[Arquivado]Possivel Infecção de virus

[Ramonrlc 0]

Oi Pessoal, a alguns dias atras eu peguei um programa com um crack e fui infectado, com a ajuda de um outro topico aqui do forum consegui resolver o problema, pelomenos é o que parece, mas de uns dias pra cá a internet ficou muito lenta e des desse dia que eu fui infectado com o programa de crack eu nao consigo fazer scan no meu pc com o virus scan da mcafee.aqui vai o log feito pelo hijackthisLogfile of HijackThis v1.99.1Scan saved at 01:00:48, on 30/6/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\csrss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Java\jre1.6.0_01\bin\jusched.exeD:\Program Files\DAEMON Tools\daemon.exeD:\Program Files\SlySoft\AnyDVD\AnyDVD.exeD:\WINDOWS\system32\RunDLL32.exeD:\Program Files\Spyware Doctor\swdoctor.exeD:\WINDOWS\system32\nvsvc32.exeD:\Program Files\Spyware Doctor\sdhelp.exeD:\WINDOWS\System32\alg.exeD:\Program Files\Winamp\winamp.exeD:\Program Files\Sports Interactive\Football Manager 2007\fm.exeC:\FullT\mirc.exeD:\WINDOWS\system32\wscntfy.exeD:\Program Files\MSN Messenger\msnmsgr.exeD:\Documents and Settings\Ramob\My Documents\CyberTruco\TRUCO.exeD:\WINDOWS\explorer.exeD:\PROGRA~1\Mozilla Firefox\firefox.exeD:\Program Files\MSN Messenger\usnsvc.exeD:\hijackthis\HijackThis.exeO2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dllO2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dllO4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [hwfutczk.exe] D:\Documents and Settings\All Users\Application Data\hwfutczk.exeO4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /QO4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = D:\Documents and Settings\Ramob\Local Settings\Temp\{B1F7D6F7-34AD-47AB-9C9D-7F889DF03EF5}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exeO8 - Extra context menu item: Abrir com o GetRight Browser - D:\PROGRA~1\GetRight\GRbrowse.htmO8 - Extra context menu item: Download com o GetRight - D:\PROGRA~1\GetRight\GRdownload.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exeO9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exeO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: WgaLogon - D:\WINDOWS\O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exeO23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe

[jgarcia 1]

Opa Ramonrlc,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em D:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no D.

 

Abraços.

[Ramonrlc 0]

Logfile of HijackThis v1.99.1

Scan saved at 16:40:23, on 17/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

D:\Program Files\DAEMON Tools\daemon.exe

D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

D:\WINDOWS\system32\RunDLL32.exe

D:\Documents and Settings\All Users\Application Data\hwfutczk.exe

D:\Program Files\MSN Messenger\MsnMsgr.Exe

D:\Program Files\Spyware Doctor\swdoctor.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\Program Files\Spyware Doctor\sdhelp.exe

D:\WINDOWS\system32\wscntfy.exe

D:\WINDOWS\System32\alg.exe

D:\PROGRA~1\Mozilla Firefox\firefox.exe

D:\Program Files\MSN Messenger\usnsvc.exe

D:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\hijackthis\HijackThis.exe

 

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [hwfutczk.exe] D:\Documents and Settings\All Users\Application Data\hwfutczk.exe

O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = D:\Documents and Settings\Ramob\Local Settings\Temp\{B1F7D6F7-34AD-47AB-9C9D-7F889DF03EF5}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe

O8 - Extra context menu item: Abrir com o GetRight Browser - D:\PROGRA~1\GetRight\GRbrowse.htm

O8 - Extra context menu item: Download com o GetRight - D:\PROGRA~1\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\

O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe

 

 

 

 

 

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 10/7/2007 - 18:20

-------------------------------------------------------

Lista de Definição: 2007-07-08-1

=======================================================

 

Arquivo infectado detectado: D:\WINDOWS\csrss.exe

Arquivo infectado removido com sucesso!

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[jgarcia 1]

Opa Ramonrlc,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em D:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[Ramonrlc 0]

"Ramob" - 2007-07-28 6:06:29 [GMT -3:00] - ComboFix 07-07-24 - Service Pack 2 NTFS [sAFE MODE]

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

D:\Program Files\winpop

D:\Program Files\winpop\UnInstall.exe

D:\Program Files\winpop\winpop.exe

D:\WINDOWS\csrss.exe

D:\WINDOWS\system32_exception.nls

D:\WINDOWS\system32\xpdx.sys

D:\WINDOWS\wr.txt

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_NDNET1

-------\LEGACY_RUNTIME

-------\LEGACY_RUNTIME2

-------\runtime

-------\xpdx

 

 

((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))

 

 

2007-07-28 05:00 51,200 --a------ D:\WINDOWS\nircmd.exe

2007-07-27 15:36 31,744 --a------ D:\WINDOWS\system32\drivers\usbccgp.sys

2007-07-26 17:04 <DIR> d-------- D:\Program Files\danny_kay1710

2007-07-25 15:05 <DIR> d-------- D:\Program Files\Rockstar Custom Tracks

2007-07-24 19:25 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet

2007-07-24 19:08 <DIR> d-------- D:\Program Files\Bonjour

2007-07-24 18:59 <DIR> d-------- D:\Program Files\Common Files\Macrovision Shared

2007-07-24 00:27 82,258 --a------ D:\WINDOWS\system32\drivers\klin.dat

2007-07-24 00:27 82,258 --a------ D:\WINDOWS\system32\drivers\klick.dat

2007-07-24 00:27 3,291,936 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat

2007-07-24 00:27 192,800 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat

2007-07-24 00:27 <DIR> d-------- D:\Program Files\Kaspersky Lab

2007-07-24 00:27 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab

2007-07-24 00:24 <DIR> d-------- D:\DOCUME~1\Ramob\APPLIC~1\SiteAdvisor

2007-07-23 03:02 <DIR> d-------- D:38533632b2b25995f5ae078

2007-07-23 01:16 <DIR> d-------- D:\WINDOWS\system32\SoftwareDistribution

2007-07-17 16:42 <DIR> d-------- D:\WINDOWS\system32\Kaspersky Lab

2007-07-12 03:56 <DIR> d---s---- D:\DOCUME~1\Ramob\UserData

2007-07-10 01:31 <DIR> d-------- D:\Program Files\Ares

2007-07-09 18:54 <DIR> d-------- D:\LinhaDefensiva

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-28 08:04:48 50,288 --sha-w D:\WINDOWS\system32\drivers\fidbox.idx

2007-07-28 08:04:48 20,144 --sha-w D:\WINDOWS\system32\drivers\fidbox2.idx

2007-07-26 18:24:18 -------- d-----w D:\DOCUME~1\Ramob\APPLIC~1\uTorrent

2007-07-26 06:22:28 -------- d-----w D:\Program Files\eMule

2007-07-24 03:33:19 -------- d-----w D:\Program Files\McAfee

2007-07-10 04:29:10 -------- d-----w D:\DOCUME~1\Ramob\APPLIC~1\FrostWire

2007-07-07 17:28:57 -------- d-----w D:\Program Files\Soulseek

2007-06-27 20:57:18 57,344 ----a-w D:\WINDOWS\os1zn2mO7Z.exe

2007-06-23 04:54:51 -------- d-----w D:\Program Files\Allok MOV Converter

2007-06-19 16:46:45 -------- d-----w D:\Program Files\MegauploadToolbar

2007-06-16 08:16:59 -------- d-----w D:\Program Files\Total Video Converter

2007-06-15 08:27:10 94,742 ----a-w D:\ELITRIIP.24062007.EXE

2007-06-15 07:47:31 -------- d-----w D:\DOCUME~1\Ramob\APPLIC~1\McAfee

2007-06-15 07:45:25 -------- d-----w D:\Program Files\GetRight

2007-06-15 07:44:08 -------- d-----w D:\Program Files\Yahoo!

2007-06-15 04:51:59 -------- d-----w D:\Program Files\AVI ReComp

2007-06-15 04:35:57 -------- d-----w D:\Program Files\Gabest

2007-06-15 04:35:46 -------- d-----w D:\Program Files\Xvid

2007-06-15 04:34:46 -------- d-----w D:\Program Files\AviSynth 2.5

2007-06-15 04:18:21 -------- d-----w D:\DOCUME~1\Ramob\APPLIC~1\PC Tools

2007-06-15 03:56:09 909,620 --sh--w D:\WINDOWS\system32\dfhkj.bak1

2007-06-15 03:42:53 -------- d-----w D:\Program Files\Last.fm

2007-06-14 21:53:07 -------- d-----w D:\Program Files\ICQToolbar

2007-06-12 15:24:08 -------- d-----w D:\Program Files\DkZ Studio

2007-06-12 07:36:32 -------- d-----w D:\Program Files\vcmm

2007-06-12 05:24:03 -------- d-----w D:\Program Files\Winning Eleven 2007

2007-06-11 06:51:39 -------- d-----w D:\Program Files\Windows Live

2007-06-11 06:51:39 -------- d-----w D:\Program Files\MSN Messenger

2007-06-11 06:51:39 -------- d-----w D:\Program Files\Messenger Plus! Live

2007-05-20 01:37:14 206,352 ----a-w D:\WINDOWS\system32\klogon.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 07:48]

"NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]

"AnyDVD"="D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-05-19 15:19]

"NvMediaCenter"="NvMCTray.dll" [2005-11-11 09:47 D:\WINDOWS\system32\nvmctray.dll]

"hwfutczk.exe"="D:\Documents and Settings\All Users\Application Data\hwfutczk.exe" [2007-06-27 17:57]

"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-05-19 22:36]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"

"tscuninstall"=%systemroot%\system32\tscupgrd.exe

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"msnsc"=D:\WINDOWS\system32\msnsc.exe

 

D:\Documents and Settings\Ramob\Start Menu\Programs\Startup\

Adobe Gamma.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoRemoteRecursiveEvents"=1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ClearRecentDocsOnExit"=1 (0x1)

"NoLowDiskSpaceChecks"=1 (0x1)

"NoSaveSettings"=0 (0x0)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ClearRecentDocsOnExit"=1 (0x1)

"NoLowDiskSpaceChecks"=1 (0x1)

"NoSaveSettings"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]

D:\WINDOWS\csrss.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]

rundll32.exe "D:\WINDOWS\system32\awinhvim.dll",realset

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

HDAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hwfutczk.exe]

D:\Documents and Settings\All Users\Application Data\hwfutczk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

D:\Program Files\ICQLite\ICQLite.exe -minimize

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipmon]

ipmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

D:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

D:\Program Files\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startdrv]

D:\WINDOWS\Temp\startdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]

D:\Program Files\WinPop\winpop.exe

 

R2 ElbyCDIO;ElbyCDIO Driver;D:\WINDOWS\system32\Drivers\ElbyCDIO.sys

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service;D:\WINDOWS\system32\drivers\ADIHdAud.sys

R3 AEAudioService;AEAudio Service;D:\WINDOWS\system32\drivers\AEAudio.sys

R3 AnyDVD;AnyDVD;D:\WINDOWS\system32\Drivers\AnyDVD.sys

R3 ElbyDelay;ElbyDelay;D:\WINDOWS\system32\Drivers\ElbyDelay.sys

R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\system32\DRIVERS\klim5.sys

R3 SenFiltService;SenFilt Service;D:\WINDOWS\system32\drivers\Senfilt.sys

S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;D:\WINDOWS\system32\drivers\HdAudio.sys

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-28 06:13:02

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-28 6:14:41 - machine was rebooted

D:\ComboFix-quarantined-files.txt ... 2007-07-28 06:14

 

--- E O F ---

[jgarcia 1]

Opa Ramonrlc,

 

Poste um novo log do HijackThis.

 

Abraços.

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.