[Arquivado] Análise de log, :)

[alvinho 0]

O avg e o kaspersky encontram alguns virus, mas não conseguem remover.

 

Logfile of HijackThis v1.99.1

Scan saved at 11:09:13 PM, on 01/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\APC\APC PowerChute Personal Edition\mainserv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Programas\Diskeeper\DkService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Arquivos de programas\Logitech\Video\LogiTray.exe

C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe

C:\Arquivos de programas\DU Meter\DUMeter.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\PowerS.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\AOL\1149794522\ee\AOLSoftware.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\Velox\Manager\desp2k.exe

C:\Program Files\CNNIC\Cdn\cdnup.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Plaxo\2.11.1.5\PlaxoHelper.exe

C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\Palm\Hotsync.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://about.blank.la/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://client.jogo.cn/cdn/browser/sidesear...esearch-en.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customse...msearch-en.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CNNIC ÍøÂ繤¾ßDrag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:\PROGRA~2\CNNIC\Cdn\cdndrag.dll

O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~2\CNNIC\Cdn\cdnforie.dll

O2 - BHO: BHOImp Class - {70AFF2CB-9DA2-499C-8D15-900729FCE83D} - C:\WINDOWS\system32\YHBO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~2\CNNIC\Cdn\wmhlpr.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Arquivos de programas\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\\nTune.exe" clear

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [type32] "C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programas\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [DU Meter] C:\Arquivos de programas\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [smartGuardian] C:\Arquivos de programas\ITE\Smart Guardian\ITESmart.exe

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HostManager] C:\Arquivos de programas\Arquivos comuns\AOL\1149794522\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [iPHSend] C:\Arquivos de programas\Arquivos comuns\AOL\IPHSend\IPHSend.exe

O4 - HKLM\..\Run: [ultraMon] "C:\Arquivos de programas\UltraMon\UltraMon.exe" /auto

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [rundll] C:\Program Files\Common Files\rundll.exe

O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Arquivos de programas\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [Girder4] C:\Arquivos de programas\Promixis\Girder\girder.exe

O4 - HKCU\..\Run: [skype] "C:\Programas\Skype\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [Aim6] "C:\Arquivos de programas\Arquivos comuns\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Arquivos de programas\Plaxo\2.11.1.5\PlaxoHelper.exe -a

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [EA Core] "C:\Arquivos de programas\Electronic Arts\EA Link\Core.exe" -silent

O4 - Startup: Girder3.lnk = C:\Arquivos de programas\girder\Girder.exe

O4 - Startup: Palm Registration.lnk = C:\Arquivos de programas\Palm\register.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Build A Roll.lnk = C:\Arquivos de programas\Build A Roll\baroll.exe

O4 - Global Startup: Gerenciador de HotSync.lnk = C:\Arquivos de programas\Palm\Hotsync.exe

O4 - Global Startup: Remote Controller.lnk = C:\Arquivos de programas\Prolink\PlayTV\TVRMVCR.EXE

O4 - Global Startup: Scheduler.lnk = C:\Arquivos de programas\Prolink\PlayTV\TVSCHL.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Alvaro\Menu Iniciar\Programas\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Alvaro\Menu Iniciar\Programas\Absolute Poker\Absolute Poker.lnk

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: você Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\ARQUIV~1\VCPOKE~1\client.exe

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Arquivos de programas\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Arquivos de programas\Titan Poker\casino.exe

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Arquivos de programas\PartyGaming\PartyGammon\RunBackGammon.exe

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Arquivos de programas\PartyGaming\PartyGammon\RunBackGammon.exe

O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~2\CNNIC\Cdn\cdnforie.dll

O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~2\CNNIC\Cdn\cdnforie.dll

O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Arquivos de programas\PokerTimeMPP\MPPoker.exe

O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Arquivos de programas\EmpirePokerMaster\EmpirePoker\RunEPoker.exe

O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Arquivos de programas\EmpirePokerMaster\EmpirePoker\RunEPoker.exe

O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Arquivos de programas\UltimateBet\UltimateBet.exe

O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Arquivos de programas\UltimateBet\UltimateBet.exe

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Arquivos de programas\CDPoker\casino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Arquivos de programas\CDPoker\casino.exe

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunCasino.exe

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Arquivos de programas\PartyGaming\PartyCasino\RunCasino.exe

O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Arquivos de programas\Noble Poker\casino.exe

O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Arquivos de programas\Noble Poker\casino.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Arquivos de programas\PartyGaming\PartyBingo\RunBingo.exe

O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Arquivos de programas\PartyGaming\PartyBingo\RunBingo.exe

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Arquivos de programas\ladbrokesMPP\MPPoker.exe

O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menu Iniciar\Programas\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menu Iniciar\Programas\Absolute Poker\Absolute Poker.lnk

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Arquivos de programas\Bodog Poker\BPGame.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Arquivos de programas\Poker.com\poker.exe (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {CFD77B0F-B0AB-47C5-91D2-A01241C45202} (AllatPluginATL Class) - https://www.allatbiz.net/jsp/component/AllatPluginSE.cab

O16 - DPF: {D7959311-BFA5-11D4-AC33-0050DA92CB80} (VRmallViewer Class) - http://www.humandream.com/VRmall/Release/VRmall.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EBA2000A-9470-4739-90C0-A1086543EE25}: NameServer = 192.168.2.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Arquivos de programas\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programas\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

[jgarcia 1]

Opa alvinho,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe, aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

[Shine 0]

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 20 dias, o mesmo foi arquivado.

 

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador com um link para este tópico e explique o motivo da reabertura.