Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Bruno Freitas

[Resolvido!]Meu computador reiniciou sozinho

Recommended Posts

Olá, Srs. moderadores.

 

Preciso de ajuda, pois acabei baixando um vírus no link a seguir:

 

<Link removido para evitar a possível infecção de outros membros>

 

Acredito que seja esse o link, por questões de segurança NÃO CLIQUE

 

 

Peguei então um vírus que fica abrindo anúncios falsos do mercadolibre.com e drive cleaner, além de error safe.

 

Fui dormir, e quando acordei detectei que meu computador havia reiniciado sozinho, e a bios dizia que não existiria um HDD Primário.

 

P.S.: Deixei meu McAfee fazendo uma varredura

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui está o Logfile of HijackThis v1.99.1

Scan saved at 12:25:11, on 25/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ASUS\Asus Probe\AsusProb.exe

C:\Program Files\WSafe\WSafe.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\redirsvc\redirsvc.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

c:\ARQUIV~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mercadolivre.com.br/

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=073007 serial=DR12WEX-1504397-kty lang=BP

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe

O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [WSafe] C:\Program Files\WSafe\WSafe.exe

O4 - HKLM\..\Run: [gfxtray] rundll32 ctccw32.dll,findwnd

O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\qgcqxdod.dll",forkonce

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185079017359

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\ARQUIV~1\ARQUIV~1\McAfee\EmProxy\emproxy.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Bruno Freitas,

 

Vamos lá.

 

* Baixe o VundoFix.

 

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

 

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

 

* Terminado o scan clique em Remove Vundo;

 

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

 

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

 

* Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do HijackThis.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui está o LogFile do

 

VundoFix V6.5.6

 

Checking Java version...

 

Sun Java not detected

Scan started at 19:56:26 25/7/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\qrqss.bak1

C:\WINDOWS\system32\qrqss.bak2

C:\WINDOWS\system32\qrqss.ini

C:\WINDOWS\system32\qrqss.ini2

C:\WINDOWS\system32\qrqss.tmp

C:\WINDOWS\system32\ssqrq.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\qrqss.bak1

C:\WINDOWS\system32\qrqss.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qrqss.bak2

C:\WINDOWS\system32\qrqss.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qrqss.ini

C:\WINDOWS\system32\qrqss.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qrqss.ini2

C:\WINDOWS\system32\qrqss.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qrqss.tmp

C:\WINDOWS\system32\qrqss.tmp Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ssqrq.dll

C:\WINDOWS\system32\ssqrq.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

E aqui vai o Log novo do hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 20:01:56, on 25/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

C:\Program Files\ASUS\Asus Probe\AsusProb.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\redirsvc\redirsvc.exe

C:\Program Files\WSafe\WSafe.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\ARQUIV~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mercadolivre.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2BFD4CA8-8843-4663-B382-E91BEA30F7F1} - C:\WINDOWS\system32\ssqrq.dll (file missing)

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\arquivos de programas\mcafee\virusscan\scriptcl.dll

O2 - BHO: (no name) - {857A461D-8D96-4996-A4A0-AEA0A2535B86} - C:\WINDOWS\system32\rqrpmmj.dll

O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=073007 serial=DR12WEX-1504397-kty lang=BP

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe

O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [WSafe] C:\Program Files\WSafe\WSafe.exe

O4 - HKLM\..\Run: [gfxtray] rundll32 ctccw32.dll,findwnd

O4 - HKLM\..\Run: [Office SturtUp] osa9.exe

O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\kxuvrrjj.dll",forkonce

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185079017359

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: rqrpmmj - C:\WINDOWS\SYSTEM32\rqrpmmj.dll

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\ARQUIV~1\ARQUIV~1\McAfee\EmProxy\emproxy.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Bruno Freitas,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui vai o log do combo fix

 

 

"Elizeu" - 2007-07-26 19:06:25 [GMT -3:00] - ComboFix 07-07-24 - Service Pack 2 FAT32

 

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\ssttt.dll

C:\WINDOWS\system32\rqrpmmj.dll

C:\WINDOWS\system32\rqrpmmj.dll

C:\WINDOWS\system32\tttss.ini

C:\WINDOWS\system32\tttss.bak1

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\update.exe

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_NWSAPAGENT

-------\nm

-------\NwSapAgent

 

 

((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))

 

 

2007-07-26 19:05 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-26 18:43 1,371,236 --a------ C:\ComboFix.exe

2007-07-25 20:10 48,375 --a------ C:\WINDOWS\system32\osa9.exe

2007-07-25 19:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

2007-07-25 19:56 <DIR> d-------- C:\VundoFix Backups

2007-07-25 19:28 8,576 --a------ C:\WINDOWS\system32\drivers\itnhfpatqiqh.sys

2007-07-25 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-07-25 15:08 126,016 --a------ C:\WINDOWS\system32\kxuvrrjj.dll

2007-07-25 12:23 <DIR> d--h----- C:\hijackthis

2007-07-25 04:37 126,016 --a------ C:\WINDOWS\system32\jkvtogrs.dll

2007-07-24 22:59 283 --a------ C:\WINDOWS\comm.bin

2007-07-24 21:45 257 --a------ C:\WINDOWS\msdres.bin

2007-07-24 16:23 <DIR> d-------- C:\DOCUME~1\Elizeu\DADOSD~1\WinRAR

2007-07-24 15:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\WinZip

2007-07-22 17:16 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-22 05:16 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2007-07-22 05:14 <DIR> d-------- C:\Arquivos de programas\MSBuild

2007-07-22 05:11 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2007-07-22 05:11 <DIR> d-------- C:\Arquivos de programas\Reference Assemblies

2007-07-22 05:10 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2007-07-22 05:10 <DIR> d-------- C:\WINDOWS\system32\pt-br

2007-07-19 23:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

2007-07-19 23:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Office Genuine Advantage

2007-07-19 01:56 <DIR> d-------- C:\DOCUME~1\Elizeu\DADOSD~1\LEGO Company

2007-07-17 21:31 <DIR> d-------- C:\DOCUME~1\Elizeu\DADOSD~1\Apple Computer

2007-07-16 17:58 831,742 --a------ C:\WINDOWS\system32\Marcopolo Screensaver.scr

2007-07-15 18:42 <DIR> d-------- C:\Downloads

2007-07-15 02:32 92,672 --a------ C:\WINDOWS\system32\Tsdgr240.dll

2007-07-15 02:32 91,136 --a------ C:\WINDOWS\system32\Tsdcl240.dll

2007-07-15 02:32 9,728 --a------ C:\WINDOWS\system32\Tsdco240.dll

2007-07-15 02:32 88,064 --a------ C:\WINDOWS\system32\Tsdut240.dll

2007-07-15 02:32 32,768 --a------ C:\WINDOWS\system32\Tsdsl240.dll

2007-07-15 02:32 309,248 --a------ C:\WINDOWS\system32\Tsddr240.dll

2007-07-15 02:32 184,832 --a------ C:\WINDOWS\system32\Tsdbl240.dll

2007-07-15 02:32 146,432 --a------ C:\WINDOWS\system32\Tsdhl240.dll

2007-07-15 02:32 141,824 --a------ C:\WINDOWS\system32\Tsdol240.dll

2007-07-15 00:23 <DIR> d-------- C:\Arquivos de programas\MessengerDiscovery

2007-07-14 23:20 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2007-07-14 16:37 <DIR> d-------- C:\Arquivos de programas\Plato DVD to MP3 Ripper

2007-07-14 00:35 <DIR> d-------- C:\Arquivos de programas\LiveUpdate

2007-07-14 00:34 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2007-07-14 00:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\BVRP Software

2007-07-14 00:34 <DIR> d-------- C:\Arquivos de programas\mobile PhoneTools

2007-07-12 18:56 <DIR> d-------- C:\Arquivos de programas\CoolSMS

2007-07-12 18:50 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Menu Iniciar

2007-07-12 17:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-07-12 17:08 <DIR> d-------- C:\WINDOWS\system32\PreInstall

2007-07-08 19:28 <DIR> d-------- C:\WINDOWS\system32\appmgmt

2007-07-08 19:21 <DIR> d-------- C:\WINDOWS\Performance

2007-07-08 19:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft Corporation

2007-07-04 15:12 <DIR> d-------- C:\DOCUME~1\Elizeu\DADOSD~1\Hamachi

2007-07-04 15:07 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-07-04 15:07 <DIR> d-------- C:\Arquivos de programas\Hamachi

2007-07-01 10:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

2007-07-01 10:07 <DIR> d-------- C:\Arquivos de programas\QuickTime

2007-07-01 10:06 64,512 --a------ C:\WINDOWS\system32\PTPITCP.dll

2007-07-01 10:06 307,200 --a------ C:\WINDOWS\system32\KPDPM.dll

2007-07-01 10:06 229,376 --a------ C:\WINDOWS\system32\KPDPMUI.dll

2007-07-01 10:06 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs

2007-07-01 10:05 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2007-07-01 10:05 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2007-07-01 10:04 <DIR> d-------- C:\WINDOWS\system32\color

2007-07-01 10:04 <DIR> d-------- C:\KPCMS

2007-07-01 10:04 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Kodak

2007-07-01 10:03 <DIR> d-------- C:\Arquivos de programas\Kodak

2007-07-01 10:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kodak

2007-06-27 16:28 284,672 --a------ C:\WINDOWS\unin040a.exe

2007-06-26 22:44 <DIR> d-------- C:\DOCUME~1\Elizeu\Phone Browser

2007-06-26 22:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\PC Suite

2007-06-26 22:24 <DIR> d-------- C:\DOCUME~1\Elizeu\DADOSD~1\PC Suite

2007-06-26 22:24 <DIR> d-------- C:\DOCUME~1\Elizeu\DADOSD~1\Nokia

2007-06-26 22:24 <DIR> d-------- C:\Arquivos de programas\DIFX

2007-06-26 22:23 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2007-06-26 22:23 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE

2007-06-26 22:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Installations

2007-06-26 20:20 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys

2007-06-26 20:20 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys

2007-06-26 20:20 <DIR> d-------- C:\Arquivos de programas\Daemon Tools

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-22 09:01:36 78,978 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-07-22 09:01:36 469,490 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-06-22 20:13:12 -------- d-----w C:\Arquivos de programas\Alcohol Soft

2007-06-22 18:28:20 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-06-17 04:45:36 -------- d-----w C:\Arquivos de programas\Twin USB Vibration Gamepad

2007-06-17 04:43:02 -------- d-----w C:\Arquivos de programas\Valusoft

2007-06-12 00:37:26 -------- d-----w C:\Arquivos de programas\Elaborate Bytes

2007-06-10 17:09:24 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat

2007-06-09 05:40:02 16,384 ----a-w C:\WINDOWS\system32\WINKRNME.DLL

2007-06-09 05:38:28 -------- d-----w C:\Arquivos de programas\Gabest

2007-05-28 21:44:18 -------- d--h--w C:\Arquivos de programas\Scpad

2007-05-28 04:36:46 -------- d-----w C:\DOCUME~1\Elizeu\DADOSD~1\SmartFTP

2007-05-28 04:35:40 -------- d-----w C:\Arquivos de programas\SmartFTP

2007-05-28 04:35:28 -------- d-----w C:\Arquivos de programas\SmartFTP Setup Files

2007-05-27 19:18:24 -------- d-----w C:\DOCUME~1\Elizeu\DADOSD~1\Google

2007-05-27 19:18:24 -------- d-----w C:\Arquivos de programas\Google

2007-05-16 18:36:48 0 --sha-r C:\MSDOS.SYS

2007-05-16 18:36:48 0 --sha-r C:\IO.SYS

2007-05-16 18:36:48 0 ----a-w C:\CONFIG.SYS

2007-05-16 18:36:48 0 ----a-w C:\AUTOEXEC.BAT

2007-05-16 18:33:30 21,844 ----a-w C:\WINDOWS\system32\emptyregdb.dat

2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]

2005-12-01 20:38 127488 --a------ C:\WINDOWS\DLP.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CorelDRAW Graphics Suite 11b"="C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe" [2003-11-28 01:26]

"ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 16:07]

"ElbyCheckElbyCDFL"="C:\Arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 13:09]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - Apartment [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.exe.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.exe.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^KODAK Software Updater.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\KODAK Software Updater.lnk

backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk

backup=C:\WINDOWS\pss\Software Kodak EasyShare.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^TVR Scheduler.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\TVR Scheduler.lnk

backup=C:\WINDOWS\pss\TVR Scheduler.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Elizeu^Menu Iniciar^Programas^Inicializar^PVRemote.lnk]

path=C:\Documents and Settings\Elizeu\Menu Iniciar\Programas\Inicializar\PVRemote.lnk

backup=C:\WINDOWS\pss\PVRemote.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

"C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]

C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

"C:\Arquivos de programas\Daemon Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R270 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNL.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

HDAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

"C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]

C:\WINDOWS\wt\wcmdmgrl.exe -launch

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SharedAccess"=2 (0x2)

"wscsvc"=2 (0x2)

"wuauserv"=2 (0x2)

"helpsvc"=2 (0x2)

"Schedule"=2 (0x2)

 

R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys

R1 AsIO;AsIO;C:\WINDOWS\system32\drivers\AsIO.sys

R1 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys

R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys

R2 ASInsHelp;ASInsHelp;\??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys

R2 CX88Tune;Conexant 2388x TvTuner;C:\WINDOWS\system32\drivers\CX88Tune.sys

R2 CX88VCap;Conexant 2388x Capture;C:\WINDOWS\system32\drivers\CX88Vid.sys

R2 ElbyCDIO;ElbyCDIO Driver;C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\ADIHdAud.sys

R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys

R3 AnyDVD;AnyDVD;C:\WINDOWS\system32\Drivers\AnyDVD.sys

R3 CX88XBar;Conexant 2388x Crossbar;C:\WINDOWS\system32\drivers\CX88XBar.sys

R3 ElbyCDFL;ElbyCDFL;C:\WINDOWS\system32\Drivers\ElbyCDFL.sys

R3 ElbyDelay;ElbyDelay;C:\WINDOWS\system32\Drivers\ElbyDelay.sys

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\HdAudio.sys

S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"

S3 pmxscan;USB Flatbed Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys

S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys

S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

 

 

Contents of the 'Scheduled Tasks' folder

2007-05-16 20:29:18 C:\WINDOWS\tasks\McQcTask.job

2007-05-16 20:29:18 C:\WINDOWS\tasks\McDefragTask.job

2007-07-25 23:25:34 C:\WINDOWS\tasks\Restauração do sistema.job

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-26 19:09:14

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-26 19:10:26 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-07-26 19:10

 

--- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Bruno Freitas,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

Desinstale:

-> WSafe

 

Utilize Adicionar / Remover programas.

 

Desinstale e reinicie após tê-lo feito.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\system32\ctccw32.dll

C:\WINDOWS\system32\ssttt.dll

C:\WINDOWS\system32\ssqrq.dll

C:\WINDOWS\system32\rqrpmmj.dll

C:\WINDOWS\system32\kxuvrrjj.dll

C:\WINDOWS\system32\jkvtogrs.dll

C:\WINDOWS\system32\tttss.ini

C:\WINDOWS\system32\tttss.bak1

C:\WINDOWS\system32\osa9.exe

C:\WINDOWS\DLP.dll

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

O2 - BHO: (no name) - {2BFD4CA8-8843-4663-B382-E91BEA30F7F1} - C:\WINDOWS\system32\ssqrq.dll (file missing)

O2 - BHO: (no name) - {857A461D-8D96-4996-A4A0-AEA0A2535B86} - C:\WINDOWS\system32\rqrpmmj.dll

O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll

O4 - HKLM\..\Run: [WSafe] C:\Program Files\WSafe\WSafe.exe

O4 - HKLM\..\Run: [gfxtray] rundll32 ctccw32.dll,findwnd

O4 - HKLM\..\Run: [Office SturtUp] osa9.exe

O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\kxuvrrjj.dll",forkonce

O20 - Winlogon Notify: rqrpmmj - C:\WINDOWS\SYSTEM32\rqrpmmj.dll

Clique em Fix Checked.

 

3ª Etapa

 

Ainda em Modo Seguro localize e delete:

 

C:\Program Files\WSafe <- a pasta

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste novos logs do HijackThis e ComboFix.

 

Aguardo retorno.

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Primeiramente, alguns arquivos que você pediu não estavam na lista do HijackThis, mas mesmo assim, aqui está o log do HijakThis:

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 17:42:54, on 27/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ASUS\Asus Probe\AsusProb.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\redirsvc\redirsvc.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\ARQUIV~1\mcafee\VIRUSS~1\mcvsshld.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

c:\arquivos de programas\mcafee\msc\mcuimgr.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mercadolivre.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\arquivos de programas\mcafee\virusscan\scriptcl.dll

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=073007 serial=DR12WEX-1504397-kty lang=BP

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe

O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185407299250

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\ARQUIV~1\ARQUIV~1\McAfee\EmProxy\emproxy.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\arquivos de programas\arquivos comuns\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

 

 

 

E aqui vai o lof do ComboFix:

 

 

 

 

"Elizeu" - 2007-07-27 17:48:39 [GMT -3:00] - ComboFix 07-07-24 - Service Pack 2 FAT32

 

 

((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))

 

 

2007-07-27 17:48 1,371,236 --a------ C:\ComboFix.exe

2007-07-27 17:25 <DIR> d-------- C:\!KillBox

2007-07-27 17:24 92,672 --a------ C:\KillBox.exe

2007-07-26 19:05 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-25 19:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

2007-07-25 19:56 <DIR> d-------- C:\VundoFix Backups

2007-07-25 19:28 8,576 --a------ C:\WINDOWS\system32\drivers\itnhfpatqiqh.sys

2007-07-25 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-07-25 12:23 <DIR> d--h----- C:\hijackthis

2007-07-24 22:59 283 --a------ C:\WINDOWS\comm.bin

2007-07-24 21:45 257 --a------ C:\WINDOWS\msdres.bin

2007-07-24 16:23 <DIR> d-------- C:\DOCUME~1\Elizeu\DADOSD~1\WinRAR

2007-07-24 15:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\WinZip

2007-07-22 17:16 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-22 05:16 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2007-07-22 05:14 <DIR> d-------- C:\Arquivos de programas\MSBuild

2007-07-22 05:11 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2007-07-22 05:11 <DIR> d-------- C:\Arquivos de programas\Reference Assemblies

2007-07-22 05:10 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2007-07-22 05:10 <DIR> d-------- C:\WINDOWS\system32\pt-br

2007-07-19 23:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

2007-07-19 23:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Office Genuine Advantage

2007-07-19 01:56 <DIR> d-------- C:\DOCUME~1\Elizeu\DADOSD~1\LEGO Company

2007-07-17 21:31 <DIR> d-------- C:\DOCUME~1\Elizeu\DADOSD~1\Apple Computer

2007-07-16 17:58 831,742 --a------ C:\WINDOWS\system32\Marcopolo Screensaver.scr

2007-07-15 18:42 <DIR> d-------- C:\Downloads

2007-07-15 02:32 92,672 --a------ C:\WINDOWS\system32\Tsdgr240.dll

2007-07-15 02:32 91,136 --a------ C:\WINDOWS\system32\Tsdcl240.dll

2007-07-15 02:32 9,728 --a------ C:\WINDOWS\system32\Tsdco240.dll

2007-07-15 02:32 88,064 --a------ C:\WINDOWS\system32\Tsdut240.dll

2007-07-15 02:32 32,768 --a------ C:\WINDOWS\system32\Tsdsl240.dll

2007-07-15 02:32 309,248 --a------ C:\WINDOWS\system32\Tsddr240.dll

2007-07-15 02:32 184,832 --a------ C:\WINDOWS\system32\Tsdbl240.dll

2007-07-15 02:32 146,432 --a------ C:\WINDOWS\system32\Tsdhl240.dll

2007-07-15 02:32 141,824 --a------ C:\WINDOWS\system32\Tsdol240.dll

2007-07-15 00:23 <DIR> d-------- C:\Arquivos de programas\MessengerDiscovery

2007-07-14 23:20 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2007-07-14 16:37 <DIR> d-------- C:\Arquivos de programas\Plato DVD to MP3 Ripper

2007-07-14 00:35 <DIR> d-------- C:\Arquivos de programas\LiveUpdate

2007-07-14 00:34 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2007-07-14 00:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\BVRP Software

2007-07-14 00:34 <DIR> d-------- C:\Arquivos de programas\mobile PhoneTools

2007-07-12 18:56 <DIR> d-------- C:\Arquivos de programas\CoolSMS

2007-07-12 18:50 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Menu Iniciar

2007-07-12 17:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-07-12 17:08 <DIR> d-------- C:\WINDOWS\system32\PreInstall

2007-07-08 19:28 <DIR> d-------- C:\WINDOWS\system32\appmgmt

2007-07-08 19:21 <DIR> d-------- C:\WINDOWS\Performance

2007-07-08 19:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft Corporation

2007-07-04 15:12 <DIR> d-------- C:\DOCUME~1\Elizeu\DADOSD~1\Hamachi

2007-07-04 15:07 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-07-04 15:07 <DIR> d-------- C:\Arquivos de programas\Hamachi

2007-07-01 10:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

2007-07-01 10:07 <DIR> d-------- C:\Arquivos de programas\QuickTime

2007-07-01 10:06 64,512 --a------ C:\WINDOWS\system32\PTPITCP.dll

2007-07-01 10:06 307,200 --a------ C:\WINDOWS\system32\KPDPM.dll

2007-07-01 10:06 229,376 --a------ C:\WINDOWS\system32\KPDPMUI.dll

2007-07-01 10:06 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs

2007-07-01 10:05 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2007-07-01 10:05 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2007-07-01 10:04 <DIR> d-------- C:\WINDOWS\system32\color

2007-07-01 10:04 <DIR> d-------- C:\KPCMS

2007-07-01 10:04 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Kodak

2007-07-01 10:03 <DIR> d-------- C:\Arquivos de programas\Kodak

2007-07-01 10:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kodak

2007-06-27 16:28 284,672 --a------ C:\WINDOWS\unin040a.exe

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-27 05:20:26 82,668 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-07-27 05:20:26 477,818 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-06-27 01:24:44 -------- d-----w C:\DOCUME~1\Elizeu\DADOSD~1\Nokia

2007-06-27 01:24:12 -------- d-----w C:\Arquivos de programas\DIFX

2007-06-27 01:24:10 -------- d-----w C:\DOCUME~1\Elizeu\DADOSD~1\PC Suite

2007-06-26 23:20:28 -------- d-----w C:\Arquivos de programas\Daemon Tools

2007-06-22 20:13:12 -------- d-----w C:\Arquivos de programas\Alcohol Soft

2007-06-22 18:28:20 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-06-17 04:45:36 -------- d-----w C:\Arquivos de programas\Twin USB Vibration Gamepad

2007-06-17 04:43:02 -------- d-----w C:\Arquivos de programas\Valusoft

2007-06-12 00:37:26 -------- d-----w C:\Arquivos de programas\Elaborate Bytes

2007-06-10 17:09:24 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat

2007-06-09 05:40:02 16,384 ----a-w C:\WINDOWS\system32\WINKRNME.DLL

2007-06-09 05:38:28 -------- d-----w C:\Arquivos de programas\Gabest

2007-05-28 21:44:18 -------- d--h--w C:\Arquivos de programas\Scpad

2007-05-28 04:36:46 -------- d-----w C:\DOCUME~1\Elizeu\DADOSD~1\SmartFTP

2007-05-28 04:35:40 -------- d-----w C:\Arquivos de programas\SmartFTP

2007-05-28 04:35:28 -------- d-----w C:\Arquivos de programas\SmartFTP Setup Files

2007-05-27 19:18:24 -------- d-----w C:\DOCUME~1\Elizeu\DADOSD~1\Google

2007-05-27 19:18:24 -------- d-----w C:\Arquivos de programas\Google

2007-05-16 18:36:48 0 --sha-r C:\MSDOS.SYS

2007-05-16 18:36:48 0 --sha-r C:\IO.SYS

2007-05-16 18:36:48 0 ----a-w C:\CONFIG.SYS

2007-05-16 18:36:48 0 ----a-w C:\AUTOEXEC.BAT

2007-05-16 18:33:30 21,844 ----a-w C:\WINDOWS\system32\emptyregdb.dat

2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CorelDRAW Graphics Suite 11b"="C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe" [2003-11-28 01:26]

"ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 16:07]

"ElbyCheckElbyCDFL"="C:\Arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 13:09]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - Apartment [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.exe.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.exe.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^KODAK Software Updater.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\KODAK Software Updater.lnk

backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk

backup=C:\WINDOWS\pss\Software Kodak EasyShare.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^TVR Scheduler.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\TVR Scheduler.lnk

backup=C:\WINDOWS\pss\TVR Scheduler.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Elizeu^Menu Iniciar^Programas^Inicializar^PVRemote.lnk]

path=C:\Documents and Settings\Elizeu\Menu Iniciar\Programas\Inicializar\PVRemote.lnk

backup=C:\WINDOWS\pss\PVRemote.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

"C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]

C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

"C:\Arquivos de programas\Daemon Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R270 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNL.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

HDAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

"C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]

C:\WINDOWS\wt\wcmdmgrl.exe -launch

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SharedAccess"=2 (0x2)

"wscsvc"=2 (0x2)

"wuauserv"=2 (0x2)

"helpsvc"=2 (0x2)

"Schedule"=2 (0x2)

 

R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys

R1 AsIO;AsIO;C:\WINDOWS\system32\drivers\AsIO.sys

R1 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys

R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys

R2 ASInsHelp;ASInsHelp;\??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys

R2 CX88Tune;Conexant 2388x TvTuner;C:\WINDOWS\system32\drivers\CX88Tune.sys

R2 CX88VCap;Conexant 2388x Capture;C:\WINDOWS\system32\drivers\CX88Vid.sys

R2 ElbyCDIO;ElbyCDIO Driver;C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\ADIHdAud.sys

R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys

R3 AnyDVD;AnyDVD;C:\WINDOWS\system32\Drivers\AnyDVD.sys

R3 CX88XBar;Conexant 2388x Crossbar;C:\WINDOWS\system32\drivers\CX88XBar.sys

R3 ElbyCDFL;ElbyCDFL;C:\WINDOWS\system32\Drivers\ElbyCDFL.sys

R3 ElbyDelay;ElbyDelay;C:\WINDOWS\system32\Drivers\ElbyDelay.sys

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

R3 pmxscan;USB Flatbed Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys

R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\HdAudio.sys

S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"

S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys

S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

 

 

Contents of the 'Scheduled Tasks' folder

2007-05-16 20:29:18 C:\WINDOWS\tasks\McQcTask.job

2007-05-16 20:29:18 C:\WINDOWS\tasks\McDefragTask.job

2007-07-25 23:25:34 C:\WINDOWS\tasks\Restauração do sistema.job

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-27 17:49:47

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-27 17:50:16

C:\ComboFix-quarantined-files.txt ... 2007-07-27 17:50

 

--- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Bruno Freitas,

 

Os seus logs estão LIMPOS. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.