[Arquivado]Paginas abrem sozinhas....Alguem poderia analisar meu log

[mi.ka 0]

Bom Dia Pessoal

 

Estou com um problema no meu PC anda aparecendo varias páginas que nunca vi.. algumas estao vendindo antivirus, ja passei Antivirus - cclenear . mais meu problema continua estou encaminhando meu log para analise agradeco desde já a ajuda ...

 

Mi.ka

 

Logfile of HijackThis v1.99.1

Scan saved at 01:32:30, on 19/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Logitech\G-series Software\LGDCore.exe

C:\Arquivos de programas\Logitech\G-series Software\LCDMon.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\Arquivos de programas\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Logitech\G-series Software\Applets\LCDClock.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe

C:\Arquivos de programas\CyberLink\PowerCinema\PCMService.exe

C:\Arquivos de programas\Logitech\G-series Software\Applets\LCDMedia.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\AGEIA Technologies\TrayIcon.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Administrador.27FF60256009471\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: MSVPS System - {283A0EE3-2CC1-45AB-8207-B1D7B69C7F83} - C:\WINDOWS\duocore.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Arquivos de programas\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Arquivos de programas\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Arquivos de programas\Arquivos comuns\Logicool\khalshared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Arquivos de programas\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Arquivos de programas\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: .protected

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?c7750ead07154b8bb33cddc6dd775ec4

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?c7750ead07154b8bb33cddc6dd775ec4

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://midiakatia.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177185782109

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: wmpenv - {FD68497B-3AD2-4CBC-B03B-BEC2901F32DD} - C:\WINDOWS\wmpenv.dll

O21 - SSODL: wmpconf - {571FEF1B-3DCA-4513-BB9A-5EB582D1E14E} - C:\WINDOWS\wmpconf.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

Obrigada!!!

 

 

--------------------

 

mi.ka

[raphael436 0]

Faça o download do SmitFraudFix

Descompacte o arquivo em uma pasta própria, mas não o execute ainda.

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

 

- Entre na pasta do SmitFraudFix e execute o SmitfraudFix.cmd. Aperte a opção 2 e Enter.

Quando aparecer a mensagem "Do you want to clean the registry?" pressione y e Enter.

- Reinicie em modo normal, gere novo log e cole na sua resposta.

 

- Na sua resposta, cole também o log do SmitFraudFix, que estará no arquivo rapport.txt em C:\.

[mi.ka 0]

Oi Raphael,

segui os log que você pediu para analisar

 

obrigada e aguardo respostas..

 

mi.ka

 

 

Ah eu tambem passei o combofix e estou te passando texto dele para analisar ,

obrigada

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:32:47, on 19/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Logitech\G-series Software\LGDCore.exe

C:\Arquivos de programas\Logitech\G-series Software\LCDMon.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\CyberLink\PowerCinema\PCMService.exe

C:\Arquivos de programas\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Logitech\G-series Software\Applets\LCDClock.exe

C:\Arquivos de programas\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe

C:\Arquivos de programas\Logitech\G-series Software\Applets\LCDMedia.exe

C:\Arquivos de programas\AGEIA Technologies\TrayIcon.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Logitech\Video\LogiTray.exe

C:\Arquivos de programas\QuickTime\QTTask.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\ARQUIV~1\Magentic\bin\MgApp.exe

C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Administrador.27FF60256009471\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Arquivos de programas\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Arquivos de programas\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Arquivos de programas\Arquivos comuns\Logicool\khalshared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Arquivos de programas\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Arquivos de programas\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Magentic] C:\ARQUIV~1\Magentic\bin\Magentic.exe /c

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?c7750ead07154b8bb33cddc6dd775ec4

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?c7750ead07154b8bb33cddc6dd775ec4

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://midiakatia.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177185782109

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

 

SmitFraudFix v2.212

 

Scan done at 15:29:18,12, dom 19/08/2007

Run from C:\SmitfraudFix

OS: Microsoft Windows XP [versÆo 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{93DB764B-5DD1-404F-9A66-0B1B0EED80C5}: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{93DB764B-5DD1-404F-9A66-0B1B0EED80C5}: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{93DB764B-5DD1-404F-9A66-0B1B0EED80C5}: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

omboFix 07-08-14.4 - "Administrador" 2007-08-19 15:01:37.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1487 [GMT 9:00]

* Created a new restore point

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\.protected

C:\Arquivos de programas\VideoAccessCodec

C:\Arquivos de programas\VideoAccessCodec\install.ico

C:\Arquivos de programas\VideoAccessCodec\Uninstall.exe

C:\Arquivos de programas\VideoAccessCodec\VideoAccessCodec.ocx

C:\DOCUME~1\ADMINI~1.27F\Desktop\internet.lnk

C:\DOCUME~1\ADMINI~1.27F\FAVORI~1.\Error Cleaner.url

C:\DOCUME~1\ADMINI~1.27F\FAVORI~1.\Privacy Protector.url

C:\DOCUME~1\ADMINI~1.27F\FAVORI~1.\Spyware&Malware Protection.url

C:\DOCUME~1\ALLUSE~1\MENUIN~1\PROGRA~1\INICIA~1.\.protected

C:\UGA6P

C:\WINDOWS\.protected

C:\WINDOWS\dat.txt

C:\WINDOWS\duocore.dll

C:\WINDOWS\main_uninstaller.exe

C:\WINDOWS\privacy_danger

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\index.htm

C:\WINDOWS\system32\drivers\etc\.protected

C:\WINDOWS\system32\winsys.exe

C:\WINDOWS\wmpconf.dll

C:\WINDOWS\wmpenv.dll

 

 

((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))

 

 

2007-08-19 15:00 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-19 02:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1.27F\DADOSD~1\DivX

2007-08-19 02:37 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-08-19 02:37 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-08-19 02:37 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-08-19 02:37 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2007-08-19 02:37 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe

2007-08-19 02:37 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe

2007-08-19 02:37 <DIR> d-------- C:\Arquivos de programas\DivX

2007-08-19 02:33 <DIR> d---s---- C:\DOCUME~1\ADMINI~1.27F\UserData

2007-08-19 02:18 <DIR> d-------- C:\Arquivos de programas\QuickTime

2007-08-19 02:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple

2007-08-19 02:17 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Apple

2007-08-19 02:01 <DIR> d-------- C:\DOCUME~1\ADMINI~1.27F\DADOSD~1\Apple Computer

2007-08-19 01:53 <DIR> d-------- C:\DOCUME~1\ADMINI~1.27F\DADOSD~1\Logitech

2007-08-19 00:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1.27F\Contacts

2007-08-19 00:04 <DIR> d-------- C:\DOCUME~1\ADMINI~1.27F\DADOSD~1\CyberLink

2007-08-18 15:34 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1.27F\NTUSER.DAT

2007-08-18 15:34 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1.27F\Dados de aplicativos

2007-08-18 15:34 <DIR> dr------- C:\DOCUME~1\ADMINI~1.27F\Meus documentos

2007-08-18 15:34 <DIR> dr------- C:\DOCUME~1\ADMINI~1.27F\Menu Iniciar

2007-08-18 15:34 <DIR> dr------- C:\DOCUME~1\ADMINI~1.27F\Favoritos

2007-08-18 15:34 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.27F\Modelos

2007-08-18 15:34 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.27F\Configura‡äes locais

2007-08-18 15:34 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.27F\Ambiente de rede

2007-08-18 15:34 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.27F\Ambiente de impressÆo

2007-08-18 14:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\TrustedAntivirus

2007-08-18 14:27 158,752 --a------ C:\DOCUME~1\ADMINI~1\DADOSD~1\install_en[1].exe

2007-08-18 14:24 <DIR> d-------- C:\!KillBox

2007-08-18 13:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-08-12 07:22 745,547 --a------ C:\WINDOWS\system32\Magentic Screensaver.scr

2007-08-12 07:22 <DIR> d-------- C:\Arquivos de programas\Magentic

2007-08-06 23:30 <DIR> d-------- C:\Arquivos de programas\U.R.Celeb

2007-08-05 06:27 <DIR> d-------- C:\Arquivos de programas\Atrativa Games

2007-07-27 05:49 45,056 --a------ C:\WINDOWS\NCUNINST.EXe

2007-07-27 05:49 40,960 --a------ C:\WINDOWS\NCLAUNCH.EXe

2007-07-27 05:49 1,625,615 --a------ C:\WINDOWS\X-plod Screensaver.scr

2007-07-26 12:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-07-26 11:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe

2007-07-26 11:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-07-26 11:53 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-07-26 11:53 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-07-26 11:50 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2007-07-26 11:50 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2007-07-26 11:50 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2007-07-26 11:50 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2007-07-26 11:50 740,442 --a------ C:\WINDOWS\system32\DivX.dll

2007-07-26 11:50 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll

2007-07-26 11:50 57,344 --a------ C:\WINDOWS\system32\dpv11.dll

2007-07-26 11:50 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll

2007-07-26 11:50 344,064 --a------ C:\WINDOWS\system32\dpus11.dll

2007-07-26 11:50 294,912 --a------ C:\WINDOWS\system32\dpu11.dll

2007-07-26 11:50 294,912 --a------ C:\WINDOWS\system32\dpu10.dll

2007-07-26 11:50 196,608 --a------ C:\WINDOWS\system32\dtu100.dll

2007-07-26 11:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

2007-07-25 07:06 <DIR> d-------- C:\Arquivos de programas\Shutterfly

2007-07-25 05:30 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2007-07-25 04:55 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

2007-07-25 04:55 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

2007-07-24 05:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.thumbnails

2007-07-24 04:59 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\gtk-2.0

2007-07-24 04:58 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.gimp-2.2

2007-07-24 04:53 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\GTK

2007-07-23 22:06 73,216 --a------ C:\WINDOWS\system32\lffax13n.dll

2007-07-23 22:06 279,552 --a------ C:\WINDOWS\system32\LFJ2K13n.dll

2007-07-23 22:06 26,112 --a------ C:\WINDOWS\system32\lfpcx13n.dll

2007-07-23 22:06 24,576 --a------ C:\WINDOWS\system32\lftga13n.dll

2007-07-23 22:06 181,248 --a------ C:\WINDOWS\system32\Lfpng13n.dll

2007-07-23 22:06 18,944 --a------ C:\WINDOWS\system32\lfmsp13n.dll

2007-07-23 22:06 17,920 --a------ C:\WINDOWS\system32\lfRaw13n.dll

2007-07-23 22:06 126,464 --a------ C:\WINDOWS\system32\lftif13n.dll

2007-07-23 22:06 1,013,760 --a------ C:\WINDOWS\system32\Ltwvc13n.dll

2007-07-20 06:59 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Shutterfly

2007-07-20 06:04 212,480 --------- C:\WINDOWS\pcdlib32.dll

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-19 02:17 --------- d-------- C:\Arquivos de programas\Apple Software Update

2007-07-27 05:49 1386496 --a------ C:\WINDOWS\system32\msvbvm60.dll

2007-07-25 06:39 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-07-25 06:02 --------- d-------- C:\Arquivos de programas\Google

2007-07-23 20:56 --------- d-------- C:\Arquivos de programas\iPod

2007-07-20 09:03 --------- d-------- C:\Arquivos de programas\Windows Live Toolbar

2007-07-20 09:03 --------- d-------- C:\Arquivos de programas\GameSpy Arcade

2007-07-14 00:58 --------- d-------- C:\Arquivos de programas\LimeWire

2007-07-08 05:58 --------- d-------- C:\Arquivos de programas\EA GAMES

2007-07-08 00:33 --------- d-------- C:\Arquivos de programas\KillBox

2007-07-07 23:17 --------- d-------- C:\Arquivos de programas\Yahoo!

2007-07-07 23:17 --------- d-------- C:\Arquivos de programas\CCleaner

2007-07-07 14:35 --------- d-------- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2007-07-07 06:53 81920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

2007-07-07 06:53 --------- d-------- C:\Arquivos de programas\Logitech

2007-07-07 06:45 --------- d-------- C:\Arquivos de programas\Playlogic

2007-06-26 23:09 660992 -----c--- C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-26 22:57 851968 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll

2007-06-26 15:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-26 15:10 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll

2007-06-19 22:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-19 22:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll

2007-06-15 03:09 96768 -----c--- C:\WINDOWS\system32\dllcache\inseng.dll

2007-06-15 03:09 616448 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll

2007-06-15 03:09 55808 -----c--- C:\WINDOWS\system32\dllcache\extmgr.dll

2007-06-15 03:09 532480 -----c--- C:\WINDOWS\system32\dllcache\mstime.dll

2007-06-15 03:09 474112 -----c--- C:\WINDOWS\system32\dllcache\shlwapi.dll

2007-06-15 03:09 449024 -----c--- C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-06-15 03:09 39424 -----c--- C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-06-15 03:09 357888 -----c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-06-15 03:09 3079680 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll

2007-06-15 03:09 251392 -----c--- C:\WINDOWS\system32\dllcache\iepeers.dll

2007-06-15 03:09 205312 -----c--- C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-06-15 03:09 16384 -----c--- C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-06-15 03:09 151552 -----c--- C:\WINDOWS\system32\dllcache\cdfview.dll

2007-06-15 03:09 1494528 -----c--- C:\WINDOWS\system32\dllcache\shdocvw.dll

2007-06-15 03:09 146432 -----c--- C:\WINDOWS\system32\dllcache\msrating.dll

2007-06-15 03:09 1055744 -----c--- C:\WINDOWS\system32\dllcache\danim.dll

2007-06-15 03:09 1024000 -----c--- C:\WINDOWS\system32\dllcache\browseui.dll

2007-06-14 23:07 18432 -----c--- C:\WINDOWS\system32\dllcache\iedw.exe

2007-06-13 22:21 1035264 --a------ C:\WINDOWS\explorer.exe

2007-06-13 22:21 1035264 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe

2004-09-04 17:47 157 --a------ C:\WINDOWS\inf\nlite.cmd

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]

"GBB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-07-12 18:58]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 17:56 C:\WINDOWS\RTHDCPL.EXE]

"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 C:\WINDOWS\SkyTel.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 18:22]

"nwiz"="nwiz.exe" [2006-06-01 18:22 C:\WINDOWS\system32\nwiz.exe]

"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 10:15]

"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 11:37]

"Launch LGDCore"="C:\Arquivos de programas\Logitech\G-series Software\LGDCore.exe" [2006-03-07 00:31]

"Launch LCDMon"="C:\Arquivos de programas\Logitech\G-series Software\LCDMon.exe" [2006-03-07 00:14]

"Logitech Hardware Abstraction Layer"="C:\Arquivos de programas\Arquivos comuns\Logicool\khalshared\KHALMNPR.EXE" [2006-07-19 14:39]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 14:39 C:\WINDOWS\KHALMNPR.Exe]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-17 05:02]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]

"NvMediaCenter"="NvMCTray.dll" [2006-06-01 18:22 C:\WINDOWS\system32\nvmctray.dll]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55]

"PCMService"="C:\Arquivos de programas\CyberLink\PowerCinema\PCMService.exe" [2004-11-03 16:53]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2007-06-01 16:51]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]

"AGEIA PhysX SysTray"="C:\Arquivos de programas\AGEIA Technologies\TrayIcon.exe" [2006-09-08 09:01]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-02 07:54]

"LogitechVideoRepair"="C:\Arquivos de programas\Logitech\Video\ISStart.exe" [2005-01-18 17:47]

"LogitechVideoTray"="C:\Arquivos de programas\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2007-06-29 06:24]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-07-07 06:53]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

"Magentic"="C:\ARQUIV~1\Magentic\bin\Magentic.exe" [2007-07-10 10:34]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-07 06:53:50]

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

Source= file:///C:\WINDOWS\privacy_danger\index.htm

FriendlyName= Privacy Protection

 

R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys

R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys

R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys

R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys

S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS

S3 MSICPL;MSICPL;\??\D:\install4\MSICPL.sys

S3 NTACCESS;NTACCESS;\??\D:\NTACCESS.sys

S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys

 

 

Contents of the 'Scheduled Tasks' folder

2007-08-18 17:18:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

2007-08-19 05:39:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-19 15:03:27

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CrystalSysInfo]

"ImagePath"="\??\C:\WINDOWS\system32\SysInfo.sys"

 

Completion time: 2007-08-19 15:03:59 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-19 15:03

 

--- E O F ---

 

 

2006-05-19 18:36	  200704	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\WinSys.exe.vir2007-05-18 17:39	  23870	--a------	C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\capt.gif.vir2007-05-18 17:39	  47318	--a------	C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\danger.jpg.vir2007-05-18 17:40	  14916	--a------	C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\down.gif.vir2007-05-18 17:44	  43	--a------	C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\spacer.gif.vir2007-08-08 13:57	  1151	--a------	C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\index.htm.vir2007-08-17 23:32	  221184	--a------	C:\Qoobox\Quarantine\C\WINDOWS\wmpconf.dll.vir2007-08-18 00:01	  4286	--a------	C:\Qoobox\Quarantine\C\Arquivos de programas\VideoAccessCodec\install.ico.vir2007-08-18 02:07	  364544	--a------	C:\Qoobox\Quarantine\C\Arquivos de programas\VideoAccessCodec\VideoAccessCodec.ocx.vir2007-08-18 02:07	  37623	--a------	C:\Qoobox\Quarantine\C\Arquivos de programas\VideoAccessCodec\Uninstall.exe.vir2007-08-18 14:08	  0	--a------	C:\Qoobox\Quarantine\C\.protected.vir2007-08-18 14:08	  0	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\MENUIN~1\PROGRA~1\INICIA~1\.protected.vir2007-08-18 14:08	  0	--a------	C:\Qoobox\Quarantine\C\WINDOWS\.protected.vir2007-08-18 14:08	  0	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\etc\.protected.vir2007-08-18 21:52	  176128	--a------	C:\Qoobox\Quarantine\C\WINDOWS\wmpenv.dll.vir2007-08-18 21:52	  221184	--a------	C:\Qoobox\Quarantine\C\WINDOWS\duocore.dll.vir2007-08-18 21:52	  32768	--a------	C:\Qoobox\Quarantine\C\WINDOWS\main_uninstaller.exe.vir2007-08-19 00:51	  104	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\ADMINI~1.27F\Desktop\Internet.lnk.vir2007-08-19 12:00	  286	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\ADMINI~1.27F\FAVORI~1\Error Cleaner.url.vir2007-08-19 12:00	  286	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\ADMINI~1.27F\FAVORI~1\Privacy Protector.url.vir2007-08-19 12:00	  286	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\ADMINI~1.27F\FAVORI~1\Spyware&Malware Protection.url.vir2007-08-19 14:47	  1556	--a------	C:\Qoobox\Quarantine\C\WINDOWS\dat.txt.virListagem de caminhos de pastaO n£mero de s‚rie do volume ‚ E401-1456C:\QOOBOX\---Quarantine	+---C	|   |   .protected.vir	|   |   	|   +---Arquivos de programas	|   |   \---VideoAccessCodec	|   |		   install.ico.vir	|   |		   Uninstall.exe.vir	|   |		   VideoAccessCodec.ocx.vir	|   |		   	|   +---DOCUME~1	|   |   +---ADMINI~1.27F	|   |   |   +---Desktop	|   |   |   |	   Internet.lnk.vir	|   |   |   |	   	|   |   |   \---FAVORI~1	|   |   |		   Error Cleaner.url.vir	|   |   |		   Privacy Protector.url.vir	|   |   |		   Spyware&Malware Protection.url.vir	|   |   |		   	|   |   \---ALLUSE~1	|   |	   \---MENUIN~1	|   |		   \---PROGRA~1	|   |			   \---INICIA~1	|   |					   .protected.vir	|   |					   	|   \---WINDOWS	|	   |   .protected.vir	|	   |   dat.txt.vir	|	   |   duocore.dll.vir	|	   |   main_uninstaller.exe.vir	|	   |   wmpconf.dll.vir	|	   |   wmpenv.dll.vir	|	   |   	|	   +---privacy_danger	|	   |   |   index.htm.vir	|	   |   |   	|	   |   \---images	|	   |		   capt.gif.vir	|	   |		   danger.jpg.vir	|	   |		   down.gif.vir	|	   |		   spacer.gif.vir	|	   |		   	|	   \---system32	|		   |   WinSys.exe.vir	|		   |   	|		   \---drivers	|			   \---etc	|					   .protected.vir	|					   	\---Registry_backups

[raphael436 0]

Faça download do Ad-adware

 

Faça um scan e poste o resultado

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.