Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
topelv

Problemas com malwares (remoção)

Recommended Posts

Olá Galera!

Estou tendo uma série de problemas com o meu pc, sei que tem muitas operações inúteis no gerenciador de tarefas, desejaria eliminar todos os processos inúteis, todos mesmo, mas não tenho o conhecimento necessário para isso. Eu fiz um log pelo Hijackthis e estou postando aqui.

Tenho também umas perguntas de novatos que vocês devem estar cansados de ver:

1- Vi que muitas operações precisam ser feitas com o pc no modo seguro. O que é o modo seguro?

2- Como reverter o modo seguro para o normal?

3- Como mexer no pc no modo seguro?

4- O pc precisa obrigatoriamente estar no modo seguro para realizar essas mudanças? Por quê?

Aqui vai o log:

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\qwerty12.exe

C:\Documents and Settings\Eduardo 3\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Arquivos de programas\DAP\dapbho.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARQUIV~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O2 - BHO: (no name) - {be6f3dc3-0112-4459-98b0-f89c9853658a} - C:\WINDOWS\system32\locdev.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp3.tmp.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Arquivos de programas\Poker.com\poker.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.p0rt2.com

O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {33331111-1111-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl221bf2.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{32CCB930-94B8-46F4-BC4C-C398AD710E98}: NameServer = 201.10.120.3 201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DBFD043-3D38-4B32-A53B-B3A57F33A53E}: NameServer = 200.215.1.44,200.215.1.45

O17 - HKLM\System\CS1\Services\Tcpip\..\{32CCB930-94B8-46F4-BC4C-C398AD710E98}: NameServer = 201.10.120.3 201.10.1.2

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: c:\windows\system32\ssqrqqp.dll

O20 - Winlogon Notify: locdev - C:\WINDOWS\SYSTEM32\locdev.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Boonty Games - BOONTY - C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe

O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Obrigado desde já!

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

topelv, bem-vindo (a) ao fórum do Clube do Hardware.

1- Vi que muitas operações precisam ser feitas com o pc no modo seguro. O que é o modo seguro?

Modo Seguro é aquele que não é "normal". :D No Modo Seguro os processos maliciosos não estão ativos, então fica mais fácil a remoção. Nem sempre ele é necessário. Veremos na sequência. Ok?

2- Como reverter o modo seguro para o normal?
É só não iniciar em modo seguro. :D Ou seja, não segurar a tecla F8 durante a inicialização e não escolher o Modo Seguro.
3- Como mexer no pc no modo seguro?
Simples. Só mexa com ele, se ele mexer com você. :D É praticamente a mesma coisa, mas... somente o básico para o Windows funcionar é iniciado. Caso seja necessário você receberá as instruções, ok?
4- O pc precisa obrigatoriamente estar no modo seguro para realizar essas mudanças? Por quê?
Não. Na próxima etapa vamos verificar esta necessidade.

Amigo, não vai ficar zangado comigo por causa das brincadeiras acima, falou? :D É só para você relaxar. Você verá que todo o processo de remoção será muito simples. Pode ficar tranquilo.

--|--

@- Baixe o Combofix;

- Copie as instruções para o bloco de notas ou imprima!

:: Desabilite/Feche o seu antivirus antes de fazer os procedimentos abaixos ::

Todo programa de proteção (e outros) lhe dá a opção (à direita, ao lado do relógio) de desabilitá-lo temporariamente ou sair. Ou seja, basta localizar o ícone do programa/anti-vírus e clicar com o botão direito do mouse sobre ele. Algumas opções são apresentadas, como: Exit, Sair, Shutdown, Quit e etc... Depedendo de cada programa. Basta escolher que ele será desligado para que você prossiga com os procedimentos, ok? Caso não consiga, não tem problema... Se o Antivirus acusar alguma infecção na ferramenta ComboFix, ignore.

@- Feche todas as janelas abertas e execute a Ferramenta ComboFix.

  • Digite a opção para continuar e <ENTER>.
  • Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

- Se necessário, o programa vai reiniciar o seu computador. Reinicie em modo normal...

- Log reservado: C:\ComboFix.txt

@- Copie os logs do Hijack (atualizado), ComboFix.txt e cole-os na sequência.

Mr. Coruj@

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pessoal, acabei lendo este tópico e eu também tenho um problema com Spyware. Toda hora abre popups destes trackers:

multi-pops.com / mp.clicksor.net / paypopup.com

POR FAVOR, ME AJUDEM!

Seguem os logs solicitados:

Logfile of HijackThis v1.99.1

Scan saved at 8:16:43 AM, on 8/14/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ZSSnp211.exe

C:\WINDOWS\Domino.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\setup\avast.setup

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Da Rosa\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_0

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Microsoft AntiSpyware helper - {116659C7-8B67-42AA-BB68-9035B33E4C10} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {116659C7-8B67-42AA-BB68-9035B33E4C10} - (no file) (HKCU)

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c283.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

O16 - DPF: {33331111-1111-1111-1111-611111193423} -

O16 - DPF: {33331111-1111-1111-1111-611111193429} -

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/04847f93525dfdf38d01/netzip/RdxIE601_br.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {805EF069-3D5E-4D3F-8135-E0B98099B737} (Ferramenta de carregamento do Yahoo! Fotos Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4br.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D9CA5D65-52BE-4790-BEA3-F3E2F5A76B02} (WebRecomendada Class) - http://62.97.81.200/dll/clickweb.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: tuvsrss - tuvsrss.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--------------------------------------------------------------------------

ComboFix 07-08-09.3 - "Da Rosa" 2007-08-14 8:08:30.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.271 [GMT -3:00]

* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\DAROSA~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\P9NHXEUW\www.broadcaster.com

C:\DOCUME~1\DAROSA~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\P9NHXEUW\www.broadcaster.com\played_list.sol

C:\DOCUME~1\DAROSA~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\P9NHXEUW\www.broadcaster.com\video_queue.sol

C:\DOCUME~1\DAROSA~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\DOCUME~1\DAROSA~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\temp\tn3

C:\WINDOWS\system32\drivers\core.cache.dsk

C:\WINDOWS\system32\drivers\core.sys

C:\WINDOWS\system32\drivers\sfsync02.sys

C:\WINDOWS\system32\xpdx.sys

C:\WINDOWS\system32\zxdnt3d.cfg

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CORE

-------\core

-------\xpdx

((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))

2007-08-14 08:07 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-13 07:25 <DIR> d-------- C:\Program Files\IObit

2007-08-12 02:16 1,536 --a------ C:\lcxuylb.exe

2007-08-12 02:15 <DIR> d-------- C:\WINDOWS\Web Download

2007-08-06 22:46 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-08-06 22:46 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll

2007-08-06 22:46 564,224 --a------ C:\WINDOWS\system32\x264vfw.dll

2007-08-06 22:46 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll

2007-08-06 22:46 338,432 --a------ C:\WINDOWS\system32\Ir41_qcx.dll

2007-08-06 22:46 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2007-08-06 22:46 217,088 --a------ C:\WINDOWS\system32\i420vfw.dll

2007-08-06 22:46 200,192 --a------ C:\WINDOWS\system32\Ir50_qc.dll

2007-08-06 22:46 183,808 --a------ C:\WINDOWS\system32\Ir50_qcx.dll

2007-08-06 22:46 163,840 --a------ C:\WINDOWS\system32\unrar.dll

2007-08-06 22:46 120,320 --a------ C:\WINDOWS\system32\Ir41_qc.dll

2007-08-06 22:46 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2007-08-06 22:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real

2007-08-06 22:43 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-08-06 22:43 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-08-06 22:43 <DIR> d-------- C:\Program Files\Xvid

2007-08-06 21:51 <DIR> d-------- C:\Program Files\IrfanView

2007-08-06 21:21 <DIR> d-------- C:\Program Files\Ligos

2007-08-06 21:15 <DIR> d-------- C:\Program Files\DivX

2007-07-26 22:34 <DIR> d-------- C:\Program Files\Formosoft

2007-07-26 20:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe

2007-07-26 20:06 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-07-26 20:06 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-07-26 20:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-07-26 20:06 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-07-26 20:03 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2007-07-26 20:03 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2007-07-26 20:03 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2007-07-26 20:03 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2007-07-26 20:03 740,442 --a------ C:\WINDOWS\system32\DivX.dll

2007-07-26 20:03 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll

2007-07-26 20:03 57,344 --a------ C:\WINDOWS\system32\dpv11.dll

2007-07-26 20:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll

2007-07-26 20:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll

2007-07-26 20:03 294,912 --a------ C:\WINDOWS\system32\dpu11.dll

2007-07-26 20:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll

2007-07-26 20:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll

2007-07-26 20:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

2007-07-22 12:23 <DIR> d-------- C:\Program Files\MegaJogos

2007-07-14 19:30 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll

2007-07-14 19:30 <DIR> d-------- C:\Program Files\TechSmith

2007-07-14 19:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith

2007-07-14 18:31 <DIR> d-------- C:\Program Files\Camfrog

2007-07-14 18:31 <DIR> d-------- C:\DOCUME~1\DAROSA~1\APPLIC~1\Camfrog

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-13 20:29 --------- d-------- C:\Program Files\eMule

2007-08-13 09:30 --------- d-------- C:\Program Files\TrackMania Nations ESWC

2007-08-13 07:49 --------- d-------- C:\Program Files\mIRC

2007-08-13 07:44 --------- d-------- C:\Program Files\BeClean

2007-08-12 03:56 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-08-12 01:37 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-08-11 23:13 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll

2007-08-11 11:14 --------- d-------- C:\DOCUME~1\DAROSA~1\APPLIC~1\Skype

2007-08-04 23:39 --------- d-------- C:\Program Files\Webteh

2007-08-04 23:39 --------- d-------- C:\DOCUME~1\DAROSA~1\APPLIC~1\BSplayer

2007-07-29 11:45 --------- d-------- C:\Program Files\Common Files\Real

2007-07-29 11:45 --------- d-------- C:\DOCUME~1\DAROSA~1\APPLIC~1\Real

2007-07-29 11:38 1326 --a------ C:\WINDOWS\mozver.dat

2007-07-28 23:53 --------- d-------- C:\Program Files\Apple Software Update

2007-07-28 23:47 --------- d-------- C:\Program Files\QuickTime

2007-07-28 17:21 --------- d-------- C:\Program Files\VideoLAN

2007-07-27 19:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-27 19:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-27 19:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-27 19:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 18:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 18:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-07-26 20:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys

2007-07-26 20:06 129784 --------- C:\WINDOWS\system32\pxafs.dll

2007-07-26 20:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe

2007-07-26 20:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe

2007-07-25 23:38 --------- d-------- C:\DOCUME~1\DAROSA~1\APPLIC~1\Apple Computer

2007-07-12 21:48 --------- d-------- C:\Program Files\Paltalk Messenger

2007-07-12 21:48 --------- d-------- C:\DOCUME~1\DAROSA~1\APPLIC~1\Paltalk

2007-07-03 21:38 --------- d-------- C:\Program Files\Vimicro

2007-07-01 21:45 --------- d-------- C:\Program Files\Google

2007-06-30 16:24 --------- d-------- C:\Program Files\DaemonTools_WhenUSave_Installer

2007-06-26 01:20 --------- d-------- C:\Program Files\Skype

2007-06-23 23:49 --------- d-------- C:\DOCUME~1\DAROSA~1\APPLIC~1\Google

2007-06-23 19:28 --------- d-------- C:\Program Files\KONAMI

2007-06-22 23:46 --------- d-------- C:\Program Files\BitComet

2007-06-20 01:44 360 --a------ C:\drmHeader.bin

2007-06-18 21:41 --------- d-------- C:\Program Files\Common Files\Skype

2007-06-16 00:34 --------- d-------- C:\Program Files\Wanadoo Edition

2007-05-26 18:43 686456 --a------ C:\WINDOWS\system32\SpoonUninstall.exe

2007-05-25 15:22 83552 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll

2007-05-25 15:22 63040 --a------ C:\WINDOWS\system32\LMIinit.dll

2007-05-25 15:22 26176 --a------ C:\WINDOWS\system32\LMIport.dll

2007-05-25 15:22 24000 --a------ C:\WINDOWS\system32\LMImirr.dll

2007-05-25 15:22 10304 --a------ C:\WINDOWS\system32\LMImirr2.dll

2007-05-16 12:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll

2007-05-16 12:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll

2007-05-16 12:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll

2007-05-16 12:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2007-05-16 12:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll

2007-05-16 12:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll

1997-10-24 13:20 25088 --a------ C:\WINDOWS\inf\regl3acm.exe

2004-10-02 22:15:12 56 --sh--r C:\WINDOWS\system32\4CB6624C9F.sys

2004-10-04 00:59:24 8 --sh--r C:\WINDOWS\system32\56FFC4E251.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 04:56 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 05:50]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]

"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 16:12]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 04:56 C:\WINDOWS\system32\rundll32.exe]

"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2006-08-02 09:21]

"Domino"="C:\WINDOWS\Domino.exe" [2006-08-02 09:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"LinkResolveIgnoreLinkInfo"=0 (0x0)

"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoClose"=0 (0x0)

"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvsrss]

tuvsrss.dll

R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys

R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys

R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys

R1 papycpu2;papycpu2;C:\WINDOWS\system32\DRIVERS\papycpu2.sys

R1 papyjoy;papyjoy;C:\WINDOWS\system32\DRIVERS\papyjoy.sys

R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys

R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;C:\WINDOWS\system32\drivers\psxpad.sys

R3 PsxPortEnumerator;Psx Port Enumerator;C:\WINDOWS\system32\Drivers\psxenum.sys

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS

R3 ZSMC211;USB PC Camera (ZS0211);C:\WINDOWS\system32\Drivers\ZS211.sys

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys

S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys

S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys

S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys

S3 EagleNT;EagleNT;\??\C:\WINDOWS\system32\drivers\EagleNT.sys

S3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys

S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys

Contents of the 'Scheduled Tasks' folder

2005-05-01 17:11:02 C:\WINDOWS\Tasks\XoftSpy.job - C:\Program Files\XoftSpy\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-14 08:11:53

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3DE443D7-B959-FC60-CC8E-9B3B5091D4F5}]

"ianhdocbjeomkdjcej"=hex:64,61,6f,62,6c,67,69,69,00,c0

"iabhdpdmkpkgafkncj"=hex:6a,61,6e,62,6b,65,68,6f,6c,70,6a,6f,66,70,62,69,69,68,65,65,00,..

"halhnpbnofhhmkie"=hex:6a,61,6e,62,6b,65,68,6f,6c,70,6a,6f,66,70,62,69,69,68,65,65,00,..

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-08-14 8:13:35 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-14 08:13

--- E O F ---

Este é o quarantined-files:


2004-12-03 07:20 20544 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\sfsync02.sys.vir
2007-06-29 08:49 100 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\DAROSA~1\APPLIC~1\Macromedia\Flash Player\#SharedObjects\P9NHXEUW\www.broadcaster.com\played_list.sol.vir
2007-06-29 08:49 2354 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\DAROSA~1\APPLIC~1\Macromedia\Flash Player\#SharedObjects\P9NHXEUW\www.broadcaster.com\video_queue.sol.vir
2007-06-29 08:49 89 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\DAROSA~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
2007-08-12 02:16 164787 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\core.cache.dsk.vir
2007-08-12 02:16 72832 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir
2007-08-12 02:18 55004 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xpdx.sys.vir
2007-08-12 04:06 21 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\zxdnt3d.cfg.vir
2007-08-14 08:09 108765 --a------ C:\Qoobox\Quarantine\catchme2007-08-14_ 81148.54.zip
2007-08-14 08:09 1220 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_CORE.reg.cf
2007-08-14 08:09 74 --a------ C:\Qoobox\Quarantine\Registry_backups\services_xpdx.reg.cf
2007-08-14 08:09 994 --a------ C:\Qoobox\Quarantine\Registry_backups\services_core.reg.cf
2007-08-14 08:10 459 --a------ C:\Qoobox\Quarantine\catchme.log


Folder PATH listing for volume Drive C
Volume serial number is 48B1-837A
C:\QOOBOX
\---Quarantine
| catchme.log
| catchme2007-08-14_ 81148.54.zip
|
+---C
| +---DOCUME~1
| | \---DAROSA~1
| | \---APPLIC~1
| | \---Macromedia
| | \---Flash Player
| | +---#SharedObjects
| | | \---P9NHXEUW
| | | \---www.broadcaster.com
| | | played_list.sol.vir
| | | video_queue.sol.vir
| | |
| | \---macromedia.com
| | \---support
| | \---flashplayer
| | \---sys
| | \---#www.broadcaster.com
| | settings.sol.vir
| |
| \---WINDOWS
| \---system32
| | xpdx.sys.vir
| | zxdnt3d.cfg.vir
| |
| \---drivers
| core.cache.dsk.vir
| core.sys.vir
| sfsync02.sys.vir
|
\---Registry_backups
LEGACY_CORE.reg.cf
services_core.reg.cf
services_xpdx.reg.cf

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Fala Coruj@!

    Tudo bem?

    Relaxa cara, sou bem descontraído, dei muita risada quando li a resposta da 3ª pergunta: Só mexa se ele mexer com você aeuaheauheauhea, muito hilário!

    Um intruso invadiu o meu tópico, mas fazer o que, é a democracia aeuahaeuheahu.

    Fiz todos os procedimentos que você pediu, o log do Hijack diminui significativamente! O pc parece melhor também!

    Aqui vai o log do Hijack:

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\inetsrv\inetinfo.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\System32\snmp.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Documents and Settings\Eduardo 3\Desktop\HijackThis.exe

    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Arquivos de programas\DAP\dapbho.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARQUIV~1\SPYWAR~1\tools\iesdsg.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Arquivos de programas\Poker.com\poker.exe

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O15 - Trusted Zone: *.p0rt2.com

    O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {33331111-1111-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl221bf2.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{7DBFD043-3D38-4B32-A53B-B3A57F33A53E}: NameServer = 200.215.1.44,200.215.1.45

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Boonty Games - BOONTY - C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe

    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    Aqui vai o log do Combo:

    ComboFix 07-08-09.3 - "Eduardo 3" 2007-08-13 20:42:29.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.78 [GMT -3:00]

    * Created a new restore point

    Rootkit driver pe386 is present. ... attempting disinfection

    pe386 ...... driver unloaded successfully.

    ADS removed - system32: deleted 55004 bytes in 1 streams.

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\DOCUME~1\EDUARD~2\DADOSD~1\tmp10.tmp.exe

    C:\DOCUME~1\EDUARD~2\DADOSD~1\tmp13A.tmp.exe

    C:\DOCUME~1\EDUARD~2\DADOSD~1\tmp2.tmp.exe

    C:\DOCUME~1\EDUARD~2\DADOSD~1\tmp3.tmp.exe

    C:\DOCUME~1\EDUARD~2\DADOSD~1\tmp4.tmp.exe

    C:\DOCUME~1\EDUARD~2\DADOSD~1\tmpE.tmp.exe

    C:\WINDOWS\knprss.ini

    C:\WINDOWS\ssrpnk.dll

    C:\WINDOWS\system32\locdev.dll

    C:\WINDOWS\system32\qwerty12.exe

    C:\WINDOWS\system32\ssqrqqp.dll

    C:\WINDOWS\system32\tmp3.tmp.dll

    C:\WINDOWS\system32\tmp4.tmp.dll

    C:\WINDOWS\system32\tmp7.tmp.dll

    C:\WINDOWS\system32\tmp8.tmp.dll

    C:\WINDOWS\system32\win32.exe

    C:\WINDOWS\ttutvw.ini

    C:\WINDOWS\WebAssist.dll

    C:\WINDOWS\wvtutt.dll

    C:\WINDOWS\xhelper.dll

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\LEGACY_DOMAINSERVICE

    -------\DomainService

    ((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))

    2007-08-13 20:00 51,200 --a------ C:\WINDOWS\nircmd.exe

    2007-08-13 13:57 <DIR> d-------- C:\WINDOWS\pss

    2007-08-11 22:19 <DIR> d-------- C:\bak-backups

    2007-08-11 21:25 <DIR> d-------- C:\!KillBox

    2007-08-10 07:49 55,330 --a------ C:\DOCUME~1\Marise\DADOSD~1\tmp2.tmp.exe

    2007-08-08 19:04 <DIR> d-------- C:\Arquivos de programas\Scorpio Software

    2007-08-08 19:04 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\scosoft.com

    2007-08-08 18:24 12,288 --a------ C:\WINDOWS\system32\eid.exe

    2007-08-08 11:11 55,330 --a------ C:\DOCUME~1\Marise\DADOSD~1\tmp5.tmp.exe

    2007-08-08 11:11 124,767 --a------ C:\DOCUME~1\Marise\DADOSD~1\tmp6.tmp.exe

    2007-08-06 13:38 <DIR> d---s---- C:\DOCUME~1\EDUARD~2\UserData

    2007-08-05 18:46 58,798 --a------ C:\DOCUME~1\Marise\DADOSD~1\tmp3.tmp.exe

    2007-08-05 17:47 <DIR> d-------- C:\DOCUME~1\EDUARD~2\DADOSD~1\MEGAUPLOADTOOLBAR

    2007-08-05 17:46 1,310,720 --ah----- C:\DOCUME~1\EDUARD~2\NTUSER.DAT

    2007-08-05 17:46 <DIR> dr-h----- C:\DOCUME~1\EDUARD~2\Dados de aplicativos

    2007-08-05 17:46 <DIR> dr------- C:\DOCUME~1\EDUARD~2\Meus documentos

    2007-08-05 17:46 <DIR> dr------- C:\DOCUME~1\EDUARD~2\Menu Iniciar

    2007-08-05 17:46 <DIR> dr------- C:\DOCUME~1\EDUARD~2\Favoritos

    2007-08-05 17:46 <DIR> d--h----- C:\DOCUME~1\EDUARD~2\Modelos

    2007-08-05 17:46 <DIR> d--h----- C:\DOCUME~1\EDUARD~2\Configura‡äes locais

    2007-08-05 17:46 <DIR> d--h----- C:\DOCUME~1\EDUARD~2\Ambiente de rede

    2007-08-05 17:46 <DIR> d--h----- C:\DOCUME~1\EDUARD~2\Ambiente de impressÆo

    2007-08-04 18:33 58,798 --a------ C:\DOCUME~1\Marise\DADOSD~1\tmp8.tmp.exe

    2007-08-04 18:33 124,624 --a------ C:\DOCUME~1\Marise\DADOSD~1\tmp9.tmp.exe

    2007-08-04 18:32 79,581 --a------ C:\DOCUME~1\Marise\DADOSD~1\tmp7.tmp.exe

    2007-08-04 18:24 18 --a------ C:\WINDOWS\system32\dna483dddf.dat

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-09 19:56 26176 --a------ C:\WINDOWS\system32\xA71nMoK.exe

    2007-08-08 19:13 --------- d-------- C:\Arquivos de programas\PokerRoom.com

    2007-08-04 18:15 --------- d-------- C:\Arquivos de programas\MegauploadToolbar

    2007-07-31 19:24 --------- d-------- C:\Arquivos de programas\Poker.com

    2007-06-15 20:03 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

    2007-06-15 20:03 --------- d-------- C:\Arquivos de programas\Full Tilt Poker

    2007-05-29 15:00 73216 --a------ C:\WINDOWS\ST6UNST.EXE

    2007-05-29 15:00 286720 --------- C:\WINDOWS\Setup1.exe

    2007-02-24 11:01 98304 --a------ C:\Arquivos de programas\mpeg-encoder.exe

    2005-07-25 19:54 70 --a--c--- C:\Arquivos de programas\[PC

    2005-07-25 19:54 68 --a--c--- C:\Arquivos de programas\US

    2005-07-25 19:54 155 --a--c--- C:\Arquivos de programas\inc1.bat

    2006-12-22 20:50:48 56 -csh--r C:\WINDOWS\system32\002D8E7248.sys

    2006-12-22 20:55:09 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys

    2004-11-25 10:54:12 130,169 -csha-r C:\WINDOWS\system32\shell32.exe

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]

    "ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]

    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16]

    "RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [2004-08-17 12:50 113664]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

    VTTimer.exe

    R2 IISADMIN;Serviço de administração do IIS;C:\WINDOWS\system32\inetsrv\inetinfo.exe

    R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe

    R2 SNMP;Serviço SNMP;C:\WINDOWS\System32\snmp.exe

    R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys

    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys

    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys

    S3 Boonty Games;Boonty Games;"C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe"

    S3 EagleNT;EagleNT;\??\C:\WINDOWS\system32\drivers\EagleNT.sys

    S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys

    S3 IntelC51;IntelC51;C:\WINDOWS\system32\DRIVERS\IntelC51.sys

    S3 IntelC52;IntelC52;C:\WINDOWS\system32\DRIVERS\IntelC52.sys

    S3 IntelC53;IntelC53;C:\WINDOWS\system32\DRIVERS\IntelC53.sys

    S3 LPDSVC;Servidor de impressão TCP/IP;C:\WINDOWS\System32\tcpsvcs.exe

    S3 mohfilt;mohfilt;C:\WINDOWS\system32\DRIVERS\mohfilt.sys

    S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32\ntsim.sys

    S3 SNMPTRAP;Serviço de interceptação SNMP;C:\WINDOWS\System32\snmptrap.exe

    S3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys

    S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys

    S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys

    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

    S3 XTrapD12;XTrapD12;\??\C:\WINDOWS\system32\XTrapD12.sys

    S4 MsaSvc;Microsoft authenticate service;C:\WINDOWS\system32\msasvc.exe

    Contents of the 'Scheduled Tasks' folder

    2007-08-12 03:01:02 C:\WINDOWS\Tasks\At1.job

    2007-08-10 12:01:38 C:\WINDOWS\Tasks\At10.job

    2007-07-13 23:24:34 C:\WINDOWS\Tasks\At100.job - C:\WINDOWS\system32\winmds.exe

    2007-07-13 23:24:34 C:\WINDOWS\Tasks\At101.job - C:\WINDOWS\system32\winmds.exe

    2007-07-13 23:24:34 C:\WINDOWS\Tasks\At102.job

    2007-07-13 23:24:34 C:\WINDOWS\Tasks\At103.job

    2007-07-13 23:24:34 C:\WINDOWS\Tasks\At104.job - C:\WINDOWS\system32\winmds.exe

    2007-07-13 23:24:34 C:\WINDOWS\Tasks\At105.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 12:00:02 C:\WINDOWS\Tasks\At106.job

    2007-07-28 17:03:14 C:\WINDOWS\Tasks\At107.job

    2007-08-07 16:51:34 C:\WINDOWS\Tasks\At108.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At109.job

    2007-07-28 13:00:30 C:\WINDOWS\Tasks\At11.job

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At110.job

    2007-08-13 17:15:19 C:\WINDOWS\Tasks\At111.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At112.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At113.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 20:26:47 C:\WINDOWS\Tasks\At114.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At115.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At116.job

    2007-08-13 23:00:00 C:\WINDOWS\Tasks\At117.job

    2007-08-11 01:51:38 C:\WINDOWS\Tasks\At118.job

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At119.job - C:\WINDOWS\system32\winmds.exe

    2007-08-07 14:00:36 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\xA71nMoK.exe

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At120.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At121.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At122.job - C:\WINDOWS\system32\winmds.exe

    2007-07-16 01:13:22 C:\WINDOWS\Tasks\At123.job - C:\WINDOWS\system32\winmds.exe

    2007-07-16 01:13:22 C:\WINDOWS\Tasks\At124.job - C:\WINDOWS\system32\winmds.exe

    2007-07-16 01:13:22 C:\WINDOWS\Tasks\At125.job

    2007-07-16 01:13:22 C:\WINDOWS\Tasks\At126.job - C:\WINDOWS\system32\winmds.exe

    2007-07-16 01:13:22 C:\WINDOWS\Tasks\At127.job - C:\WINDOWS\system32\winmds.exe

    2007-07-16 01:13:22 C:\WINDOWS\Tasks\At128.job - C:\WINDOWS\system32\winmds.exe

    2007-07-16 01:13:22 C:\WINDOWS\Tasks\At129.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 15:00:31 C:\WINDOWS\Tasks\At13.job

    2007-07-16 01:13:22 C:\WINDOWS\Tasks\At130.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 12:00:02 C:\WINDOWS\Tasks\At131.job

    2007-07-28 17:03:14 C:\WINDOWS\Tasks\At132.job

    2007-08-07 16:51:34 C:\WINDOWS\Tasks\At133.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At134.job

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At135.job

    2007-08-13 17:15:22 C:\WINDOWS\Tasks\At136.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At137.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At138.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 20:26:47 C:\WINDOWS\Tasks\At139.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 16:00:39 C:\WINDOWS\Tasks\At14.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At140.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At141.job

    2007-08-13 23:00:00 C:\WINDOWS\Tasks\At142.job

    2007-08-11 01:51:39 C:\WINDOWS\Tasks\At143.job

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At144.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At145.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At146.job - C:\WINDOWS\system32\winmds.exe

    2007-07-16 21:49:34 C:\WINDOWS\Tasks\At147.job - C:\WINDOWS\system32\winmds.exe

    2007-07-16 21:49:34 C:\WINDOWS\Tasks\At148.job - C:\WINDOWS\system32\winmds.exe

    2007-07-16 21:49:34 C:\WINDOWS\Tasks\At149.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 17:01:07 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\xA71nMoK.exe

    2007-07-16 21:49:34 C:\WINDOWS\Tasks\At150.job - C:\WINDOWS\system32\winmds.exe

    2007-07-16 21:49:34 C:\WINDOWS\Tasks\At151.job - C:\WINDOWS\system32\winmds.exe

    2007-07-16 21:49:34 C:\WINDOWS\Tasks\At152.job

    2007-07-16 21:49:34 C:\WINDOWS\Tasks\At153.job - C:\WINDOWS\system32\winmds.exe

    2007-07-16 21:49:34 C:\WINDOWS\Tasks\At154.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 12:00:02 C:\WINDOWS\Tasks\At155.job

    2007-07-28 17:03:14 C:\WINDOWS\Tasks\At156.job

    2007-08-07 16:51:34 C:\WINDOWS\Tasks\At157.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At158.job

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At159.job

    2007-08-13 18:01:00 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\xA71nMoK.exe

    2007-08-13 17:15:18 C:\WINDOWS\Tasks\At160.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At161.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At162.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 20:26:47 C:\WINDOWS\Tasks\At163.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At164.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At165.job

    2007-08-13 23:00:00 C:\WINDOWS\Tasks\At166.job

    2007-08-11 01:51:39 C:\WINDOWS\Tasks\At167.job

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At168.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At169.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 19:01:00 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\xA71nMoK.exe

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At170.job - C:\WINDOWS\system32\winmds.exe

    2007-07-17 17:32:40 C:\WINDOWS\Tasks\At171.job - C:\WINDOWS\system32\winmds.exe

    2007-07-17 17:32:40 C:\WINDOWS\Tasks\At172.job

    2007-07-17 17:32:40 C:\WINDOWS\Tasks\At173.job - C:\WINDOWS\system32\winmds.exe

    2007-07-17 17:32:40 C:\WINDOWS\Tasks\At174.job - C:\WINDOWS\system32\winmds.exe

    2007-07-17 17:32:40 C:\WINDOWS\Tasks\At175.job - C:\WINDOWS\system32\winmds.exe

    2007-07-17 17:32:40 C:\WINDOWS\Tasks\At176.job - C:\WINDOWS\system32\winmds.exe

    2007-07-17 17:32:40 C:\WINDOWS\Tasks\At177.job - C:\WINDOWS\system32\winmds.exe

    2007-07-17 17:32:40 C:\WINDOWS\Tasks\At178.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 12:00:02 C:\WINDOWS\Tasks\At179.job

    2007-08-05 20:00:32 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\xA71nMoK.exe

    2007-07-28 17:03:14 C:\WINDOWS\Tasks\At180.job

    2007-08-07 16:51:35 C:\WINDOWS\Tasks\At181.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At182.job

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At183.job

    2007-08-13 17:15:17 C:\WINDOWS\Tasks\At184.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At185.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At186.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 20:26:47 C:\WINDOWS\Tasks\At187.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At188.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At189.job

    2007-08-10 21:01:07 C:\WINDOWS\Tasks\At19.job

    2007-08-13 23:00:00 C:\WINDOWS\Tasks\At190.job

    2007-08-11 01:51:40 C:\WINDOWS\Tasks\At191.job

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At192.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At193.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At194.job - C:\WINDOWS\system32\winmds.exe

    2007-07-24 13:56:51 C:\WINDOWS\Tasks\At195.job - C:\WINDOWS\system32\winmds.exe

    2007-07-24 13:56:51 C:\WINDOWS\Tasks\At196.job - C:\WINDOWS\system32\winmds.exe

    2007-07-24 13:56:51 C:\WINDOWS\Tasks\At197.job - C:\WINDOWS\system32\winmds.exe

    2007-07-24 13:56:51 C:\WINDOWS\Tasks\At198.job - C:\WINDOWS\system32\winmds.exe

    2007-07-24 13:56:51 C:\WINDOWS\Tasks\At199.job - C:\WINDOWS\system32\winmds.exe

    2007-07-04 23:00:51 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\xA71nMoK.exe

    2007-08-10 22:01:04 C:\WINDOWS\Tasks\At20.job

    2007-07-24 13:56:51 C:\WINDOWS\Tasks\At200.job - C:\WINDOWS\system32\winmds.exe

    2007-07-24 13:56:51 C:\WINDOWS\Tasks\At201.job - C:\WINDOWS\system32\winmds.exe

    2007-07-24 13:56:51 C:\WINDOWS\Tasks\At202.job

    2007-08-10 12:00:02 C:\WINDOWS\Tasks\At203.job

    2007-07-28 17:03:14 C:\WINDOWS\Tasks\At204.job

    2007-08-07 16:51:35 C:\WINDOWS\Tasks\At205.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At206.job

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At207.job

    2007-08-13 17:15:16 C:\WINDOWS\Tasks\At208.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At209.job

    2007-08-13 23:01:00 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\xA71nMoK.exe

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At210.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 20:26:47 C:\WINDOWS\Tasks\At211.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At212.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At213.job

    2007-08-13 23:00:00 C:\WINDOWS\Tasks\At214.job

    2007-08-11 01:51:40 C:\WINDOWS\Tasks\At215.job

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At216.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At217.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At218.job

    2007-07-25 13:27:57 C:\WINDOWS\Tasks\At219.job

    2007-08-11 00:01:03 C:\WINDOWS\Tasks\At22.job

    2007-07-25 13:27:57 C:\WINDOWS\Tasks\At220.job - C:\WINDOWS\system32\winmds.exe

    2007-07-25 13:27:57 C:\WINDOWS\Tasks\At221.job

    2007-07-25 13:27:57 C:\WINDOWS\Tasks\At222.job - C:\WINDOWS\system32\winmds.exe

    2007-07-25 13:27:57 C:\WINDOWS\Tasks\At223.job - C:\WINDOWS\system32\winmds.exe

    2007-07-25 13:27:57 C:\WINDOWS\Tasks\At224.job - C:\WINDOWS\system32\winmds.exe

    2007-07-25 13:27:57 C:\WINDOWS\Tasks\At225.job

    2007-07-25 13:27:57 C:\WINDOWS\Tasks\At226.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 12:00:02 C:\WINDOWS\Tasks\At227.job

    2007-07-28 17:03:14 C:\WINDOWS\Tasks\At228.job

    2007-08-07 16:51:35 C:\WINDOWS\Tasks\At229.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 01:00:40 C:\WINDOWS\Tasks\At23.job

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At230.job

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At231.job

    2007-08-13 17:15:15 C:\WINDOWS\Tasks\At232.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At233.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At234.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 20:26:47 C:\WINDOWS\Tasks\At235.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At236.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At237.job

    2007-08-13 23:00:00 C:\WINDOWS\Tasks\At238.job

    2007-08-11 01:51:38 C:\WINDOWS\Tasks\At239.job

    2007-08-13 02:01:06 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\xA71nMoK.exe

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At240.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At241.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At242.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 13:28:31 C:\WINDOWS\Tasks\At243.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 13:28:31 C:\WINDOWS\Tasks\At244.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 13:28:31 C:\WINDOWS\Tasks\At245.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 13:28:31 C:\WINDOWS\Tasks\At246.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 13:28:31 C:\WINDOWS\Tasks\At247.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 13:28:31 C:\WINDOWS\Tasks\At248.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 13:28:31 C:\WINDOWS\Tasks\At249.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 13:28:31 C:\WINDOWS\Tasks\At250.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 12:00:02 C:\WINDOWS\Tasks\At251.job

    2007-07-28 17:03:14 C:\WINDOWS\Tasks\At252.job

    2007-08-07 16:51:35 C:\WINDOWS\Tasks\At253.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At254.job

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At255.job

    2007-08-13 17:15:21 C:\WINDOWS\Tasks\At256.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At257.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At258.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 20:26:47 C:\WINDOWS\Tasks\At259.job - C:\WINDOWS\system32\winmds.exe

    2007-07-06 22:18:43 C:\WINDOWS\Tasks\At26.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At260.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At261.job

    2007-08-13 23:00:00 C:\WINDOWS\Tasks\At262.job

    2007-08-11 01:51:40 C:\WINDOWS\Tasks\At263.job

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At264.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At265.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At266.job - C:\WINDOWS\system32\winmds.exe

    2007-07-29 23:28:58 C:\WINDOWS\Tasks\At267.job - C:\WINDOWS\system32\winmds.exe

    2007-07-29 23:28:58 C:\WINDOWS\Tasks\At268.job - C:\WINDOWS\system32\winmds.exe

    2007-07-29 23:28:58 C:\WINDOWS\Tasks\At269.job - C:\WINDOWS\system32\winmds.exe

    2007-07-06 22:18:43 C:\WINDOWS\Tasks\At27.job - C:\WINDOWS\system32\winmds.exe

    2007-07-29 23:28:58 C:\WINDOWS\Tasks\At270.job - C:\WINDOWS\system32\winmds.exe

    2007-07-29 23:28:58 C:\WINDOWS\Tasks\At271.job - C:\WINDOWS\system32\winmds.exe

    2007-07-29 23:28:58 C:\WINDOWS\Tasks\At272.job

    2007-07-29 23:28:58 C:\WINDOWS\Tasks\At273.job - C:\WINDOWS\system32\winmds.exe

    2007-07-29 23:28:58 C:\WINDOWS\Tasks\At274.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 12:00:02 C:\WINDOWS\Tasks\At275.job

    2007-07-29 23:28:58 C:\WINDOWS\Tasks\At276.job

    2007-08-07 16:51:35 C:\WINDOWS\Tasks\At277.job - C:\WINDOWS\system32\winmds.exe

    2007-07-29 23:28:58 C:\WINDOWS\Tasks\At278.job - C:\WINDOWS\system32\winmds.exe

    2007-07-29 23:28:58 C:\WINDOWS\Tasks\At279.job - C:\WINDOWS\system32\winmds.exe

    2007-07-06 22:18:43 C:\WINDOWS\Tasks\At28.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 17:15:14 C:\WINDOWS\Tasks\At280.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At281.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At282.job

    2007-08-05 20:26:48 C:\WINDOWS\Tasks\At283.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At284.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At285.job

    2007-08-13 23:00:00 C:\WINDOWS\Tasks\At286.job

    2007-08-11 01:51:40 C:\WINDOWS\Tasks\At287.job

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At288.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At289.job - C:\WINDOWS\system32\winmds.exe

    2007-07-06 22:18:43 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At290.job - C:\WINDOWS\system32\winmds.exe

    2007-07-31 21:53:48 C:\WINDOWS\Tasks\At291.job - C:\WINDOWS\system32\winmds.exe

    2007-07-31 21:53:48 C:\WINDOWS\Tasks\At292.job - C:\WINDOWS\system32\winmds.exe

    2007-07-31 21:53:48 C:\WINDOWS\Tasks\At293.job - C:\WINDOWS\system32\winmds.exe

    2007-07-31 21:53:48 C:\WINDOWS\Tasks\At294.job - C:\WINDOWS\system32\winmds.exe

    2007-07-31 21:53:48 C:\WINDOWS\Tasks\At295.job - C:\WINDOWS\system32\winmds.exe

    2007-07-31 21:53:48 C:\WINDOWS\Tasks\At296.job - C:\WINDOWS\system32\winmds.exe

    2007-07-31 21:53:48 C:\WINDOWS\Tasks\At297.job - C:\WINDOWS\system32\winmds.exe

    2007-07-31 21:53:48 C:\WINDOWS\Tasks\At298.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 12:00:02 C:\WINDOWS\Tasks\At299.job

    2007-07-04 23:00:51 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\xA71nMoK.exe

    2007-07-06 22:18:43 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\winmds.exe

    2007-07-31 21:53:48 C:\WINDOWS\Tasks\At300.job - C:\WINDOWS\system32\winmds.exe

    2007-08-07 16:51:35 C:\WINDOWS\Tasks\At301.job - C:\WINDOWS\system32\winmds.exe

    2007-07-31 21:53:48 C:\WINDOWS\Tasks\At302.job - C:\WINDOWS\system32\winmds.exe

    2007-07-31 21:53:48 C:\WINDOWS\Tasks\At303.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 17:15:13 C:\WINDOWS\Tasks\At304.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At305.job

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At306.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 20:26:48 C:\WINDOWS\Tasks\At307.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At308.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At309.job

    2007-07-06 22:18:43 C:\WINDOWS\Tasks\At31.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 23:00:00 C:\WINDOWS\Tasks\At310.job

    2007-08-11 01:51:41 C:\WINDOWS\Tasks\At311.job

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At312.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At313.job

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At314.job - C:\WINDOWS\system32\winmds.exe

    2007-08-01 21:32:00 C:\WINDOWS\Tasks\At315.job - C:\WINDOWS\system32\winmds.exe

    2007-08-01 21:32:00 C:\WINDOWS\Tasks\At316.job - C:\WINDOWS\system32\winmds.exe

    2007-08-01 21:32:00 C:\WINDOWS\Tasks\At317.job - C:\WINDOWS\system32\winmds.exe

    2007-08-01 21:32:00 C:\WINDOWS\Tasks\At318.job - C:\WINDOWS\system32\winmds.exe

    2007-08-01 21:32:00 C:\WINDOWS\Tasks\At319.job - C:\WINDOWS\system32\winmds.exe

    2007-07-06 22:18:43 C:\WINDOWS\Tasks\At32.job - C:\WINDOWS\system32\winmds.exe

    2007-08-01 21:32:00 C:\WINDOWS\Tasks\At320.job - C:\WINDOWS\system32\winmds.exe

    2007-08-01 21:32:00 C:\WINDOWS\Tasks\At321.job - C:\WINDOWS\system32\winmds.exe

    2007-08-01 21:32:00 C:\WINDOWS\Tasks\At322.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 12:00:02 C:\WINDOWS\Tasks\At323.job

    2007-08-01 21:32:00 C:\WINDOWS\Tasks\At324.job - C:\WINDOWS\system32\winmds.exe

    2007-08-07 16:51:35 C:\WINDOWS\Tasks\At325.job - C:\WINDOWS\system32\winmds.exe

    2007-08-01 21:32:00 C:\WINDOWS\Tasks\At326.job - C:\WINDOWS\system32\winmds.exe

    2007-08-01 21:32:00 C:\WINDOWS\Tasks\At327.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 17:15:20 C:\WINDOWS\Tasks\At328.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At329.job - C:\WINDOWS\system32\winmds.exe

    2007-07-06 22:18:43 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At330.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 20:26:48 C:\WINDOWS\Tasks\At331.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At332.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At333.job

    2007-08-13 23:00:00 C:\WINDOWS\Tasks\At334.job

    2007-08-11 01:51:41 C:\WINDOWS\Tasks\At335.job

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At336.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At337.job

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At338.job - C:\WINDOWS\system32\winmds.exe

    2007-08-04 00:24:33 C:\WINDOWS\Tasks\At339.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 12:00:02 C:\WINDOWS\Tasks\At34.job

    2007-08-04 00:24:33 C:\WINDOWS\Tasks\At340.job - C:\WINDOWS\system32\winmds.exe

    2007-08-04 00:24:33 C:\WINDOWS\Tasks\At341.job - C:\WINDOWS\system32\winmds.exe

    2007-08-04 00:24:33 C:\WINDOWS\Tasks\At342.job - C:\WINDOWS\system32\winmds.exe

    2007-08-04 00:24:33 C:\WINDOWS\Tasks\At343.job - C:\WINDOWS\system32\winmds.exe

    2007-08-04 00:24:33 C:\WINDOWS\Tasks\At344.job - C:\WINDOWS\system32\winmds.exe

    2007-08-04 00:24:33 C:\WINDOWS\Tasks\At345.job - C:\WINDOWS\system32\winmds.exe

    2007-08-04 00:24:33 C:\WINDOWS\Tasks\At346.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 12:00:02 C:\WINDOWS\Tasks\At347.job

    2007-08-04 00:24:33 C:\WINDOWS\Tasks\At348.job - C:\WINDOWS\system32\winmds.exe

    2007-08-07 16:51:35 C:\WINDOWS\Tasks\At349.job - C:\WINDOWS\system32\winmds.exe

    2007-07-28 17:03:14 C:\WINDOWS\Tasks\At35.job

    2007-08-04 00:24:33 C:\WINDOWS\Tasks\At350.job - C:\WINDOWS\system32\winmds.exe

    2007-08-04 00:24:33 C:\WINDOWS\Tasks\At351.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 17:15:12 C:\WINDOWS\Tasks\At352.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At353.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At354.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 20:26:48 C:\WINDOWS\Tasks\At355.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At356.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At357.job

    2007-08-13 23:00:00 C:\WINDOWS\Tasks\At358.job

    2007-08-11 01:51:41 C:\WINDOWS\Tasks\At359.job

    2007-08-07 16:51:35 C:\WINDOWS\Tasks\At36.job

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At360.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At361.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At362.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 21:56:28 C:\WINDOWS\Tasks\At363.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 21:56:28 C:\WINDOWS\Tasks\At364.job

    2007-08-05 21:56:28 C:\WINDOWS\Tasks\At365.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 21:56:28 C:\WINDOWS\Tasks\At366.job

    2007-08-05 21:56:28 C:\WINDOWS\Tasks\At367.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 21:56:28 C:\WINDOWS\Tasks\At368.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 21:56:28 C:\WINDOWS\Tasks\At369.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At37.job

    2007-08-05 21:56:28 C:\WINDOWS\Tasks\At370.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 12:00:02 C:\WINDOWS\Tasks\At371.job

    2007-08-05 21:56:28 C:\WINDOWS\Tasks\At372.job - C:\WINDOWS\system32\winmds.exe

    2007-08-07 16:51:35 C:\WINDOWS\Tasks\At373.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 21:56:28 C:\WINDOWS\Tasks\At374.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 21:56:28 C:\WINDOWS\Tasks\At375.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 17:15:11 C:\WINDOWS\Tasks\At376.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At377.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At378.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 21:56:28 C:\WINDOWS\Tasks\At379.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At38.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At380.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At381.job

    2007-08-13 23:00:00 C:\WINDOWS\Tasks\At382.job

    2007-08-11 01:51:41 C:\WINDOWS\Tasks\At383.job

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At384.job

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At385.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At386.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At387.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At388.job

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At389.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 17:15:10 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At390.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At391.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At392.job

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At393.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At394.job

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At395.job

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At396.job

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At397.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At398.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At399.job - C:\WINDOWS\system32\winmds.exe

    2007-07-04 23:00:51 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\xA71nMoK.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At40.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 17:15:09 C:\WINDOWS\Tasks\At400.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At401.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At402.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At403.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At404.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At405.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 23:00:00 C:\WINDOWS\Tasks\At406.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 00:39:50 C:\WINDOWS\Tasks\At407.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At408.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At409.job

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At41.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 20:26:48 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At43.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At44.job

    2007-08-13 23:00:01 C:\WINDOWS\Tasks\At45.job

    2007-08-11 01:51:42 C:\WINDOWS\Tasks\At46.job

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At49.job - C:\WINDOWS\system32\winmds.exe

    2007-07-04 23:00:51 C:\WINDOWS\Tasks\At5.job

    2007-07-07 14:36:57 C:\WINDOWS\Tasks\At50.job - C:\WINDOWS\system32\winmds.exe

    2007-07-07 14:36:57 C:\WINDOWS\Tasks\At51.job - C:\WINDOWS\system32\winmds.exe

    2007-07-07 14:36:57 C:\WINDOWS\Tasks\At52.job - C:\WINDOWS\system32\winmds.exe

    2007-07-07 14:36:57 C:\WINDOWS\Tasks\At53.job - C:\WINDOWS\system32\winmds.exe

    2007-07-07 14:36:57 C:\WINDOWS\Tasks\At54.job - C:\WINDOWS\system32\winmds.exe

    2007-07-07 14:36:57 C:\WINDOWS\Tasks\At55.job - C:\WINDOWS\system32\winmds.exe

    2007-07-07 14:36:57 C:\WINDOWS\Tasks\At56.job - C:\WINDOWS\system32\winmds.exe

    2007-07-07 14:36:57 C:\WINDOWS\Tasks\At57.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 12:00:02 C:\WINDOWS\Tasks\At58.job

    2007-07-28 17:03:14 C:\WINDOWS\Tasks\At59.job

    2007-07-04 23:00:51 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\xA71nMoK.exe

    2007-08-07 16:51:35 C:\WINDOWS\Tasks\At60.job

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At61.job

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At62.job

    2007-08-13 17:15:08 C:\WINDOWS\Tasks\At63.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At64.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At65.job - C:\WINDOWS\system32\winmds.exe

    2007-08-05 20:26:48 C:\WINDOWS\Tasks\At66.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At67.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At68.job

    2007-08-13 23:00:01 C:\WINDOWS\Tasks\At69.job

    2007-07-04 23:00:51 C:\WINDOWS\Tasks\At7.job

    2007-08-11 01:51:42 C:\WINDOWS\Tasks\At70.job

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At71.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At72.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At73.job - C:\WINDOWS\system32\winmds.exe

    2007-07-08 00:49:12 C:\WINDOWS\Tasks\At74.job - C:\WINDOWS\system32\winmds.exe

    2007-07-08 00:49:12 C:\WINDOWS\Tasks\At75.job - C:\WINDOWS\system32\winmds.exe

    2007-07-08 00:49:12 C:\WINDOWS\Tasks\At76.job - C:\WINDOWS\system32\winmds.exe

    2007-07-08 00:49:12 C:\WINDOWS\Tasks\At77.job

    2007-07-08 00:49:12 C:\WINDOWS\Tasks\At78.job - C:\WINDOWS\system32\winmds.exe

    2007-07-08 00:49:12 C:\WINDOWS\Tasks\At79.job - C:\WINDOWS\system32\winmds.exe

    2007-07-05 10:01:10 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\xA71nMoK.exe

    2007-07-08 00:49:12 C:\WINDOWS\Tasks\At80.job - C:\WINDOWS\system32\winmds.exe

    2007-07-08 00:49:12 C:\WINDOWS\Tasks\At81.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 12:00:02 C:\WINDOWS\Tasks\At82.job

    2007-07-28 17:03:14 C:\WINDOWS\Tasks\At83.job

    2007-08-07 16:51:35 C:\WINDOWS\Tasks\At84.job - C:\WINDOWS\system32\winmds.exe

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At85.job

    2007-07-26 23:46:15 C:\WINDOWS\Tasks\At86.job

    2007-08-13 17:15:07 C:\WINDOWS\Tasks\At87.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 18:00:00 C:\WINDOWS\Tasks\At88.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 19:00:00 C:\WINDOWS\Tasks\At89.job - C:\WINDOWS\system32\winmds.exe

    2007-07-04 23:00:51 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\xA71nMoK.exe

    2007-08-05 20:26:48 C:\WINDOWS\Tasks\At90.job - C:\WINDOWS\system32\winmds.exe

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At91.job

    2007-08-10 23:34:44 C:\WINDOWS\Tasks\At92.job

    2007-08-13 23:00:01 C:\WINDOWS\Tasks\At93.job

    2007-08-11 01:51:42 C:\WINDOWS\Tasks\At94.job

    2007-08-12 01:00:03 C:\WINDOWS\Tasks\At95.job - C:\WINDOWS\system32\winmds.exe

    2007-08-13 14:17:09 C:\WINDOWS\Tasks\At96.job - C:\WINDOWS\system32\winmds.exe

    2007-08-12 16:52:10 C:\WINDOWS\Tasks\At97.job - C:\WINDOWS\system32\winmds.exe

    2007-07-13 23:24:34 C:\WINDOWS\Tasks\At98.job - C:\WINDOWS\system32\winmds.exe

    2007-07-13 23:24:34 C:\WINDOWS\Tasks\At99.job

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-08-13 20:54:13

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-13 20:55:29 - machine was rebooted

    C:\ComboFix-quarantined-files.txt ... 2007-08-13 20:55

    --- E O F ---

    Aguardo sua resposta!

    Abraço Coruja!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    topelv, tinha pulado o seu tópico. Sorry! :)

    @- Faça o download do(s) programa(s) relacionado(s) abaixo, mas não execute ainda.

    - Copie as instruções para o bloco de notas ou imprima!

    - Execute a Ferramenta DelDomains - Para executá-la: Click com o botão direito -> Instalar

    --|--

    - Execute o HijackThis - Clique em Do a System Scan Only. Marque a(s) caixinha(s) referente(s) à(s) entrada(s) relacionada(s) abaixo(s) em azul. Ao final da seleção, clique em Fix Checked...

    O16 - DPF: {33331111-1111-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl221bf2.cab

    --|--

    @- Faça a descompactação da Ferramenta ATasks_Fix.zip e coloque o ATasks_Fix.exe em seu diretório raiz. Ficará assim: C:\ATasks_Fix.exe. Não execute-o agora, pois será executado automaticamente pelo Avenger quando o seu computador reiniciar em modo normal, seguindo as intruções abaixo:

    --|--

    @- Faça a descompactação e execute a Ferramenta avenger.exe. Confirme: OK.

    • Dentre as opções em "Script file to execute", selecione "Input Script Manually".
    • Clique no ícone da lupa.
    • Copie (Ctrl+C) o conteúdo (em vermelho) do "Código" abaixo e cole-o (Ctrl+V) em "View/edit script".
      [color=#993300][b]Files to delete:
      C:\DOCUME~1\Marise\DADOSD~1\tmp2.tmp.exe
      C:\WINDOWS\system32\eid.exe
      C:\DOCUME~1\Marise\DADOSD~1\tmp5.tmp.exe
      C:\DOCUME~1\Marise\DADOSD~1\tmp6.tmp.exe
      C:\DOCUME~1\Marise\DADOSD~1\tmp3.tmp.exe
      C:\DOCUME~1\Marise\DADOSD~1\tmp8.tmp.exe
      C:\DOCUME~1\Marise\DADOSD~1\tmp9.tmp.exe
      C:\DOCUME~1\Marise\DADOSD~1\tmp7.tmp.exe
      C:\WINDOWS\system32\xA71nMoK.exe
      C:\WINDOWS\system32\winmds.exe

      Programs to launch on reboot:
      C:\ATasks_Fix.exe[/b][/color]

    • Clique em "Done".
    • Clique no ícone do semáforo para começar o script de remoção. Confirme: OK.

    - O computador reiniciará automaticamente. Já reinicie em modo normal, ok?

    - Log reservado: C:\avenger.txt

    @- Reinicie em modo normal.

    --|--

    @- Assim que a tela do Bye ATasks Jobs (ByTasks) aparecer, digite "S" Sim e tecle [Enter] para começar o scan do programa. Dura apenas alguns segundos, aguarde... Quando aparecer "Remoção Finalizada", pressione qualquer tecla para finalizar.

    - Log reservado: C:\_Taticas\LogATasks.txt

    Observações: Caso o programa ATasks_Fix.exe não inicie automaticamente, vá até o C:\ATasks_Fix.exe e execute-o. Faça os mesmos passos acima para executar o scan. Você deverá encontrar também na pasta _Taticas o arquivo de backup do que foi removido: backupsTasks.zip. Não apague-o por enquanto.

    --|--

    @- Feche todas as janelas abertas e execute a Ferramenta ComboFix.

    • Digite a opção para continuar e <ENTER>.
    • Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

    - Se necessário, o programa vai reiniciar o seu computador. Reinicie em modo normal...

    - Log reservado: C:\ComboFix.txt

    @- Veja se o problema continua, copie os logs do Hijack (atualizado), Avenger.txt, LogATasks.txt, ComboFix.txt e cole-os na sequência.

    PS: Se você não for o autor deste tópico ou não existir a indicação em seu tópico, não há necessidade de executar o ATasks_Fix. O Fix não remove infecções e é indicado apenas para casos específicos.

    Mr. Coruj@

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Fala Coruj@!

    Segui suas instruções, aqui vão os logs:

    Obs: gostaria de saber o que é isso: O23 - Service: Boonty Games - BOONTY - C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe

    Também gostaria de saber quando vou poder deletar os logs que estão em C:

    Abraço e bom fim de semana!

    _____________________________________

    HIJACK:

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\inetsrv\inetinfo.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\System32\snmp.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\WINDOWS\explorer.exe

    C:\Documents and Settings\Eduardo 3\Desktop\HijackThis.exe

    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Arquivos de programas\DAP\dapbho.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARQUIV~1\SPYWAR~1\tools\iesdsg.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\pt-br\msntb.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Arquivos de programas\Poker.com\poker.exe

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{7DBFD043-3D38-4B32-A53B-B3A57F33A53E}: NameServer = 200.215.1.44,200.215.1.45

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Boonty Games - BOONTY - C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe

    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    _________________________________________________

    COMBO

    ComboFix 07-08-09.3 - "Eduardo 3" 2007-08-17 19:11:03.4 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.87 [GMT -3:00]

    ((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))

    2007-08-17 18:50 200,649 --a------ C:\ATasks_Fix.exe

    2007-08-17 18:50 <DIR> d-------- C:\_Taticas

    2007-08-16 19:09 <DIR> d-------- C:\DOCUME~1\EDUARD~2\DADOSD~1\Real

    2007-08-14 18:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

    2007-08-13 20:00 51,200 --a------ C:\WINDOWS\nircmd.exe

    2007-08-13 13:57 <DIR> d-------- C:\WINDOWS\pss

    2007-08-11 22:19 <DIR> d-------- C:\bak-backups

    2007-08-11 21:25 <DIR> d-------- C:\!KillBox

    2007-08-08 19:04 <DIR> d-------- C:\Arquivos de programas\Scorpio Software

    2007-08-08 19:04 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\scosoft.com

    2007-08-06 13:38 <DIR> d---s---- C:\DOCUME~1\EDUARD~2\UserData

    2007-08-05 17:47 <DIR> d-------- C:\DOCUME~1\EDUARD~2\DADOSD~1\MEGAUPLOADTOOLBAR

    2007-08-05 17:46 1,572,864 --ah----- C:\DOCUME~1\EDUARD~2\NTUSER.DAT

    2007-08-05 17:46 <DIR> dr-h----- C:\DOCUME~1\EDUARD~2\Dados de aplicativos

    2007-08-05 17:46 <DIR> dr------- C:\DOCUME~1\EDUARD~2\Meus documentos

    2007-08-05 17:46 <DIR> dr------- C:\DOCUME~1\EDUARD~2\Menu Iniciar

    2007-08-05 17:46 <DIR> dr------- C:\DOCUME~1\EDUARD~2\Favoritos

    2007-08-05 17:46 <DIR> d--h----- C:\DOCUME~1\EDUARD~2\Modelos

    2007-08-05 17:46 <DIR> d--h----- C:\DOCUME~1\EDUARD~2\Configura‡äes locais

    2007-08-05 17:46 <DIR> d--h----- C:\DOCUME~1\EDUARD~2\Ambiente de rede

    2007-08-05 17:46 <DIR> d--h----- C:\DOCUME~1\EDUARD~2\Ambiente de impressÆo

    2007-08-04 18:24 18 --a------ C:\WINDOWS\system32\dna483dddf.dat

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-08 19:13 --------- d-------- C:\Arquivos de programas\PokerRoom.com

    2007-08-04 18:15 --------- d-------- C:\Arquivos de programas\MegauploadToolbar

    2007-07-31 19:24 --------- d-------- C:\Arquivos de programas\Poker.com

    2007-05-29 15:00 73216 --a------ C:\WINDOWS\ST6UNST.EXE

    2007-05-29 15:00 286720 --------- C:\WINDOWS\Setup1.exe

    2007-02-24 11:01 98304 --a------ C:\Arquivos de programas\mpeg-encoder.exe

    2005-07-25 19:54 70 --a--c--- C:\Arquivos de programas\[PC

    2005-07-25 19:54 68 --a--c--- C:\Arquivos de programas\US

    2005-07-25 19:54 155 --a--c--- C:\Arquivos de programas\inc1.bat

    2006-12-22 20:50:48 56 -csh--r C:\WINDOWS\system32\002D8E7248.sys

    2006-12-22 20:55:09 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys

    2004-11-25 10:54:12 130,169 -csha-r C:\WINDOWS\system32\shell32.exe

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]

    "ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]

    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16]

    "RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03]

    "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [2004-08-17 12:50 113664]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

    VTTimer.exe

    R2 IISADMIN;Serviço de administração do IIS;C:\WINDOWS\system32\inetsrv\inetinfo.exe

    R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe

    R2 SNMP;Serviço SNMP;C:\WINDOWS\System32\snmp.exe

    R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys

    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys

    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys

    S3 Boonty Games;Boonty Games;"C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe"

    S3 EagleNT;EagleNT;\??\C:\WINDOWS\system32\drivers\EagleNT.sys

    S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys

    S3 IntelC51;IntelC51;C:\WINDOWS\system32\DRIVERS\IntelC51.sys

    S3 IntelC52;IntelC52;C:\WINDOWS\system32\DRIVERS\IntelC52.sys

    S3 IntelC53;IntelC53;C:\WINDOWS\system32\DRIVERS\IntelC53.sys

    S3 LPDSVC;Servidor de impressão TCP/IP;C:\WINDOWS\System32\tcpsvcs.exe

    S3 mohfilt;mohfilt;C:\WINDOWS\system32\DRIVERS\mohfilt.sys

    S3 NTSIM;NTSIM;\??\C:\WINDOWS\System32\ntsim.sys

    S3 SNMPTRAP;Serviço de interceptação SNMP;C:\WINDOWS\System32\snmptrap.exe

    S3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys

    S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys

    S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys

    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

    S3 XTrapD12;XTrapD12;\??\C:\WINDOWS\system32\XTrapD12.sys

    S4 MsaSvc;Microsoft authenticate service;C:\WINDOWS\system32\msasvc.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-08-17 19:12:50

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-17 19:13:42

    C:\ComboFix-quarantined-files.txt ... 2007-08-17 19:13

    C:\ComboFix2.txt ... 2007-08-13 20:55

    --- E O F ---

    __________________________________________

    AVENGER

    Logfile of The Avenger version 1, by Swandog46

    Running from registry key:

    \Registry\Machine\System\CurrentControlSet\Services\pcbmablf

    *******************

    Script file located at: \??\C:\WINDOWS\inlqnjlg.txt

    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\DOCUME~1\Marise\DADOSD~1\tmp2.tmp.exe deleted successfully.

    File C:\WINDOWS\system32\eid.exe deleted successfully.

    File C:\DOCUME~1\Marise\DADOSD~1\tmp5.tmp.exe deleted successfully.

    File C:\DOCUME~1\Marise\DADOSD~1\tmp6.tmp.exe deleted successfully.

    File C:\DOCUME~1\Marise\DADOSD~1\tmp3.tmp.exe deleted successfully.

    File C:\DOCUME~1\Marise\DADOSD~1\tmp8.tmp.exe deleted successfully.

    File C:\DOCUME~1\Marise\DADOSD~1\tmp9.tmp.exe deleted successfully.

    File C:\DOCUME~1\Marise\DADOSD~1\tmp7.tmp.exe deleted successfully.

    File C:\WINDOWS\system32\xA71nMoK.exe deleted successfully.

    File C:\WINDOWS\system32\winmds.exe deleted successfully.

    Program C:\ATasks_Fix.exe successfully set up to run once on reboot.

    Completed script processing.

    *******************

    Finished! Terminate.

    ______________________________________

    ATASKS

    Bye ATasks Jobs - Removedor

    -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

    Data:17/08/2007 - Hora:18:56:37

    -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

    Analisando Tarefas Agendadas...

    ---------------------------------------------------

    C:\WINDOWS\Tasks\At1.job »»»»» Removida com backup

    C:\WINDOWS\Tasks\At2.job »»»»» Removida com backup

    C:\WINDOWS\Tasks\At3.job »»»»» Removida com backup

    C:\WINDOWS\Tasks\At4.job »»»»» Removida com backup

    C:\WINDOWS\Tasks\At5.job »»»»» Removida com backup

    C:\WINDOWS\Tasks\At6.job »»»»» Removida com backup

    C:\WINDOWS\Tasks\At7.job »»»»» Removida com backup

    C:\WINDOWS\Tasks\At8.job »»»»» Removida com backup

    C:\WINDOWS\Tasks\At9.job »»»»» Removida com backup

    Buscando Arquivos Sequenciais...

    ---------------------------------------------------

    C:\WINDOWS\Tasks\At10-19.job »»»»» Removidas com backup

    C:\WINDOWS\Tasks\At20-29.job »»»»» Removidas com backup

    C:\WINDOWS\Tasks\At30-39.job »»»»» Removidas com backup

    C:\WINDOWS\Tasks\At40-49.job »»»»» Removidas com backup

    C:\WINDOWS\Tasks\At50-59.job »»»»» Removidas com backup

    C:\WINDOWS\Tasks\At60-69.job »»»»» Removidas com backup

    C:\WINDOWS\Tasks\At70-79.job »»»»» Removidas com backup

    C:\WINDOWS\Tasks\At80-89.job »»»»» Removidas com backup

    C:\WINDOWS\Tasks\At90-99.job »»»»» Removidas com backup

    C:\WINDOWS\Tasks\At100-199.job »»»»» Removidas com backup

    C:\WINDOWS\Tasks\At200-299.job »»»»» Removidas com backup

    C:\WINDOWS\Tasks\At300-399.job »»»»» Removidas com backup

    C:\WINDOWS\Tasks\At400-499.job »»»»» Removidas com backup

    Tarefas Que Não Foram Removidas...

    ---------------------------------------------------

    Finalizado!

    ---------------------------------------------------

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    darosa76, você precisa abrir um Novo Tópico separadamente para o seu problema, ok? :)

    Um forte abraço,

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    topelv,

    Obs: gostaria de saber o que é isso: O23 - Service: Boonty Games - BOONTY - C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exe
    Deve ter sido instalado por alguma aplicação de jogos. Para remover:

    - Clique em Iniciar > Executar > digite: services.msc > OK. Localize o serviço: Boonty Games, clique com o botão direito do mouse. Em propriedades, clique em Parar e troque o Tipo de Inicialização para Desativado.

    --|--

    - Abra o HijackThis. Clique em Open the Misc Tools section. Agora, clique em Delete an NT Service. Na caixa, cole o(s) serviço(s) abaixo(s) em negrito e clique em Ok. Clique em Não, quando for perguntado se deseja reiniciar.

    Boonty Games

    --|--

    - Localize e mova estes dois arquivos abaixo para alguma pasta segura fora das pastas do Windows:

    C:\WINDOWS\system32\dna483dddf.dat

    C:\WINDOWS\system32\002D8E7248.sys

    --|--

    Também gostaria de saber quando vou poder deletar os logs que estão em C:

    Abraço e bom fim de semana!

    Lhe recomendo aguardar mais uns dois dias para apagar os logs e programas baixados durante o processo de remoção.

    --|--

    Amigo, vá até o(s) outro(s) fórum(s) que você também abriu um tópico sobre este mesmo problema e avise que o seu problema já foi resolvido. Assim o analista não precisa mais dedicar o tempo em seu tópico, podendo assim, analisar outros logs. Ok?

    Fora isso, o seu log está LIMPO! Mais algum problema relacionado com os malwares?

    Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.

    Poderá clicar no botão REPORTAR, informar ao moderador da área que o problema foi resolvido e que o tópico já pode ser fechado.

    Conte sempre com a ajuda do pessoal do fórum do Clube do Hardware.

    Obrigado pelo retorno e um forte abraço!

    Mr. Coruj@

    Botão Reportar: (report.gif /report.gif)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Eu tentei procurar os dois arquivos, mas deu um problema, eu não achei a pasta do system32. Fiz uma pesquisa e a pasta encontrada está aqui: C:\QooBox\Quarantine\C\Windows32

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×