Boa noite, falo do Rio de Janeiro - Brasil.

Encaminho para análise o log do scan feito no emu computador, bem como o log do spyware nuker, que localiza traços de registro do TROJAN.DSMANAGER mas não consegue eliminar.

Quando o Nuker elimina os traços, basta reiniciar a máquina e, como que se ressuscitassem, eles voltam.

Sem saber mais o que fazer, recorro a vocês.

Log do Spyware Nuker:

DSManager - Trojan 952 Allows remote access to an infected computer. Logs confidential information from Windows. Communicates with its controlling servers in the background and can silently download files. Restarts computer on specific user actions.
Registry Key 55390 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\V FILT
Registry Key 55393 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\VFILT


Log do HijackThis:


Logfile of HijackThis v1.99.1
Scan saved at 21:22:02, on 18/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Eu\Meus documentos\Downloads\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IBBHO Class - {12BA043E-293E-4CE4-A8C7-8460934FE801} - C:\ARQUIV~1\INCRED~2\bin\IBBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: IncrediBar - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\ARQUIV~1\INCRED~2\bin\IBTBar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Arquivos de programas\Mouse Driver\Mouse Driver\5.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [Multimedia KeyBoard] C:\ARQUIV~1\MediaKey\KMEMMKey.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AWMON] "C:\ARQUIV~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=042505 serial=DR12CEP-3585472-SHB lang=BP
O4 - HKLM\..\Run: [Outpost Firewall] C:\ARQUIV~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\ARQUIV~1\INCRED~2\bin\IBTBar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.gratis.com.br
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O20 - Winlogon Notify: WB - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\ARQUIV~1\Agnitum\OUTPOS~1\outpost.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe




Não sei se referido problema está residente em algum programa que porventura eu esteja utilizando, mas, gostaria de pelo menos ter mais informações sobre este problema, já que simplesmente não encontro nada na rede.

Obrigado, e parabéns pela iniciativa e sucesso.

Gean Matiello

Hola te doy la bienvenida al Foro de Spyware, empieza siguiendo los pasos de el "Tutorial de Spywares" con las herramientas Micro$oft Antispyware, Ad-Aware SE y SpyBot.

Pásale el "Trend Micro Antivirus Online" y genera un nuevo log de HijackThis para pegarlo en este mismo mensaje y decirnos los resultados de los análisis de las herramientas.

Salu2

esse log foi gerado após passar microsoft, spybot, ad-aware, spyware nuker, norton 2005, panda e treend micro on-line
Devo repetir todo o processo ou devo repetir e mandar o log de cada uma dessas ferramentas?

Grato pela resposta.

Gean Matiello

P.S.: passei também o AVG 7 que me havia sido recomendado em outro fórum.

Solament con las mencionadas ahi y el "Spyware Nuker" te recomiendo desintalarlo ya que es un Falso Antispyware

Despues generas un nuevo log y lo pones aca mismo asi lo analizamos a ver que hay que sacar.

Salu2

ok, removi o Nuker, passei ad-aware, spybot e microsoft anti spyware, Norton, Trend on-line e Panda on-line. Feito isso, gerei novo log, como segue.

Aguardo resposta.

Mais uma vez, obrigado.

Gean Matiello



Logfile of HijackThis v1.99.1
Scan saved at 20:41:30, on 22/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\Arquivos de programas\Stardock\Object

Desktop\WindowBlinds\wbload.exe
C:\Arquivos de programas\Arquivos comuns\Symantec

Shared\ccSetMgr.exe
C:\Arquivos de programas\Arquivos comuns\Symantec

Shared\SNDSrvc.exe
C:\Arquivos de programas\Arquivos comuns\Symantec

Shared\SPBBC\SPBBCSvc.exe
C:\Arquivos de programas\Arquivos comuns\Symantec

Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Mouse Driver\Mouse

Driver\5.2\MOUSE32A.EXE
C:\ARQUIV~1\MediaKey\KMEMMKey.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\Java\jre1.5.0\bin\jusched.exe
C:\Arquivos de programas\Ahead\InCD\InCD.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe
C:\ARQUIV~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Arquivos de programas\Arquivos comuns\Symantec

Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ARQUIV~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft

Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\Norton SystemWorks\Norton

AntiVirus\navapsvc.exe
C:\Arquivos de programas\Norton SystemWorks\Norton

AntiVirus\IWP\NPFMntor.exe
C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\ARQUIV~1\Agnitum\OUTPOS~1\outpost.exe
C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Arquivos de programas\Arquivos comuns\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\ARQUIV~1\MediaKey\KBOSDCtl.EXE
C:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\MediaKey\KCodeMsg.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ARQUIV~1\INCRED~2\bin\IBMain.exe
C:\Documents and Settings\Eu\Meus

documentos\Downloads\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.veloxzone.com.br/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title

= Speed Turtle !!!
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de

programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IBBHO Class - {12BA043E-293E-4CE4-A8C7-8460934FE801} -

C:\ARQUIV~1\INCRED~2\bin\IBBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class -

{AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de

programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Arquivos de programas\Norton SystemWorks\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: IncrediBar - {D8073790-84C7-4602-BF77-C6ACBF1612E4}

- C:\ARQUIV~1\INCRED~2\bin\IBTBar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3}

- (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93}

- C:\Arquivos de programas\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de

programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Arquivos de programas\Mouse

Driver\Mouse Driver\5.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [Multimedia KeyBoard]

C:\ARQUIV~1\MediaKey\KMEMMKey.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de

programas\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de

programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de

programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AWMON]

"C:\ARQUIV~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos

comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de

programas\Corel\Corel Graphics

12\Languages\BR\Programs\Registration.exe /title="CorelDRAW

Graphics Suite 12" /date=042505 serial=DR12CEP-3585472-SHB

lang=BP
O4 - HKLM\..\Run: [Outpost Firewall]

C:\ARQUIV~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\ARQUIV~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep

0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager]

C:\ARQUIV~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de

programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma

Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control

Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style

Box - C:\ARQUIV~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Convert link target to Adobe PDF -

res://C:\Arquivos de programas\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF

- res://C:\Arquivos de programas\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF

- res://C:\Arquivos de programas\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing

PDF - res://C:\Arquivos de programas\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -

res://C:\Arquivos de programas\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -

res://C:\Arquivos de programas\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -

res://C:\Arquivos de programas\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -

res://C:\Arquivos de programas\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: IncrediBar -

{023FA804-DCE1-4817-94ED-6BA4200F9AF2} -

C:\ARQUIV~1\INCRED~2\bin\IBTBar.dll
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Pesquisar -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de

programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de

programas\Messenger\msmsgs.exe
O9 - Extra button: Trashcan -

{072F3B8A-2DA2-40e2-B841-88899F240200} -

C:\ARQUIV~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan -

{072F3B8A-2DA2-40e2-B841-88899F240200} -

C:\ARQUIV~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall

Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicr

o.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

Installer Class) -

http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) -

http://www2.incredimail.com/contents/setup/downloader/imloader.ca

b
O20 - Winlogon Notify: WB -

C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de

programas\Arquivos comuns\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec

Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec

Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de

programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Serviço do Auto-Protect do Norton AntiVirus

(navapsvc) - Symantec Corporation - C:\Arquivos de

programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service

(NPFMntor) - Symantec Corporation - C:\Arquivos de

programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) -

Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) -

Agnitum - C:\ARQUIV~1\Agnitum\OUTPOS~1\outpost.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de

programas\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec

Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -

Symantec Corporation - C:\Arquivos de programas\Arquivos

comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec

Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -

C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation -

C:\Arquivos de programas\Arquivos comuns\Symantec

Shared\CCPD-LC\symlcsvc.exe

Hola

Ese log está muy desordenado, debes copiar y pegar el contenido íntegro que se muestra en el bloc de notas, tal y como aparece allí.

Saludos.

ok, abri o bloco de notas e segue como solicitado.

Grato pelo auxílio.

Gean Matiello



Logfile of HijackThis v1.99.1
Scan saved at 20:41:30, on 22/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Mouse Driver\Mouse Driver\5.2\MOUSE32A.EXE
C:\ARQUIV~1\MediaKey\KMEMMKey.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\Java\jre1.5.0\bin\jusched.exe
C:\Arquivos de programas\Ahead\InCD\InCD.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe
C:\ARQUIV~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ARQUIV~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\ARQUIV~1\Agnitum\OUTPOS~1\outpost.exe
C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\ARQUIV~1\MediaKey\KBOSDCtl.EXE
C:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\MediaKey\KCodeMsg.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ARQUIV~1\INCRED~2\bin\IBMain.exe
C:\Documents and Settings\Eu\Meus documentos\Downloads\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.veloxzone.com.br/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Speed Turtle !!!
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IBBHO Class - {12BA043E-293E-4CE4-A8C7-8460934FE801} - C:\ARQUIV~1\INCRED~2\bin\IBBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: IncrediBar - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\ARQUIV~1\INCRED~2\bin\IBTBar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Arquivos de programas\Mouse Driver\Mouse Driver\5.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [Multimedia KeyBoard] C:\ARQUIV~1\MediaKey\KMEMMKey.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AWMON] "C:\ARQUIV~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=042505 serial=DR12CEP-3585472-SHB lang=BP
O4 - HKLM\..\Run: [Outpost Firewall] C:\ARQUIV~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\ARQUIV~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\ARQUIV~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\ARQUIV~1\INCRED~2\bin\IBTBar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\ARQUIV~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\ARQUIV~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O20 - Winlogon Notify: WB - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\ARQUIV~1\Agnitum\OUTPOS~1\outpost.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

Hola, tu log de HijackThis esta limpio de malwares y si los demás programas no te encuentran nada, seguramente se trataba de un falso positivo que te mostraba el falso antispyware "Spy Nuker" ::todomal:

Damos el tema por solucionado :dedosarri

Ok, obrigado pela atenção.

Gostaria de obter maiores informações a respeito do assunto, até para poder auxiliar outros usuários. O que me sugere?

Um abraço, do Brasil.

Gean