinput_x86.cab

2007-07-20 03:48 46,247 ----a-w C:\Arquivos de programas\Oct2005_xinput_x86.cab

2007-07-20 03:48 4,163,518 ----a-w C:\Arquivos de programas\Apr2006_MDX1_x86_Archive.cab

2007-07-20 03:48 213,767 ----a-w C:\Arquivos de programas\DEC2006_d3dx10_00_x64.cab

2007-07-20 03:48 200,722 ----a-w C:\Arquivos de programas\JUN2007_XACT_x64.cab

2007-07-20 03:48 199,366 ----a-w C:\Arquivos de programas\APR2007_XACT_x64.cab

2007-07-20 03:48 198,275 ----a-w C:\Arquivos de programas\FEB2007_XACT_x64.cab

2007-07-20 03:48 193,435 ----a-w C:\Arquivos de programas\DEC2006_XACT_x64.cab

2007-07-20 03:48 192,680 ----a-w C:\Arquivos de programas\DEC2006_d3dx10_00_x86.cab

2007-07-20 03:48 183,863 ----a-w C:\Arquivos de programas\AUG2006_XACT_x64.cab

2007-07-20 03:48 183,321 ----a-w C:\Arquivos de programas\OCT2006_XACT_x64.cab

2007-07-20 03:48 181,745 ----a-w C:\Arquivos de programas\JUN2006_XACT_x64.cab

2007-07-20 03:48 180,021 ----a-w C:\Arquivos de programas\Apr2006_XACT_x64.cab

2007-07-20 03:48 179,247 ----a-w C:\Arquivos de programas\Feb2006_XACT_x64.cab

2007-07-20 03:48 156,509 ----a-w C:\Arquivos de programas\JUN2007_XACT_x86.cab

2007-07-20 03:48 154,825 ----a-w C:\Arquivos de programas\APR2007_XACT_x86.cab

2007-07-20 03:48 151,583 ----a-w C:\Arquivos de programas\FEB2007_XACT_x86.cab

2007-07-20 03:48 146,559 ----a-w C:\Arquivos de programas\DEC2006_XACT_x86.cab

2007-07-20 03:48 138,977 ----a-w C:\Arquivos de programas\OCT2006_XACT_x86.cab

2007-07-20 03:48 138,195 ----a-w C:\Arquivos de programas\AUG2006_XACT_x86.cab

2007-07-20 03:48 134,631 ----a-w C:\Arquivos de programas\JUN2006_XACT_x86.cab

2007-07-20 03:48 133,991 ----a-w C:\Arquivos de programas\Apr2006_XACT_x86.cab

2007-07-20 03:48 133,297 ----a-w C:\Arquivos de programas\Feb2006_XACT_x86.cab

2007-07-20 03:48 13,265,040 ----a-w C:\Arquivos de programas\dxnt.cab

2007-07-20 03:48 100,417 ----a-w C:\Arquivos de programas\APR2007_xinput_x64.cab

2007-07-20 03:48 1,673,576 ----a-w C:\Arquivos de programas\dsetup32.dll

2007-07-20 03:48 1,611,374 ----a-w C:\Arquivos de programas\JUN2007_d3dx9_34_x64.cab

2007-07-20 03:48 1,610,958 ----a-w C:\Arquivos de programas\APR2007_d3dx9_33_x64.cab

2007-07-20 03:48 1,610,886 ----a-w C:\Arquivos de programas\JUN2007_d3dx9_34_x86.cab

2007-07-20 03:48 1,609,639 ----a-w C:\Arquivos de programas\APR2007_d3dx9_33_x86.cab

2007-07-20 03:48 1,575,336 ----a-w C:\Arquivos de programas\DEC2006_d3dx9_32_x86.cab

2007-07-20 03:48 1,572,114 ----a-w C:\Arquivos de programas\DEC2006_d3dx9_32_x64.cab

2007-07-20 03:48 1,413,862 ----a-w C:\Arquivos de programas\OCT2006_d3dx9_31_x64.cab

2007-07-20 03:48 1,398,718 ----a-w C:\Arquivos de programas\Apr2006_d3dx9_30_x64.cab

2007-07-20 03:48 1,363,684 ----a-w C:\Arquivos de programas\Feb2006_d3dx9_29_x64.cab

2007-07-20 03:48 1,358,864 ----a-w C:\Arquivos de programas\Dec2005_d3dx9_28_x64.cab

2007-07-20 03:48 1,351,430 ----a-w C:\Arquivos de programas\Aug2005_d3dx9_27_x64.cab

2007-07-20 03:48 1,348,242 ----a-w C:\Arquivos de programas\Apr2005_d3dx9_25_x64.cab

2007-07-20 03:48 1,336,890 ----a-w C:\Arquivos de programas\Jun2005_d3dx9_26_x64.cab

2007-07-20 03:48 1,248,387 ----a-w C:\Arquivos de programas\Feb2005_d3dx9_24_x64.cab

2007-05-14 20:32 56 --sh--r C:\WINDOWS\system32\25F43B7D59.sys

2007-05-14 20:32 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 14:24 1729536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Smapp"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57 143360]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2004-04-06 15:36 1334894]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [ ]

"GYJY Agent"="C:\WINDOWS\system32\28463\GYJY.exe" [ ]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 17:20 6803456]

"nwiz"="nwiz.exe" [2005-06-15 17:20 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 17:20 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [ ]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

Service Manager.lnk - C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2007-12-06 19:43:30]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 21:22]

R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2008-01-06 00:34]

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-08-12 18:21]

R1 XPROTECTOR;XPROTECTOR;C:\WINDOWS\system32\drivers\Oreans.sys [2007-12-12 18:09]

R2 Apache2.2;Apache2.2;"C:\AppServ\Apache2.2\bin\httpd.exe" [2006-07-27 07:49]

R2 MSSQL$MUKAON;MSSQL$MUKAON;C:\ARQUIV~1\MICROS~3\MSSQL$~1\binn\sqlservr.exe [2000-08-06 01:50]

S2 PowerManager;Power Manager;C:\WINDOWS\svchost.exe [2001-08-24 16:00]

S3 AIDA32Driver;AIDA32Driver;C:\Arquivos de programas\AIDA32 []

S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 22:53]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 19:10]

S3 NTProcDrv;Process creation detector for NT.;C:\SILKROAD\NtProcDrv.sys []

S3 SQLAgent$MUKAON;SQLAgent$MUKAON;C:\ARQUIV~1\MICROS~3\MSSQL$~1\binn\sqlagent.exe [2000-08-06 01:50]

*Newly Created Service* - POWERMANAGER

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-07 00:05:24

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusÆo: 2008-01-07 0:09:01 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-07 02:08:59

.

2007-12-22 05:01:02 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

O keylogger foi você quem instalou?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não. Não fui eu q instalei.

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do Killbox e execute-o:

  • Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

C:\WINDOWS\system32\28463\GYJY.exe
  • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;
  • Clique no killbox.png e responda Não à pergunta.

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Abra o HijackThis, clique em Do a system scan only e marque a entrada abaixo:

O4 - HKLM\..\Run: [GYJY Agent] C:\WINDOWS\system32\28463\GYJY.exe

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- Reinicie em modo normal, gere novo log e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

AI VAI NOVO LOG

Logfile of HijackThis v1.99.1

Scan saved at 00:58:14, on 10/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\AppServ\Apache2.2\bin\httpd.exe

C:\AppServ\Apache2.2\bin\httpd.exe

C:\ARQUIV~1\MICROS~3\MSSQL$~1\binn\sqlservr.exe

C:\ARQUIV~1\MICROS~3\MSSQL\binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\svchost.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\REMOÇÃO DE MALWARE\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mukanon.vai.la/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179089983421

O17 - HKLM\System\CCS\Services\Tcpip\..\{64929279-7B58-49C4-84C0-56A38FCEFA42}: NameServer = 200.165.132.155 200.149.55.140

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Apache2.2 - Unknown owner - C:\AppServ\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe (file missing)

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe (file missing)

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Apague a pasta backups que está em C:\REMOÇÃO DE MALWARE e C:\!Killbox;

- Atualize o Internet Explorer:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir Erros

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites

valeu Josemelo.

Muito Obrigado!! :)

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...