[Arquivado] PC Lento, + muito Lento

[EMS_1001 0]

Já tive um problema desses e graças a Deus foi resolvido, graças a vcs, espero q possam me ajudar novamente obrigado.

Segue log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 06:11:49, on 11/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\System32\svchost.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Administrador\winlogon.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bM0feba7c6] Rundll32.exe "C:\WINDOWS\system32\lkuutomf.dll",s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\config" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Npp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_14] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Connection Wizard" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_44] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_45] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_46] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_47] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

 

--

End of file - 12475 bytes

[DigRam 144]

Bom Dia! EMS_1001

 

<@> Faça o download do ComboFix.

<@> Baixe-o para o Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e Firewall.

<@> Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!

<@> Digite a opção para continuar e < Enter >

<@> Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

<@> Para parar ou sair do ComboFix,tecle "N".

-------------------------

<@> Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[EMS_1001 0]

Segue Log do ComboFix:

 

ComboFix 08-07-11.1 - Administrador 2008-07-11 15:35:42.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.88 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\Kombo.exe

* Criado um novo ponto de restauro

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

C:\hgu.bat

C:\WINDOWS\pskt.ini

C:\WINDOWS\system\oeminfo.ini

C:\WINDOWS\system32\ckvo.exe

C:\WINDOWS\system32\ckvo0.dll

C:\WINDOWS\system32\ehtjouwg.dll

C:\WINDOWS\system32\gwuojthe.ini

C:\WINDOWS\system32\hgGvwuRH.dll

C:\WINDOWS\system32\iifgFWQg.dll

C:\WINDOWS\system32\jgtvexap.dll

C:\WINDOWS\system32\lfnjlq.dll

C:\WINDOWS\system32\ljJYPgHx.dll

C:\WINDOWS\system32\lkuutomf.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\oeminfo.ini

C:\WINDOWS\system32\ubwaqtnn.ini

C:\WINDOWS\system32\urqNFuSj.dll

C:\WINDOWS\system32\wvUlkHbY.dll

C:\WINDOWS\system32\xHgPYJjl.ini

C:\WINDOWS\system32\xHgPYJjl.ini2

C:\WINDOWS\system32\ynuyuiam.dll

K:\hgu.bat

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-11 to 2008-07-11 ))))))))))))))))))))))))))))))))

.

 

2008-07-11 15:43 . 2008-07-11 15:43 268 --ah----- C:\sqmdata08.sqm

2008-07-11 15:43 . 2008-07-11 15:43 244 --ah----- C:\sqmnoopt08.sqm

2008-07-11 06:10 . 2008-07-11 10:43 <DIR> d-------- C:\HijackThis

2008-07-11 02:07 . 2008-07-11 01:53 117,255 -r-hs---- C:\0gjn3yw.exe

2008-07-11 02:02 . 2008-07-11 02:02 268 --ah----- C:\sqmdata07.sqm

2008-07-11 02:02 . 2008-07-11 02:02 244 --ah----- C:\sqmnoopt07.sqm

2008-07-10 14:50 . 2008-07-10 14:50 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-07-10 09:41 . 2008-07-11 09:47 110,415 --a------ C:\WINDOWS\BM0feba7c6.xml

2008-07-10 09:32 . 2008-07-10 09:31 116,414 -r-hs---- C:\mp.cmd

2008-07-10 09:31 . 2008-07-11 01:53 77,312 -r-hs---- C:\WINDOWS\system32\ckvo1.dll

2008-07-08 16:24 . 2008-07-08 16:24 268 --ah----- C:\sqmdata06.sqm

2008-07-08 16:24 . 2008-07-08 16:24 244 --ah----- C:\sqmnoopt06.sqm

2008-07-08 15:52 . 2008-07-08 15:52 268 --ah----- C:\sqmdata05.sqm

2008-07-08 15:52 . 2008-07-08 15:52 244 --ah----- C:\sqmnoopt05.sqm

2008-07-08 06:40 . 2008-07-08 06:40 268 --ah----- C:\sqmdata04.sqm

2008-07-08 06:40 . 2008-07-08 06:40 244 --ah----- C:\sqmnoopt04.sqm

2008-07-07 10:02 . 2008-07-07 10:02 280 --ah----- C:\sqmdata03.sqm

2008-07-07 10:02 . 2008-07-07 10:02 244 --ah----- C:\sqmnoopt03.sqm

2008-07-04 18:51 . 2008-07-04 18:51 268 --ah----- C:\sqmdata02.sqm

2008-07-04 18:51 . 2008-07-04 18:51 244 --ah----- C:\sqmnoopt02.sqm

2008-07-01 17:22 . 2008-07-01 17:22 <DIR> d-------- C:\Arquivos de programas\Wyzo

2008-07-01 16:12 . 2008-06-27 18:38 53,248 ---hs---- C:\Documents and Settings\Administrador\winlogon.exe

2008-06-27 10:13 . 2008-06-27 11:22 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-06-23 22:13 . 2008-06-23 22:13 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-06-19 18:03 . 2008-06-19 18:03 268 --ah----- C:\sqmdata01.sqm

2008-06-19 18:03 . 2008-06-19 18:03 244 --ah----- C:\sqmnoopt01.sqm

2008-06-19 04:26 . 2008-06-19 04:26 268 --ah----- C:\sqmdata00.sqm

2008-06-19 04:26 . 2008-06-19 04:26 244 --ah----- C:\sqmnoopt00.sqm

2008-06-18 04:10 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-06-18 04:10 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-06-13 14:06 . 2008-06-13 14:06 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2008-06-13 09:18 . 2008-06-23 13:23 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\MagicEffect Photo

2008-06-12 09:44 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-12 09:44 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-11 16:03 2,516 --sha-w C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-07-11 14:20 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2008-07-11 04:49 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2008-07-02 19:53 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-02 19:53 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-01 15:23 --------- d-----w C:\Arquivos de programas\Winamp

2008-06-24 01:33 --------- d-----w C:\Arquivos de programas\Windows Live

2008-06-24 00:38 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-06-07 01:20 --------- d-----w C:\Arquivos de programas\LeechFTP

2008-06-06 06:04 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-06-05 20:30 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-06-03 17:34 --------- d-----w C:\Arquivos de programas\LimeWire

2008-06-02 19:22 --------- d-----w C:\Arquivos de programas\Lexmark 1200 Series

2008-06-02 18:51 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\MegauploadToolbar

2008-05-31 20:34 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-05-31 20:33 --------- d-----w C:\Arquivos de programas\Windows Live Favorites

2008-05-31 20:26 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-05-31 17:43 --------- d-----w C:\Arquivos de programas\MegauploadToolbar

2008-05-30 21:10 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

2008-05-30 20:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-05-30 17:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Control Panels

2008-05-30 17:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-05-30 17:29 --------- d-----w C:\Arquivos de programas\Bonjour

2008-05-30 17:19 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-05-30 17:09 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\AdobeUM

2008-05-29 18:13 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\HPAppData

2008-05-29 18:04 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\HP

2008-05-29 18:03 --------- d-----w C:\Arquivos de programas\HP

2008-05-29 18:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY

2008-05-29 18:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-05-29 18:00 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-05-29 18:00 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

2008-05-29 18:00 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-05-29 17:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-05-29 17:27 --------- d-----w C:\Arquivos de programas\Eset

2008-05-29 17:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-05-29 17:23 --------- d-----w C:\Arquivos de programas\Macromedia

2008-05-29 15:22 --------- d-----w C:\Arquivos de programas\uTorrent

2008-05-29 14:19 --------- d-----w C:\Arquivos de programas\Google

2008-05-28 10:35 --------- d-----w C:\Arquivos de programas\MSXML 6.0

2008-05-28 06:01 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-05-27 23:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-05-27 23:57 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-05-27 20:59 8 --sh--r C:\Documents and Settings\All Users\Dados de aplicativos\153F92ECC4.sys

2008-05-27 20:59 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Corel

2008-05-27 20:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Corel

2008-05-27 20:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Protexis

2008-05-27 20:54 --------- d-----w C:\Arquivos de programas\Corel

2008-05-27 20:09 --------- d-----w C:\Arquivos de programas\VIAudioi

2008-05-27 19:46 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Talkback

2008-05-27 19:46 --------- d-----w C:\Arquivos de programas\Java

2008-05-27 19:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-05-27 18:27 --------- d-----w C:\Arquivos de programas\S3Inc

2008-05-27 18:03 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-05-27 17:24 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Ahead

2008-05-27 17:18 --------- d-----w C:\Arquivos de programas\Nero

2008-05-27 17:18 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-05-27 16:34 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-05-27 16:33 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-05-27 16:32 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-05-27 16:11 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys

2008-05-27 16:11 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-05-27 16:11 --------- d-----w C:\Arquivos de programas\foxit Reader

2008-05-27 16:11 --------- d-----w C:\Arquivos de programas\AbiSuite2

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-29 11:19 171448]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2008-05-27 13:11 921600]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-04-26 06:17 102400]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"AudioDeck"="C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2005-01-05 15:24 495616]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]

"Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]

"Lexmark 1200 Series"="C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 02:34 57344]

"Windows Logon Applicationedc"="C:\Documents and Settings\Administrador\winlogon.exe" [2008-06-27 18:38 53248]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 20:19 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-05-31 18:09:06 295606]

Adobe Acrobat Synchronizer.lnk - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDesktopCleanupWizard"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"ForceStartMenuLogoff"= 0 (0x0)

"NoUserNameInStartMenu"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"StartMenuLogoff"= 1 (0x1)

"ForceStartMenuLogoff"= 0 (0x0)

"NoUserNameInStartMenu"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\LeechFTP\\Leechftp.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b7a9f60-2c11-11dd-8319-001617f616b7}]

\Shell\AutoRun\command - I:\mp.cmd

\Shell\explore\Command - I:\mp.cmd

\Shell\open\Command - I:\mp.cmd

 

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-07-11 18:59:19 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

 

 

 

 

E o Novo do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:10, on 2008-07-11

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\System32\svchost.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Administrador\winlogon.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bM0feba7c6] Rundll32.exe "C:\WINDOWS\system32\lkuutomf.dll",s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\config" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Npp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_14] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Connection Wizard" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_44] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_45] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_46] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_47] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

 

--

End of file - 12477 bytes

 

 

Abraço e Obrigado!

[DigRam 144]

Boa Noite! EMS_1001

 

Segure a tecla shift por uns 30s e,em seguida,insira sua(s) unidade(s) removíveis,na entrada USB.

Faça os procedimentos,abaixo,com a tecla shift pressionada!

<@> Selecione e copie todo o conteúdo,que está na área do CODE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::C:\0gjn3yw.exeC:\WINDOWS\BM0feba7c6.xmlC:\mp.cmdC:\WINDOWS\system32\ckvo1.dllI:\mp.cmdRegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b7a9f60-2c11-11dd-8319-001617f616b7}]

<@> Arraste,com o Mouse,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Reinicie o computador!

<@> Terminando,poste o relatório: C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[EMS_1001 0]

Obrigado pela eficiência e Ajuda, e quero dizer que o meu outro post é de uma outra máquina q está com o mesmo problema, se puder dar uma olhadinha para mim agradeço.

 

 

Segue novos logs:

 

ComboFix 08-07-11.1 - Administrador 2008-07-11 22:47:25.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.156 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\Kombo.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt

* Criado um novo ponto de restauro

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\0gjn3yw.exe

C:\mp.cmd

C:\WINDOWS\BM0feba7c6.xml

C:\WINDOWS\system32\ckvo1.dll

I:\mp.cmd

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\0gjn3yw.exe

C:\Autorun.inf

C:\mp.cmd

C:\WINDOWS\BM0feba7c6.xml

C:\WINDOWS\system32\ckvo.exe

C:\WINDOWS\system32\ckvo0.dll

C:\WINDOWS\system32\ckvo1.dll

.

---- Previous Run -------

.

C:\Autorun.inf

C:\hgu.bat

C:\WINDOWS\pskt.ini

C:\WINDOWS\system\oeminfo.ini

C:\WINDOWS\system32\ckvo.exe

C:\WINDOWS\system32\ckvo0.dll

C:\WINDOWS\system32\ehtjouwg.dll

C:\WINDOWS\system32\gwuojthe.ini

C:\WINDOWS\system32\hgGvwuRH.dll

C:\WINDOWS\system32\iifgFWQg.dll

C:\WINDOWS\system32\jgtvexap.dll

C:\WINDOWS\system32\lfnjlq.dll

C:\WINDOWS\system32\ljJYPgHx.dll

C:\WINDOWS\system32\lkuutomf.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\oeminfo.ini

C:\WINDOWS\system32\ubwaqtnn.ini

C:\WINDOWS\system32\urqNFuSj.dll

C:\WINDOWS\system32\wvUlkHbY.dll

C:\WINDOWS\system32\xHgPYJjl.ini

C:\WINDOWS\system32\xHgPYJjl.ini2

C:\WINDOWS\system32\ynuyuiam.dll

K:\hgu.bat

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))))

.

 

2008-07-11 22:50 . 2008-07-11 22:50 268 --ah----- C:\sqmdata09.sqm

2008-07-11 22:50 . 2008-07-11 22:50 244 --ah----- C:\sqmnoopt09.sqm

2008-07-11 15:43 . 2008-07-11 15:43 268 --ah----- C:\sqmdata08.sqm

2008-07-11 15:43 . 2008-07-11 15:43 244 --ah----- C:\sqmnoopt08.sqm

2008-07-11 06:10 . 2008-07-11 16:09 <DIR> d-------- C:\HijackThis

2008-07-11 02:02 . 2008-07-11 02:02 268 --ah----- C:\sqmdata07.sqm

2008-07-11 02:02 . 2008-07-11 02:02 244 --ah----- C:\sqmnoopt07.sqm

2008-07-10 14:50 . 2008-07-10 14:50 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-07-08 16:24 . 2008-07-08 16:24 268 --ah----- C:\sqmdata06.sqm

2008-07-08 16:24 . 2008-07-08 16:24 244 --ah----- C:\sqmnoopt06.sqm

2008-07-08 15:52 . 2008-07-08 15:52 268 --ah----- C:\sqmdata05.sqm

2008-07-08 15:52 . 2008-07-08 15:52 244 --ah----- C:\sqmnoopt05.sqm

2008-07-08 06:40 . 2008-07-08 06:40 268 --ah----- C:\sqmdata04.sqm

2008-07-08 06:40 . 2008-07-08 06:40 244 --ah----- C:\sqmnoopt04.sqm

2008-07-07 10:02 . 2008-07-07 10:02 280 --ah----- C:\sqmdata03.sqm

2008-07-07 10:02 . 2008-07-07 10:02 244 --ah----- C:\sqmnoopt03.sqm

2008-07-04 18:51 . 2008-07-04 18:51 268 --ah----- C:\sqmdata02.sqm

2008-07-04 18:51 . 2008-07-04 18:51 244 --ah----- C:\sqmnoopt02.sqm

2008-07-01 17:22 . 2008-07-01 17:22 <DIR> d-------- C:\Arquivos de programas\Wyzo

2008-07-01 16:12 . 2008-06-27 18:38 53,248 ---hs---- C:\Documents and Settings\Administrador\winlogon.exe

2008-06-27 10:13 . 2008-06-27 11:22 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-06-23 22:13 . 2008-06-23 22:13 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-06-19 18:03 . 2008-06-19 18:03 268 --ah----- C:\sqmdata01.sqm

2008-06-19 18:03 . 2008-06-19 18:03 244 --ah----- C:\sqmnoopt01.sqm

2008-06-19 04:26 . 2008-06-19 04:26 268 --ah----- C:\sqmdata00.sqm

2008-06-19 04:26 . 2008-06-19 04:26 244 --ah----- C:\sqmnoopt00.sqm

2008-06-18 04:10 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-06-18 04:10 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-06-13 14:06 . 2008-06-13 14:06 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2008-06-13 09:18 . 2008-06-23 13:23 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\MagicEffect Photo

2008-06-12 09:44 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-12 09:44 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-11 19:17 2,516 --sha-w C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-07-11 14:20 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2008-07-11 04:49 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2008-07-02 19:53 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-02 19:53 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-01 15:23 --------- d-----w C:\Arquivos de programas\Winamp

2008-06-24 01:33 --------- d-----w C:\Arquivos de programas\Windows Live

2008-06-24 00:38 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-06-07 01:20 --------- d-----w C:\Arquivos de programas\LeechFTP

2008-06-06 06:04 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-06-05 20:30 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-06-03 17:34 --------- d-----w C:\Arquivos de programas\LimeWire

2008-06-02 19:22 --------- d-----w C:\Arquivos de programas\Lexmark 1200 Series

2008-06-02 18:51 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\MegauploadToolbar

2008-05-31 20:34 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-05-31 20:33 --------- d-----w C:\Arquivos de programas\Windows Live Favorites

2008-05-31 20:26 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-05-31 17:43 --------- d-----w C:\Arquivos de programas\MegauploadToolbar

2008-05-30 21:10 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

2008-05-30 20:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-05-30 17:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Control Panels

2008-05-30 17:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-05-30 17:29 --------- d-----w C:\Arquivos de programas\Bonjour

2008-05-30 17:19 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-05-30 17:09 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\AdobeUM

2008-05-29 18:13 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\HPAppData

2008-05-29 18:04 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\HP

2008-05-29 18:03 --------- d-----w C:\Arquivos de programas\HP

2008-05-29 18:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY

2008-05-29 18:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-05-29 18:00 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-05-29 18:00 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

2008-05-29 18:00 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-05-29 17:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-05-29 17:27 --------- d-----w C:\Arquivos de programas\Eset

2008-05-29 17:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-05-29 17:23 --------- d-----w C:\Arquivos de programas\Macromedia

2008-05-29 15:22 --------- d-----w C:\Arquivos de programas\uTorrent

2008-05-29 14:19 --------- d-----w C:\Arquivos de programas\Google

2008-05-28 10:35 --------- d-----w C:\Arquivos de programas\MSXML 6.0

2008-05-28 06:01 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-05-27 23:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-05-27 23:57 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-05-27 20:59 8 --sh--r C:\Documents and Settings\All Users\Dados de aplicativos\153F92ECC4.sys

2008-05-27 20:59 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Corel

2008-05-27 20:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Corel

2008-05-27 20:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Protexis

2008-05-27 20:54 --------- d-----w C:\Arquivos de programas\Corel

2008-05-27 20:09 --------- d-----w C:\Arquivos de programas\VIAudioi

2008-05-27 19:46 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Talkback

2008-05-27 19:46 --------- d-----w C:\Arquivos de programas\Java

2008-05-27 19:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-05-27 18:27 --------- d-----w C:\Arquivos de programas\S3Inc

2008-05-27 18:03 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-05-27 17:24 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Ahead

2008-05-27 17:18 --------- d-----w C:\Arquivos de programas\Nero

2008-05-27 17:18 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-05-27 16:34 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-05-27 16:33 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-05-27 16:32 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-05-27 16:11 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys

2008-05-27 16:11 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-05-27 16:11 --------- d-----w C:\Arquivos de programas\foxit Reader

2008-05-27 16:11 --------- d-----w C:\Arquivos de programas\AbiSuite2

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-11_16.02.21.78 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-11 18:44:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-12 01:51:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-12 01:51:53 16,384 ----atw C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temp\Perflib_Perfdata_474.dat

- 2008-07-11 18:44:33 40,960 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temp\rtdrvmon.exe

+ 2008-07-12 01:51:54 40,960 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temp\rtdrvmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-29 11:19 171448]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"kamsoft"="C:\WINDOWS\system32\ckvo.exe" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2008-05-27 13:11 921600]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-04-26 06:17 102400]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"AudioDeck"="C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2005-01-05 15:24 495616]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]

"Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]

"Lexmark 1200 Series"="C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 02:34 57344]

"Windows Logon Applicationedc"="C:\Documents and Settings\Administrador\winlogon.exe" [2008-06-27 18:38 53248]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 20:19 79224]

"BM0feba7c6"="C:\WINDOWS\system32\lkuutomf.dll" [bU]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-05-31 18:09:06 295606]

Adobe Acrobat Synchronizer.lnk - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDesktopCleanupWizard"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"ForceStartMenuLogoff"= 0 (0x0)

"NoUserNameInStartMenu"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"StartMenuLogoff"= 1 (0x1)

"ForceStartMenuLogoff"= 0 (0x0)

"NoUserNameInStartMenu"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\LeechFTP\\Leechftp.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

R2 PSI_SVC_2;Protexis Licensing V2;c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-07-12 01:59:48 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

 

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:12, on 2008-07-11

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\System32\svchost.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Administrador\winlogon.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bM0feba7c6] Rundll32.exe "C:\WINDOWS\system32\lkuutomf.dll",s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\config" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Npp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_14] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Connection Wizard" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_44] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_45] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_46] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_47] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

 

--

End of file - 12566 bytes

 

 

 

 

 

 

 

 

Abraço!

[DigRam 144]

Bom Dia! EMS_1001

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

<!> Para a segurança do PC,vamos providenciar a instalação do RC!

--------------------------------------

<!> Vá ao site da Microsoft: < Link >

 

<!> Selecione o download,que seja adequado,ao seu Sistema Operacional!

<!> Faça o download,do arquivo,e salve-o no seu desktop.

<!> Feche todos os programas,que estejam abertos!

<!> Feche,também,seus programas de proteção! ( Antivírus,Antispywares e Firewall )

<!> Arraste o setup,baixado do site da Microsoft,para o interior do ComboFix.exe

<!> Veja,abaixo,a demonstração!

 

 

<!> Siga as mensagens que aparecem na tela,para iniciar o ComboFix.

<!> Aceite o contrato da Microsoft,para instalar o "Console de Recuperação da Microsoft".

<!> Na próxima mensagem,clique em "SIM",para realizar um scan com o ComboFix.

 

 

<!> Terminando,poste os relatórios:

 

<!> C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[EMS_1001 0]

Segue novos logs conforme solicitado e muito obrigado pela ajuda!

 

 

ComboFix 08-07-11.1 - Administrador 2008-07-12 9:18:29.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.151 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\Kombo.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\WinXP_BR_PRO_BF.EXE

* Criado um novo ponto de restauro

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\0gjn3yw.exe

C:\Autorun.inf

C:\hgu.bat

C:\mp.cmd

C:\WINDOWS\BM0feba7c6.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system\oeminfo.ini

C:\WINDOWS\system32\ckvo.exe

C:\WINDOWS\system32\ckvo0.dll

C:\WINDOWS\system32\ckvo1.dll

C:\WINDOWS\system32\ehtjouwg.dll

C:\WINDOWS\system32\gwuojthe.ini

C:\WINDOWS\system32\hgGvwuRH.dll

C:\WINDOWS\system32\iifgFWQg.dll

C:\WINDOWS\system32\jgtvexap.dll

C:\WINDOWS\system32\lfnjlq.dll

C:\WINDOWS\system32\ljJYPgHx.dll

C:\WINDOWS\system32\lkuutomf.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\oeminfo.ini

C:\WINDOWS\system32\ubwaqtnn.ini

C:\WINDOWS\system32\urqNFuSj.dll

C:\WINDOWS\system32\wvUlkHbY.dll

C:\WINDOWS\system32\xHgPYJjl.ini

C:\WINDOWS\system32\xHgPYJjl.ini2

C:\WINDOWS\system32\ynuyuiam.dll

K:\hgu.bat

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))))

.

 

2008-07-12 03:10 . 2008-07-12 03:10 268 --ah----- C:\sqmdata10.sqm

2008-07-12 03:10 . 2008-07-12 03:10 244 --ah----- C:\sqmnoopt10.sqm

2008-07-11 22:50 . 2008-07-11 22:50 268 --ah----- C:\sqmdata09.sqm

2008-07-11 22:50 . 2008-07-11 22:50 244 --ah----- C:\sqmnoopt09.sqm

2008-07-11 15:43 . 2008-07-11 15:43 268 --ah----- C:\sqmdata08.sqm

2008-07-11 15:43 . 2008-07-11 15:43 244 --ah----- C:\sqmnoopt08.sqm

2008-07-11 06:10 . 2008-07-11 23:12 <DIR> d-------- C:\HijackThis

2008-07-11 02:02 . 2008-07-11 02:02 268 --ah----- C:\sqmdata07.sqm

2008-07-11 02:02 . 2008-07-11 02:02 244 --ah----- C:\sqmnoopt07.sqm

2008-07-10 14:50 . 2008-07-10 14:50 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-07-08 16:24 . 2008-07-08 16:24 268 --ah----- C:\sqmdata06.sqm

2008-07-08 16:24 . 2008-07-08 16:24 244 --ah----- C:\sqmnoopt06.sqm

2008-07-08 15:52 . 2008-07-08 15:52 268 --ah----- C:\sqmdata05.sqm

2008-07-08 15:52 . 2008-07-08 15:52 244 --ah----- C:\sqmnoopt05.sqm

2008-07-08 06:40 . 2008-07-08 06:40 268 --ah----- C:\sqmdata04.sqm

2008-07-08 06:40 . 2008-07-08 06:40 244 --ah----- C:\sqmnoopt04.sqm

2008-07-07 10:02 . 2008-07-07 10:02 280 --ah----- C:\sqmdata03.sqm

2008-07-07 10:02 . 2008-07-07 10:02 244 --ah----- C:\sqmnoopt03.sqm

2008-07-04 18:51 . 2008-07-04 18:51 268 --ah----- C:\sqmdata02.sqm

2008-07-04 18:51 . 2008-07-04 18:51 244 --ah----- C:\sqmnoopt02.sqm

2008-07-01 17:22 . 2008-07-01 17:22 <DIR> d-------- C:\Arquivos de programas\Wyzo

2008-07-01 16:12 . 2008-06-27 18:38 53,248 ---hs---- C:\Documents and Settings\Administrador\winlogon.exe

2008-06-27 10:13 . 2008-06-27 11:22 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-06-23 22:13 . 2008-06-23 22:13 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-06-19 18:03 . 2008-06-19 18:03 268 --ah----- C:\sqmdata01.sqm

2008-06-19 18:03 . 2008-06-19 18:03 244 --ah----- C:\sqmnoopt01.sqm

2008-06-19 04:26 . 2008-06-19 04:26 268 --ah----- C:\sqmdata00.sqm

2008-06-19 04:26 . 2008-06-19 04:26 244 --ah----- C:\sqmnoopt00.sqm

2008-06-18 04:10 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-06-18 04:10 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-06-13 14:06 . 2008-06-13 14:06 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2008-06-13 09:18 . 2008-06-23 13:23 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\MagicEffect Photo

2008-06-12 09:44 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-12 09:44 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-12 08:49 2,516 --sha-w C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-07-11 14:20 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2008-07-11 04:49 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2008-07-02 19:53 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-02 19:53 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-01 15:23 --------- d-----w C:\Arquivos de programas\Winamp

2008-06-24 01:33 --------- d-----w C:\Arquivos de programas\Windows Live

2008-06-24 00:38 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-07 01:20 --------- d-----w C:\Arquivos de programas\LeechFTP

2008-06-06 06:04 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-06-05 20:30 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-06-03 17:34 --------- d-----w C:\Arquivos de programas\LimeWire

2008-06-02 19:22 --------- d-----w C:\Arquivos de programas\Lexmark 1200 Series

2008-06-02 18:51 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\MegauploadToolbar

2008-05-31 20:34 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-05-31 20:33 --------- d-----w C:\Arquivos de programas\Windows Live Favorites

2008-05-31 20:26 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-05-31 17:43 --------- d-----w C:\Arquivos de programas\MegauploadToolbar

2008-05-30 21:10 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

2008-05-30 20:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-05-30 17:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Control Panels

2008-05-30 17:31 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-05-30 17:29 --------- d-----w C:\Arquivos de programas\Bonjour

2008-05-30 17:19 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-05-30 17:09 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\AdobeUM

2008-05-29 18:13 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\HPAppData

2008-05-29 18:04 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\HP

2008-05-29 18:03 --------- d-----w C:\Arquivos de programas\HP

2008-05-29 18:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY

2008-05-29 18:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-05-29 18:00 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-05-29 18:00 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

2008-05-29 18:00 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-05-29 17:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-05-29 17:27 --------- d-----w C:\Arquivos de programas\Eset

2008-05-29 17:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-05-29 17:23 --------- d-----w C:\Arquivos de programas\Macromedia

2008-05-29 15:22 --------- d-----w C:\Arquivos de programas\uTorrent

2008-05-29 14:19 --------- d-----w C:\Arquivos de programas\Google

2008-05-28 10:35 --------- d-----w C:\Arquivos de programas\MSXML 6.0

2008-05-28 06:01 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-05-27 23:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-05-27 23:57 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-05-27 20:59 8 --sh--r C:\Documents and Settings\All Users\Dados de aplicativos\153F92ECC4.sys

2008-05-27 20:59 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Corel

2008-05-27 20:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Corel

2008-05-27 20:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Protexis

2008-05-27 20:54 --------- d-----w C:\Arquivos de programas\Corel

2008-05-27 20:09 --------- d-----w C:\Arquivos de programas\VIAudioi

2008-05-27 19:46 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Talkback

2008-05-27 19:46 --------- d-----w C:\Arquivos de programas\Java

2008-05-27 19:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-05-27 18:27 --------- d-----w C:\Arquivos de programas\S3Inc

2008-05-27 18:03 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-05-27 17:24 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Ahead

2008-05-27 17:18 --------- d-----w C:\Arquivos de programas\Nero

2008-05-27 17:18 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-05-27 16:34 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-05-27 16:33 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-05-27 16:32 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-05-27 16:11 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys

2008-05-27 16:11 274,432 ----a-w C:\WINDOWS\system32\imon.dll

2008-05-27 16:11 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-05-27 16:11 --------- d-----w C:\Arquivos de programas\foxit Reader

2008-05-27 16:11 --------- d-----w C:\Arquivos de programas\AbiSuite2

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 07:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-11_16.02.21.78 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-08-16 12:14:18 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll

+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys

+ 2008-06-20 17:36:55 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll

+ 2008-06-20 17:36:55 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll

+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys

+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys

+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys

+ 2008-06-20 17:48:21 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll

+ 2008-06-20 17:48:21 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll

+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys

+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys

+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys

+ 2008-06-20 17:44:42 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll

+ 2008-06-20 17:44:42 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys

+ 2007-11-30 12:39:04 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll

+ 2007-11-30 12:39:04 233,336 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe

+ 2007-11-30 12:39:04 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll

+ 2007-11-30 12:38:57 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe

+ 2007-11-30 12:38:57 395,128 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll

- 2008-07-11 18:44:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-12 06:11:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-12 06:08:25 1,598 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{BBF16B2E-565C-4758-B943-3B7B2D767270}.bin

+ 2008-07-12 06:11:32 16,384 ----atw C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temp\Perflib_Perfdata_4a4.dat

- 2004-08-04 02:14:16 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys

+ 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys

- 2008-02-20 05:37:59 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

+ 2008-06-20 17:41:07 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

- 2004-08-04 03:45:26 247,808 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll

+ 2008-06-20 17:41:07 247,808 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll

- 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys

+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys

- 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

- 2008-02-20 05:37:59 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

+ 2008-06-20 17:41:07 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

- 2007-11-30 11:18:16 18,296 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 12:39:04 18,296 ------w C:\WINDOWS\system32\spmsg.dll

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-29 11:19 171448]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"kamsoft"="C:\WINDOWS\system32\ckvo.exe" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2008-05-27 13:11 921600]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-04-26 06:17 102400]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"AudioDeck"="C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2005-01-05 15:24 495616]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]

"Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]

"Lexmark 1200 Series"="C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 02:34 57344]

"Windows Logon Applicationedc"="C:\Documents and Settings\Administrador\winlogon.exe" [2008-06-27 18:38 53248]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 20:19 79224]

"BM0feba7c6"="C:\WINDOWS\system32\lkuutomf.dll" [bU]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-05-31 18:09:06 295606]

Adobe Acrobat Synchronizer.lnk - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDesktopCleanupWizard"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"ForceStartMenuLogoff"= 0 (0x0)

"NoUserNameInStartMenu"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"StartMenuLogoff"= 1 (0x1)

"ForceStartMenuLogoff"= 0 (0x0)

"NoUserNameInStartMenu"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\LeechFTP\\Leechftp.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

R2 PSI_SVC_2;Protexis Licensing V2;c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-07-12 11:59:03 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-12 09:21:31

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Arquivos de programas\Eset\pr_imon.dll

.

Tempo para conclusão: 2008-07-12 9:24:21

ComboFix-quarantined-files.txt 2008-07-12 12:23:54

 

Pre-Run: 55,252,525,056 bytes disponíveis

Post-Run: 55,227,027,456 bytes disponíveis

 

WinXP_BR_PRO_BF.EXE

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

287 --- E O F --- 2008-07-12 06:05:13

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:25:56, on 12/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\System32\svchost.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\explorer.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Administrador\winlogon.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bM0feba7c6] Rundll32.exe "C:\WINDOWS\system32\lkuutomf.dll",s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\config" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Npp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_14] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Connection Wizard" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_44] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_45] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_46] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_47] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

 

--

End of file - 12380 bytes

 

 

 

Abraço!

[DigRam 144]

Bom Dia! EMS_1001

 

<!> Voçê possui 2 antivírus: Avast e Nod32.

<!> Deixe instalado,apenas,o de sua preferência!

----------------------------

<@> Vá a este Link,e baixe:

 

< malwarebytes >

 

<@> Escolha o escaneamento Completo! ( Full Scan )

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Para uma ação mais efetiva,execute-o estando em Modo de Segurança. << Importante!

<@> Terminando,reinicie em Modo Normal!

----------------------------

<@> Poste,os relatórios:

 

<!> MBAM.txt + HijackThis,atualizado.

 

Abraços!

[EMS_1001 0]

Bom dia, descolpe a demora, pois pesou um pouco aqui no trabalho, mas segue os logs solicitados:

 

 

alwarebytes' Anti-Malware 1.20

Versão do banco de dados: 930

Windows 5.1.2600 Service Pack 2

 

11:33:25 15/7/2008

mbam-log-7-15-2008 (11-33-25).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 109570

Tempo decorrido: 29 minute(s), 45 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 2

Ítens do Registro infectados: 1

Pastas infectadas: 0

Arquivos infectados: 2

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows logon applicationedc (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm0feba7c6 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\System Volume Information\_restore{15DF3738-6A9E-44E6-BB73-A4415C154725}\RP31\A0021275.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\winlogon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:35:47, on 15/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\Corel\CorelDRAW Graphics Suite X4\Programs\CorelDRW.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\config" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Npp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_14] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Connection Wizard" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_44] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_45] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_46] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_47] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

 

--

End of file - 12000 bytes

 

 

Abraço!

[DigRam 144]

Bom Dia! EMS_1001

 

Desatualizado! --> jre1.6.0_05 --> jre1.6.0_07 <-- Atualizado!

<@> O seu Java,está desatualizado!Procure atualizá-lo,para evitar falhas de segurança.

---------------------------------

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\sqmdata10.sqm

C:\sqmnoopt10.sqm

C:\sqmdata09.sqm

C:\sqmnoopt09.sqm

C:\sqmdata08.sqm

C:\sqmnoopt08.sqm

C:\sqmdata07.sqm

C:\sqmnoopt07.sqm

C:\sqmdata06.sqm

C:\sqmnoopt06.sqm

C:\sqmdata05.sqm

C:\sqmnoopt05.sqm

C:\sqmdata04.sqm

C:\sqmnoopt04.sqm

C:\sqmdata03.sqm

C:\sqmnoopt03.sqm

C:\sqmdata02.sqm

C:\sqmnoopt02.sqm

C:\sqmdata01.sqm

C:\sqmnoopt01.sqm

C:\sqmdata00.sqm

C:\sqmnoopt00.sqm

C:\WINDOWS\bootstat.dat

C:\WINDOWS\system32\ckvo.exe

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"kamsoft"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

<@> Arraste,com o Mouse,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Reinicie o computador!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.