[Resolvido!]Winmds.exe e Conexao Desconectando automaticamente

[MaCeDo_BR 0]

Olá

estou com um problema

certo tempo o pc automaticamente abre um arquivo em DOS e a conexao cai.

e tambem ele criou um discador em minhas conexoes chamado Internet Connection

 

Ai vai meu log...

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:36:59, on 26/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\system32\winmds.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Lucas Macedo\Desktop\Downloads\Remoção\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{36E23AE1-2878-431C-BD88-DE883BB6A6E8}: NameServer = 200.206.126.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

 

 

 

 

 

OLHA JA FIZ DE TUDO BAIXEI O AT-CLEANER O MOVE-ZONEBAC NAO DEU CERTO

CONTINUA ABRINDO O PROGRAMA LA ESSE WINMDS.EXE (SOBRECARREGA MUITO O PC) E CONTINUA EXECUTANDO AUTOMATICAMENTE O ARQUIVO EM DOS FAZENDO CAIR A CONEXAO E CRIANDO UM DISCADOR CHAMADO " Internet Connection" .

ELE ACABO DE CRIA UM ARQUIVO NA PASTA TEMP COM O NOME DE " hToafjWg " e JAJA ELE VAI EXECUTAR E CAI A CONEXAO

POR FAVOR ME AJUDEM NAO AGUENTO MAIS ESSA INTERNET FICA CAINDO.

AH E OUTRA COISA

FIZ FORMATAÇÃO LOGICA E FISICA NELE, E NADA ADIANTOU <_<

 

ME AJUDEM

VOU ESTAR DIARIAMENTE VERIFICANDO AQUI

OBRIGADO.

[jgarcia 1]

Opa MaCeDo_BR,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[MaCeDo_BR 0]

Link nun ta funcionando, =/

[jgarcia 1]

Link nun ta funcionando, =/

Infelizmente teremos que aguardar, pois há um problema, ao que parece, generalizado, nos sites de segurança que hospedam o ComboFix. Nenhum link está funcionando. :(

[MaCeDo_BR 0]

Link nun ta funcionando, =/

Infelizmente teremos que aguardar, pois há um problema, ao que parece, generalizado, nos sites de segurança que hospedam o ComboFix. Nenhum link está funcionando. :(

 

 

No caso em quanto aguardamos, o que seria essa desconexao automaticando crindo o discador citado no conteudo acima?

Pois o MS-DOS é iniciado automaticamente =/ ai cria o arquivo na pasta temp e depois nas minha conexoes.

 

Abraço

[MaCeDo_BR 0]

Ta ae o log do ComboFix

 

ComboFix 07-08-29 - "Lucas Macedo" 2007-08-29 18:13:03.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.29 [GMT -3:00]

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\aXVa76co.exe

C:\WINDOWS\Tasks.\At11.job

C:\WINDOWS\Tasks.\At12.job

C:\WINDOWS\Tasks.\At13.job

C:\WINDOWS\Tasks.\At18.job

C:\WINDOWS\Tasks.\At19.job

C:\WINDOWS\WebAssist.dll

 

 

((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-29 )))))))))))))))))))))))))))))))

 

 

2007-08-28 18:08 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-28 12:28 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2007-08-27 12:28 11,342 --a------ C:\WINDOWS\system32\winmds.exe

2007-08-26 22:36 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\Comodo

2007-08-26 22:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Comodo

2007-08-26 22:34 <DIR> d-------- C:\Arquivos de programas\Comodo

2007-08-26 22:22 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos

2007-08-26 22:22 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar

2007-08-26 22:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos

2007-08-26 22:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais

2007-08-26 22:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede

2007-08-26 22:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo

2007-08-26 22:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Meus documentos

2007-08-26 22:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritos

2007-08-26 21:20 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\VSRevoGroup

2007-08-26 21:20 <DIR> d-------- C:\Arquivos de programas\VS Revo Group

2007-08-26 17:36 <DIR> d-------- C:\WINDOWS\pss

2007-08-26 12:54 <DIR> d-------- C:\Arquivos de programas\Windows Live Safety Center

2007-08-26 10:31 <DIR> d---s---- C:\DOCUME~1\LUCASM~1\UserData

2007-08-25 00:31 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\Media Player Classic

2007-08-24 23:46 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-08-24 17:18 <DIR> d-------- C:\Arquivos de programas\Guitar Pro 5

2007-08-24 12:24 <DIR> d-------- C:\Arquivos de programas\ActivationManager

2007-08-24 11:44 84,512 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys

2007-08-24 11:44 6,112 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys

2007-08-24 11:44 6,112 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys

2007-08-24 11:44 6,096 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys

2007-08-24 11:44 52,416 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys

2007-08-24 11:44 5,776 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys

2007-08-24 11:44 5,776 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys

2007-08-24 11:44 <DIR> d-------- C:\WINDOWS\system32\Samsung_Mobile_USB_Drivers

2007-08-24 11:44 <DIR> d-------- C:\Arquivos de programas\SAMSUNG

2007-08-24 11:39 <DIR> d-------- C:\WINDOWS\ShellNew

2007-08-24 11:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2007-08-24 11:30 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2007-08-24 11:30 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2007-08-24 11:30 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2007-08-24 11:30 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2007-08-24 11:30 163,840 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-08-24 11:30 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2007-08-24 11:30 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2007-08-24 11:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-08-24 11:30 <DIR> d-------- C:\Arquivos de programas\Ahead

2007-08-24 11:16 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2007-08-24 11:13 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-08-24 11:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-08-24 11:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-08-24 11:07 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-08-24 11:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2007-08-24 11:02 <DIR> d-------- C:\Arquivos de programas\Ares

2007-08-24 10:51 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\Real

2007-08-24 10:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

2007-08-24 10:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

2007-08-24 10:51 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2007-08-24 10:50 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-08-24 10:47 <DIR> d-------- C:\DOCUME~1\LUCASM~1\Contacts

2007-08-24 10:46 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-08-24 10:44 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2007-08-24 10:40 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\Free Download Manager

2007-08-24 10:28 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin

2007-08-24 10:28 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin

2007-08-24 10:28 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin

2007-08-24 10:28 385,280 --a------ C:\WINDOWS\system32\drivers\rt61.sys

2007-08-24 10:28 319,488 --a------ C:\WINDOWS\system32\AegisI5.exe

2007-08-24 10:28 295,018 --a------ C:\WINDOWS\system32\Install6x.dll

2007-08-24 10:28 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2007-08-24 10:28 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-24 10:28 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-08-24 10:28 <DIR> d-------- C:\Arquivos de programas\RALINK

2007-08-24 10:25 <DIR> d-------- C:\Arquivos de programas\Free Download Manager

2007-08-24 10:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\nView_Profiles

2007-08-24 10:22 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-08-24 10:22 <DIR> d-------- C:\WINDOWS\nview

2007-08-24 10:21 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-08-24 10:19 <DIR> dr-h----- C:\DOCUME~1\LUCASM~1\Dados de aplicativos

2007-08-24 10:19 <DIR> dr------- C:\DOCUME~1\LUCASM~1\Meus documentos

2007-08-24 10:19 <DIR> dr------- C:\DOCUME~1\LUCASM~1\Menu Iniciar

2007-08-24 10:19 <DIR> dr------- C:\DOCUME~1\LUCASM~1\Favoritos

2007-08-24 10:19 <DIR> d--h----- C:\DOCUME~1\LUCASM~1\Modelos

2007-08-24 10:19 <DIR> d--h----- C:\DOCUME~1\LUCASM~1\Configura‡äes locais

2007-08-24 10:19 <DIR> d--h----- C:\DOCUME~1\LUCASM~1\Ambiente de rede

2007-08-24 10:19 <DIR> d--h----- C:\DOCUME~1\LUCASM~1\Ambiente de impressÆo

2007-08-24 09:38 <DIR> d--h----- C:\DOCUME~1\NETWOR~1\Configura‡äes locais

2007-08-24 09:38 <DIR> d--h----- C:\DOCUME~1\LOCALS~1\Configura‡äes locais

2007-08-24 09:38 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Dados de aplicativos

2007-08-24 09:38 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Dados de aplicativos

2007-08-24 09:37 <DIR> dr-h----- C:\WINDOWS\system32\config\SYSTEM~1\Dados de aplicativos

2007-08-24 09:37 <DIR> dr-h----- C:\WINDOWS\system32\config\SYSTEM~1\Configura‡äes locais

2007-08-24 09:37 <DIR> dr------- C:\WINDOWS\system32\config\SYSTEM~1\Menu Iniciar

2007-08-24 09:37 <DIR> d--h----- C:\WINDOWS\system32\config\SYSTEM~1\Modelos

2007-08-24 09:37 <DIR> d--h----- C:\WINDOWS\system32\config\SYSTEM~1\Ambiente de rede

2007-08-24 09:37 <DIR> d--h----- C:\WINDOWS\system32\config\SYSTEM~1\Ambiente de impressÆo

2007-08-24 09:37 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\Meus documentos

2007-08-24 09:37 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\Favoritos

2007-08-24 09:33 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2007-08-24 09:30 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM

2007-08-24 09:30 <DIR> d-------- C:\Arquivos de programas\Servi‡os on-line

2007-08-24 09:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Servi‡os

2007-08-24 09:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-08-24 04:29 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-06-26 03:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 10:21 1035264 --a------ C:\WINDOWS\explorer.exe

--------- C:\Arquivos de programas\Serviços on-line

--------- C:\Arquivos de programas\Arquivos comuns\Serviços

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}]

2007-08-10 10:48 221184 --a------ C:\Arquivos de programas\ActivationManager\ActivationManager.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 09:07]

"nwiz"="nwiz.exe" [2005-07-20 09:07 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 09:07]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

"COMODO Firewall Pro"="C:\Arquivos de programas\Comodo\Firewall\CPF.exe" [2007-08-26 22:41]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"Free Download Manager"="C:\Arquivos de programas\Free Download Manager\fdm.exe" [2006-08-21 00:24]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2006-07-29 19:33]

 

S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys

S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys

S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys

S3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys

 

 

Contents of the 'Scheduled Tasks' folder

2007-08-26 03:01:03 C:\WINDOWS\Tasks\At1.job

2007-08-26 12:01:00 C:\WINDOWS\Tasks\At10.job

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At100.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At101.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At102.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At103.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At104.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At105.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At106.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At107.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 14:00:00 C:\WINDOWS\Tasks\At108.job - C:\WINDOWS\system32\winmds.exe

2007-08-28 19:23:29 C:\WINDOWS\Tasks\At109.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At110.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At111.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At112.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At113.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 21:17:56 C:\WINDOWS\Tasks\At114.job

2007-08-29 21:17:56 C:\WINDOWS\Tasks\At115.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At116.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 23:00:32 C:\WINDOWS\Tasks\At117.job

2007-08-27 00:29:01 C:\WINDOWS\Tasks\At118.job

2007-08-27 01:36:21 C:\WINDOWS\Tasks\At119.job

2007-08-27 02:00:00 C:\WINDOWS\Tasks\At120.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At121.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At122.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At123.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At124.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At125.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At126.job

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At127.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At128.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At129.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At130.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At131.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At132.job - C:\WINDOWS\system32\winmds.exe

2007-08-28 19:23:30 C:\WINDOWS\Tasks\At133.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At134.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At135.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At136.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At137.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 21:17:56 C:\WINDOWS\Tasks\At138.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 21:17:56 C:\WINDOWS\Tasks\At139.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 16:01:02 C:\WINDOWS\Tasks\At14.job

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At140.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At141.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At142.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At143.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:28:04 C:\WINDOWS\Tasks\At144.job

2007-08-26 17:01:01 C:\WINDOWS\Tasks\At15.job

2007-08-26 18:01:00 C:\WINDOWS\Tasks\At16.job

2007-08-26 19:01:01 C:\WINDOWS\Tasks\At17.job

2007-08-26 04:01:02 C:\WINDOWS\Tasks\At2.job

2007-08-26 22:01:46 C:\WINDOWS\Tasks\At20.job

2007-08-26 23:00:29 C:\WINDOWS\Tasks\At21.job

2007-08-27 00:01:01 C:\WINDOWS\Tasks\At22.job

2007-08-27 01:01:01 C:\WINDOWS\Tasks\At23.job

2007-08-27 02:01:40 C:\WINDOWS\Tasks\At24.job

2007-08-26 03:28:25 C:\WINDOWS\Tasks\At25.job

2007-08-26 06:24:15 C:\WINDOWS\Tasks\At26.job

2007-08-26 06:24:15 C:\WINDOWS\Tasks\At27.job

2007-08-26 06:24:15 C:\WINDOWS\Tasks\At28.job

2007-08-26 13:33:40 C:\WINDOWS\Tasks\At29.job

2007-08-26 05:01:05 C:\WINDOWS\Tasks\At3.job

2007-08-26 13:33:41 C:\WINDOWS\Tasks\At30.job

2007-08-26 13:33:41 C:\WINDOWS\Tasks\At31.job

2007-08-26 13:33:41 C:\WINDOWS\Tasks\At32.job

2007-08-26 13:33:40 C:\WINDOWS\Tasks\At33.job

2007-08-26 13:33:13 C:\WINDOWS\Tasks\At34.job

2007-08-26 13:32:53 C:\WINDOWS\Tasks\At35.job

2007-08-27 14:00:00 C:\WINDOWS\Tasks\At36.job

2007-08-28 19:23:30 C:\WINDOWS\Tasks\At37.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 16:38:30 C:\WINDOWS\Tasks\At38.job

2007-08-26 17:20:31 C:\WINDOWS\Tasks\At39.job

2007-08-26 06:01:01 C:\WINDOWS\Tasks\At4.job

2007-08-26 18:54:15 C:\WINDOWS\Tasks\At40.job

2007-08-26 19:50:44 C:\WINDOWS\Tasks\At41.job

2007-08-29 21:17:56 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 21:17:56 C:\WINDOWS\Tasks\At43.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:00:00 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 23:00:42 C:\WINDOWS\Tasks\At45.job

2007-08-27 00:28:57 C:\WINDOWS\Tasks\At46.job

2007-08-27 01:36:22 C:\WINDOWS\Tasks\At47.job

2007-08-27 02:00:00 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 15:56:46 C:\WINDOWS\Tasks\At49.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 07:01:49 C:\WINDOWS\Tasks\At5.job

2007-08-26 15:56:46 C:\WINDOWS\Tasks\At50.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 15:56:46 C:\WINDOWS\Tasks\At51.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 15:56:46 C:\WINDOWS\Tasks\At52.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 15:56:46 C:\WINDOWS\Tasks\At53.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 15:56:46 C:\WINDOWS\Tasks\At54.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 15:56:46 C:\WINDOWS\Tasks\At55.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 15:56:46 C:\WINDOWS\Tasks\At56.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 15:56:46 C:\WINDOWS\Tasks\At57.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 15:56:46 C:\WINDOWS\Tasks\At58.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 15:56:46 C:\WINDOWS\Tasks\At59.job

2007-08-26 08:01:00 C:\WINDOWS\Tasks\At6.job

2007-08-27 14:00:00 C:\WINDOWS\Tasks\At60.job - C:\WINDOWS\system32\winmds.exe

2007-08-28 19:23:30 C:\WINDOWS\Tasks\At61.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 16:38:37 C:\WINDOWS\Tasks\At62.job

2007-08-26 17:20:28 C:\WINDOWS\Tasks\At63.job

2007-08-26 18:54:22 C:\WINDOWS\Tasks\At64.job

2007-08-26 19:50:46 C:\WINDOWS\Tasks\At65.job

2007-08-29 21:17:56 C:\WINDOWS\Tasks\At66.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 21:17:56 C:\WINDOWS\Tasks\At67.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:00:00 C:\WINDOWS\Tasks\At68.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 23:00:34 C:\WINDOWS\Tasks\At69.job

2007-08-26 09:01:01 C:\WINDOWS\Tasks\At7.job

2007-08-27 00:29:08 C:\WINDOWS\Tasks\At70.job

2007-08-27 01:36:22 C:\WINDOWS\Tasks\At71.job

2007-08-27 02:00:00 C:\WINDOWS\Tasks\At72.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 17:57:00 C:\WINDOWS\Tasks\At73.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 17:57:00 C:\WINDOWS\Tasks\At74.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 17:57:00 C:\WINDOWS\Tasks\At75.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 17:57:00 C:\WINDOWS\Tasks\At76.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 17:57:00 C:\WINDOWS\Tasks\At77.job

2007-08-26 17:57:00 C:\WINDOWS\Tasks\At78.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 17:57:00 C:\WINDOWS\Tasks\At79.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 10:01:01 C:\WINDOWS\Tasks\At8.job

2007-08-26 17:57:00 C:\WINDOWS\Tasks\At80.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 17:57:00 C:\WINDOWS\Tasks\At81.job

2007-08-26 17:57:00 C:\WINDOWS\Tasks\At82.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 17:57:00 C:\WINDOWS\Tasks\At83.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 14:00:00 C:\WINDOWS\Tasks\At84.job - C:\WINDOWS\system32\winmds.exe

2007-08-28 19:23:31 C:\WINDOWS\Tasks\At85.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 17:57:00 C:\WINDOWS\Tasks\At86.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 17:57:00 C:\WINDOWS\Tasks\At87.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 18:54:20 C:\WINDOWS\Tasks\At88.job

2007-08-26 19:50:49 C:\WINDOWS\Tasks\At89.job

2007-08-26 11:01:02 C:\WINDOWS\Tasks\At9.job

2007-08-29 21:17:56 C:\WINDOWS\Tasks\At90.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 21:17:56 C:\WINDOWS\Tasks\At91.job

2007-08-26 22:00:00 C:\WINDOWS\Tasks\At92.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 23:00:26 C:\WINDOWS\Tasks\At93.job

2007-08-27 00:29:03 C:\WINDOWS\Tasks\At94.job

2007-08-27 01:36:22 C:\WINDOWS\Tasks\At95.job

2007-08-27 02:00:00 C:\WINDOWS\Tasks\At96.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At97.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At98.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 22:56:14 C:\WINDOWS\Tasks\At99.job - C:\WINDOWS\system32\winmds.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-29 18:21:45

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-29 18:24:23 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-29 18:24

 

--- E O F ---

 

 

 

Aguardo a resposta

[MaCeDo_BR 0]

Olá Moderador,

Teria como me responder ? O log foi postado

Preciso muito da Ajuda =//

Obrigado

[jgarcia 1]

Opa MaCeDo_BR,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At25.job

C:\WINDOWS\Tasks\At26.job

C:\WINDOWS\Tasks\At27.job

C:\WINDOWS\Tasks\At28.job

C:\WINDOWS\Tasks\At29.job

C:\WINDOWS\Tasks\At30.job

C:\WINDOWS\Tasks\At31.job

C:\WINDOWS\Tasks\At32.job

C:\WINDOWS\Tasks\At33.job

C:\WINDOWS\Tasks\At34.job

C:\WINDOWS\Tasks\At35.job

C:\WINDOWS\Tasks\At36.job

C:\WINDOWS\Tasks\At37.job

C:\WINDOWS\Tasks\At38.job

C:\WINDOWS\Tasks\At39.job

C:\WINDOWS\Tasks\At40.job

C:\WINDOWS\Tasks\At41.job

C:\WINDOWS\Tasks\At42.job

C:\WINDOWS\Tasks\At43.job

C:\WINDOWS\Tasks\At44.job

C:\WINDOWS\Tasks\At45.job

C:\WINDOWS\Tasks\At46.job

C:\WINDOWS\Tasks\At47.job

C:\WINDOWS\Tasks\At48.job

C:\WINDOWS\Tasks\At49.job

C:\WINDOWS\Tasks\At50.job

C:\WINDOWS\Tasks\At51.job

C:\WINDOWS\Tasks\At52.job

C:\WINDOWS\Tasks\At53.job

C:\WINDOWS\Tasks\At54.job

C:\WINDOWS\Tasks\At55.job

C:\WINDOWS\Tasks\At56.job

C:\WINDOWS\Tasks\At57.job

C:\WINDOWS\Tasks\At58.job

C:\WINDOWS\Tasks\At59.job

C:\WINDOWS\Tasks\At60.job

C:\WINDOWS\Tasks\At61.job

C:\WINDOWS\Tasks\At62.job

C:\WINDOWS\Tasks\At63.job

C:\WINDOWS\Tasks\At64.job

C:\WINDOWS\Tasks\At65.job

C:\WINDOWS\Tasks\At66.job

C:\WINDOWS\Tasks\At67.job

C:\WINDOWS\Tasks\At68.job

C:\WINDOWS\Tasks\At69.job

C:\WINDOWS\Tasks\At70.job

C:\WINDOWS\Tasks\At71.job

C:\WINDOWS\Tasks\At72.job

C:\WINDOWS\Tasks\At73.job

C:\WINDOWS\Tasks\At74.job

C:\WINDOWS\Tasks\At75.job

C:\WINDOWS\Tasks\At76.job

C:\WINDOWS\Tasks\At77.job

C:\WINDOWS\Tasks\At78.job

C:\WINDOWS\Tasks\At79.job

C:\WINDOWS\Tasks\At80.job

C:\WINDOWS\Tasks\At81.job

C:\WINDOWS\Tasks\At82.job

C:\WINDOWS\Tasks\At83.job

C:\WINDOWS\Tasks\At84.job

C:\WINDOWS\Tasks\At85.job

C:\WINDOWS\Tasks\At86.job

C:\WINDOWS\Tasks\At87.job

C:\WINDOWS\Tasks\At88.job

C:\WINDOWS\Tasks\At89.job

C:\WINDOWS\Tasks\At90.job

C:\WINDOWS\Tasks\At91.job

C:\WINDOWS\Tasks\At92.job

C:\WINDOWS\Tasks\At93.job

C:\WINDOWS\Tasks\At94.job

C:\WINDOWS\Tasks\At95.job

C:\WINDOWS\Tasks\At96.job

C:\WINDOWS\Tasks\At97.job

C:\WINDOWS\Tasks\At98.job

C:\WINDOWS\Tasks\At99.job

C:\WINDOWS\Tasks\At100.job

C:\WINDOWS\Tasks\At101.job

C:\WINDOWS\Tasks\At102.job

C:\WINDOWS\Tasks\At103.job

C:\WINDOWS\Tasks\At104.job

C:\WINDOWS\Tasks\At105.job

C:\WINDOWS\Tasks\At106.job

C:\WINDOWS\Tasks\At107.job

C:\WINDOWS\Tasks\At108.job

C:\WINDOWS\Tasks\At109.job

C:\WINDOWS\Tasks\At110.job

C:\WINDOWS\Tasks\At111.job

C:\WINDOWS\Tasks\At112.job

C:\WINDOWS\Tasks\At113.job

C:\WINDOWS\Tasks\At114.job

C:\WINDOWS\Tasks\At115.job

C:\WINDOWS\Tasks\At116.job

C:\WINDOWS\Tasks\At117.job

C:\WINDOWS\Tasks\At118.job

C:\WINDOWS\Tasks\At119.job

C:\WINDOWS\Tasks\At120.job

C:\WINDOWS\Tasks\At121.job

C:\WINDOWS\Tasks\At122.job

C:\WINDOWS\Tasks\At123.job

C:\WINDOWS\Tasks\At124.job

C:\WINDOWS\Tasks\At125.job

C:\WINDOWS\Tasks\At126.job

C:\WINDOWS\Tasks\At127.job

C:\WINDOWS\Tasks\At128.job

C:\WINDOWS\Tasks\At129.job

C:\WINDOWS\Tasks\At130.job

C:\WINDOWS\Tasks\At131.job

C:\WINDOWS\Tasks\At132.job

C:\WINDOWS\Tasks\At133.job

C:\WINDOWS\Tasks\At134.job

C:\WINDOWS\Tasks\At135.job

C:\WINDOWS\Tasks\At136.job

C:\WINDOWS\Tasks\At137.job

C:\WINDOWS\Tasks\At138.job

C:\WINDOWS\Tasks\At139.job

C:\WINDOWS\Tasks\At140.job

C:\WINDOWS\Tasks\At141.job

C:\WINDOWS\Tasks\At142.job

C:\WINDOWS\Tasks\At143.job

C:\WINDOWS\Tasks\At144.job

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Poste novos logs do ComboFix e HijackThis.

 

Um abraço.

 

PS.: Sugiro maior atenção às regras da seção.

[MaCeDo_BR 0]

ComboFix 07-08-29 - "Lucas Macedo" 2007-08-31 23:54:11.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.47 [GMT -3:00]

 

 

((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))

 

 

2007-08-31 23:46 <DIR> d-------- C:\!KillBox

2007-08-31 01:07 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2007-08-28 18:08 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-28 12:28 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2007-08-26 22:36 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\Comodo

2007-08-26 22:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Comodo

2007-08-26 22:34 <DIR> d-------- C:\Arquivos de programas\Comodo

2007-08-26 22:22 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos

2007-08-26 22:22 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar

2007-08-26 22:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos

2007-08-26 22:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais

2007-08-26 22:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede

2007-08-26 22:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo

2007-08-26 22:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Meus documentos

2007-08-26 22:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritos

2007-08-26 21:20 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\VSRevoGroup

2007-08-26 21:20 <DIR> d-------- C:\Arquivos de programas\VS Revo Group

2007-08-26 17:36 <DIR> d-------- C:\WINDOWS\pss

2007-08-26 12:54 <DIR> d-------- C:\Arquivos de programas\Windows Live Safety Center

2007-08-26 10:31 <DIR> d---s---- C:\DOCUME~1\LUCASM~1\UserData

2007-08-25 00:31 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\Media Player Classic

2007-08-24 23:46 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-08-24 17:18 <DIR> d-------- C:\Arquivos de programas\Guitar Pro 5

2007-08-24 12:24 <DIR> d-------- C:\Arquivos de programas\ActivationManager

2007-08-24 11:44 84,512 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys

2007-08-24 11:44 6,112 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys

2007-08-24 11:44 6,112 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys

2007-08-24 11:44 6,096 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys

2007-08-24 11:44 52,416 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys

2007-08-24 11:44 5,776 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys

2007-08-24 11:44 5,776 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys

2007-08-24 11:44 <DIR> d-------- C:\WINDOWS\system32\Samsung_Mobile_USB_Drivers

2007-08-24 11:44 <DIR> d-------- C:\Arquivos de programas\SAMSUNG

2007-08-24 11:39 <DIR> d-------- C:\WINDOWS\ShellNew

2007-08-24 11:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2007-08-24 11:30 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2007-08-24 11:30 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2007-08-24 11:30 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2007-08-24 11:30 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2007-08-24 11:30 163,840 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-08-24 11:30 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2007-08-24 11:30 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2007-08-24 11:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-08-24 11:30 <DIR> d-------- C:\Arquivos de programas\Ahead

2007-08-24 11:16 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2007-08-24 11:13 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-08-24 11:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-08-24 11:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-08-24 11:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2007-08-24 11:02 <DIR> d-------- C:\Arquivos de programas\Ares

2007-08-24 10:51 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-08-24 10:51 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-08-24 10:51 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-08-24 10:51 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-08-24 10:51 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll

2007-08-24 10:51 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\Real

2007-08-24 10:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

2007-08-24 10:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

2007-08-24 10:51 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2007-08-24 10:50 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-08-24 10:47 <DIR> d-------- C:\DOCUME~1\LUCASM~1\Contacts

2007-08-24 10:46 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-08-24 10:44 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2007-08-24 10:40 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\Free Download Manager

2007-08-24 10:28 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin

2007-08-24 10:28 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin

2007-08-24 10:28 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin

2007-08-24 10:28 385,280 --a------ C:\WINDOWS\system32\drivers\rt61.sys

2007-08-24 10:28 319,488 --a------ C:\WINDOWS\system32\AegisI5.exe

2007-08-24 10:28 295,018 --a------ C:\WINDOWS\system32\Install6x.dll

2007-08-24 10:28 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2007-08-24 10:28 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-24 10:28 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-08-24 10:28 <DIR> d-------- C:\Arquivos de programas\RALINK

2007-08-24 10:25 <DIR> d-------- C:\Arquivos de programas\Free Download Manager

2007-08-24 10:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\nView_Profiles

2007-08-24 10:22 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-08-24 10:22 <DIR> d-------- C:\WINDOWS\nview

2007-08-24 10:21 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-08-24 10:19 <DIR> dr-h----- C:\DOCUME~1\LUCASM~1\Dados de aplicativos

2007-08-24 10:19 <DIR> dr------- C:\DOCUME~1\LUCASM~1\Meus documentos

2007-08-24 10:19 <DIR> dr------- C:\DOCUME~1\LUCASM~1\Menu Iniciar

2007-08-24 10:19 <DIR> dr------- C:\DOCUME~1\LUCASM~1\Favoritos

2007-08-24 10:19 <DIR> d--h----- C:\DOCUME~1\LUCASM~1\Modelos

2007-08-24 10:19 <DIR> d--h----- C:\DOCUME~1\LUCASM~1\Configura‡äes locais

2007-08-24 10:19 <DIR> d--h----- C:\DOCUME~1\LUCASM~1\Ambiente de rede

2007-08-24 10:19 <DIR> d--h----- C:\DOCUME~1\LUCASM~1\Ambiente de impressÆo

2007-08-24 09:38 <DIR> d--h----- C:\DOCUME~1\NETWOR~1\Configura‡äes locais

2007-08-24 09:38 <DIR> d--h----- C:\DOCUME~1\LOCALS~1\Configura‡äes locais

2007-08-24 09:38 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Dados de aplicativos

2007-08-24 09:38 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Dados de aplicativos

2007-08-24 09:37 <DIR> dr-h----- C:\WINDOWS\system32\config\SYSTEM~1\Dados de aplicativos

2007-08-24 09:37 <DIR> dr-h----- C:\WINDOWS\system32\config\SYSTEM~1\Configura‡äes locais

2007-08-24 09:37 <DIR> dr------- C:\WINDOWS\system32\config\SYSTEM~1\Menu Iniciar

2007-08-24 09:37 <DIR> d--h----- C:\WINDOWS\system32\config\SYSTEM~1\Modelos

2007-08-24 09:37 <DIR> d--h----- C:\WINDOWS\system32\config\SYSTEM~1\Ambiente de rede

2007-08-24 09:37 <DIR> d--h----- C:\WINDOWS\system32\config\SYSTEM~1\Ambiente de impressÆo

2007-08-24 09:37 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\Meus documentos

2007-08-24 09:37 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\Favoritos

2007-08-24 09:33 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-06-26 03:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 10:21 1035264 --a------ C:\WINDOWS\explorer.exe

--------- C:\Arquivos de programas\Serviços on-line

--------- C:\Arquivos de programas\Arquivos comuns\Serviços

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}]

2007-08-10 10:48 221184 --a------ C:\Arquivos de programas\ActivationManager\ActivationManager.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 09:07]

"nwiz"="nwiz.exe" [2005-07-20 09:07 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 09:07]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

"COMODO Firewall Pro"="C:\Arquivos de programas\Comodo\Firewall\CPF.exe" [2007-08-26 22:41]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"Free Download Manager"="C:\Arquivos de programas\Free Download Manager\fdm.exe" [2006-08-21 00:24]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2006-07-29 19:33]

 

S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys

S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys

S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys

S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys

S3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-31 23:57:09

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-31 23:58:47

C:\ComboFix-quarantined-files.txt ... 2007-08-31 23:58

 

--- E O F ---

 

 

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:00:42, on 1/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Comodo\Firewall\CPF.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Documents and Settings\Lucas Macedo\Desktop\Downloads\Remoção\HijackThis.exe

 

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{36E23AE1-2878-431C-BD88-DE883BB6A6E8}: NameServer = 200.206.126.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[jgarcia 1]

Opa MaCeDo_BR,

 

Vamos lá.

 

1ª Etapa

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\system32\bdod.bin

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste um novo log do ComboFix.

 

Um abraço.

[MaCeDo_BR 0]

LOG DO COMBOFIX

 

 

ComboFix 07-08-29 - "Lucas Macedo" 2007-09-01 17:10:21.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.48 [GMT -3:00]

 

 

((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 )))))))))))))))))))))))))))))))

 

 

2007-09-01 10:14 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\Help

2007-08-28 18:08 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-28 12:28 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2007-08-26 22:36 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\Comodo

2007-08-26 22:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Comodo

2007-08-26 22:34 <DIR> d-------- C:\Arquivos de programas\Comodo

2007-08-26 22:22 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos

2007-08-26 22:22 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar

2007-08-26 22:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos

2007-08-26 22:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais

2007-08-26 22:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede

2007-08-26 22:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo

2007-08-26 22:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Meus documentos

2007-08-26 22:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritos

2007-08-26 21:20 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\VSRevoGroup

2007-08-26 21:20 <DIR> d-------- C:\Arquivos de programas\VS Revo Group

2007-08-26 17:36 <DIR> d-------- C:\WINDOWS\pss

2007-08-26 12:54 <DIR> d-------- C:\Arquivos de programas\Windows Live Safety Center

2007-08-26 10:31 <DIR> d---s---- C:\DOCUME~1\LUCASM~1\UserData

2007-08-25 00:31 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\Media Player Classic

2007-08-24 23:46 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-08-24 17:18 <DIR> d-------- C:\Arquivos de programas\Guitar Pro 5

2007-08-24 12:24 <DIR> d-------- C:\Arquivos de programas\ActivationManager

2007-08-24 11:44 84,512 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys

2007-08-24 11:44 6,112 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys

2007-08-24 11:44 6,112 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys

2007-08-24 11:44 6,096 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys

2007-08-24 11:44 52,416 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys

2007-08-24 11:44 5,776 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys

2007-08-24 11:44 5,776 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys

2007-08-24 11:44 <DIR> d-------- C:\WINDOWS\system32\Samsung_Mobile_USB_Drivers

2007-08-24 11:44 <DIR> d-------- C:\Arquivos de programas\SAMSUNG

2007-08-24 11:39 <DIR> d-------- C:\WINDOWS\ShellNew

2007-08-24 11:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2007-08-24 11:30 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2007-08-24 11:30 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2007-08-24 11:30 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2007-08-24 11:30 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2007-08-24 11:30 163,840 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-08-24 11:30 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2007-08-24 11:30 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2007-08-24 11:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-08-24 11:30 <DIR> d-------- C:\Arquivos de programas\Ahead

2007-08-24 11:16 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2007-08-24 11:13 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-08-24 11:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-08-24 11:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-08-24 11:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2007-08-24 11:02 <DIR> d-------- C:\Arquivos de programas\Ares

2007-08-24 10:51 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-08-24 10:51 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-08-24 10:51 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-08-24 10:51 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-08-24 10:51 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll

2007-08-24 10:51 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\Real

2007-08-24 10:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

2007-08-24 10:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

2007-08-24 10:51 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2007-08-24 10:50 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-08-24 10:47 <DIR> d-------- C:\DOCUME~1\LUCASM~1\Contacts

2007-08-24 10:46 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-08-24 10:44 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2007-08-24 10:40 <DIR> d-------- C:\DOCUME~1\LUCASM~1\DADOSD~1\Free Download Manager

2007-08-24 10:28 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin

2007-08-24 10:28 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin

2007-08-24 10:28 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin

2007-08-24 10:28 385,280 --a------ C:\WINDOWS\system32\drivers\rt61.sys

2007-08-24 10:28 319,488 --a------ C:\WINDOWS\system32\AegisI5.exe

2007-08-24 10:28 295,018 --a------ C:\WINDOWS\system32\Install6x.dll

2007-08-24 10:28 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2007-08-24 10:28 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-24 10:28 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-08-24 10:28 <DIR> d-------- C:\Arquivos de programas\RALINK

2007-08-24 10:25 <DIR> d-------- C:\Arquivos de programas\Free Download Manager

2007-08-24 10:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\nView_Profiles

2007-08-24 10:22 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-08-24 10:22 <DIR> d-------- C:\WINDOWS\nview

2007-08-24 10:21 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-08-24 10:19 <DIR> dr-h----- C:\DOCUME~1\LUCASM~1\Dados de aplicativos

2007-08-24 10:19 <DIR> dr------- C:\DOCUME~1\LUCASM~1\Meus documentos

2007-08-24 10:19 <DIR> dr------- C:\DOCUME~1\LUCASM~1\Menu Iniciar

2007-08-24 10:19 <DIR> dr------- C:\DOCUME~1\LUCASM~1\Favoritos

2007-08-24 10:19 <DIR> d--h----- C:\DOCUME~1\LUCASM~1\Modelos

2007-08-24 10:19 <DIR> d--h----- C:\DOCUME~1\LUCASM~1\Configura‡äes locais

2007-08-24 10:19 <DIR> d--h----- C:\DOCUME~1\LUCASM~1\Ambiente de rede

2007-08-24 10:19 <DIR> d--h----- C:\DOCUME~1\LUCASM~1\Ambiente de impressÆo

2007-08-24 09:38 <DIR> d--h----- C:\DOCUME~1\NETWOR~1\Configura‡äes locais

2007-08-24 09:38 <DIR> d--h----- C:\DOCUME~1\LOCALS~1\Configura‡äes locais

2007-08-24 09:38 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Dados de aplicativos

2007-08-24 09:38 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Dados de aplicativos

2007-08-24 09:37 <DIR> dr-h----- C:\WINDOWS\system32\config\SYSTEM~1\Dados de aplicativos

2007-08-24 09:37 <DIR> dr-h----- C:\WINDOWS\system32\config\SYSTEM~1\Configura‡äes locais

2007-08-24 09:37 <DIR> dr------- C:\WINDOWS\system32\config\SYSTEM~1\Menu Iniciar

2007-08-24 09:37 <DIR> d--h----- C:\WINDOWS\system32\config\SYSTEM~1\Modelos

2007-08-24 09:37 <DIR> d--h----- C:\WINDOWS\system32\config\SYSTEM~1\Ambiente de rede

2007-08-24 09:37 <DIR> d--h----- C:\WINDOWS\system32\config\SYSTEM~1\Ambiente de impressÆo

2007-08-24 09:37 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\Meus documentos

2007-08-24 09:37 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\Favoritos

2007-08-24 09:33 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2007-08-24 09:30 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-06-26 03:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 10:21 1035264 --a------ C:\WINDOWS\explorer.exe

--------- C:\Arquivos de programas\Serviços on-line

--------- C:\Arquivos de programas\Arquivos comuns\Serviços

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}]

2007-08-10 10:48 221184 --a------ C:\Arquivos de programas\ActivationManager\ActivationManager.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 09:07]

"nwiz"="nwiz.exe" [2005-07-20 09:07 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 09:07]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

"COMODO Firewall Pro"="C:\Arquivos de programas\Comodo\Firewall\CPF.exe" [2007-08-26 22:41]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"Free Download Manager"="C:\Arquivos de programas\Free Download Manager\fdm.exe" [2006-08-21 00:24]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2006-07-29 19:33]

 

S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys

S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys

S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys

S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys

S3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-01 17:12:32

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-09-01 17:13:55

C:\ComboFix-quarantined-files.txt ... 2007-09-01 17:13

 

--- E O F ---

[jgarcia 1]

Opa MaCeDo_BR,

 

O seu log está LIMPO. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

Abraços.

[MaCeDo_BR 0]

Obrigado amigo..

VALEU MESMO PELA GRANDE AJUDA

 

um Abraço!

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.