Acesso à internet está normal, mas o resto...

[Rackson 0]

Se tiver como, por favor analisem meu log do HiJackThis, porque a situação está feia aqui no pc

 

Caso seja necessário a descrição dos problemas q to tendo, depois coloco, pois acho q só o log já basta né?!

 

Então aqui está:

 

Logfile of HijackThis v1.99.1

Scan saved at 12:16:06, on 9/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\explorer.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Macromedia\Fireworks 8\Fireworks.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O8 - Extra context menu item: Download All Links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Arquivos de programas\GizmoPlugin\GizmoPlugin.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

 

Ah, 2 observações.:

(Eu não entendo nada desse log mais vi uns trem aqui q acho q devo falar algo ^^)

Esse:

C:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing)

quem deletou foi eu.

 

O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Arquivos de programas\GizmoPlugin\GizmoPlugin.exe

Acho q isso tem haver com um desses sites q hospedam de graça dae tinha q instalar essa porcaria pra poder baixar o arquivo q foi upado por outros usuários.... =(

 

 

Acho q é só isso mesmo, sem mais demoras, obrigado a todos ^^

[jgarcia 1]

Opa Rackson,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[Rackson 0]

Opa ta na mão xD

 

ComboFix 07-09-10.6 - "Rackson" 2007-09-13 1:03:49.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.276 [GMT -3:00]

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini

 

 

((((((((((((((((((((((( Ficheiros criados de 2007-08-13 to 2007-09-13 ))))))))))))))))))))))))))))))))

.

 

2007-09-13 01:01 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-09-12 23:58 <DIR> d-------- C:\Arquivos de programas\MessengerDiscovery

2007-09-12 12:05 <DIR> d--h----- C:\WINDOWS\PIF

2007-09-12 00:07 <DIR> d-------- C:\Arquivos de programas\Eidos Interactive

2007-09-09 04:31 <DIR> d-------- C:\Arquivos de programas\Soulseek

2007-08-23 00:57 39 --a------ C:\bootrapido.bat

2007-08-19 12:16 <DIR> d-------- C:\Arquivos de programas\MozBackup

2007-08-14 01:33 <DIR> d-------- C:\Arquivos de programas\ADSTechnology

2007-08-14 01:33 <DIR> d-------- C:\Arquivos de programas\ActivationManager

2007-08-14 00:10 <DIR> d-------- C:\Arquivos de programas\DivX

2007-08-13 21:17 <DIR> d-------- C:\Arquivos de programas\GizmoPlugin

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-12 23:58 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-09-12 00:13 --------- d-------- C:\DOCUME~1\Rackson\DADOSD~1\MegauploadToolbar

2007-09-11 01:01 --------- d-------- C:\DOCUME~1\Rackson\DADOSD~1\DMCache

2007-09-06 07:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-09-06 07:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-09-06 07:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-09-06 07:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-09-06 07:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-09-06 07:00 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-09-06 07:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-08-19 13:33 --------- d-------- C:\Arquivos de programas\Bonjour

2007-08-19 11:29 --------- d-------- C:\Arquivos de programas\LClock

2007-08-14 00:17 --------- d-------- C:\Arquivos de programas\CyberScript31

2007-08-08 00:16 --------- d-------- C:\Arquivos de programas\StuffPlug3

2007-08-07 22:30 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-07 22:30 --------- d-------- C:\Arquivos de programas\CAPCOM

2007-08-05 08:30 --------- d-------- C:\Arquivos de programas\valve

2007-08-05 08:16 229161 --a------ C:\WINDOWS\ADDONS SITECS (NONSTEAM) Uninstaller.exe

2007-08-05 08:16 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Thraex Software

2007-08-02 21:31 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-08-02 00:25 --------- d-------- C:\DOCUME~1\Rackson\DADOSD~1\Hamachi

2007-08-02 00:11 25544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-08-02 00:11 --------- d-------- C:\Arquivos de programas\Hamachi

2007-08-01 22:37 --------- d-------- C:\Arquivos de programas\Peer2Mail

2007-08-01 22:29 --------- d-a------ C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

2007-08-01 19:46 --------- d-------- C:\Arquivos de programas\Kao98

2007-07-28 13:26 --------- d-------- C:\Arquivos de programas\Cakewalk

2007-07-28 13:19 --------- d-------- C:\DOCUME~1\Rackson\DADOSD~1\Cakewalk

2007-07-26 20:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-07-26 20:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-07-22 12:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\POPWWPROFILES

2007-07-22 12:45 --------- d-------- C:\Arquivos de programas\Ubisoft

2007-07-20 12:27 --------- d-------- C:\Arquivos de programas\MegauploadToolbar

2007-07-18 21:02 --------- d-------- C:\Arquivos de programas\Tales of Pirates Online

2007-07-18 18:24 --------- d-------- C:\Arquivos de programas\CoolSMS

2007-07-10 22:51 139264 --a------ C:\WINDOWS\War3Unin.exe

2007-07-10 04:54 81920 --a------ C:\WINDOWS\system32\frapsvid.dll

2001-11-23 01:08 712704 -ra------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

 

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 07:06]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2001-12-16 14:55]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Nokia.PCSync"=C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\]

"Script"=C:\bootrapido.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Last.fm Helper.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Last.fm Helper.lnk

backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^svchost.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svchost.exe

backup=C:\WINDOWS\pss\svchost.exeCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^svhost.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svhost.exe

backup=C:\WINDOWS\pss\svhost.exeCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rackson^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\Rackson\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rackson^Menu Iniciar^Programas^Inicializar^svchost.exe]

path=C:\Documents and Settings\Rackson\Menu Iniciar\Programas\Inicializar\svchost.exe

backup=C:\WINDOWS\pss\svchost.exeStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

"C:\Arquivos de programas\Ares\Ares.exe" -h

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

RunDll32 cmicnfg.cpl,CMICtrlWnd

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS]

C:\Arquivos de programas\CoolSMS\CoolSMS.exe /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

"C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPDrv4XP]

C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]

C:\Arquivos de programas\Pinnacle\Studio 9\LaunchList.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]

"C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaKey]

C:\ARQUIV~1\MediaKey\sm_keybd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Arquivos de programas\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Msn Messenger]

C:\WINDOWS\system32\msnmsnr.scr

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh]

C:\Arquivos de programas\RSSoft\RedSwoosh.exe /S

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

"C:\Arquivos de programas\Valve\Steam\Steam.exe" -silent

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost]

C:\WINDOWS\system32\svchost.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SymantecFilterCheck]

C:\WINDOWS\system32\svhost.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Arquivos de programas\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot

 

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

R2 Gizmo Plugin;Gizmo VoIP Service;"C:\Arquivos de programas\GizmoPlugin\GizmoPlugin.exe"

R3 CCCP106;D-Link CIF Webcam;C:\WINDOWS\system32\DRIVERS\cccp106.sys

S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys

S3 XDva009;XDva009;\??\C:\WINDOWS\system32\XDva009.sys

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

AutoRun\command- F:\autoplay.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

AutoRun\command- J:\autoplay.exe

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-13 01:06:33

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-09-13 1:07:38

C:\ComboFix-quarantined-files.txt ... 2007-09-13 01:07

.

--- E O F ---

 

 

PS.:

Esse bootrapido.bat, tem só del c:\windows\prefetch\ntosboot-*.* /q

[jgarcia 1]

Opa Rackson,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

[Rackson 0]

Oopa, valeu pela atenção até agora, jgarcia xD

Fiz como você pediu e eis aqui os logs:

 

Logfile of HijackThis v1.99.1

Scan saved at 00:04:14, on 14/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\GizmoPlugin\GizmoPlugin.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Download Manager\IDMan.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O8 - Extra context menu item: Download All Links with IDM - C:\Arquivos de programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Download with IDM - C:\Arquivos de programas\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Arquivos de programas\GizmoPlugin\GizmoPlugin.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

_________________________

 

 

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 14/9/2007 - 0:2

-------------------------------------------------------

Lista de Definição: 2007-09-09-1

=======================================================

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

[jgarcia 1]

Opa Rackson,

 

Poste um novo log do ComboFix.

 

Abraços.

[Rackson 0]

Opa, desculpa a demora x)

Faculdade+Trampo+Namorada, sabe como é né? xD

hIAUHUiahIAUH

Lá vai o log ^^

Abraço

 

ComboFix 07-09-10.6 - "Rackson" 2007-09-18 1:18:03.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.292 [GMT -3:00]

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-08-18 to 2007-09-18 ))))))))))))))))))))))))))))))))

.

 

2007-09-18 00:32 <DIR> d-------- C:\Arquivos de programas\Carnival Software

2007-09-18 00:31 <DIR> d-------- C:\DOCUME~1\Rackson\DADOSD~1\Carnival Software

2007-09-16 12:39 <DIR> d-------- C:\Arquivos de programas\eMule

2007-09-14 22:32 <DIR> d-------- C:\Arquivos de programas\Worms 3D

2007-09-14 00:02 <DIR> d-------- C:\LinhaDefensiva

2007-09-13 01:01 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-09-12 23:58 <DIR> d-------- C:\Arquivos de programas\MessengerDiscovery

2007-09-12 12:05 <DIR> d--h----- C:\WINDOWS\PIF

2007-09-12 00:07 <DIR> d-------- C:\Arquivos de programas\Eidos Interactive

2007-09-09 04:31 <DIR> d-------- C:\Arquivos de programas\Soulseek

2007-08-23 00:57 39 --a------ C:\bootrapido.bat

2007-08-19 12:16 <DIR> d-------- C:\Arquivos de programas\MozBackup

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-17 22:20 --------- d-------- C:\Arquivos de programas\StuffPlug3

2007-09-17 22:01 --------- d-------- C:\DOCUME~1\Rackson\DADOSD~1\MegauploadToolbar

2007-09-16 13:29 --------- d-------- C:\DOCUME~1\Rackson\DADOSD~1\DMCache

2007-09-12 23:58 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-09-06 07:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-09-06 07:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-09-06 07:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-09-06 07:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-09-06 07:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-09-06 07:00 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-09-06 07:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-08-19 13:33 --------- d-------- C:\Arquivos de programas\Bonjour

2007-08-19 11:29 --------- d-------- C:\Arquivos de programas\LClock

2007-08-14 01:33 --------- d-------- C:\Arquivos de programas\ADSTechnology

2007-08-14 01:33 --------- d-------- C:\Arquivos de programas\ActivationManager

2007-08-14 00:17 --------- d-------- C:\Arquivos de programas\CyberScript31

2007-08-14 00:10 --------- d-------- C:\Arquivos de programas\DivX

2007-08-13 21:17 --------- d-------- C:\Arquivos de programas\GizmoPlugin

2007-08-07 22:30 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-07 22:30 --------- d-------- C:\Arquivos de programas\CAPCOM

2007-08-05 08:30 --------- d-------- C:\Arquivos de programas\valve

2007-08-05 08:16 229161 --a------ C:\WINDOWS\ADDONS SITECS (NONSTEAM) Uninstaller.exe

2007-08-05 08:16 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Thraex Software

2007-08-02 21:31 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-08-02 00:25 --------- d-------- C:\DOCUME~1\Rackson\DADOSD~1\Hamachi

2007-08-02 00:11 25544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-08-02 00:11 --------- d-------- C:\Arquivos de programas\Hamachi

2007-08-01 22:37 --------- d-------- C:\Arquivos de programas\Peer2Mail

2007-08-01 22:29 --------- d-a------ C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

2007-08-01 19:46 --------- d-------- C:\Arquivos de programas\Kao98

2007-07-28 13:26 --------- d-------- C:\Arquivos de programas\Cakewalk

2007-07-28 13:19 --------- d-------- C:\DOCUME~1\Rackson\DADOSD~1\Cakewalk

2007-07-26 20:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-07-26 20:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-07-22 12:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\POPWWPROFILES

2007-07-22 12:45 --------- d-------- C:\Arquivos de programas\Ubisoft

2007-07-20 12:27 --------- d-------- C:\Arquivos de programas\MegauploadToolbar

2007-07-18 21:02 --------- d-------- C:\Arquivos de programas\Tales of Pirates Online

2007-07-18 18:24 --------- d-------- C:\Arquivos de programas\CoolSMS

2007-07-10 22:51 139264 --a------ C:\WINDOWS\War3Unin.exe

2007-07-10 04:54 81920 --a------ C:\WINDOWS\system32\frapsvid.dll

2001-11-23 01:08 712704 -ra------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

.

 

((((((((((((((((((((((((((((( snapshot_2007-09-13_ 10652,17 )))))))))))))))))))))))))))))))))))))))))

.

----atw 16,384 2007-09-14 00:48:58 C:\WINDOWS\Temp\Perflib_Perfdata_60c.dat

----atw 16,384 2007-09-18 00:44:35 C:\WINDOWS\Temp\Perflib_Perfdata_61c.dat

.

----atw 16,384 2007-09-12 02:39:29 C:\WINDOWS\Temp\Perflib_Perfdata_61c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

 

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 07:06]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2001-12-16 14:55]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Nokia.PCSync"=C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\]

"Script"=C:\bootrapido.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Last.fm Helper.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Last.fm Helper.lnk

backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^svchost.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svchost.exe

backup=C:\WINDOWS\pss\svchost.exeCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^svhost.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svhost.exe

backup=C:\WINDOWS\pss\svhost.exeCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rackson^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\Rackson\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rackson^Menu Iniciar^Programas^Inicializar^svchost.exe]

path=C:\Documents and Settings\Rackson\Menu Iniciar\Programas\Inicializar\svchost.exe

backup=C:\WINDOWS\pss\svchost.exeStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

"C:\Arquivos de programas\Ares\Ares.exe" -h

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

RunDll32 cmicnfg.cpl,CMICtrlWnd

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS]

C:\Arquivos de programas\CoolSMS\CoolSMS.exe /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

"C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPDrv4XP]

C:\ARQUIV~1\MediaKey\KPDrv4XP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]

C:\Arquivos de programas\Pinnacle\Studio 9\LaunchList.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]

"C:\Arquivos de programas\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaKey]

C:\ARQUIV~1\MediaKey\sm_keybd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Arquivos de programas\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Msn Messenger]

C:\WINDOWS\system32\msnmsnr.scr

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh]

C:\Arquivos de programas\RSSoft\RedSwoosh.exe /S

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

"C:\Arquivos de programas\Valve\Steam\Steam.exe" -silent

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost]

C:\WINDOWS\system32\svchost.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SymantecFilterCheck]

C:\WINDOWS\system32\svhost.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Arquivos de programas\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot

 

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

R2 Gizmo Plugin;Gizmo VoIP Service;"C:\Arquivos de programas\GizmoPlugin\GizmoPlugin.exe"

R3 CCCP106;D-Link CIF Webcam;C:\WINDOWS\system32\DRIVERS\cccp106.sys

S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys

S3 XDva009;XDva009;\??\C:\WINDOWS\system32\XDva009.sys

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

AutoRun\command- F:\autoplay.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

AutoRun\command- J:\autoplay.exe

 

.

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-18 01:20:50

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

.

Completion time: 2007-09-18 1:22:08

C:\ComboFix-quarantined-files.txt ... 2007-09-18 01:21

C:\ComboFix2.txt ... 2007-09-13 01:15

.

--- E O F ---

[jgarcia 1]

Opa Rackson,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Last.fm

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svchost.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svhost.exe

C:\Documents and Settings\Rackson\Menu Iniciar\Programas\Inicializar\svchost.exe

C:\WINDOWS\pss\Last.fm

C:\WINDOWS\pss\svchost.exe

C:\WINDOWS\pss\svhost.exe

C:\WINDOWS\system32\msnmsnr.scr

C:\WINDOWS\system32\svhost.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie o computador.

 

Retorne com novos logs do ComboFix e HijackThis.

 

Um abraço.

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.