[Arquivado] log Hijackthis v2.0.2

[gblcp 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:29:22, on 10/8/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01

F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\BTStack.exe

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll (file missing)

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\System32\nkuigxnw.dll",forkonce

O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DDC] C:\WINDOWS\System32\ebcscqov.exe

O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunServices: [File Mapping Services] hp-1003.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunServices: [File Mapping Services] hp-1003.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Bluetooth Stack COM Server - Unknown owner - C:\WINDOWS\BTStack.exe (file missing)

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\qwerty12.exe (file missing)

O23 - Service: Memorex Network Analysis Tool - Unknown owner - C:\WINDOWS\System32\dllcache\winsntp.exe (file missing)

O23 - Service: mika_serv (mikaserv) - Unknown owner - C:\WINDOWS\mikaserv.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sony Network Analysis Tool - Unknown owner - C:\WINDOWS\System32\dllcache\winsony.exe (file missing)

 

--

End of file - 5199 bytes

[gblcp 0]

baixei o ComboFix

Log:

ComboFix 07-08-09.3 - "usuario" 2007-08-10 13:50:10.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.1.1252.1.1046.18.648 [GMT -3:00]

* Created a new restore point

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Arquivos de programas\Arquivos comuns\winantivirus pro 2006

C:\Arquivos de programas\Arquivos comuns\WinAntiVirus Pro 2006\err.log

C:\Arquivos de programas\Arquivos comuns\winantivirus pro 2006\err.log

C:\DOCUME~1\usuario\DADOSD~1.\macromedia\Flash Player\#SharedObjects\8AQCFM3S\www.broadcaster.com

C:\DOCUME~1\usuario\DADOSD~1.\macromedia\Flash Player\#SharedObjects\8AQCFM3S\www.broadcaster.com\played_list.sol

C:\DOCUME~1\usuario\DADOSD~1.\macromedia\Flash Player\#SharedObjects\8AQCFM3S\www.broadcaster.com\video_queue.sol

C:\DOCUME~1\usuario\DADOSD~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\DOCUME~1\usuario\DADOSD~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\DOCUME~1\usuario\DADOSD~1\..\err.log

C:\WINDOWS\system32\apseqcen.dll

C:\WINDOWS\system32\brkpasmn.ini

C:\WINDOWS\system32\fccdbxu.dll

C:\WINDOWS\system32\gvjmtuot.dll

C:\WINDOWS\system32\haamyepj.ini

C:\WINDOWS\system32\ihqqijfy.ini

C:\WINDOWS\system32\jpeymaah.dll

C:\WINDOWS\system32\katxkshr.ini

C:\WINDOWS\system32\khffcax.dll

C:\WINDOWS\system32\mljhghg.dll

C:\WINDOWS\system32\necqespa.ini

C:\WINDOWS\system32\nkuigxnw.dll

C:\WINDOWS\system32\nmsapkrb.dll

C:\WINDOWS\system32\ojejftht.ini

C:\WINDOWS\system32\rhskxtak.dll

C:\WINDOWS\system32\rtutv.bak1

C:\WINDOWS\system32\rtutv.bak2

C:\WINDOWS\system32\rtutv.ini

C:\WINDOWS\system32\rtutv.ini2

C:\WINDOWS\system32\rtutv.tmp

C:\WINDOWS\system32\stera.log

C:\WINDOWS\system32\thtfjejo.dll

C:\WINDOWS\system32\toutmjvg.ini

C:\WINDOWS\system32\vtutr.dll

C:\WINDOWS\system32\vtuvtqo.dll

C:\WINDOWS\system32\wnxgiukn.ini

C:\WINDOWS\system32\wvuuuvw.dll

C:\WINDOWS\system32\xpdx.sys

C:\WINDOWS\system32\yfjiqqhi.dll

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_DOMAINSERVICE

-------\LEGACY_FOPN

-------\LEGACY_VSPF

-------\LEGACY_VSPF_HK

-------\DomainService

-------\FOPN

-------\xpdx

 

 

((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))

 

 

2007-08-10 13:49 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-10 13:27 75,284 --a------ C:\WINDOWS\system32\clciwufb.exe

2007-08-10 12:58 75,284 --a------ C:\WINDOWS\system32\kfoknaof.exe

2007-08-10 12:55 75,284 --a------ C:\WINDOWS\system32\ebcscqov.exe

2007-08-10 12:55 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2007-08-10 12:47 75,284 --a------ C:\WINDOWS\system32\dwldkfdx.exe

2007-08-10 12:46 75,284 --a------ C:\WINDOWS\system32\uenwsxlb.exe

2007-08-10 12:14 75,284 --a------ C:\WINDOWS\system32\qlhyxeiw.exe

2007-08-10 11:42 75,284 --a------ C:\WINDOWS\system32\gpknalxi.exe

2007-08-10 11:32 75,284 --a------ C:\WINDOWS\system32\ivkfbqbx.exe

2007-08-10 10:41 75,284 --a------ C:\WINDOWS\system32\rdtxoxqh.exe

2007-08-10 10:37 75,284 --a------ C:\WINDOWS\system32\uetycxyx.exe

2007-08-10 10:27 75,284 --a------ C:\WINDOWS\system32\kmsltfki.exe

2007-08-10 10:24 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\delsim

2007-08-10 10:23 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-08-10 10:23 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos

2007-08-10 10:23 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar

2007-08-10 10:23 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos

2007-08-10 10:23 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais

2007-08-10 10:23 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede

2007-08-10 10:23 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo

2007-08-10 10:23 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Meus documentos

2007-08-10 10:23 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritos

2007-08-10 10:20 75,284 --a------ C:\WINDOWS\system32\itupkvyr.exe

2007-08-10 10:13 75,284 --a------ C:\WINDOWS\system32\iwbjkgww.exe

2007-08-10 10:06 75,284 --a------ C:\WINDOWS\system32\kuqgdism.exe

2007-08-09 22:34 75,284 --a------ C:\WINDOWS\system32\ufcruwku.exe

2007-08-09 21:59 75,284 --a------ C:\WINDOWS\system32\ptlccajk.exe

2007-08-09 21:54 75,284 --a------ C:\WINDOWS\system32\gqpligvu.exe

2007-08-09 21:52 75,284 --a------ C:\WINDOWS\system32\vvrigkrh.exe

2007-08-09 21:45 75,284 --a------ C:\WINDOWS\system32\cukysifm.exe

2007-08-09 20:15 75,284 --a------ C:\WINDOWS\system32\neurpgih.exe

2007-08-09 18:23 75,284 --a------ C:\WINDOWS\system32\juroageq.exe

2007-08-09 17:11 75,284 --a------ C:\WINDOWS\system32\kamqgeyj.exe

2007-08-09 13:09 75,284 --a------ C:\WINDOWS\system32\bgmdlsmr.exe

2007-08-08 19:51 75,284 --a------ C:\WINDOWS\system32\gsfxxiex.exe

2007-08-08 17:39 75,284 --a------ C:\WINDOWS\system32\nioesncx.exe

2007-08-08 17:35 947,472 --a------ C:\WINDOWS\system32\msjava.dll

2007-08-08 17:35 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll

2007-08-08 17:35 6,550 --a------ C:\WINDOWS\jautoexp.dat

2007-08-08 17:35 49,424 --a------ C:\WINDOWS\system32\clspack.exe

2007-08-08 17:35 46,352 --a------ C:\WINDOWS\setdebug.exe

2007-08-08 17:35 404,752 --a------ C:\WINDOWS\system32\javart.dll

2007-08-08 17:35 313,856 --a------ C:\WINDOWS\system32\dx3j.dll

2007-08-08 17:35 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll

2007-08-08 17:35 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll

2007-08-08 17:35 187,152 --a------ C:\WINDOWS\system32\javacypt.dll

2007-08-08 17:35 172,304 --a------ C:\WINDOWS\system32\jview.exe

2007-08-08 17:35 171,792 --a------ C:\WINDOWS\system32\wjview.exe

2007-08-08 17:35 171,280 --a------ C:\WINDOWS\system32\jit.dll

2007-08-08 17:35 154,384 --a------ C:\WINDOWS\system32\msawt.dll

2007-08-08 17:35 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe

2007-08-08 17:35 139,536 --a------ C:\WINDOWS\system32\javaee.dll

2007-08-08 17:35 113 --a------ C:\WINDOWS\system32\zonedon.reg

2007-08-08 17:35 113 --a------ C:\WINDOWS\system32\zonedoff.reg

2007-08-08 17:31 75,284 --a------ C:\WINDOWS\system32\wtjirocv.exe

2007-08-08 15:15 75,284 --a------ C:\WINDOWS\system32\xkdkvvgm.exe

2007-08-08 15:04 741,376 --a--c--- C:\WINDOWS\system32\dllcache\helpctr.exe

2007-08-08 15:04 73,728 --a--c--- C:\WINDOWS\system32\dllcache\nmcom.dll

2007-08-08 15:04 603,136 -----c--- C:\WINDOWS\system32\dllcache\xpsp2res.dll

2007-08-08 15:04 593,408 --a--c--- C:\WINDOWS\system32\dllcache\h323msp.dll

2007-08-08 15:04 593,408 --a------ C:\WINDOWS\system32\h323msp.dll

2007-08-08 15:04 550,400 --a--c--- C:\WINDOWS\system32\dllcache\rtcdll.dll

2007-08-08 15:04 550,400 --a------ C:\WINDOWS\system32\rtcdll.dll

2007-08-08 15:04 439,808 --a--c--- C:\WINDOWS\system32\dllcache\ipnathlp.dll

2007-08-08 15:04 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll

2007-08-08 15:04 40,960 --a--c--- C:\WINDOWS\system32\dllcache\evtgprov.dll

2007-08-08 15:04 364,544 --a--c--- C:\WINDOWS\system32\dllcache\callcont.dll

2007-08-08 15:04 307,200 --a--c--- C:\WINDOWS\system32\dllcache\netapi32.dll

2007-08-08 15:04 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe

2007-08-08 15:04 253,952 --a--c--- C:\WINDOWS\system32\dllcache\mst120.dll

2007-08-08 12:54 75,284 --a------ C:\WINDOWS\system32\urmtgumy.exe

2007-08-07 22:03 1,000,960 --a------ C:\WINDOWS\system32\esent.dll

2007-08-07 20:53 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2007-08-07 13:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Arovax

2007-08-04 12:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-08-03 22:13 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-08-03 22:13 <DIR> d-------- C:\WINDOWS\system32\PreInstall

2007-08-03 22:13 <DIR> d-------- C:\WINDOWS\system32\bits

2007-08-03 22:12 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-08-03 22:06 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll

2007-08-03 22:06 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll

2007-08-03 22:06 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll

2007-08-03 22:06 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll

2007-08-03 22:06 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll

2007-08-03 22:06 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll

2007-08-03 22:06 331,776 --a------ C:\WINDOWS\system32\winhttp.dll

2007-08-03 22:06 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll

2007-08-03 22:06 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll

2007-08-03 21:55 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution

2007-08-03 21:53 549,720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-08-03 21:53 33,624 --a------ C:\WINDOWS\system32\wups.dll

2007-08-03 21:53 325,976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-08-03 21:53 203,096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-08-03 21:53 186,648 --a------ C:\WINDOWS\system32\wuaueng1.dll

2007-08-03 21:53 169,752 --a------ C:\WINDOWS\system32\wuauclt1.exe

2007-08-03 21:53 <DIR> d-------- C:\WINDOWS\SoftwareDistribution

2007-08-02 22:05 198,504 --a------ C:\WINDOWS\system32\aolo.exe

2007-08-01 17:51 <DIR> d-------- C:\WINDOWS\Profiles

2007-08-01 17:51 <DIR> d-------- C:\DOCUME~1\usuario\DADOSD~1\InterTrust

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-10 13:01 --------- d-------- C:\Arquivos de programas\Steam

2007-08-07 19:42 49586 --a------ C:\WINDOWS\system32\perfc016.dat

2007-08-07 19:42 347294 --a------ C:\WINDOWS\system32\perfh016.dat

2007-08-04 15:27 --------- d-------- C:\Arquivos de programas\eMule

2007-08-03 21:53 --------- d--h----- C:\Arquivos de programas\WindowsUpdate

2007-08-03 14:59 134144 --a------ C:\WINDOWS\system32\sfc_os.dll

2007-08-01 17:57 1770 --a------ C:\WINDOWS\mozver.dat

2007-06-27 11:23 4 --a------ C:\WINDOWS\system32\proc-503976190.bin

2007-06-27 11:23 --------- d-------- C:\DOCUME~1\usuario\DADOSD~1\GanymedeNet

2007-06-25 11:31 --------- d-------- C:\Arquivos de programas\Alwil Software

2007-06-23 19:16 --------- d-------- C:\Arquivos de programas\Incoming

2007-06-21 18:48 --------- d-------- C:\Arquivos de programas\HLSW

2007-06-18 17:58 --------- d-------- C:\Arquivos de programas\MessengerPlus! 3

2007-06-18 17:56 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-06-15 23:03 --------- d-------- C:\DOCUME~1\usuario\DADOSD~1\WinRAR

2007-06-15 18:45 --------- d-------- C:\Arquivos de programas\MessengerDiscovery

2007-05-29 11:56 0 --a------ C:\WINDOWS\nsreg.dat

2007-05-29 06:59 499712 --a------ C:\WINDOWS\system32\msvcp71.dll

2007-05-29 06:59 348160 --a------ C:\WINDOWS\system32\msvcr71.dll

2007-05-28 18:17 119808 --a------ C:\WINDOWS\system32\msmngar.exe

2007-05-28 16:01 0 -rahs---- C:\MSDOS.SYS

2007-05-28 16:01 0 -rahs---- C:\IO.SYS

2007-05-28 16:01 0 --a------ C:\CONFIG.SYS

2007-05-28 16:01 0 --a------ C:\AUTOEXEC.BAT

2007-05-28 15:59 21844 --a------ C:\WINDOWS\system32\emptyregdb.dat

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2007-01-23 22:39 C:\WINDOWS\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-03-01 05:22 C:\WINDOWS\soundman.exe]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-05-30 09:59]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-05-14 19:22]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-01-23 22:39]

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 14:08]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-06-18 17:58]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2005-06-14 17:05]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]

"WMI Standard Event Consumer - Scripting"=C:\WINDOWS\System32\wbem\scrcons32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"WMI Standard Event Consumer - Scripting"=C:\WINDOWS\System32\wbem\scrcons32.exe

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]

"File Mapping Services"=hp-1003.exe

"WMI Standard Event Consumer - Scripting"=C:\WINDOWS\System32\wbem\scrcons32.exe

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"File Mapping Services"=hp-1003.exe

"Nex"=C:\WINDOWS\System32\nex.exe

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"WMI Standard Event Consumer - Scripting"= C:\WINDOWS\System32\wbem\scrcons32.exe

 

R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver;C:\WINDOWS\System32\DRIVERS\SiSGbeXP.sys

S2 Bluetooth Stack COM Server;Bluetooth Stack COM Server;"C:\WINDOWS\BTStack.exe"

S2 Memorex Network Analysis Tool;Memorex Network Analysis Tool;"C:\WINDOWS\System32\dllcache\winsntp.exe"

S2 mikaserv;mika_serv;"C:\WINDOWS\mikaserv.exe"

S2 Sony Network Analysis Tool;Sony Network Analysis Tool;"C:\WINDOWS\System32\dllcache\winsony.exe"

 

*Newly Created Service* - ALG

*Newly Created Service* - IPNAT

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-10 13:52:20

Windows 5.1.2600 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-10 13:53:34 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-10 13:53

 

--- E O F ---

 

 

 

Algo d errado ainda?

[gblcp 0]

Ei pessoal, desculpe ta postando denovo é pq li um topico de um cara falando sobre o AVG C:\WINDOWS\System32\Kernel32.dll Change o meu tambem esta com isso e com C:\WINDOWS\System32\user32.dll ; C:\WINDOWS\System32\shell32.dll ; C:\WINDOWS\System32\ntoskrnl.exe ; C:\WINDOWS\System32\ drivers\etc\hosts Change.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.