Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Aghata

[Arquivado]Problema Semelhando ao Taskmgra

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

Aghata    0

Aghata
Postado

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\system32\winmds.exe

C:\Documents and Settings\gege\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://floodersunidos.forumup.com.br/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sMSystemAnalyzer] "C:\Arquivos de programas\iolo\System Mechanic 7\SMSystemAnalyzer.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{08D78E4D-24A0-43E6-9DD9-8ADD246776EF}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{2EEC460C-0022-4E99-98D7-BA341151DF00}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{08D78E4D-24A0-43E6-9DD9-8ADD246776EF}: NameServer = 200.204.0.10,200.204.0.138

 

 

 

 

 

 

Eu vi um tópico que tinha semelhante problema, usei o killbox e etc, mas nao resolveu.. segui tudo umas 10 vezes e nada.

Ele as vezes abre uma janela do CMD, ela meio q soh pisca.. um abre e fecha... e cancela a conexão do speedy e cria um "Internet Connection" em Conexões.

Está travando pc pq está criando vários processos alternativos.. esses "winmds.exe" q sugam a minha memória.

Nao tive otra alternativa senao postar aki. Os tópicos espalhados em diversos foruns nao me ajudaram.

 

 

Agradecida,

Aghata

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Olá Aghata! O log mostra infecções por dialers maliciosos. Como um deles cria muitas tarefas agendadas, preciso que use uma ferramenta especializada.

 

Baixe > ComboFix

  • Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir o Fix. Vai durar uma média de 10 minutos.
  • O ComboFix reiniciará o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
  • Selecione, copie e cole o conteúdo do ComboFix.txt na sua resposta, juntamente com um novo log do HijackThis.

OBS: O log do HijackThis que postou acima, está com o cabeçalho cortado. Este novo log, cole todo o seu conteúdo.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Aghata    0

Aghata
Postado

só tem um pequeno problema...

 

os links do combofix.exe nao tao funcionando...

procurei por lugares alternativos e soh da 404 Not Found

 

um post q eu li num forum estava assim:

 

Combofix is a very dynamic program that should only be used under strict supervision from a Trained Security Analyst, so as to prevent possible irrecoverable damage to your computer.

 

entom.. se der pra postar algum outro link que esteja funcionando ou sei la, agradeço.

 

beijos

Aghata

 

 

[EDITED] OBS: arrumaram o link hj :P amanha passo o scan ^^

Compartilhar este post

Link para o post
Compartilhar em outros sites

Aghata    0

Aghata
Postado

Combofix.txt :

 

ComboFix 07-08-30.2 - "gege" 2007-08-30 3:18:53.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.262 [GMT -3:00]

* Created a new restore point

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\j85nF1QH.exe

C:\WINDOWS\system32\tOgc374C.exe

C:\WINDOWS\Tasks.\At1.job

C:\WINDOWS\Tasks.\At10.job

C:\WINDOWS\Tasks.\At11.job

C:\WINDOWS\Tasks.\At12.job

C:\WINDOWS\Tasks.\At13.job

C:\WINDOWS\Tasks.\At14.job

C:\WINDOWS\Tasks.\At15.job

C:\WINDOWS\Tasks.\At16.job

C:\WINDOWS\Tasks.\At17.job

C:\WINDOWS\Tasks.\At18.job

C:\WINDOWS\Tasks.\At19.job

C:\WINDOWS\Tasks.\At2.job

C:\WINDOWS\Tasks.\At20.job

C:\WINDOWS\Tasks.\At21.job

C:\WINDOWS\Tasks.\At22.job

C:\WINDOWS\Tasks.\At23.job

C:\WINDOWS\Tasks.\At24.job

C:\WINDOWS\Tasks.\At3.job

C:\WINDOWS\Tasks.\At4.job

C:\WINDOWS\Tasks.\At49.job

C:\WINDOWS\Tasks.\At5.job

C:\WINDOWS\Tasks.\At50.job

C:\WINDOWS\Tasks.\At51.job

C:\WINDOWS\Tasks.\At52.job

C:\WINDOWS\Tasks.\At53.job

C:\WINDOWS\Tasks.\At54.job

C:\WINDOWS\Tasks.\At55.job

C:\WINDOWS\Tasks.\At56.job

C:\WINDOWS\Tasks.\At57.job

C:\WINDOWS\Tasks.\At58.job

C:\WINDOWS\Tasks.\At59.job

C:\WINDOWS\Tasks.\At6.job

C:\WINDOWS\Tasks.\At60.job

C:\WINDOWS\Tasks.\At61.job

C:\WINDOWS\Tasks.\At62.job

C:\WINDOWS\Tasks.\At63.job

C:\WINDOWS\Tasks.\At64.job

C:\WINDOWS\Tasks.\At65.job

C:\WINDOWS\Tasks.\At66.job

C:\WINDOWS\Tasks.\At67.job

C:\WINDOWS\Tasks.\At68.job

C:\WINDOWS\Tasks.\At69.job

C:\WINDOWS\Tasks.\At7.job

C:\WINDOWS\Tasks.\At70.job

C:\WINDOWS\Tasks.\At71.job

C:\WINDOWS\Tasks.\At72.job

C:\WINDOWS\Tasks.\At8.job

C:\WINDOWS\Tasks.\At9.job

 

 

((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))

 

 

2007-08-29 23:45 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-29 17:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

2007-08-26 14:27 11,342 --a------ C:\WINDOWS\system32\winmds.exe

2007-08-24 00:50 696,320 --a------ C:\WINDOWS\system32\libeay32.dll

2007-08-24 00:50 425,064 --a------ C:\WINDOWS\system32\Incinerator.dll

2007-08-24 00:50 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe

2007-08-24 00:50 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe

2007-08-24 00:50 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll

2007-08-24 00:50 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DADOSD~1\iolo

2007-08-24 00:49 <DIR> d-------- C:\Arquivos de programas\iolo

2007-08-24 00:42 <DIR> d-------- C:\DOCUME~1\gege\DADOSD~1\iolo

2007-08-24 00:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\iolo

2007-08-24 00:08 <DIR> d-------- C:\Arquivos de programas\Marcos Velasco Security

2007-08-23 23:54 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-08-23 23:22 <DIR> d-------- C:\WINDOWS\pss

2007-08-16 16:24 <DIR> d-------- C:\DOCUME~1\gege\DADOSD~1\SUPERAntiSpyware.com

2007-08-16 16:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\SUPERAntiSpyware.com

2007-08-16 16:24 <DIR> d-------- C:\Arquivos de programas\SUPERAntiSpyware

2007-08-16 16:23 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-08-16 00:26 <DIR> d-------- C:\DOCUME~1\gege\DADOSD~1\Skype

2007-08-16 00:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

2007-08-16 00:23 <DIR> d-------- C:\Arquivos de programas\Skype

2007-08-16 00:23 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2007-08-15 12:14 <DIR> d-------- C:\WINDOWS\Aesir Patcher

2007-08-03 19:47 42,436 --a------ C:\WINDOWS\system32\drivers\lgusbsmodem.sys

2007-08-03 19:19 <DIR> d-------- C:\Arquivos de programas\LG Electronics

2007-08-03 19:18 <DIR> d-------- C:\Arquivos de programas\LG mobile

2007-07-09 17:00 719,872 --a------ C:\WINDOWS\system32\devil.dll

2007-07-09 17:00 313,344 --a------ C:\WINDOWS\system32\avisynth.dll

2007-07-09 17:00 <DIR> d-------- C:\DOCUME~1\gege\DADOSD~1\DivX

2007-07-09 16:59 65,536 --a------ C:\WINDOWS\system32\MZP4_DEC.DLL

2007-07-09 16:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe

2007-07-09 16:59 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-07-09 16:59 196,608 --a------ C:\WINDOWS\system32\dtu100.dll

2007-07-09 16:59 122,880 --a------ C:\WINDOWS\system32\v2k2_dec.dll

2007-07-09 16:59 102,400 --a------ C:\WINDOWS\system32\v2kdspde.dll

2007-07-09 16:59 1,415,680 --a------ C:\WINDOWS\system32\wmv9vcm.dll

2007-07-09 16:59 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-07-09 16:59 <DIR> d-------- C:\Program Files

2007-07-09 16:37 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2007-07-09 15:42 <DIR> d-------- C:\DOCUME~1\gege\DADOSD~1\Real

2007-07-09 15:42 <DIR> d-------- C:\Arquivos de programas\Real

2007-07-09 15:42 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-30 01:02 --------- d-------- C:\DOCUME~1\gege\DADOSD~1\teamspeak2

2007-08-29 20:28 --------- d-------- C:\Arquivos de programas\eMule

2007-08-25 13:33 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-08-03 19:19 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-07-27 19:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-27 19:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-27 19:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-27 19:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 18:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 18:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 18:57 95608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-06-07 16:10 20480 --a------ C:\WINDOWS\system32\ac3config.exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinVNC"="C:\Arquivos de programas\UltraVNC\WinVNC.exe" [2004-06-20 20:45]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:45]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Arquivos de programas\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

"C:\Arquivos de programas\iolo\System Mechanic 7\SMSystemAnalyzer.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter]

C:\Arquivos de programas\iolo\System Mechanic 7\SystemGuardAlerter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AVGEMS"=2 (0x2)

"Avg7UpdSvc"=2 (0x2)

"Avg7Alrt"=2 (0x2)

"usnjsvc"=3 (0x3)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"IOLO_SRV"=2 (0x2)

"ioloDMV"=2 (0x2)

 

S3 lgusbsmodem;LGE Mobile USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbsmodem.sys

 

*Newly Created Service* - CATCHME

 

Contents of the 'Scheduled Tasks' folder

2007-08-30 06:00:07 C:\WINDOWS\Tasks\At100.job

2007-08-29 07:01:24 C:\WINDOWS\Tasks\At101.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 13:33:23 C:\WINDOWS\Tasks\At102.job

2007-08-24 04:25:59 C:\WINDOWS\Tasks\At103.job - C:\WINDOWS\system32\winmds.exe

2007-08-24 04:25:59 C:\WINDOWS\Tasks\At104.job - C:\WINDOWS\system32\winmds.exe

2007-08-24 04:25:59 C:\WINDOWS\Tasks\At105.job - C:\WINDOWS\system32\winmds.exe

2007-08-24 04:25:59 C:\WINDOWS\Tasks\At106.job - C:\WINDOWS\system32\winmds.exe

2007-08-24 04:25:59 C:\WINDOWS\Tasks\At107.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 14:00:02 C:\WINDOWS\Tasks\At108.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 15:40:34 C:\WINDOWS\Tasks\At109.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 16:43:00 C:\WINDOWS\Tasks\At110.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:49:56 C:\WINDOWS\Tasks\At111.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:50:06 C:\WINDOWS\Tasks\At112.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 19:15:14 C:\WINDOWS\Tasks\At113.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 20:00:32 C:\WINDOWS\Tasks\At114.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 21:00:03 C:\WINDOWS\Tasks\At115.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 22:00:03 C:\WINDOWS\Tasks\At116.job

2007-08-29 23:00:03 C:\WINDOWS\Tasks\At117.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 00:00:03 C:\WINDOWS\Tasks\At118.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 01:00:03 C:\WINDOWS\Tasks\At119.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 02:00:03 C:\WINDOWS\Tasks\At120.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 03:00:08 C:\WINDOWS\Tasks\At121.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 04:00:07 C:\WINDOWS\Tasks\At122.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 05:00:06 C:\WINDOWS\Tasks\At123.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 06:00:07 C:\WINDOWS\Tasks\At124.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 07:01:21 C:\WINDOWS\Tasks\At125.job

2007-08-25 13:33:23 C:\WINDOWS\Tasks\At126.job - C:\WINDOWS\system32\winmds.exe

2007-08-24 14:41:17 C:\WINDOWS\Tasks\At127.job - C:\WINDOWS\system32\winmds.exe

2007-08-24 14:41:17 C:\WINDOWS\Tasks\At128.job - C:\WINDOWS\system32\winmds.exe

2007-08-24 14:41:17 C:\WINDOWS\Tasks\At129.job - C:\WINDOWS\system32\winmds.exe

2007-08-24 14:41:17 C:\WINDOWS\Tasks\At130.job - C:\WINDOWS\system32\winmds.exe

2007-08-24 14:41:17 C:\WINDOWS\Tasks\At131.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 14:00:03 C:\WINDOWS\Tasks\At132.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 15:40:35 C:\WINDOWS\Tasks\At133.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 16:42:59 C:\WINDOWS\Tasks\At134.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:49:52 C:\WINDOWS\Tasks\At135.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:50:03 C:\WINDOWS\Tasks\At136.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 19:15:13 C:\WINDOWS\Tasks\At137.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 20:00:31 C:\WINDOWS\Tasks\At138.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 21:00:03 C:\WINDOWS\Tasks\At139.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 22:00:03 C:\WINDOWS\Tasks\At140.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 23:00:03 C:\WINDOWS\Tasks\At141.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 00:00:03 C:\WINDOWS\Tasks\At142.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 01:00:03 C:\WINDOWS\Tasks\At143.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 02:00:03 C:\WINDOWS\Tasks\At144.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 03:00:09 C:\WINDOWS\Tasks\At145.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 04:00:07 C:\WINDOWS\Tasks\At146.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 05:00:06 C:\WINDOWS\Tasks\At147.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 06:00:07 C:\WINDOWS\Tasks\At148.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 07:01:20 C:\WINDOWS\Tasks\At149.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 13:33:23 C:\WINDOWS\Tasks\At150.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 02:44:46 C:\WINDOWS\Tasks\At151.job

2007-08-25 02:44:46 C:\WINDOWS\Tasks\At152.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 02:44:46 C:\WINDOWS\Tasks\At153.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 02:44:46 C:\WINDOWS\Tasks\At154.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 02:44:46 C:\WINDOWS\Tasks\At155.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 14:00:03 C:\WINDOWS\Tasks\At156.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 15:40:42 C:\WINDOWS\Tasks\At157.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 16:43:01 C:\WINDOWS\Tasks\At158.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:50:02 C:\WINDOWS\Tasks\At159.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:50:07 C:\WINDOWS\Tasks\At160.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 19:15:16 C:\WINDOWS\Tasks\At161.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 20:00:30 C:\WINDOWS\Tasks\At162.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 21:00:03 C:\WINDOWS\Tasks\At163.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 22:00:03 C:\WINDOWS\Tasks\At164.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 23:00:03 C:\WINDOWS\Tasks\At165.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 00:00:03 C:\WINDOWS\Tasks\At166.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 01:00:03 C:\WINDOWS\Tasks\At167.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 02:00:03 C:\WINDOWS\Tasks\At168.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 03:00:09 C:\WINDOWS\Tasks\At169.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 04:00:08 C:\WINDOWS\Tasks\At170.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 05:00:07 C:\WINDOWS\Tasks\At171.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 06:00:07 C:\WINDOWS\Tasks\At172.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 07:01:25 C:\WINDOWS\Tasks\At173.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 13:33:23 C:\WINDOWS\Tasks\At174.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 07:27:07 C:\WINDOWS\Tasks\At175.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 07:27:07 C:\WINDOWS\Tasks\At176.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 07:27:07 C:\WINDOWS\Tasks\At177.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 07:27:07 C:\WINDOWS\Tasks\At178.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 07:27:07 C:\WINDOWS\Tasks\At179.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 14:00:03 C:\WINDOWS\Tasks\At180.job

2007-08-29 15:40:32 C:\WINDOWS\Tasks\At181.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 16:42:53 C:\WINDOWS\Tasks\At182.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:49:53 C:\WINDOWS\Tasks\At183.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:50:08 C:\WINDOWS\Tasks\At184.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 19:15:22 C:\WINDOWS\Tasks\At185.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 20:00:28 C:\WINDOWS\Tasks\At186.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 21:00:03 C:\WINDOWS\Tasks\At187.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 22:00:03 C:\WINDOWS\Tasks\At188.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 23:00:03 C:\WINDOWS\Tasks\At189.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 00:00:03 C:\WINDOWS\Tasks\At190.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 01:00:03 C:\WINDOWS\Tasks\At191.job

2007-08-30 02:00:03 C:\WINDOWS\Tasks\At192.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 03:00:09 C:\WINDOWS\Tasks\At193.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 04:00:08 C:\WINDOWS\Tasks\At194.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 05:00:07 C:\WINDOWS\Tasks\At195.job

2007-08-30 06:00:07 C:\WINDOWS\Tasks\At196.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 07:01:17 C:\WINDOWS\Tasks\At197.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 17:27:05 C:\WINDOWS\Tasks\At198.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 17:27:05 C:\WINDOWS\Tasks\At199.job

2007-08-26 17:27:05 C:\WINDOWS\Tasks\At200.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 17:27:05 C:\WINDOWS\Tasks\At201.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 17:27:05 C:\WINDOWS\Tasks\At202.job - C:\WINDOWS\system32\winmds.exe

2007-08-26 17:27:05 C:\WINDOWS\Tasks\At203.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 14:00:03 C:\WINDOWS\Tasks\At204.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 15:40:41 C:\WINDOWS\Tasks\At205.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 16:42:55 C:\WINDOWS\Tasks\At206.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:49:58 C:\WINDOWS\Tasks\At207.job

2007-08-29 18:50:00 C:\WINDOWS\Tasks\At208.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 19:15:12 C:\WINDOWS\Tasks\At209.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 20:00:26 C:\WINDOWS\Tasks\At210.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 21:00:03 C:\WINDOWS\Tasks\At211.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 22:00:03 C:\WINDOWS\Tasks\At212.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 23:00:03 C:\WINDOWS\Tasks\At213.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 00:00:03 C:\WINDOWS\Tasks\At214.job

2007-08-30 01:00:03 C:\WINDOWS\Tasks\At215.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 02:00:03 C:\WINDOWS\Tasks\At216.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 03:00:10 C:\WINDOWS\Tasks\At217.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 04:00:08 C:\WINDOWS\Tasks\At218.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 05:00:07 C:\WINDOWS\Tasks\At219.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 06:00:09 C:\WINDOWS\Tasks\At220.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 07:01:27 C:\WINDOWS\Tasks\At221.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 00:11:57 C:\WINDOWS\Tasks\At222.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 00:11:57 C:\WINDOWS\Tasks\At223.job

2007-08-27 00:11:57 C:\WINDOWS\Tasks\At224.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 00:11:57 C:\WINDOWS\Tasks\At225.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 00:11:58 C:\WINDOWS\Tasks\At226.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 00:11:58 C:\WINDOWS\Tasks\At227.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 14:00:03 C:\WINDOWS\Tasks\At228.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 15:40:37 C:\WINDOWS\Tasks\At229.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 16:42:58 C:\WINDOWS\Tasks\At230.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:49:55 C:\WINDOWS\Tasks\At231.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:50:05 C:\WINDOWS\Tasks\At232.job

2007-08-29 19:15:19 C:\WINDOWS\Tasks\At233.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 20:00:24 C:\WINDOWS\Tasks\At234.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 21:00:03 C:\WINDOWS\Tasks\At235.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 22:00:03 C:\WINDOWS\Tasks\At236.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 23:00:03 C:\WINDOWS\Tasks\At237.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 00:00:03 C:\WINDOWS\Tasks\At238.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 01:00:03 C:\WINDOWS\Tasks\At239.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 02:00:03 C:\WINDOWS\Tasks\At240.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 03:00:10 C:\WINDOWS\Tasks\At241.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 04:00:08 C:\WINDOWS\Tasks\At242.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 05:00:07 C:\WINDOWS\Tasks\At243.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 06:00:09 C:\WINDOWS\Tasks\At244.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 07:01:22 C:\WINDOWS\Tasks\At245.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:41:42 C:\WINDOWS\Tasks\At246.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:41:42 C:\WINDOWS\Tasks\At247.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:41:42 C:\WINDOWS\Tasks\At248.job

2007-08-27 15:41:42 C:\WINDOWS\Tasks\At249.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 03:00:10 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:41:42 C:\WINDOWS\Tasks\At250.job - C:\WINDOWS\system32\winmds.exe

2007-08-27 15:41:42 C:\WINDOWS\Tasks\At251.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 14:00:03 C:\WINDOWS\Tasks\At252.job

2007-08-29 15:40:40 C:\WINDOWS\Tasks\At253.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 16:42:57 C:\WINDOWS\Tasks\At254.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:49:54 C:\WINDOWS\Tasks\At255.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:50:01 C:\WINDOWS\Tasks\At256.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 19:15:23 C:\WINDOWS\Tasks\At257.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 20:00:23 C:\WINDOWS\Tasks\At258.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 21:00:03 C:\WINDOWS\Tasks\At259.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 04:00:08 C:\WINDOWS\Tasks\At26.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 22:00:03 C:\WINDOWS\Tasks\At260.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 23:00:03 C:\WINDOWS\Tasks\At261.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 00:00:03 C:\WINDOWS\Tasks\At262.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 01:00:03 C:\WINDOWS\Tasks\At263.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 02:00:03 C:\WINDOWS\Tasks\At264.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 05:00:08 C:\WINDOWS\Tasks\At27.job

2007-08-30 06:00:09 C:\WINDOWS\Tasks\At28.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 07:01:18 C:\WINDOWS\Tasks\At29.job

2007-08-25 13:33:23 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 14:26:12 C:\WINDOWS\Tasks\At31.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 14:26:12 C:\WINDOWS\Tasks\At32.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 14:26:12 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 14:26:12 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 14:26:12 C:\WINDOWS\Tasks\At35.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 14:00:03 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 15:40:39 C:\WINDOWS\Tasks\At37.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 16:42:56 C:\WINDOWS\Tasks\At38.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:49:51 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:49:48 C:\WINDOWS\Tasks\At40.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 19:15:20 C:\WINDOWS\Tasks\At41.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 20:00:25 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 21:00:03 C:\WINDOWS\Tasks\At43.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 22:00:03 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 23:00:03 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 00:00:03 C:\WINDOWS\Tasks\At46.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 01:00:03 C:\WINDOWS\Tasks\At47.job

2007-08-30 02:00:03 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 03:00:10 C:\WINDOWS\Tasks\At73.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 04:00:08 C:\WINDOWS\Tasks\At74.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 05:00:08 C:\WINDOWS\Tasks\At75.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 06:00:09 C:\WINDOWS\Tasks\At76.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 07:01:26 C:\WINDOWS\Tasks\At77.job - C:\WINDOWS\system32\winmds.exe

2007-08-25 13:33:23 C:\WINDOWS\Tasks\At78.job - C:\WINDOWS\system32\winmds.exe

2007-08-22 02:32:34 C:\WINDOWS\Tasks\At79.job - C:\WINDOWS\system32\winmds.exe

2007-08-22 02:32:34 C:\WINDOWS\Tasks\At80.job - C:\WINDOWS\system32\winmds.exe

2007-08-22 02:32:34 C:\WINDOWS\Tasks\At81.job - C:\WINDOWS\system32\winmds.exe

2007-08-22 02:32:34 C:\WINDOWS\Tasks\At82.job - C:\WINDOWS\system32\winmds.exe

2007-08-22 02:32:34 C:\WINDOWS\Tasks\At83.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 14:00:03 C:\WINDOWS\Tasks\At84.job

2007-08-29 15:40:38 C:\WINDOWS\Tasks\At85.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 16:42:51 C:\WINDOWS\Tasks\At86.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:49:59 C:\WINDOWS\Tasks\At87.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 18:49:50 C:\WINDOWS\Tasks\At88.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 19:15:17 C:\WINDOWS\Tasks\At89.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 20:00:22 C:\WINDOWS\Tasks\At90.job

2007-08-29 21:00:03 C:\WINDOWS\Tasks\At91.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 22:00:03 C:\WINDOWS\Tasks\At92.job - C:\WINDOWS\system32\winmds.exe

2007-08-29 23:00:03 C:\WINDOWS\Tasks\At93.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 00:00:03 C:\WINDOWS\Tasks\At94.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 01:00:03 C:\WINDOWS\Tasks\At95.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 02:00:03 C:\WINDOWS\Tasks\At96.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 03:00:10 C:\WINDOWS\Tasks\At97.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 04:00:08 C:\WINDOWS\Tasks\At98.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 05:00:09 C:\WINDOWS\Tasks\At99.job - C:\WINDOWS\system32\winmds.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-30 03:25:43

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-30 3:30:03

C:\ComboFix-quarantined-files.txt ... 2007-08-30 03:29

 

--- E O F ---

 

 

LOG Hijack logo que terminou:

 

Logfile of HijackThis v1.97.7

Scan saved at 03:32:09, on 30/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Documents and Settings\gege\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://floodersunidos.forumup.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{08D78E4D-24A0-43E6-9DD9-8ADD246776EF}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{08D78E4D-24A0-43E6-9DD9-8ADD246776EF}: NameServer = 200.204.0.10,200.204.0.138

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Opa, desculpe a demora mas o tempo apertou um pouco.

 

Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

c:\Windows\Tasks\At25.job

c:\Windows\Tasks\At26.job

c:\Windows\Tasks\At27.job

c:\Windows\Tasks\At28.job

c:\Windows\Tasks\At29.job

c:\Windows\Tasks\At30.job

c:\Windows\Tasks\At31.job

c:\Windows\Tasks\At32.job

c:\Windows\Tasks\At33.job

c:\Windows\Tasks\At34.job

c:\Windows\Tasks\At35.job

c:\Windows\Tasks\At36.job

c:\Windows\Tasks\At37.job

c:\Windows\Tasks\At38.job

c:\Windows\Tasks\At39.job

c:\Windows\Tasks\At40.job

c:\Windows\Tasks\At41.job

c:\Windows\Tasks\At42.job

c:\Windows\Tasks\At43.job

c:\Windows\Tasks\At44.job

c:\Windows\Tasks\At45.job

c:\Windows\Tasks\At46.job

c:\Windows\Tasks\At47.job

c:\Windows\Tasks\At48.job

c:\Windows\Tasks\At49.job

c:\Windows\Tasks\At50.job

c:\Windows\Tasks\At51.job

c:\Windows\Tasks\At52.job

c:\Windows\Tasks\At53.job

c:\Windows\Tasks\At54.job

c:\Windows\Tasks\At55.job

c:\Windows\Tasks\At56.job

c:\Windows\Tasks\At57.job

c:\Windows\Tasks\At58.job

c:\Windows\Tasks\At59.job

c:\Windows\Tasks\At60.job

c:\Windows\Tasks\At61.job

c:\Windows\Tasks\At62.job

c:\Windows\Tasks\At63.job

c:\Windows\Tasks\At64.job

c:\Windows\Tasks\At65.job

c:\Windows\Tasks\At66.job

c:\Windows\Tasks\At67.job

c:\Windows\Tasks\At68.job

c:\Windows\Tasks\At69.job

c:\Windows\Tasks\At70.job

c:\Windows\Tasks\At71.job

c:\Windows\Tasks\At72.job

c:\Windows\Tasks\At73.job

c:\Windows\Tasks\At74.job

c:\Windows\Tasks\At75.job

c:\Windows\Tasks\At76.job

c:\Windows\Tasks\At77.job

c:\Windows\Tasks\At78.job

c:\Windows\Tasks\At79.job

c:\Windows\Tasks\At80.job

c:\Windows\Tasks\At81.job

c:\Windows\Tasks\At82.job

c:\Windows\Tasks\At83.job

c:\Windows\Tasks\At84.job

c:\Windows\Tasks\At85.job

c:\Windows\Tasks\At86.job

c:\Windows\Tasks\At87.job

c:\Windows\Tasks\At88.job

c:\Windows\Tasks\At89.job

c:\Windows\Tasks\At90.job

c:\Windows\Tasks\At91.job

c:\Windows\Tasks\At92.job

c:\Windows\Tasks\At93.job

c:\Windows\Tasks\At94.job

c:\Windows\Tasks\At95.job

c:\Windows\Tasks\At96.job

c:\Windows\Tasks\At97.job

c:\Windows\Tasks\At98.job

c:\Windows\Tasks\At99.job

c:\Windows\Tasks\At100.job

c:\Windows\Tasks\At101.job

c:\Windows\Tasks\At102.job

c:\Windows\Tasks\At103.job

c:\Windows\Tasks\At104.job

c:\Windows\Tasks\At105.job

c:\Windows\Tasks\At106.job

c:\Windows\Tasks\At107.job

c:\Windows\Tasks\At108.job

c:\Windows\Tasks\At109.job

c:\Windows\Tasks\At110.job

c:\Windows\Tasks\At111.job

c:\Windows\Tasks\At112.job

c:\Windows\Tasks\At113.job

c:\Windows\Tasks\At114.job

c:\Windows\Tasks\At115.job

c:\Windows\Tasks\At116.job

c:\Windows\Tasks\At117.job

c:\Windows\Tasks\At118.job

c:\Windows\Tasks\At119.job

c:\Windows\Tasks\At120.job

c:\Windows\Tasks\At121.job

c:\Windows\Tasks\At122.job

c:\Windows\Tasks\At123.job

c:\Windows\Tasks\At124.job

c:\Windows\Tasks\At125.job

c:\Windows\Tasks\At126.job

c:\Windows\Tasks\At127.job

c:\Windows\Tasks\At128.job

c:\Windows\Tasks\At129.job

c:\Windows\Tasks\At130.job

c:\Windows\Tasks\At131.job

c:\Windows\Tasks\At132.job

c:\Windows\Tasks\At133.job

c:\Windows\Tasks\At134.job

c:\Windows\Tasks\At135.job

c:\Windows\Tasks\At136.job

c:\Windows\Tasks\At137.job

c:\Windows\Tasks\At138.job

c:\Windows\Tasks\At139.job

c:\Windows\Tasks\At140.job

c:\Windows\Tasks\At141.job

c:\Windows\Tasks\At142.job

c:\Windows\Tasks\At143.job

c:\Windows\Tasks\At144.job

c:\Windows\Tasks\At145.job

c:\Windows\Tasks\At146.job

c:\Windows\Tasks\At147.job

c:\Windows\Tasks\At148.job

c:\Windows\Tasks\At149.job

c:\Windows\Tasks\At150.job

c:\Windows\Tasks\At151.job

c:\Windows\Tasks\At152.job

c:\Windows\Tasks\At153.job

c:\Windows\Tasks\At154.job

c:\Windows\Tasks\At155.job

c:\Windows\Tasks\At156.job

c:\Windows\Tasks\At157.job

c:\Windows\Tasks\At158.job

c:\Windows\Tasks\At159.job

c:\Windows\Tasks\At160.job

c:\Windows\Tasks\At161.job

c:\Windows\Tasks\At162.job

c:\Windows\Tasks\At163.job

c:\Windows\Tasks\At164.job

c:\Windows\Tasks\At165.job

c:\Windows\Tasks\At166.job

c:\Windows\Tasks\At167.job

c:\Windows\Tasks\At168.job

c:\Windows\Tasks\At169.job

c:\Windows\Tasks\At170.job

c:\Windows\Tasks\At171.job

c:\Windows\Tasks\At172.job

c:\Windows\Tasks\At173.job

c:\Windows\Tasks\At174.job

c:\Windows\Tasks\At175.job

c:\Windows\Tasks\At176.job

c:\Windows\Tasks\At177.job

c:\Windows\Tasks\At178.job

c:\Windows\Tasks\At179.job

c:\Windows\Tasks\At180.job

c:\Windows\Tasks\At181.job

c:\Windows\Tasks\At182.job

c:\Windows\Tasks\At183.job

c:\Windows\Tasks\At184.job

c:\Windows\Tasks\At185.job

c:\Windows\Tasks\At186.job

c:\Windows\Tasks\At187.job

c:\Windows\Tasks\At188.job

c:\Windows\Tasks\At189.job

c:\Windows\Tasks\At190.job

c:\Windows\Tasks\At191.job

c:\Windows\Tasks\At192.job

c:\Windows\Tasks\At193.job

c:\Windows\Tasks\At194.job

c:\Windows\Tasks\At195.job

c:\Windows\Tasks\At196.job

c:\Windows\Tasks\At197.job

c:\Windows\Tasks\At198.job

c:\Windows\Tasks\At199.job

c:\Windows\Tasks\At200.job

c:\Windows\Tasks\At201.job

c:\Windows\Tasks\At202.job

c:\Windows\Tasks\At203.job

c:\Windows\Tasks\At204.job

c:\Windows\Tasks\At205.job

c:\Windows\Tasks\At206.job

c:\Windows\Tasks\At207.job

c:\Windows\Tasks\At208.job

c:\Windows\Tasks\At209.job

c:\Windows\Tasks\At210.job

c:\Windows\Tasks\At211.job

c:\Windows\Tasks\At212.job

c:\Windows\Tasks\At213.job

c:\Windows\Tasks\At214.job

c:\Windows\Tasks\At215.job

c:\Windows\Tasks\At216.job

c:\Windows\Tasks\At217.job

c:\Windows\Tasks\At218.job

c:\Windows\Tasks\At219.job

c:\Windows\Tasks\At220.job

c:\Windows\Tasks\At221.job

c:\Windows\Tasks\At222.job

c:\Windows\Tasks\At223.job

c:\Windows\Tasks\At224.job

c:\Windows\Tasks\At225.job

c:\Windows\Tasks\At226.job

c:\Windows\Tasks\At227.job

c:\Windows\Tasks\At228.job

c:\Windows\Tasks\At229.job

c:\Windows\Tasks\At230.job

c:\Windows\Tasks\At231.job

c:\Windows\Tasks\At232.job

c:\Windows\Tasks\At233.job

c:\Windows\Tasks\At234.job

c:\Windows\Tasks\At235.job

c:\Windows\Tasks\At236.job

c:\Windows\Tasks\At237.job

c:\Windows\Tasks\At238.job

c:\Windows\Tasks\At239.job

c:\Windows\Tasks\At240.job

c:\Windows\Tasks\At241.job

c:\Windows\Tasks\At242.job

c:\Windows\Tasks\At243.job

c:\Windows\Tasks\At244.job

c:\Windows\Tasks\At245.job

c:\Windows\Tasks\At246.job

c:\Windows\Tasks\At247.job

c:\Windows\Tasks\At248.job

c:\Windows\Tasks\At249.job

c:\Windows\Tasks\At250.job

c:\Windows\Tasks\At251.job

c:\Windows\Tasks\At252.job

c:\Windows\Tasks\At253.job

c:\Windows\Tasks\At254.job

c:\Windows\Tasks\At255.job

c:\Windows\Tasks\At256.job

c:\Windows\Tasks\At257.job

c:\Windows\Tasks\At258.job

c:\Windows\Tasks\At259.job

c:\Windows\Tasks\At260.job

c:\Windows\Tasks\At261.job

c:\Windows\Tasks\At262.job

c:\Windows\Tasks\At263.job

c:\Windows\Tasks\At264.job

C:\WINDOWS\system32\winmds.exe

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

CFScript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Poste o seu conteúdo.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito