[Resolvido!]Winantivirus e Drive cleaner

[ric1000 0]

Muitos tiveram esse problema eu também rsrs

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:56:33, on 4/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\diskdruid.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.765\HijackThis.exe

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp5.tmp.dll (file missing)

O2 - BHO: (no name) - {ece1944c-0600-4bb4-9648-3914a9293582} - C:\WINDOWS\system32\kbdonv.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [msig] C:\WINDOWS\diskdruid.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\gedeba.dll",forkonce

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?3c8542ab8f0b467c8456eda233731f75

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?3c8542ab8f0b467c8456eda233731f75

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.05\MediaManager\grab.html

O8 - Extra context menu item: ÓÃάÌÄ(ViDown)ÏÂÔØÊÓƵ - C:\Arquivos de programas\ViDown\vd_link.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\windows\system32\ssqpnnk.dll

O20 - Winlogon Notify: kbdonv - C:\WINDOWS\SYSTEM32\kbdonv.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

 

Fiz o Scan com o vundo e ele não achou nada

[jgarcia 1]

Opa ric1000,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[ric1000 0]

Log do ComboFix

 

ComboFix 07-08-04.3 - "Administrador" 2007-08-06 20:11:37.1 [GMT -3:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

* Created a new restore point

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\ADMINI~1\DADOSD~1.\macromedia\Flash Player\#SharedObjects\PNMKSVK2\www.broadcaster.com

C:\DOCUME~1\ADMINI~1\DADOSD~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\DOCUME~1\ADMINI~1\DADOSD~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\DOCUME~1\ADMINI~1\DADOSD~1\tmp3.tmp.exe

C:\DOCUME~1\ADMINI~1\Desktop\internet.lnk

C:\WINDOWS\system32\awtsp.exe

C:\WINDOWS\system32\dn5c98c289.dat

C:\WINDOWS\system32\kbdonv.dll

C:\WINDOWS\system32\qwerty12.exe

C:\WINDOWS\system32\tmp41.tmp.dll

C:\WINDOWS\system32\tmp6.tmp.dll

C:\WINDOWS\system32\tmp7.tmp.dll

C:\WINDOWS\xhelper.dll

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_DOMAINSERVICE

-------\DomainService

 

 

((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))

 

 

2007-08-06 20:09 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-06 00:02 <DIR> d-------- C:\DOCUME~1\RICARD~1\DADOSD~1\Skype

2007-08-05 19:24 78,569 --a------ C:\DOCUME~1\RICARD~1\DADOSD~1\tmp41.tmp.exe

2007-08-05 19:24 58,798 --a------ C:\DOCUME~1\RICARD~1\DADOSD~1\tmp40.tmp.exe

2007-08-05 19:15 131,433 --a------ C:\WINDOWS\gebxyy.dll

2007-08-05 19:15 124,683 --a------ C:\DOCUME~1\RICARD~1\DADOSD~1\tmp39.tmp.exe

2007-08-05 16:28 264 --a------ C:\WINDOWS\system32\winsusrm.dll

2007-08-05 16:28 <DIR> d-------- C:\Arquivos de programas\XoftSpy

2007-08-05 16:09 <DIR> d-------- C:\Arquivos de programas\XoftSpySE

2007-08-05 14:34 <DIR> d-------- C:\Arquivos de programas\DOSBox-0.71

2007-08-05 14:32 <DIR> d-------- C:\F22

2007-08-05 13:36 <DIR> d-------- C:\DOCUME~1\RICARD~1\DADOSD~1\Atari

2007-08-05 12:04 78,569 --a------ C:\DOCUME~1\RICARD~1\DADOSD~1\tmp7.tmp.exe

2007-08-05 12:04 58,798 --a------ C:\DOCUME~1\RICARD~1\DADOSD~1\tmp9.tmp.exe

2007-08-05 12:04 131,433 --a------ C:\WINDOWS\nnmmmm.dll

2007-08-05 12:04 124,683 --a------ C:\DOCUME~1\RICARD~1\DADOSD~1\tmp8.tmp.exe

2007-08-05 10:49 131,433 --a------ C:\WINDOWS\ssronl.dll

2007-08-04 21:57 <DIR> d-------- C:\VundoFix Backups

2007-08-04 09:08 <DIR> d-------- C:\WINDOWS\system32\xircom

2007-08-04 09:08 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2007-08-04 02:52 131,448 --a------ C:\WINDOWS\gedeba.dll

2007-08-04 01:21 13,380 --a------ C:\WINDOWS\system32\ssqpnnk.dll

2007-08-02 19:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Atari

2007-08-02 19:09 197,120 --a------ C:\WINDOWS\patchw32.dll

2007-08-02 19:09 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PocketSoft

2007-08-02 18:55 <DIR> d-------- C:\Arquivos de programas\Atari

2007-07-30 18:28 84,992 --a------ C:\WINDOWS\WebAssist.dll

2007-07-22 22:50 <DIR> d-------- C:\Arquivos de programas\Vstep

2007-07-22 17:32 <DIR> d-------- C:\Arquivos de programas\GameVicio

2007-07-22 17:02 <DIR> d-------- C:\Arquivos de programas\Microsoft Games

2007-07-22 14:51 <DIR> d-------- C:\DOCUME~1\RICARD~1\DADOSD~1\MEGAUPLOADTOOLBAR

2007-07-20 22:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\MegauploadToolbar

2007-07-20 22:27 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

2007-07-20 21:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Media Player Classic

2007-07-20 21:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

2007-07-20 21:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Real

2007-07-20 21:55 <DIR> d-------- C:\Arquivos de programas\Real Alternative

2007-07-20 21:55 <DIR> d-------- C:\Arquivos de programas\Media Player Classic

2007-07-18 12:55 <DIR> d-------- C:\Arquivos de programas\Gabest

2007-07-16 02:38 <DIR> d-------- C:\Arquivos de programas\XviD

2007-07-11 01:22 <DIR> d-------- C:\o.o

2007-07-09 19:00 <DIR> d---s---- C:\DOCUME~1\RICARD~1\UserData

2007-07-09 04:20 <DIR> d-------- C:\TempDVD

2007-07-09 03:22 <DIR> d-------- C:\Fraps

2007-07-09 03:17 <DIR> d-------- C:\DOCUME~1\RICARD~1\DADOSD~1\uTorrent

2007-07-08 18:30 <DIR> d-------- C:\Arquivos de programas\HWiNFO32

2007-07-06 09:21 <DIR> d--hs---- C:\WINDOWS\CSC

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-06 20:42 524288 --a------ C:\WINDOWS\system32\drivers\CnxE2FS.bin

2007-08-05 23:46 --------- d-------- C:\Arquivos de programas\Counter-Strike 1.6

2007-08-02 18:55 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-07-31 16:38 24128 --a------ C:\WINDOWS\system32\4Xt7UM7y.exe

2007-07-26 01:13 --------- d-------- C:\Arquivos de programas\ViDown

2007-07-22 15:33 152064 --a------ C:\WINDOWS\snap.dat

2007-07-21 19:13 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\uTorrent

2007-07-21 16:26 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\LimeWire

2007-07-20 16:24 --------- d-------- C:\Arquivos de programas\Gravity

2007-07-19 22:49 --------- d-------- C:\Arquivos de programas\Windows Live Toolbar

2007-07-18 01:22 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Skype

2007-07-16 22:44 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-07-16 02:08 --------- d-------- C:\Arquivos de programas\Total Video Converter

2007-07-09 04:20 --------- d-------- C:\Arquivos de programas\dvdSanta

2007-07-06 10:03 --------- d-------- C:\Arquivos de programas\LimeWire

2007-07-05 19:54 --------- d-------- C:\Arquivos de programas\EjoyStudio

2007-07-05 13:24 --------- d-------- C:\Arquivos de programas\Minilyrics

2007-07-05 11:23 --------- d-------- C:\Arquivos de programas\utorrent

2007-07-05 11:23 --------- d-------- C:\Arquivos de programas\Teamspeak2_RC2

2007-07-05 07:34 --------- d-------- C:\Arquivos de programas\All Video to VCD SVCD DVD Converter

2007-07-05 07:32 --------- d-------- C:\Arquivos de programas\Project64 1.6

2007-07-05 07:30 --------- d-------- C:\Arquivos de programas\Fake Webcam

2007-07-05 07:12 --------- d-------- C:\Arquivos de programas\Google

2007-07-03 12:19 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\DivX

2007-07-03 12:13 --------- d-------- C:\Arquivos de programas\DivX

2007-07-02 16:41 524288 --a------ C:\WINDOWS\system32\DivXsm.exe

2007-07-02 16:41 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-07-02 16:41 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-07-02 16:41 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-07-02 16:41 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-07-02 16:41 200704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-07-02 16:41 129784 --------- C:\WINDOWS\system32\pxafs.dll

2007-07-02 16:41 118520 --------- C:\WINDOWS\system32\pxinsi64.exe

2007-07-02 16:41 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe

2007-07-02 16:41 1044480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-07-02 16:37 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2007-07-02 16:37 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2007-07-02 16:37 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2007-07-02 16:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll

2007-07-02 16:37 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll

2007-07-02 16:37 57344 --a------ C:\WINDOWS\system32\dpv11.dll

2007-07-02 16:37 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll

2007-07-02 16:37 344064 --a------ C:\WINDOWS\system32\dpus11.dll

2007-07-02 16:37 294912 --a------ C:\WINDOWS\system32\dpu11.dll

2007-07-02 16:37 294912 --a------ C:\WINDOWS\system32\dpu10.dll

2007-07-02 16:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll

2007-07-02 16:36 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe

2007-07-02 16:36 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

2007-07-01 22:56 --------- d-------- C:\Arquivos de programas\Winamp

2007-06-24 13:03 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Google

2007-06-20 15:01 --------- d-------- C:\Arquivos de programas\Windows Live

2007-06-20 15:01 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-06-20 15:01 --------- d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-06-17 17:00 --------- d-------- C:\Arquivos de programas\EA GAMES

2007-06-14 10:45 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Hamachi

2007-06-13 22:01 25544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-06-10 17:49 --------- d-------- C:\Arquivos de programas\DVDVIDEOSOFT

2007-06-03 07:58 580096 --a------ C:\WINDOWS\diskdruid.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]

2007-07-30 21:31 84992 --a------ C:\WINDOWS\WebAssist.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Smapp"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 09:41]

"msig"="C:\WINDOWS\diskdruid.exe" [2007-06-03 07:58]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2006-11-12 07:48]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

Source= C:\Documents and Settings\Administrador\Meus documentos\Minhas imagens\w3_14222_589.jpg

FriendlyName=

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=c:\windows\system32\ssqpnnk.dll

 

R0 uagp35;Filtro Microsoft AGPv3.5;C:\WINDOWS\system32\DRIVERS\uagp35.sys

R2 HWiNFO32;HWiNFO32 Kernel Driver;\??\C:\Arquivos de programas\HWiNFO32\HWiNFO32.SYS

R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

R3 CnxTrLan;ADSL USB Modem Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys

R3 CnxTrUsb;ADSL USB Modem Network Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxTrUsb.sys

R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys

S3 AdfuUd;%USB\VID_10D6&PID_1160.DeviceDesc%;C:\WINDOWS\system32\Drivers\AdfuUd.sys

S3 CA561;ICatch (VI) PC Camera;C:\WINDOWS\system32\Drivers\SPCA561.SYS

S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS

S3 npkycryp;npkycryp;\??\C:\Arquivos de programas\Gravity\RO\npkycryp.sys

S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3724100-f8f3-11db-b390-00300a3302d1}]

AutoRun\command- F:\Autorun.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-07-16 10:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

2007-08-06 03:00:30 C:\WINDOWS\Tasks\At1.job

2007-08-04 12:01:11 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-04 13:00:35 C:\WINDOWS\Tasks\At11.job

2007-08-05 14:00:30 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-06 15:00:30 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-06 16:00:30 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-06 17:00:30 C:\WINDOWS\Tasks\At15.job

2007-08-06 18:00:30 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-05 19:00:34 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-06 20:00:30 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-06 21:00:30 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-04 04:00:30 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-06 22:00:30 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-05 23:00:30 C:\WINDOWS\Tasks\At21.job

2007-08-06 00:00:30 C:\WINDOWS\Tasks\At22.job

2007-08-06 01:00:30 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-06 02:00:30 C:\WINDOWS\Tasks\At24.job

2007-08-04 05:00:30 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-04 06:00:30 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-04 07:00:30 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-04 08:00:30 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-04 09:00:30 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-04 10:00:30 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-04 11:00:30 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\4Xt7UM7y.exe

2007-08-06 23:37:14 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

2007-08-06 23:42:30 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Arquivos de programas\XoftSpySE\XoftSpy.exe

2007-08-05 19:09:51 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Arquivos de programas\XoftSpySE\XoftSpy.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-06 20:42:51

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-06 20:44:40 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-06 20:44

 

--- E O F ---

 

 

Log do Hijack

 

Logfile of HijackThis v1.99.1

Scan saved at 20:53:14, on 6/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.484\HijackThis.exe

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [msig] C:\WINDOWS\diskdruid.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?3c8542ab8f0b467c8456eda233731f75

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?3c8542ab8f0b467c8456eda233731f75

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.05\MediaManager\grab.html

O8 - Extra context menu item: ÓÃάÌÄ(ViDown)ÏÂÔØÊÓƵ - C:\Arquivos de programas\ViDown\vd_link.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\windows\system32\ssqpnnk.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[jgarcia 1]

Opa ric1000,

 

Quanta coisa ruim... :devil:

 

Bem, vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

Desinstale:

-> XoftSpy

-> XoftSpySE

-> ViDown

 

Utilize Adicionar / Remover programas.

 

Desinstale, um a um, e reinicie após tê-lo feito.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\XoftSpySE 2.job

C:\WINDOWS\Tasks\XoftSpySE.job

C:\DOCUME~1\RICARD~1\DADOSD~1\tmp7.tmp.exe

C:\DOCUME~1\RICARD~1\DADOSD~1\tmp8.tmp.exe

C:\DOCUME~1\RICARD~1\DADOSD~1\tmp9.tmp.exe

C:\DOCUME~1\RICARD~1\DADOSD~1\tmp39.tmp.exe

C:\DOCUME~1\RICARD~1\DADOSD~1\tmp40.tmp.exe

C:\DOCUME~1\RICARD~1\DADOSD~1\tmp41.tmp.exe

C:\WINDOWS\system32\4Xt7UM7y.exe

C:\WINDOWS\system32\winsusrm.dll

C:\WINDOWS\system32\ssqpnnk.dll

C:\WINDOWS\nnmmmm.dll

C:\WINDOWS\gebxyy.dll

C:\WINDOWS\ssronl.dll

C:\WINDOWS\gedeba.dll

C:\WINDOWS\WebAssist.dll

C:\WINDOWS\diskdruid.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll

O4 - HKLM\..\Run: [msig] C:\WINDOWS\diskdruid.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: ÓÃάÌÄ(ViDown)ÏÂÔØÊÓƵ - C:\Arquivos de programas\ViDown\vd_link.htm

O20 - AppInit_DLLs: c:\windows\system32\ssqpnnk.dll

Clique em Fix Checked.

 

Agora vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue até a seguinte subchave:

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2

 

Localize e delete:

 

{e3724100-f8f3-11db-b390-00300a3302d1}

 

Saia do Editor do Registro.

 

Localize e delete:

C:\Arquivos de programas\XoftSpy <- a pasta

C:\Arquivos de programas\XoftSpySE <- a pasta

C:\Arquivos de programas\ViDown <- a pasta

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste novos logs do HijackThis e ComboFix.

 

Aguardo retorno.

 

Um abraço.

[ric1000 0]

E ai amigo.

Como você pediu os logs

 

Log do Hijack

 

Logfile of HijackThis v1.99.1

Scan saved at 19:33:51, on 7/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\Nova pasta\hijackthis\HijackThis.exe

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?3c8542ab8f0b467c8456eda233731f75

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?3c8542ab8f0b467c8456eda233731f75

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.05\MediaManager\grab.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

 

 

Log do ComboFix

 

 

ComboFix 07-08-04.3 - "Administrador" 2007-08-07 18:18:46.2 [GMT -3:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\ADMINI~1\DADOSD~1\tmp12.tmp.exe

C:\DOCUME~1\ADMINI~1\DADOSD~1\tmp9F.tmp.exe

C:\WINDOWS\system32\appdrv.dll

C:\WINDOWS\system32\dn5c98c289.dat

C:\WINDOWS\system32\jkkjj.exe

C:\WINDOWS\system32\qwerty12.exe

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_DOMAINSERVICE

-------\DomainService

 

 

((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))

 

 

2007-08-07 17:56 <DIR> d-------- C:\!KillBox

2007-08-07 17:26 131,385 --a------ C:\WINDOWS\mlkiif.dll

2007-08-07 12:05 131,419 --a------ C:\WINDOWS\fccdbc.dll

2007-08-07 00:32 <DIR> d-------- C:\Arquivos de programas\KAIZEN Games

2007-08-06 20:09 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-06 00:02 <DIR> d-------- C:\DOCUME~1\RICARD~1\DADOSD~1\Skype

2007-08-05 14:34 <DIR> d-------- C:\Arquivos de programas\DOSBox-0.71

2007-08-05 14:32 <DIR> d-------- C:\F22

2007-08-05 13:36 <DIR> d-------- C:\DOCUME~1\RICARD~1\DADOSD~1\Atari

2007-08-04 21:57 <DIR> d-------- C:\VundoFix Backups

2007-08-04 09:08 <DIR> d-------- C:\WINDOWS\system32\xircom

2007-08-04 09:08 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2007-08-02 19:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Atari

2007-08-02 19:09 197,120 --a------ C:\WINDOWS\patchw32.dll

2007-08-02 19:09 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PocketSoft

2007-08-02 18:55 <DIR> d-------- C:\Arquivos de programas\Atari

2007-07-22 22:50 <DIR> d-------- C:\Arquivos de programas\Vstep

2007-07-22 17:32 <DIR> d-------- C:\Arquivos de programas\GameVicio

2007-07-22 17:02 <DIR> d-------- C:\Arquivos de programas\Microsoft Games

2007-07-22 14:51 <DIR> d-------- C:\DOCUME~1\RICARD~1\DADOSD~1\MEGAUPLOADTOOLBAR

2007-07-20 22:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\MegauploadToolbar

2007-07-20 22:27 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

2007-07-20 21:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Media Player Classic

2007-07-20 21:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

2007-07-20 21:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Real

2007-07-20 21:55 <DIR> d-------- C:\Arquivos de programas\Real Alternative

2007-07-20 21:55 <DIR> d-------- C:\Arquivos de programas\Media Player Classic

2007-07-18 12:55 <DIR> d-------- C:\Arquivos de programas\Gabest

2007-07-16 02:38 <DIR> d-------- C:\Arquivos de programas\XviD

2007-07-11 01:22 <DIR> d-------- C:\o.o

2007-07-09 19:00 <DIR> d---s---- C:\DOCUME~1\RICARD~1\UserData

2007-07-09 04:20 <DIR> d-------- C:\TempDVD

2007-07-09 03:22 <DIR> d-------- C:\Fraps

2007-07-09 03:17 <DIR> d-------- C:\DOCUME~1\RICARD~1\DADOSD~1\uTorrent

2007-07-08 18:30 <DIR> d-------- C:\Arquivos de programas\HWiNFO32

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-07 18:45 462848 --a------ C:\WINDOWS\system32\drivers\CnxE2FS.bin

2007-08-07 00:30 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-05 23:46 --------- d-------- C:\Arquivos de programas\Counter-Strike 1.6

2007-07-22 15:33 152064 --a------ C:\WINDOWS\snap.dat

2007-07-21 19:13 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\uTorrent

2007-07-21 16:26 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\LimeWire

2007-07-20 16:24 --------- d-------- C:\Arquivos de programas\Gravity

2007-07-19 22:49 --------- d-------- C:\Arquivos de programas\Windows Live Toolbar

2007-07-18 01:22 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Skype

2007-07-16 22:44 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-07-16 02:08 --------- d-------- C:\Arquivos de programas\Total Video Converter

2007-07-09 04:20 --------- d-------- C:\Arquivos de programas\dvdSanta

2007-07-06 10:03 --------- d-------- C:\Arquivos de programas\LimeWire

2007-07-05 19:54 --------- d-------- C:\Arquivos de programas\EjoyStudio

2007-07-05 13:24 --------- d-------- C:\Arquivos de programas\Minilyrics

2007-07-05 11:23 --------- d-------- C:\Arquivos de programas\utorrent

2007-07-05 11:23 --------- d-------- C:\Arquivos de programas\Teamspeak2_RC2

2007-07-05 07:34 --------- d-------- C:\Arquivos de programas\All Video to VCD SVCD DVD Converter

2007-07-05 07:32 --------- d-------- C:\Arquivos de programas\Project64 1.6

2007-07-05 07:30 --------- d-------- C:\Arquivos de programas\Fake Webcam

2007-07-05 07:12 --------- d-------- C:\Arquivos de programas\Google

2007-07-03 12:19 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\DivX

2007-07-03 12:13 --------- d-------- C:\Arquivos de programas\DivX

2007-07-02 16:41 524288 --a------ C:\WINDOWS\system32\DivXsm.exe

2007-07-02 16:41 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-07-02 16:41 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-07-02 16:41 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-07-02 16:41 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-07-02 16:41 200704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-07-02 16:41 129784 --------- C:\WINDOWS\system32\pxafs.dll

2007-07-02 16:41 118520 --------- C:\WINDOWS\system32\pxinsi64.exe

2007-07-02 16:41 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe

2007-07-02 16:41 1044480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-07-02 16:37 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2007-07-02 16:37 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2007-07-02 16:37 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2007-07-02 16:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll

2007-07-02 16:37 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll

2007-07-02 16:37 57344 --a------ C:\WINDOWS\system32\dpv11.dll

2007-07-02 16:37 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll

2007-07-02 16:37 344064 --a------ C:\WINDOWS\system32\dpus11.dll

2007-07-02 16:37 294912 --a------ C:\WINDOWS\system32\dpu11.dll

2007-07-02 16:37 294912 --a------ C:\WINDOWS\system32\dpu10.dll

2007-07-02 16:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll

2007-07-02 16:36 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe

2007-07-02 16:36 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

2007-07-01 22:56 --------- d-------- C:\Arquivos de programas\Winamp

2007-06-24 13:03 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Google

2007-06-20 15:01 --------- d-------- C:\Arquivos de programas\Windows Live

2007-06-20 15:01 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-06-20 15:01 --------- d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-06-17 17:00 --------- d-------- C:\Arquivos de programas\EA GAMES

2007-06-14 10:45 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Hamachi

2007-06-13 22:01 25544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-06-10 17:49 --------- d-------- C:\Arquivos de programas\DVDVIDEOSOFT

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Smapp"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 09:41]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2006-11-12 07:48]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

Source= C:\Documents and Settings\Administrador\Meus documentos\Minhas imagens\w3_14222_589.jpg

FriendlyName=

 

R0 uagp35;Filtro Microsoft AGPv3.5;C:\WINDOWS\system32\DRIVERS\uagp35.sys

R2 HWiNFO32;HWiNFO32 Kernel Driver;\??\C:\Arquivos de programas\HWiNFO32\HWiNFO32.SYS

R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

R3 CnxTrLan;ADSL USB Modem Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys

R3 CnxTrUsb;ADSL USB Modem Network Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxTrUsb.sys

R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys

S3 AdfuUd;%USB\VID_10D6&PID_1160.DeviceDesc%;C:\WINDOWS\system32\Drivers\AdfuUd.sys

S3 CA561;ICatch (VI) PC Camera;C:\WINDOWS\system32\Drivers\SPCA561.SYS

S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS

S3 npkycryp;npkycryp;\??\C:\Arquivos de programas\Gravity\RO\npkycryp.sys

S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys

S3 XDva019;XDva019;\??\C:\WINDOWS\system32\XDva019.sys

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3724100-f8f3-11db-b390-00300a3302d1}]

AutoRun\command- F:\Autorun.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-07-16 10:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

2007-08-07 21:37:22 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-07 18:45:28

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-07 18:47:27 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-07 18:47

C:\ComboFix2.txt ... 2007-08-06 20:44

 

--- E O F ---

Muito lixo né?

Tomara que o problema ja esteja resolvido

Notei um aumento de desempenho muito grande no pc

Mais se tiver mais alguma coisa pra fazer estou no aguardo

[jgarcia 1]

Opa ric1000,

 

Vamos lá.

 

1ª Etapa

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\mlkiif.dll

C:\WINDOWS\fccdbc.dll

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste um novo log do ComboFix.

 

Um abraço.

[ric1000 0]

Otimo quando eu chegar em casa em faço vlw!

[ric1000 0]

Pronto

 

Log do ComboFix

 

 

ComboFix 07-08-04.3 - "Administrador" 2007-08-08 19:56:22.3 [GMT -3:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.Verdadeiro

 

 

((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))

 

 

2007-08-07 17:56 <DIR> d-------- C:\!KillBox

2007-08-07 00:32 <DIR> d-------- C:\Arquivos de programas\KAIZEN Games

2007-08-06 20:09 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-06 00:02 <DIR> d-------- C:\DOCUME~1\RICARD~1\DADOSD~1\Skype

2007-08-05 14:34 <DIR> d-------- C:\Arquivos de programas\DOSBox-0.71

2007-08-05 14:32 <DIR> d-------- C:\F22

2007-08-05 13:36 <DIR> d-------- C:\DOCUME~1\RICARD~1\DADOSD~1\Atari

2007-08-04 21:57 <DIR> d-------- C:\VundoFix Backups

2007-08-04 09:08 <DIR> d-------- C:\WINDOWS\system32\xircom

2007-08-04 09:08 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2007-08-02 19:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Atari

2007-08-02 19:09 197,120 --a------ C:\WINDOWS\patchw32.dll

2007-08-02 19:09 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PocketSoft

2007-08-02 18:55 <DIR> d-------- C:\Arquivos de programas\Atari

2007-07-22 22:50 <DIR> d-------- C:\Arquivos de programas\Vstep

2007-07-22 17:32 <DIR> d-------- C:\Arquivos de programas\GameVicio

2007-07-22 17:02 <DIR> d-------- C:\Arquivos de programas\Microsoft Games

2007-07-22 14:51 <DIR> d-------- C:\DOCUME~1\RICARD~1\DADOSD~1\MEGAUPLOADTOOLBAR

2007-07-20 22:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\MegauploadToolbar

2007-07-20 22:27 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

2007-07-20 21:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Media Player Classic

2007-07-20 21:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

2007-07-20 21:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Real

2007-07-20 21:55 <DIR> d-------- C:\Arquivos de programas\Real Alternative

2007-07-20 21:55 <DIR> d-------- C:\Arquivos de programas\Media Player Classic

2007-07-18 12:55 <DIR> d-------- C:\Arquivos de programas\Gabest

2007-07-16 02:38 <DIR> d-------- C:\Arquivos de programas\XviD

2007-07-11 01:22 <DIR> d-------- C:\o.o

2007-07-09 19:00 <DIR> d---s---- C:\DOCUME~1\RICARD~1\UserData

2007-07-09 04:20 <DIR> d-------- C:\TempDVD

2007-07-09 03:22 <DIR> d-------- C:\Fraps

2007-07-09 03:17 <DIR> d-------- C:\DOCUME~1\RICARD~1\DADOSD~1\uTorrent

2007-07-08 18:30 <DIR> d-------- C:\Arquivos de programas\HWiNFO32

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-08 19:53 524288 --a------ C:\WINDOWS\system32\drivers\CnxE2FS.bin

2007-08-08 01:26 --------- d-------- C:\Arquivos de programas\Counter-Strike 1.6

2007-08-07 00:30 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-07-22 15:33 152064 --a------ C:\WINDOWS\snap.dat

2007-07-21 19:13 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\uTorrent

2007-07-21 16:26 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\LimeWire

2007-07-20 16:24 --------- d-------- C:\Arquivos de programas\Gravity

2007-07-19 22:49 --------- d-------- C:\Arquivos de programas\Windows Live Toolbar

2007-07-18 01:22 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Skype

2007-07-16 22:44 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-07-16 02:08 --------- d-------- C:\Arquivos de programas\Total Video Converter

2007-07-09 04:20 --------- d-------- C:\Arquivos de programas\dvdSanta

2007-07-06 10:03 --------- d-------- C:\Arquivos de programas\LimeWire

2007-07-05 19:54 --------- d-------- C:\Arquivos de programas\EjoyStudio

2007-07-05 13:24 --------- d-------- C:\Arquivos de programas\Minilyrics

2007-07-05 11:23 --------- d-------- C:\Arquivos de programas\utorrent

2007-07-05 11:23 --------- d-------- C:\Arquivos de programas\Teamspeak2_RC2

2007-07-05 07:34 --------- d-------- C:\Arquivos de programas\All Video to VCD SVCD DVD Converter

2007-07-05 07:32 --------- d-------- C:\Arquivos de programas\Project64 1.6

2007-07-05 07:30 --------- d-------- C:\Arquivos de programas\Fake Webcam

2007-07-05 07:12 --------- d-------- C:\Arquivos de programas\Google

2007-07-03 12:19 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\DivX

2007-07-03 12:13 --------- d-------- C:\Arquivos de programas\DivX

2007-07-02 16:41 524288 --a------ C:\WINDOWS\system32\DivXsm.exe

2007-07-02 16:41 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-07-02 16:41 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-07-02 16:41 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-07-02 16:41 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-07-02 16:41 200704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-07-02 16:41 129784 --------- C:\WINDOWS\system32\pxafs.dll

2007-07-02 16:41 118520 --------- C:\WINDOWS\system32\pxinsi64.exe

2007-07-02 16:41 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe

2007-07-02 16:41 1044480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-07-02 16:37 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2007-07-02 16:37 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2007-07-02 16:37 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2007-07-02 16:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll

2007-07-02 16:37 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll

2007-07-02 16:37 57344 --a------ C:\WINDOWS\system32\dpv11.dll

2007-07-02 16:37 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll

2007-07-02 16:37 344064 --a------ C:\WINDOWS\system32\dpus11.dll

2007-07-02 16:37 294912 --a------ C:\WINDOWS\system32\dpu11.dll

2007-07-02 16:37 294912 --a------ C:\WINDOWS\system32\dpu10.dll

2007-07-02 16:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll

2007-07-02 16:36 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe

2007-07-02 16:36 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

2007-07-01 22:56 --------- d-------- C:\Arquivos de programas\Winamp

2007-06-24 13:03 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Google

2007-06-20 15:01 --------- d-------- C:\Arquivos de programas\Windows Live

2007-06-20 15:01 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-06-20 15:01 --------- d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-06-17 17:00 --------- d-------- C:\Arquivos de programas\EA GAMES

2007-06-14 10:45 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Hamachi

2007-06-13 22:01 25544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-06-10 17:49 --------- d-------- C:\Arquivos de programas\DVDVIDEOSOFT

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Smapp"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 09:41]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2006-11-12 07:48]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

Source= C:\Documents and Settings\Administrador\Meus documentos\Minhas imagens\w3_14222_589.jpg

FriendlyName=

 

R0 uagp35;Filtro Microsoft AGPv3.5;C:\WINDOWS\system32\DRIVERS\uagp35.sys

R2 HWiNFO32;HWiNFO32 Kernel Driver;\??\C:\Arquivos de programas\HWiNFO32\HWiNFO32.SYS

R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

R3 CnxTrLan;ADSL USB Modem Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys

R3 CnxTrUsb;ADSL USB Modem Network Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxTrUsb.sys

R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys

S3 AdfuUd;%USB\VID_10D6&PID_1160.DeviceDesc%;C:\WINDOWS\system32\Drivers\AdfuUd.sys

S3 CA561;ICatch (VI) PC Camera;C:\WINDOWS\system32\Drivers\SPCA561.SYS

S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS

S3 npkycryp;npkycryp;\??\C:\Arquivos de programas\Gravity\RO\npkycryp.sys

S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys

S3 XDva019;XDva019;\??\C:\WINDOWS\system32\XDva019.sys

 

 

Contents of the 'Scheduled Tasks' folder

2007-07-16 10:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

2007-08-08 22:37:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-08 20:02:17

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-08 20:03:28

C:\ComboFix-quarantined-files.txt ... 2007-08-08 20:03

C:\ComboFix2.txt ... 2007-08-07 18:47

C:\ComboFix3.txt ... 2007-08-06 20:44

 

--- E O F ---

[jgarcia 1]

Opa ric1000,

 

O seu log está LIMPO. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

Abraços.

[ric1000 0]

Vlw ;D

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.