[Resolvido!]Computador Muito Lento

[Eduardo Moreira dos Santos 0]

Pessoal,

 

Por favor, ajudem-me! Da outra vez que tive um vírus no meu computador o JGARCIA foi muito atencioso e eficiente. Quero aproveitar o momento para agradecer mais uma vez. E mais uma vez também estou precisando de ajuda para resolver este problema. O meu computador fica acessando o HD de uma forma frenética e com isso o computador fica extremamente lento. Entrei no HIJACKTHIS e gerei um LOG para ver se já adianta o trabalho:

 

Logfile of HijackThis v1.99.1

Scan saved at 22:40:27, on 19/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe

C:\ARQUIV~1\LEXMAR~1\LXBRKsk.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmon.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\Lexmark 3100 Series\lxbrcmon.exe

C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\eMule\emule.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Arquivos de programas\palmOne\HOTSYNC.EXE

C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe

C:\ARQUIV~1\Symantec\NORTON~1\GHOSTS~2.EXE

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.i.com.ua/~video/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Arquivos de programas\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll

O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Arquivos de programas\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe"

O4 - HKLM\..\Run: [LXBRKsk] C:\ARQUIV~1\LEXMAR~1\LXBRKsk.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Kaspersky Anti-Virus 2006 (Beta)] C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [modemspy] "C:\Arquivos de programas\Modem Spy\modemspy.exe" /tray

O4 - HKLM\..\Run: [aol] "C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\palmOne\HOTSYNC.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\npjpi160_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161552440890

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~3\GOEC62~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe" -r (file missing)

O23 - Service: GhostStartService - Symantec Corporation - C:\ARQUIV~1\Symantec\NORTON~1\GHOSTS~2.EXE

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

 

Muito obrigado a todos,

 

Eduardo.

[jgarcia 1]

Opa Eduardo Moreira dos Santos,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[Eduardo Moreira dos Santos 0]

JGarcia,

 

conforme você solicitou estou enviando o LOG do COMBOFIX:

 

ComboFix 07-08-25.2 - "Eduardo" 2007-08-26 14:23:01.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.60 [GMT -3:00]

* Created a new restore point

 

 

((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))

 

 

2007-08-26 14:21 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-26 11:13 <DIR> d-------- C:\DOCUME~1\Vitor\DADOSD~1\StarOffice8

2007-08-25 18:44 <DIR> d-------- C:\DOCUME~1\Eduardo\DADOSD~1\Media Player Classic

2007-08-25 18:41 740,442 --a------ C:\WINDOWS\system32\divx.dll

2007-08-25 18:41 73,728 --a------ C:\WINDOWS\system32\dpl100.dll

2007-08-25 18:41 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-08-25 18:41 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-08-25 18:41 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2007-08-25 18:41 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-08-25 18:41 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-08-25 18:41 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2007-08-25 18:26 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2007-08-25 18:26 <DIR> d-------- C:\Arquivos de programas\Winamp

2007-08-25 18:21 <DIR> d-------- C:\WINDOWS\system32\runtime

2007-08-25 09:12 <DIR> d-------- C:\DOCUME~1\Jorge\DADOSD~1\Babylon

2007-08-24 19:19 <DIR> d-------- C:\DOCUME~1\Arthur\Contacts

2007-08-24 19:17 <DIR> d-------- C:\DOCUME~1\Arthur\DADOSD~1\Babylon

2007-08-24 18:23 <DIR> d-------- C:\DOCUME~1\Vitor\Contacts

2007-08-23 09:13 <DIR> d-------- C:\WINDOWS\system32\pt-br

2007-08-23 09:09 <DIR> d-------- C:\WINDOWS\network diagnostic

2007-08-23 08:24 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2007-08-23 08:24 156,160 --a------ C:\WINDOWS\system32\unrar3.dll

2007-08-23 08:24 <DIR> d-------- C:\Arquivos de programas\TUGZip

2007-08-22 14:39 <DIR> d-------- C:\DOCUME~1\Vitor\DADOSD~1\Babylon

2007-08-22 09:14 <DIR> d-------- C:\Arquivos de programas\palmOne

2007-08-18 18:12 <DIR> d-------- C:\Arquivos de programas\Babylon

2007-08-18 18:11 <DIR> d-------- C:\DOCUME~1\Eduardo\DADOSD~1\Babylon

2007-08-18 18:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Babylon

2007-08-18 18:00 <DIR> d-------- C:\DOCUME~1\Eduardo\DADOSD~1\StarOffice8

2007-08-16 23:51 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-08-16 23:51 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-08-16 23:50 <DIR> d-------- C:\Arquivos de programas\Picasa2

2007-08-16 23:20 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2007-08-16 23:00 <DIR> d-------- C:\Arquivos de programas\AOL Security Toolbar

2007-08-16 22:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\AOL

2007-08-16 22:56 7,343,648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2007-08-16 22:56 217,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-26 12:35 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google Updater

2007-08-26 12:32 --------- d-------- C:\Arquivos de programas\eMule

2007-08-25 19:34 22868 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2007-08-25 19:34 104816 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2007-08-25 18:21 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

2007-08-25 18:21 --------- d-------- C:\Arquivos de programas\Google

2007-08-25 10:29 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-08-24 19:22 --------- d-------- C:\DOCUME~1\Arthur\DADOSD~1\Google

2007-08-23 22:23 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-08-23 22:22 --------- d-------- C:\DOCUME~1\Eduardo\DADOSD~1\Real

2007-08-23 22:22 --------- d-------- C:\DOCUME~1\Eduardo\DADOSD~1\Real

2007-08-23 22:18 --------- d-------- C:\Arquivos de programas\Jasc Software Inc

2007-08-23 22:17 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-23 22:17 --------- d-------- C:\Arquivos de programas\InterVideo

2007-08-23 22:14 --------- d-------- C:\Arquivos de programas\DivX

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-06-26 03:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 10:21 1035264 --a------ C:\WINDOWS\explorer.exe

2004-05-15 19:56 1279 --a------ C:\Arquivos de programas\INSTALL.LOG

2004-02-29 19:26:27 56 --sha-r C:\WINDOWS\system32\5ECE85836A.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2001-10-16 08:02]

"nwiz"="nwiz.exe" [2001-10-16 08:03 C:\WINDOWS\system32\nwiz.exe]

"Lexmark 3100 Series"="C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-04 00:10]

"LXBRKsk"="C:\ARQUIV~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 11:58]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 12:48]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe" [2005-07-15 18:48]

"Kaspersky Anti-Virus 2006 (Beta)"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" []

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-16 22:59]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 C:\WINDOWS\AGRSMMSG.exe]

"modemspy"="C:\Arquivos de programas\Modem Spy\modemspy.exe" []

"aol"="C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe" [2006-05-30 11:13]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-06-15 20:15]

"Babylon Client"="C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe" [2006-12-13 16:15]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"KAVPersonal50"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" []

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-05-14 19:22]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIEW"="nview.dll,nViewLoadHook" []

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 22:55]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45]

"eMuleAutoStart"="C:\Arquivos de programas\eMule\emule.exe" [2006-09-14 11:15]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

 

C:\DOCUME~1\Eduardo\MENUIN~1\PROGRA~1\INICIA~1\

Gerenciador do HotSync.lnk - C:\Arquivos de programas\palmOne\HOTSYNC.EXE [2004-04-13 17:03:10]

 

C:\DOCUME~1\Vitor\MENUIN~1\PROGRA~1\INICIA~1\

StarOffice 8.lnk - C:\Arquivos de programas\Sun\StarOffice 8\program\quickstart.exe [2007-02-02 17:55:10]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\ARQUIV~1\Google\GOOGLE~3\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Acrobat Assistant.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Acrobat Assistant.lnk

backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Verificador de Calendário Ulead Photo Express.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Verificador de Calendário Ulead Photo Express.lnk

backup=C:\WINDOWS\pss\Verificador de Calendário Ulead Photo Express.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dhup]

C:\Documents and Settings\Eduardo\Dados de aplicativos\cmcc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

C:\ARQUIV~1\DAP\DAP.EXE /STARTUP

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]

C:\Arquivos de programas\DU Meter\DUMeter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMONTRAY]

C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]

C:\ARQUIV~1\ICQ\ICQNet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Arquivos de programas\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Owtt]

C:\Documents and Settings\Eduardo\Dados de aplicativos\ricc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonicFocus]

"C:\Arquivos de programas\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

"C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]

C:\Arquivos de programas\VVSN\VVSN.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Arquivos de programas\Winamp\winampa.exe

 

R1 GhPciScan;GhostPciScanner;\??\C:\Arquivos de programas\Symantec\Norton Ghost 2003\ghpciscan.sys

R2 iSMBIOS;iSMBIOS;\??\C:\WINDOWS\System32\drivers\iSMBIOS.SYS

R2 SIODRV;SIODRV;\??\C:\WINDOWS\System32\drivers\SIODRV.SYS

S2 Klop;Klop;\??\C:\WINDOWS\system32\drivers\Klop.sys

S3 smbusp;Intel® SMBus 2.0 Driver;C:\WINDOWS\system32\DRIVERS\smb.sys

S4 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys

 

*Newly Created Service* - CATCHME

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-26 14:25:24

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-26 14:26:38

 

--- E O F ---

 

Muito obrigado,

 

Eduardo

[jgarcia 1]

Opa Eduardo Moreira dos Santos,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

[Eduardo Moreira dos Santos 0]

JGarcia,

 

segue abaixo o log do Hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 08:44:08, on 29/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Symantec\NORTON~1\GHOSTS~2.EXE

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe

C:\ARQUIV~1\LEXMAR~1\LXBRKsk.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmon.exe

C:\WINDOWS\system32\lexpps.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Lexmark 3100 Series\lxbrcmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\palmOne\HOTSYNC.EXE

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe

C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Arquivos de programas\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll

O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Arquivos de programas\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe"

O4 - HKLM\..\Run: [LXBRKsk] C:\ARQUIV~1\LEXMAR~1\LXBRKsk.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Kaspersky Anti-Virus 2006 (Beta)] C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [modemspy] "C:\Arquivos de programas\Modem Spy\modemspy.exe" /tray

O4 - HKLM\..\Run: [aol] "C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe"

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\palmOne\HOTSYNC.EXE

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161552440890

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~3\GOEC62~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe" -r (file missing)

O23 - Service: GhostStartService - Symantec Corporation - C:\ARQUIV~1\Symantec\NORTON~1\GHOSTS~2.EXE

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

E a seguir o relatório do BankerFix:

 

Execucao concluida com exito!!

 

Nenhum problema foi encontrado no seu computador.

Isso nao significa que o seu computador esta realmente

livre de Bankers, pois novos arquivos maliciosos surgem

toda semana.

 

Caso ainda tenha suspeitas ou duvidas, visite o Forum Linha Defensiva:

http://forum.linhadefensiva.org

 

Pressione qualquer tecla para continuar. . .

 

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 29/8/2007 - 8:52

-------------------------------------------------------

Lista de Definição: 2007-08-18-1

=======================================================

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

----- Fim -------------------------

 

Um abraço,

 

Eduardo Moreira dos Santos

[jgarcia 1]

Opa Eduardo Moreira dos Santos,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

Desinstale:

-> VVSN

 

Utilize Adicionar / Remover programas.

 

Desinstale e reinicie após tê-lo feito.

 

Obs.: Caso não encontre o programa acima citado na lista, apenas passe para a próxima etapa.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\system32\5ECE85836A.sys

C:\Documents and Settings\Eduardo\Dados de aplicativos\cmcc.exe

C:\Documents and Settings\Eduardo\Dados de aplicativos\ricc.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

Localize e delete:

C:\Arquivos de programas\VVSN <- a pasta

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Poste novos logs do ComboFix e HijackThis.

 

Um abraço.

[Eduardo Moreira dos Santos 0]

JGarcia,

 

No final da etapa 1 você pede:

 

Localize e delete:

C:\Arquivos de programas\VVSN <- a pasta

 

Eu não encontrei essa pasta.

 

Durante a execução do COMBOFIX foi apresentada na tela do command prompt a mensgem de ACESSO NEGADO. Não sei se é importante mas resolvi indicar-lhe.

 

A seguir o log do COMBOFIX:

 

ComboFix 07-08-30.3 - "Eduardo" 2007-08-31 19:15:07.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.135 [GMT -3:00]

* Created a new restore point

 

 

((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))

 

 

2007-08-26 14:21 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-26 11:13 <DIR> d-------- C:\DOCUME~1\Vitor\DADOSD~1\StarOffice8

2007-08-25 18:44 <DIR> d-------- C:\DOCUME~1\Eduardo\DADOSD~1\Media Player Classic

2007-08-25 18:41 740,442 --a------ C:\WINDOWS\system32\divx.dll

2007-08-25 18:41 73,728 --a------ C:\WINDOWS\system32\dpl100.dll

2007-08-25 18:41 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-08-25 18:41 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-08-25 18:41 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2007-08-25 18:41 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-08-25 18:41 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-08-25 18:41 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2007-08-25 18:26 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2007-08-25 18:26 <DIR> d-------- C:\Arquivos de programas\Winamp

2007-08-25 18:21 <DIR> d-------- C:\WINDOWS\system32\runtime

2007-08-25 09:12 <DIR> d-------- C:\DOCUME~1\Jorge\DADOSD~1\Babylon

2007-08-24 19:19 <DIR> d-------- C:\DOCUME~1\Arthur\Contacts

2007-08-24 19:17 <DIR> d-------- C:\DOCUME~1\Arthur\DADOSD~1\Babylon

2007-08-24 18:23 <DIR> d-------- C:\DOCUME~1\Vitor\Contacts

2007-08-23 09:13 <DIR> d-------- C:\WINDOWS\system32\pt-br

2007-08-23 08:24 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2007-08-23 08:24 156,160 --a------ C:\WINDOWS\system32\unrar3.dll

2007-08-23 08:24 <DIR> d-------- C:\Arquivos de programas\TUGZip

2007-08-22 14:39 <DIR> d-------- C:\DOCUME~1\Vitor\DADOSD~1\Babylon

2007-08-22 09:14 <DIR> d-------- C:\Arquivos de programas\palmOne

2007-08-18 18:12 <DIR> d-------- C:\Arquivos de programas\Babylon

2007-08-18 18:11 <DIR> d-------- C:\DOCUME~1\Eduardo\DADOSD~1\Babylon

2007-08-18 18:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Babylon

2007-08-18 18:00 <DIR> d-------- C:\DOCUME~1\Eduardo\DADOSD~1\StarOffice8

2007-08-16 23:51 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-08-16 23:51 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-08-16 23:50 <DIR> d-------- C:\Arquivos de programas\Picasa2

2007-08-16 23:20 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2007-08-16 23:00 <DIR> d-------- C:\Arquivos de programas\AOL Security Toolbar

2007-08-16 22:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\AOL

2007-08-16 22:56 8,338,208 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2007-08-16 22:56 260,896 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-31 19:07 --------- d-------- C:\Arquivos de programas\eMule

2007-08-31 18:20 27428 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2007-08-31 18:20 119768 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2007-08-31 10:30 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google Updater

2007-08-25 18:21 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

2007-08-25 18:21 --------- d-------- C:\Arquivos de programas\Google

2007-08-25 10:29 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-08-24 19:22 --------- d-------- C:\DOCUME~1\Arthur\DADOSD~1\Google

2007-08-23 22:23 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-08-23 22:22 --------- d-------- C:\DOCUME~1\Eduardo\DADOSD~1\Real

2007-08-23 22:18 --------- d-------- C:\Arquivos de programas\Jasc Software Inc

2007-08-23 22:17 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-23 22:17 --------- d-------- C:\Arquivos de programas\InterVideo

2007-08-23 22:14 --------- d-------- C:\Arquivos de programas\DivX

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-06-26 03:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 10:21 1035264 --a------ C:\WINDOWS\explorer.exe

2004-05-15 19:56 1279 --a------ C:\Arquivos de programas\INSTALL.LOG

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2001-10-16 08:02]

"nwiz"="nwiz.exe" [2001-10-16 08:03 C:\WINDOWS\system32\nwiz.exe]

"Lexmark 3100 Series"="C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-04 00:10]

"LXBRKsk"="C:\ARQUIV~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 11:58]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 12:48]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe" [2005-07-15 18:48]

"Kaspersky Anti-Virus 2006 (Beta)"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" []

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-16 22:59]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 C:\WINDOWS\AGRSMMSG.exe]

"modemspy"="C:\Arquivos de programas\Modem Spy\modemspy.exe" []

"aol"="C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe" [2006-05-30 11:13]

"Babylon Client"="C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe" [2006-12-13 16:15]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"KAVPersonal50"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" []

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-05-14 19:22]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIEW"="nview.dll,nViewLoadHook" []

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 22:55]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45]

"eMuleAutoStart"="C:\Arquivos de programas\eMule\emule.exe" [2006-09-14 11:15]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

 

C:\DOCUME~1\Eduardo\MENUIN~1\PROGRA~1\INICIA~1\

Gerenciador do HotSync.lnk - C:\Arquivos de programas\palmOne\HOTSYNC.EXE [2004-04-13 17:03:10]

 

C:\DOCUME~1\Vitor\MENUIN~1\PROGRA~1\INICIA~1\

StarOffice 8.lnk - C:\Arquivos de programas\Sun\StarOffice 8\program\quickstart.exe [2007-02-02 17:55:10]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\ARQUIV~1\Google\GOOGLE~3\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Acrobat Assistant.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Acrobat Assistant.lnk

backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Verificador de Calendário Ulead Photo Express.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Verificador de Calendário Ulead Photo Express.lnk

backup=C:\WINDOWS\pss\Verificador de Calendário Ulead Photo Express.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dhup]

C:\Documents and Settings\Eduardo\Dados de aplicativos\cmcc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

C:\ARQUIV~1\DAP\DAP.EXE /STARTUP

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]

C:\Arquivos de programas\DU Meter\DUMeter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMONTRAY]

C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]

C:\ARQUIV~1\ICQ\ICQNet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Arquivos de programas\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Owtt]

C:\Documents and Settings\Eduardo\Dados de aplicativos\ricc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonicFocus]

"C:\Arquivos de programas\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

"C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]

C:\Arquivos de programas\VVSN\VVSN.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Arquivos de programas\Winamp\winampa.exe

 

R1 GhPciScan;GhostPciScanner;\??\C:\Arquivos de programas\Symantec\Norton Ghost 2003\ghpciscan.sys

R2 iSMBIOS;iSMBIOS;\??\C:\WINDOWS\System32\drivers\iSMBIOS.SYS

R2 SIODRV;SIODRV;\??\C:\WINDOWS\System32\drivers\SIODRV.SYS

S2 Klop;Klop;\??\C:\WINDOWS\system32\drivers\Klop.sys

S3 smbusp;Intel® SMBus 2.0 Driver;C:\WINDOWS\system32\DRIVERS\smb.sys

S4 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-31 19:16:52

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-31 19:17:56

C:\ComboFix-quarantined-files.txt ... 2007-08-31 19:17

C:\ComboFix2.txt ... 2007-08-26 14:26

 

--- E O F ---

 

A seguir o log do HIJACKTHIS:

 

Logfile of HijackThis v1.99.1

Scan saved at 19:24:05, on 31/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe

C:\ARQUIV~1\Symantec\NORTON~1\GHOSTS~2.EXE

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe

C:\ARQUIV~1\LEXMAR~1\LXBRKsk.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe

C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmon.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Lexmark 3100 Series\lxbrcmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\palmOne\HOTSYNC.EXE

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Arquivos de programas\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll

O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Arquivos de programas\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe"

O4 - HKLM\..\Run: [LXBRKsk] C:\ARQUIV~1\LEXMAR~1\LXBRKsk.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Kaspersky Anti-Virus 2006 (Beta)] C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [modemspy] "C:\Arquivos de programas\Modem Spy\modemspy.exe" /tray

O4 - HKLM\..\Run: [aol] "C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe"

O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\palmOne\HOTSYNC.EXE

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161552440890

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fap-sede.com.br,bndes.net

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~3\GOEC62~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe" -r (file missing)

O23 - Service: GhostStartService - Symantec Corporation - C:\ARQUIV~1\Symantec\NORTON~1\GHOSTS~2.EXE

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

Atenciosamente,

 

Eduardo Moreira dos Santos

[jgarcia 1]

Opa Eduardo Moreira dos Santos,

 

Vamos lá.

 

1ª Etapa

 

Reinicie o computador em Modo Seguro.

 

Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue até a seguinte sub-chave:

 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg

 

Localize e delete as seguintes pastas e/ou entradas do registro (painel à direita):

 

Dhup

C:\Documents and Settings\Eduardo\Dados de aplicativos\cmcc.exe

 

Owtt

C:\Documents and Settings\Eduardo\Dados de aplicativos\ricc.exe

 

VVSN

C:\Arquivos de programas\VVSN\VVSN.exe

 

Saia do Editor do Registro.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Poste um novo log do ComboFix.

 

Um abraço.

[Eduardo Moreira dos Santos 0]

JGarcia,

 

mais uma vez, lá vai o COMBOFIX:

 

ComboFix 07-08-30.3 - "Eduardo" 2007-09-02 15:25:24.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.132 [GMT -3:00]

 

 

((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))

 

 

2007-09-02 13:46 <DIR> d-------- C:\Arquivos de programas\MegaJogos

2007-09-02 10:24 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2007-09-02 10:24 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2007-09-02 10:24 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2007-09-02 10:24 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2007-09-02 10:24 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2007-09-02 10:24 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2007-09-02 10:24 <DIR> d-------- C:\mcafee_mcpr

2007-09-02 10:23 <DIR> d-------- C:\Arquivos de programas\McAfee.com

2007-09-02 10:23 <DIR> d-------- C:\Arquivos de programas\McAfee

2007-09-02 10:23 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\McAfee

2007-09-02 10:15 675,872 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2007-09-02 10:15 671,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2007-09-02 10:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\McAfee

2007-08-26 14:21 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-26 11:13 <DIR> d-------- C:\DOCUME~1\Vitor\DADOSD~1\StarOffice8

2007-08-25 18:44 <DIR> d-------- C:\DOCUME~1\Eduardo\DADOSD~1\Media Player Classic

2007-08-25 18:41 740,442 --a------ C:\WINDOWS\system32\divx.dll

2007-08-25 18:41 73,728 --a------ C:\WINDOWS\system32\dpl100.dll

2007-08-25 18:41 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-08-25 18:41 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-08-25 18:41 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2007-08-25 18:41 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-08-25 18:41 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-08-25 18:41 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2007-08-25 18:26 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2007-08-25 18:26 <DIR> d-------- C:\Arquivos de programas\Winamp

2007-08-25 18:21 <DIR> d-------- C:\WINDOWS\system32\runtime

2007-08-25 09:12 <DIR> d-------- C:\DOCUME~1\Jorge\DADOSD~1\Babylon

2007-08-24 19:19 <DIR> d-------- C:\DOCUME~1\Arthur\Contacts

2007-08-24 19:17 <DIR> d-------- C:\DOCUME~1\Arthur\DADOSD~1\Babylon

2007-08-24 18:23 <DIR> d-------- C:\DOCUME~1\Vitor\Contacts

2007-08-23 09:13 <DIR> d-------- C:\WINDOWS\system32\pt-br

2007-08-23 08:24 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2007-08-23 08:24 156,160 --a------ C:\WINDOWS\system32\unrar3.dll

2007-08-23 08:24 <DIR> d-------- C:\Arquivos de programas\TUGZip

2007-08-22 14:39 <DIR> d-------- C:\DOCUME~1\Vitor\DADOSD~1\Babylon

2007-08-22 09:14 <DIR> d-------- C:\Arquivos de programas\palmOne

2007-08-18 18:12 <DIR> d-------- C:\Arquivos de programas\Babylon

2007-08-18 18:11 <DIR> d-------- C:\DOCUME~1\Eduardo\DADOSD~1\Babylon

2007-08-18 18:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Babylon

2007-08-18 18:00 <DIR> d-------- C:\DOCUME~1\Eduardo\DADOSD~1\StarOffice8

2007-08-16 23:51 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-08-16 23:51 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-08-16 23:50 <DIR> d-------- C:\Arquivos de programas\Picasa2

2007-08-16 23:20 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2007-08-16 23:00 <DIR> d-------- C:\Arquivos de programas\AOL Security Toolbar

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-09-02 15:22 --------- d-------- C:\Arquivos de programas\eMule

2007-09-02 15:15 71216 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2007-09-02 15:15 12764 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2007-09-01 20:55 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google Updater

2007-08-25 18:21 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

2007-08-25 18:21 --------- d-------- C:\Arquivos de programas\Google

2007-08-25 10:29 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-08-24 19:22 --------- d-------- C:\DOCUME~1\Arthur\DADOSD~1\Google

2007-08-23 22:23 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-08-23 22:22 --------- d-------- C:\DOCUME~1\Eduardo\DADOSD~1\Real

2007-08-23 22:18 --------- d-------- C:\Arquivos de programas\Jasc Software Inc

2007-08-23 22:17 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-23 22:17 --------- d-------- C:\Arquivos de programas\InterVideo

2007-08-23 22:14 --------- d-------- C:\Arquivos de programas\DivX

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-06-26 03:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 10:21 1035264 --a------ C:\WINDOWS\explorer.exe

2004-05-15 19:56 1279 --a------ C:\Arquivos de programas\INSTALL.LOG

 

 

((((((((((((((((((((((((((((( snapshot_2007-08-31_191726,20 )))))))))))))))))))))))))))))))))))))))))

 

----a-w 40,960 2007-09-02 18:22:00 C:\WINDOWS\Temp\rtdrvmon.exe

 

----a-w 40,960 2007-08-31 21:21:11 C:\WINDOWS\Temp\rtdrvmon.exe

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2001-10-16 08:02]

"nwiz"="nwiz.exe" [2001-10-16 08:03 C:\WINDOWS\system32\nwiz.exe]

"Lexmark 3100 Series"="C:\Arquivos de programas\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-04 00:10]

"LXBRKsk"="C:\ARQUIV~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 11:58]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 12:48]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe" [2005-07-15 18:48]

"Kaspersky Anti-Virus 2006 (Beta)"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" []

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-16 22:59]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 C:\WINDOWS\AGRSMMSG.exe]

"modemspy"="C:\Arquivos de programas\Modem Spy\modemspy.exe" []

"Babylon Client"="C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe" [2006-12-13 16:15]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"KAVPersonal50"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" []

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-05-14 19:22]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIEW"="nview.dll,nViewLoadHook" []

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 22:55]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45]

"eMuleAutoStart"="C:\Arquivos de programas\eMule\emule.exe" [2006-09-14 11:15]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

 

C:\DOCUME~1\Eduardo\MENUIN~1\PROGRA~1\INICIA~1\

Gerenciador do HotSync.lnk - C:\Arquivos de programas\palmOne\HOTSYNC.EXE [2004-04-13 17:03:10]

 

C:\DOCUME~1\Vitor\MENUIN~1\PROGRA~1\INICIA~1\

StarOffice 8.lnk - C:\Arquivos de programas\Sun\StarOffice 8\program\quickstart.exe [2007-02-02 17:55:10]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\ARQUIV~1\Google\GOOGLE~3\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Acrobat Assistant.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Acrobat Assistant.lnk

backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Verificador de Calendário Ulead Photo Express.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Verificador de Calendário Ulead Photo Express.lnk

backup=C:\WINDOWS\pss\Verificador de Calendário Ulead Photo Express.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

C:\ARQUIV~1\DAP\DAP.EXE /STARTUP

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]

C:\Arquivos de programas\DU Meter\DUMeter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]

C:\Arquivos de programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMONTRAY]

C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]

C:\ARQUIV~1\ICQ\ICQNet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Arquivos de programas\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonicFocus]

"C:\Arquivos de programas\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

"C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Arquivos de programas\Winamp\winampa.exe

 

R1 GhPciScan;GhostPciScanner;\??\C:\Arquivos de programas\Symantec\Norton Ghost 2003\ghpciscan.sys

R2 iSMBIOS;iSMBIOS;\??\C:\WINDOWS\System32\drivers\iSMBIOS.SYS

R2 SIODRV;SIODRV;\??\C:\WINDOWS\System32\drivers\SIODRV.SYS

S2 Klop;Klop;\??\C:\WINDOWS\system32\drivers\Klop.sys

S3 smbusp;Intel® SMBus 2.0 Driver;C:\WINDOWS\system32\DRIVERS\smb.sys

S4 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys

 

 

Contents of the 'Scheduled Tasks' folder

2007-09-02 13:23:56 C:\WINDOWS\Tasks\McDefragTask.job - c:\ARQUIV~1\mcafee\mqc\QcConsol.exe

2007-09-02 13:23:54 C:\WINDOWS\Tasks\McQcTask.job - c:\ARQUIV~1\mcafee\mqc\QcConsol.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-02 15:27:51

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-09-02 15:29:17

C:\ComboFix-quarantined-files.txt ... 2007-09-02 15:29

C:\ComboFix2.txt ... 2007-08-31 19:17

C:\ComboFix3.txt ... 2007-08-26 14:26

 

--- E O F ---

 

Um abraço,

 

Eduardo Moreira dos Santos

[jgarcia 1]

Opa Eduardo Moreira dos Santos,

 

O log parece limpo. O problema persiste?

[Eduardo Moreira dos Santos 0]

JGarcia,Problema resolvido. É incrível a competência de vocês. Através de uma comunicação assimétrica, conseguem resolver problemas bastante intrincados que eu não consigo, mesmo estando aqui de fronte do meu teclado e mouse.Parabéns pela competência, presteza e generosidade.Um forte abraço,Eduardo Moreira dos Santos

[jgarcia 1]

Opa Eduardo Moreira dos Santos,

 

Fico feliz por saber que o seu problema foi resolvido. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

Fiquei imensamente gratificado ao ler sua última mensagem. As suas palavras servem de incentivo para que eu continue a executar este trabalho voluntário, pois a maioria dos usuários não entendem que possuo uma vida fora do fórum, ou seja, a resposta pode demorar em algumas ocasiões, mas sempre vem. :grin:

 

Abraços.

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.