Stiegel 0 Denunciar post Postado Janeiro 19, 2009 Agradeço quem puder analizar o log criado e verificar o problema para me ajudar. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:05:02, on 19/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\ARQUIV~1\AVG\AVG8\avgam.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Calibrize\CalibrizeResume.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\IncrediMail\bin\ImApp.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080 O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: LPVideoPlugin - {813DEFA1-7894-4601-B26D-0D671708CDA6} - C:\WINDOWS\system32\LPVideo.dll (file missing) O2 - BHO: Email Addresses Hunter by Solution Software Logic (Freewhere version) - {FCADDC14-BD46-408A-7777-CDBE1C6D3BBB} - C:\ARQUIV~1\EMAILE~1\EHunter.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\styler\TB\StylerTB.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTSystem\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [incrediMail] C:\Arquivos de programas\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [CGFLoader] C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe O4 - HKCU\..\Run: [CalibrizeResume] C:\Arquivos de programas\Calibrize\CalibrizeResume.exe O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{FAD6EF47-6C0D-4A47-A6F8-89D811DE2755}: NameServer = 200.176.2.10,200.176.2.12 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe -- End of file - 7429 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 19, 2009 Boa Tarde! Stiegel <@> Baixe: < ComboFix.exe > ( ...by sUBs ) <@> Salve-o no Desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Na solicitação: "Negação de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.<!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link! <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas. <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! --------------------------- <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Stiegel 0 Denunciar post Postado Janeiro 19, 2009 Boa tarde DigRam, desde já agradeço sua ajuda e conforme você solicitou envio os logs abaixo. ComboFix 09-01-19.01 - Claudinei 2009-01-19 18:06:33.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.2047.1461 [GMT -2:00] Executando de: c:\documents and settings\Claudinei\Desktop\ComboFix.exe AV: AVG Anti-Virus *On-access scanning enabled* (Updated) ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !! . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Thumbs.db C:\resycled c:\resycled\boot.com D:\Autorun.inf D:\resycled d:\resycled\boot.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ISODRIVE -------\Service_ISODrive (((((((((((((((( Arquivos/Ficheiros criados de 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))) . 2010-08-28 19:47 . 2008-09-30 11:21 <DIR> d-------- c:\arquivos de programas\Rapidown 2009-01-19 16:19 . 2009-01-19 16:19 <DIR> d-------- c:\windows\system32\Adobe 2009-01-19 16:19 . 2001-03-15 04:55 101,200 --------- c:\windows\system32\pdfshell.dll 2009-01-19 16:19 . 2001-03-15 05:18 65,536 --------- c:\windows\system32\adistres.dll 2009-01-19 16:19 . 2001-03-15 05:18 20,584 --------- c:\windows\system32\PdfPorts.dll 2009-01-19 16:18 . 2009-01-19 16:18 <DIR> d-------- c:\documents and settings\Claudinei\Dados de aplicativos\InterTrust 2009-01-19 16:12 . 2001-04-11 06:02 243,712 --a------ c:\windows\KPCP32.DLL 2009-01-19 16:12 . 2001-04-11 06:02 70,144 --a------ c:\windows\KPFP32.DLL 2009-01-19 16:12 . 2001-04-11 06:02 58,368 --a------ c:\windows\pfpick.dll 2009-01-19 16:12 . 2001-04-11 06:02 48,128 --a------ c:\windows\KPSYS32.DLL 2009-01-19 16:12 . 2001-04-11 06:02 39,095 --a------ c:\windows\Iccsigs.dat 2009-01-19 16:12 . 2001-04-11 06:02 32,792 --a------ c:\windows\SPWHPT.DLL 2009-01-19 16:12 . 2001-04-11 06:02 31,744 --a------ c:\windows\KPSHARP.DLL 2009-01-19 16:12 . 2001-04-11 06:02 31,232 --a------ c:\windows\KPSCALE.DLL 2009-01-19 16:12 . 2001-04-11 06:02 156 --a------ c:\windows\KPCMS.INI 2009-01-19 10:04 . 2009-01-19 10:05 <DIR> d-------- C:\HiJackThis 2009-01-09 14:00 . 2009-01-09 14:00 <DIR> d-------- c:\arquivos de programas\Real Alternative 2009-01-09 13:35 . 2009-01-09 13:35 <DIR> d-------- c:\arquivos de programas\WinAVIVideoConverter 2009-01-08 15:36 . 2009-01-08 15:36 <DIR> d-------- c:\documents and settings\Claudinei\Dados de aplicativos\Thinstall 2008-12-30 17:59 . 2008-12-30 17:59 244 --ah----- C:\sqmnoopt00.sqm 2008-12-30 17:59 . 2008-12-30 17:59 232 --ah----- C:\sqmdata00.sqm 2008-12-22 18:05 . 2008-12-22 18:05 <DIR> d-------- c:\arquivos de programas\Xara 2008-12-22 18:02 . 2008-12-22 18:02 <DIR> d-------- c:\arquivos de programas\AAALOGO2008 2008-12-19 16:20 . 2008-12-19 16:22 125,096 --a------ C:\teste.htm 2008-12-19 15:29 . 2008-12-19 16:45 <DIR> d-------- c:\arquivos de programas\Link Web Extractor 2008-12-19 14:13 . 2008-12-19 15:12 <DIR> d-------- c:\arquivos de programas\Email Extractor 2 . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-19 20:12 --------- d-----w c:\documents and settings\Claudinei\Dados de aplicativos\Orbit 2009-01-19 19:36 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2009-01-19 18:19 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe 2009-01-19 14:03 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avg8 2009-01-19 13:11 2,516 --sha-w c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2009-01-16 11:52 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-14 10:51 --------- d-----w c:\documents and settings\Claudinei\Dados de aplicativos\BrOffice.org2 2009-01-09 09:41 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys 2009-01-09 09:41 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-08 09:38 --------- d-----w c:\arquivos de programas\LogMeIn 2009-01-02 18:46 --------- d-----w c:\documents and settings\Claudinei\Dados de aplicativos\SendSpace Wizard 2008-12-16 18:56 --------- d-----w c:\documents and settings\Claudinei\Dados de aplicativos\Blender Foundation 2008-12-16 18:56 --------- d-----w c:\arquivos de programas\Blender Foundation 2008-12-16 17:29 --------- d-----w c:\arquivos de programas\TVSuper3 2008-12-16 16:09 --------- d-----w c:\documents and settings\Claudinei\Dados de aplicativos\Download Manager 2008-12-03 12:50 --------- d-----w c:\arquivos de programas\BrOffice.org 2.4 2008-11-19 20:23 --------- d-----w c:\arquivos de programas\SendSpace 2008-11-19 11:32 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GlobalSCAPE 2008-08-20 14:52 8 --sh--r c:\documents and settings\All Users\Dados de aplicativos\2D83F18A58.sys 2009-01-09 13:08 67,696 ----a-w c:\arquivos de programas\mozilla firefox\components\jar50.dll 2009-01-09 13:08 54,376 ----a-w c:\arquivos de programas\mozilla firefox\components\jsd3250.dll 2009-01-09 13:08 34,952 ----a-w c:\arquivos de programas\mozilla firefox\components\myspell.dll 2009-01-09 13:08 46,720 ----a-w c:\arquivos de programas\mozilla firefox\components\spellchk.dll 2009-01-09 13:08 172,144 ----a-w c:\arquivos de programas\mozilla firefox\components\xpinstal.dll 2008-07-11 18:11 0 -csha-r c:\windows\system32\killVBS.vbs . ------- Sigcheck ------- 2004-08-04 01:45 658432 398a619ce60090303042d1f8cc68f712 c:\windows\ie7\wininet.dll 2006-11-07 22:03 920064 76042b62efe8e0ccb7845ae3955ec0bc c:\windows\ie7updates\KB950759-IE7\wininet.dll 2008-04-23 05:14 927744 d5189e17f4a483c0bb19ccdda4d8c496 c:\windows\system32\wininet.dll 2008-04-23 05:14 927744 d5189e17f4a483c0bb19ccdda4d8c496 c:\windows\system32\dllcache\wininet.dll 2008-04-23 05:14 826368 dd01bde9ca09b53c50f67e932181cb7e c:\windows\VistaMizer\old\wininet.dll 2004-08-04 01:45 543744 3550bfe59972a67ac2f7781041d28ea7 c:\windows\system32\winlogon.exe 2004-08-04 01:45 543744 3550bfe59972a67ac2f7781041d28ea7 c:\windows\system32\dllcache\winlogon.exe 2004-08-04 01:45 504320 6f7bde7a1126debf0cc359a54953efc1 c:\windows\VistaMizer\old\winlogon.exe 2007-02-28 14:02 2061824 1683af18422f7de34575ee95be882ad1 c:\windows\Driver Cache\i386\ntkrnlpa.exe 2007-02-28 14:02 2182656 c2500a0719ba7b1cbbc772755acf35b5 c:\windows\system32\ntkrnlpa.exe 2007-02-28 14:02 2182656 c2500a0719ba7b1cbbc772755acf35b5 c:\windows\system32\dllcache\ntkrnlpa.exe 2007-02-28 14:02 2019840 1f433c0f544a74459f035b71121a4569 c:\windows\VistaMizer\old\ntkrnlpa.exe 2007-02-28 14:02 2184576 986c40660057a2bac752ed4f97cf4a10 c:\windows\Driver Cache\i386\ntoskrnl.exe 2007-02-28 14:02 2302976 18aed852243b02c7179179cac6648668 c:\windows\system32\ntoskrnl.exe 2007-02-28 14:02 2302976 18aed852243b02c7179179cac6648668 c:\windows\system32\dllcache\ntoskrnl.exe 2007-02-28 14:02 2140160 7aacd829f2a9bb4dace70cbfc6046934 c:\windows\VistaMizer\old\ntoskrnl.exe 2007-06-13 11:21 1553920 7062d4a59c277fb6f4447460dbf0ca73 c:\windows\explorer.exe 2007-06-13 11:21 1553920 7062d4a59c277fb6f4447460dbf0ca73 c:\windows\system32\dllcache\explorer.exe 2007-06-13 11:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 c:\windows\VistaMizer\old\explorer.exe 2004-08-04 01:45 25088 a3f0971dbba9657034c303b39464ea5b c:\windows\system32\ctfmon.exe 2004-08-04 01:45 25088 a3f0971dbba9657034c303b39464ea5b c:\windows\system32\dllcache\ctfmon.exe 2004-08-04 01:45 15360 f40bc97996b8e53799eef1d63996674b c:\windows\VistaMizer\old\ctfmon.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCADDC14-BD46-408A-7777-CDBE1C6D3BBB}] 2008-05-03 23:07 449024 --a------ c:\arquiv~1\EMAILE~1\EHunter.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="c:\arquivos de programas\IncrediMail\bin\IncMail.exe" [2008-10-05 243072] "CGFLoader"="c:\arquivos de programas\Calibrize\CalibrizeLoader.exe" [2007-11-26 1961984] "CalibrizeResume"="c:\arquivos de programas\Calibrize\CalibrizeResume.exe" [2007-11-26 413696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-01-09 1601304] "QuickTime Task"="c:\arquivos de programas\QuickTime Alternative\QTSystem\qttask.exe" [2008-09-06 413696] "LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "RTHDCPL"="RTHDCPL.EXE" [2006-12-17 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-15 c:\windows\SkyTel.exe] "Tweak UI"="TWEAKUI.CPL" [1998-05-11 c:\windows\system32\TWEAKUI.CPL] "nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Acrobat Assistant.lnk - c:\arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-01-19 49254] HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-05-23 1678536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-09 07:41 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^VisualTaskTips.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\VisualTaskTips.lnk backup=c:\windows\pss\VisualTaskTips.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Claudinei^Menu Iniciar^Programas^Inicializar^Rapidown.lnk] path=c:\documents and settings\Claudinei\Menu Iniciar\Programas\Inicializar\Rapidown.lnk backup=c:\windows\pss\Rapidown.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-05-16 10:27 153136 c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-27 01:47 31016 c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-02-19 03:41 49152 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 17:30 249856 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 17:30 81920 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 16:57 153136 c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 02:41 8523776 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 02:41 81920 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PSI_SVC_2"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "NVSvc"=2 (0x2) "NMIndexingService"=3 (0x3) "NBService"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "Macromedia Licensing Service"=3 (0x3) "idsvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\IncrediMail\\bin\\IMApp.exe"= "c:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe"= "c:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "c:\\Arquivos de programas\\Corel\\CorelDRAW Graphics Suite 13\\Programs\\CorelDRW.exe"= "c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= "c:\\Arquivos de programas\\Adobe\\Photoshop CS\\Photoshop.exe"= "c:\\Arquivos de programas\\Corel\\CorelDRAW Graphics Suite 13\\Programs\\CorelPP.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"= "c:\\Arquivos de programas\\IncrediMail\\bin\\ImLc.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-08-15 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-15 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-15 107272] R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2008-08-29 26752] R4 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-01-09 903960] R4 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-01-09 298264] R4 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [2008-07-24 12856] R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-21 47640] S3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;c:\windows\system32\drivers\atl02_xp.sys [2008-05-22 28416] S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilDrv10820.sys --> c:\arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilDrv10820.sys [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01453a73-e222-11dd-a9d0-00064f67e420}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0792f28a-b175-11dd-b5c2-00064f67e420}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d0c159f-7ff5-11dd-83cb-00064f67e420}] \Shell\AutoRun\command - H:\a1.bat \Shell\explore\Command - H:\a1.bat \Shell\open\Command - H:\a1.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0de6150e-af12-11dd-b5bf-00064f67e420}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d82318a-9077-11dd-83e8-00064f67e420}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32c3c1a8-5fe9-11dd-8db8-001bfc2be699}] \Shell\Auto\command - fun.xls.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{332fed88-49ba-11dd-8d97-001bfc2be699}] \Shell\Auto\command - fun.xls.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a4b50a5-48ed-11dd-8d95-001bfc2be699}] \Shell\Auto\command - recycled\SVCH0ST.EXE \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\SVCH0ST.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d766a64-e091-11dd-a9ce-00064f67e420}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5342788f-bc68-11dd-b5da-00064f67e420}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53427897-bc68-11dd-b5da-00064f67e420}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{560604aa-bba3-11dd-b5d9-00064f67e420}] \Shell\AutoRun\command - diskdrive.exe \Shell\open\command - diskdrive.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60d9dab7-630e-11dd-b0a3-001bfc2be699}] \Shell\AutoRun\command - kn6jhgc.cmd \Shell\explore\Command - kn6jhgc.cmd \Shell\open\Command - kn6jhgc.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6958820c-4435-11dd-8d8a-001bfc2be699}] \Shell\Auto\command - fun.xls.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69588288-4435-11dd-8d8a-001bfc2be699}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69c0f2fd-4f37-11dd-8d9e-001bfc2be699}] \Shell\AutoRun\command - ayssed.exe \Shell\explore\Command - ayssed.exe \Shell\open\Command - ayssed.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84ef902c-6ef9-11dd-bf70-001bfc2be699}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91e8c122-cc6b-11dd-b5f4-00064f67e420}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9298fff7-a747-11dd-840c-00064f67e420}] \Shell\AutoRun\command - H:\RavMon.exe \Shell\explore\Command - H:\RavMon.exe -e \Shell\open\Command - H:\RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92a73f84-6f70-11dd-bf71-001bfc2be699}] \Shell\AutoRun\command - diskdrive.exe \Shell\open\command - diskdrive.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c3ca101-36da-11dd-8d6c-001bfc2be699}] \Shell\Auto\command - fun.xls.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6e03fb6-4824-11dd-8d92-001bfc2be699}] \Shell\AutoRun\command - t.com \Shell\explore\Command - t.com \Shell\open\Command - t.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7674bff-b48c-11dd-b5cd-00064f67e420}] \Shell\AutoRun\command - oqmlhs.exe \Shell\explore\Command - oqmlhs.exe \Shell\open\Command - oqmlhs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6ccbc31-5ccc-11dd-8daf-001bfc2be699}] \Shell\Auto\command - H:\fun.xls.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcecb579-9a06-11dd-83f5-00064f67e420}] \Shell\AutoRun\command - 39lpji.com \Shell\explore\Command - 39lpji.com \Shell\open\Command - 39lpji.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1d13bef-4d15-11dd-8d9a-001bfc2be699}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c83635d1-2cf0-11dd-8930-001bfc2be699}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdc4c965-5747-11dd-8da6-001bfc2be699}] \Shell\Auto\command - H:\fun.xls.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d07e638d-8199-11dd-83d0-00064f67e420}] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d07e638e-8199-11dd-83d0-00064f67e420}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7f6839e-bd35-11dd-b5db-00064f67e420}] \Shell\AutoRun\command - H:\kn6jhgc.cmd \Shell\explore\Command - H:\kn6jhgc.cmd \Shell\open\Command - H:\kn6jhgc.cmd . - - - - ORFÃOS REMOVIDOS - - - - BHO-{140BD8E3-C167-11D4-B4A3-080000180323} - (no file) . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ mStart Page = hxxp://www.google.com.br/ mWindow Title = Microsoft Internet Explorer uInternet Settings,ProxyServer = 192.168.1.1:8080 IE: &Add animation to IncrediMail Style Box - c:\arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {FAD6EF47-6C0D-4A47-A6F8-89D811DE2755} = 200.176.2.10,200.176.2.12 DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab FF - ProfilePath - c:\documents and settings\Claudinei\Dados de aplicativos\Mozilla\Firefox\Profiles\57mwd174.default\ FF - prefs.js: browser.search.selectedEngine - MyStart Search FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/english/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs&search= FF - prefs.js: network.proxy.ftp - 192.168.1.1 FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - 192.168.1.1 FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - 192.168.1.1 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - 192.168.1.1 FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - 192.168.1.1 FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 1 FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\arquivos de programas\Mozilla Firefox\components\xpinstal.dll FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . . ------- Associação de arquivos/ficheiros ------- . inifile=%SystemRoot%\System32\NOTEPAD.EXE %1" . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-19 18:15:17 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(608) c:\windows\system32\sfc_os.dll c:\windows\system32\LMIinit.dll c:\windows\system32\COMRes.dll c:\windows\system32\LMIRfsClientNP.dll c:\windows\system32\cscui.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe c:\arquivos de programas\AVG\AVG8\avgrsx.exe c:\arquiv~1\AVG\AVG8\avgam.exe c:\arquivos de programas\AVG\AVG8\avgrsx.exe c:\arquivos de programas\AVG\AVG8\avgcsrvx.exe c:\arquiv~1\AVG\AVG8\avgnsx.exe . ************************************************************************** . Tempo para conclusão: 2009-01-19 18:18:24 - Máquina reiniciou [Claudinei] ComboFix-quarantined-files.txt 2009-01-19 20:18:21 Pré-execução: 3.443.347.456 bytes disponíveis Pós execução: 3,410,968,576 bytes disponíveis Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5 395 ________________________________________________________________________________ ________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:30:42, on 19/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\ARQUIV~1\AVG\AVG8\avgam.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Arquivos de programas\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\Documents and Settings\Claudinei\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080 O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Email Addresses Hunter by Solution Software Logic (Freewhere version) - {FCADDC14-BD46-408A-7777-CDBE1C6D3BBB} - C:\ARQUIV~1\EMAILE~1\EHunter.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\styler\TB\StylerTB.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTSystem\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [incrediMail] C:\Arquivos de programas\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [CGFLoader] C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe O4 - HKCU\..\Run: [CalibrizeResume] C:\Arquivos de programas\Calibrize\CalibrizeResume.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{FAD6EF47-6C0D-4A47-A6F8-89D811DE2755}: NameServer = 200.176.2.10,200.176.2.12 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe -- End of file - 7455 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 20, 2009 Boa Noite! Stiegel Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... ) <@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas. <@> Salve-o,no Desktop,com o nome: CFScript.txt File::H:\kn6jhgc.cmd H:\LaunchU3.exe H:\fun.xls.exe H:\39lpji.com H:\oqmlhs.exe H:\RavMon.exe H:\diskdrive.exe H:\ayssed.exe H:\kn6jhgc.cmd H:\a1.bat H:\ t.com Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01453a73-e222-11dd-a9d0-00064f67e420}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0792f28a-b175-11dd-b5c2-00064f67e420}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d0c159f-7ff5-11dd-83cb-00064f67e420}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0de6150e-af12-11dd-b5bf-00064f67e420}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d82318a-9077-11dd-83e8-00064f67e420}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32c3c1a8-5fe9-11dd-8db8-001bfc2be699}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{332fed88-49ba-11dd-8d97-001bfc2be699}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a4b50a5-48ed-11dd-8d95-001bfc2be699}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d766a64-e091-11dd-a9ce-00064f67e420}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5342788f-bc68-11dd-b5da-00064f67e420}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53427897-bc68-11dd-b5da-00064f67e420}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{560604aa-bba3-11dd-b5d9-00064f67e420}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60d9dab7-630e-11dd-b0a3-001bfc2be699}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6958820c-4435-11dd-8d8a-001bfc2be699}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69588288-4435-11dd-8d8a-001bfc2be699}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69c0f2fd-4f37-11dd-8d9e-001bfc2be699}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84ef902c-6ef9-11dd-bf70-001bfc2be699}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91e8c122-cc6b-11dd-b5f4-00064f67e420}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9298fff7-a747-11dd-840c-00064f67e420}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92a73f84-6f70-11dd-bf71-001bfc2be699}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c3ca101-36da-11dd-8d6c-001bfc2be699}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6e03fb6-4824-11dd-8d92-001bfc2be699}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7674bff-b48c-11dd-b5cd-00064f67e420}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6ccbc31-5ccc-11dd-8daf-001bfc2be699}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcecb579-9a06-11dd-83f5-00064f67e420}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1d13bef-4d15-11dd-8d9a-001bfc2be699}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c83635d1-2cf0-11dd-8930-001bfc2be699}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdc4c965-5747-11dd-8da6-001bfc2be699}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d07e638d-8199-11dd-83d0-00064f67e420}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d07e638e-8199-11dd-83d0-00064f67e420}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7f6839e-bd35-11dd-b5db-00064f67e420}] <@> Arraste,o CFScript.txt para o ícone/interior do ComboFix. <@> Veja a demonstração! <@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix. <@> Ps: Faça o arraste,até surgir essa solicitação! ( janela ) <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Stiegel 0 Denunciar post Postado Janeiro 20, 2009 Bom dia DigRam! Abaixo dados atualizados. Pelo que parece já está tudo funcionando normalmente, menos o acesso ao servidor de arquivos, tem pastas que ficou mais lento o acesso mas nada que dê para se estressar. ComboFix 09-01-19.01 - Claudinei 2009-01-20 10:32:23.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.2047.1501 [GMT -2:00] Executando de: c:\documents and settings\Claudinei\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Claudinei\Desktop\CFScript.txt AV: AVG Anti-Virus *On-access scanning enabled* (Updated) ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !! FILE :: H:\ t.com H:\39lpji.com H:\a1.bat H:\ayssed.exe H:\diskdrive.exe H:\fun.xls.exe H:\kn6jhgc.cmd H:\LaunchU3.exe H:\oqmlhs.exe H:\RavMon.exe . (((((((((((((((( Arquivos/Ficheiros criados de 2008-12-20 to 2009-01-20 )))))))))))))))))))))))))))) . 2010-08-28 19:47 . 2008-09-30 11:21 <DIR> d-------- c:\arquivos de programas\Rapidown 2009-01-19 16:19 . 2009-01-19 16:19 <DIR> d-------- c:\windows\system32\Adobe 2009-01-19 16:19 . 2001-03-15 04:55 101,200 --------- c:\windows\system32\pdfshell.dll 2009-01-19 16:19 . 2001-03-15 05:18 65,536 --------- c:\windows\system32\adistres.dll 2009-01-19 16:19 . 2001-03-15 05:18 20,584 --------- c:\windows\system32\PdfPorts.dll 2009-01-19 16:18 . 2009-01-19 16:18 <DIR> d-------- c:\documents and settings\Claudinei\Dados de aplicativos\InterTrust 2009-01-19 16:12 . 2001-04-11 06:02 243,712 --a------ c:\windows\KPCP32.DLL 2009-01-19 16:12 . 2001-04-11 06:02 70,144 --a------ c:\windows\KPFP32.DLL 2009-01-19 16:12 . 2001-04-11 06:02 58,368 --a------ c:\windows\pfpick.dll 2009-01-19 16:12 . 2001-04-11 06:02 48,128 --a------ c:\windows\KPSYS32.DLL 2009-01-19 16:12 . 2001-04-11 06:02 39,095 --a------ c:\windows\Iccsigs.dat 2009-01-19 16:12 . 2001-04-11 06:02 32,792 --a------ c:\windows\SPWHPT.DLL 2009-01-19 16:12 . 2001-04-11 06:02 31,744 --a------ c:\windows\KPSHARP.DLL 2009-01-19 16:12 . 2001-04-11 06:02 31,232 --a------ c:\windows\KPSCALE.DLL 2009-01-19 16:12 . 2001-04-11 06:02 156 --a------ c:\windows\KPCMS.INI 2009-01-19 10:04 . 2009-01-19 10:05 <DIR> d-------- C:\HiJackThis 2009-01-09 14:00 . 2009-01-09 14:00 <DIR> d-------- c:\arquivos de programas\Real Alternative 2009-01-09 13:35 . 2009-01-09 13:35 <DIR> d-------- c:\arquivos de programas\WinAVIVideoConverter 2009-01-08 15:36 . 2009-01-08 15:36 <DIR> d-------- c:\documents and settings\Claudinei\Dados de aplicativos\Thinstall 2008-12-30 17:59 . 2008-12-30 17:59 244 --ah----- C:\sqmnoopt00.sqm 2008-12-30 17:59 . 2008-12-30 17:59 232 --ah----- C:\sqmdata00.sqm 2008-12-22 18:05 . 2008-12-22 18:05 <DIR> d-------- c:\arquivos de programas\Xara 2008-12-22 18:02 . 2008-12-22 18:02 <DIR> d-------- c:\arquivos de programas\AAALOGO2008 . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-20 12:00 --------- d-----w c:\documents and settings\Claudinei\Dados de aplicativos\Orbit 2009-01-19 19:36 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2009-01-19 18:19 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe 2009-01-19 15:46 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys 2009-01-19 14:03 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avg8 2009-01-19 13:11 2,516 --sha-w c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2009-01-16 11:52 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-14 10:51 --------- d-----w c:\documents and settings\Claudinei\Dados de aplicativos\BrOffice.org2 2009-01-09 09:41 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys 2009-01-09 09:41 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-09 09:41 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-01-08 09:38 --------- d-----w c:\arquivos de programas\LogMeIn 2009-01-02 18:46 --------- d-----w c:\documents and settings\Claudinei\Dados de aplicativos\SendSpace Wizard 2008-12-19 18:45 --------- d-----w c:\arquivos de programas\Link Web Extractor 2008-12-19 17:12 --------- d-----w c:\arquivos de programas\Email Extractor 2 2008-12-16 18:56 --------- d-----w c:\documents and settings\Claudinei\Dados de aplicativos\Blender Foundation 2008-12-16 18:56 --------- d-----w c:\arquivos de programas\Blender Foundation 2008-12-16 17:29 --------- d-----w c:\arquivos de programas\TVSuper3 2008-12-16 16:09 --------- d-----w c:\documents and settings\Claudinei\Dados de aplicativos\Download Manager 2008-12-03 12:50 --------- d-----w c:\arquivos de programas\BrOffice.org 2.4 2008-08-20 14:52 8 --sh--r c:\documents and settings\All Users\Dados de aplicativos\2D83F18A58.sys 2009-01-09 13:08 67,696 ----a-w c:\arquivos de programas\mozilla firefox\components\jar50.dll 2009-01-09 13:08 54,376 ----a-w c:\arquivos de programas\mozilla firefox\components\jsd3250.dll 2009-01-09 13:08 34,952 ----a-w c:\arquivos de programas\mozilla firefox\components\myspell.dll 2009-01-09 13:08 46,720 ----a-w c:\arquivos de programas\mozilla firefox\components\spellchk.dll 2009-01-09 13:08 172,144 ----a-w c:\arquivos de programas\mozilla firefox\components\xpinstal.dll 2008-07-11 18:11 0 -csha-r c:\windows\system32\killVBS.vbs . ------- Sigcheck ------- 2004-08-04 01:45 658432 398a619ce60090303042d1f8cc68f712 c:\windows\ie7\wininet.dll 2006-11-07 22:03 920064 76042b62efe8e0ccb7845ae3955ec0bc c:\windows\ie7updates\KB950759-IE7\wininet.dll 2008-04-23 05:14 927744 d5189e17f4a483c0bb19ccdda4d8c496 c:\windows\system32\wininet.dll 2008-04-23 05:14 927744 d5189e17f4a483c0bb19ccdda4d8c496 c:\windows\system32\dllcache\wininet.dll 2008-04-23 05:14 826368 dd01bde9ca09b53c50f67e932181cb7e c:\windows\VistaMizer\old\wininet.dll 2004-08-04 01:45 543744 3550bfe59972a67ac2f7781041d28ea7 c:\windows\system32\winlogon.exe 2004-08-04 01:45 543744 3550bfe59972a67ac2f7781041d28ea7 c:\windows\system32\dllcache\winlogon.exe 2004-08-04 01:45 504320 6f7bde7a1126debf0cc359a54953efc1 c:\windows\VistaMizer\old\winlogon.exe 2007-02-28 14:02 2061824 1683af18422f7de34575ee95be882ad1 c:\windows\Driver Cache\i386\ntkrnlpa.exe 2007-02-28 14:02 2182656 c2500a0719ba7b1cbbc772755acf35b5 c:\windows\system32\ntkrnlpa.exe 2007-02-28 14:02 2182656 c2500a0719ba7b1cbbc772755acf35b5 c:\windows\system32\dllcache\ntkrnlpa.exe 2007-02-28 14:02 2019840 1f433c0f544a74459f035b71121a4569 c:\windows\VistaMizer\old\ntkrnlpa.exe 2007-02-28 14:02 2184576 986c40660057a2bac752ed4f97cf4a10 c:\windows\Driver Cache\i386\ntoskrnl.exe 2007-02-28 14:02 2302976 18aed852243b02c7179179cac6648668 c:\windows\system32\ntoskrnl.exe 2007-02-28 14:02 2302976 18aed852243b02c7179179cac6648668 c:\windows\system32\dllcache\ntoskrnl.exe 2007-02-28 14:02 2140160 7aacd829f2a9bb4dace70cbfc6046934 c:\windows\VistaMizer\old\ntoskrnl.exe 2007-06-13 11:21 1553920 7062d4a59c277fb6f4447460dbf0ca73 c:\windows\explorer.exe 2007-06-13 11:21 1553920 7062d4a59c277fb6f4447460dbf0ca73 c:\windows\system32\dllcache\explorer.exe 2007-06-13 11:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 c:\windows\VistaMizer\old\explorer.exe 2004-08-04 01:45 25088 a3f0971dbba9657034c303b39464ea5b c:\windows\system32\ctfmon.exe 2004-08-04 01:45 25088 a3f0971dbba9657034c303b39464ea5b c:\windows\system32\dllcache\ctfmon.exe 2004-08-04 01:45 15360 f40bc97996b8e53799eef1d63996674b c:\windows\VistaMizer\old\ctfmon.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCADDC14-BD46-408A-7777-CDBE1C6D3BBB}] 2008-05-03 23:07 449024 --a------ c:\arquiv~1\EMAILE~1\EHunter.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="c:\arquivos de programas\IncrediMail\bin\IncMail.exe" [2008-10-05 243072] "CGFLoader"="c:\arquivos de programas\Calibrize\CalibrizeLoader.exe" [2007-11-26 1961984] "CalibrizeResume"="c:\arquivos de programas\Calibrize\CalibrizeResume.exe" [2007-11-26 413696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-01-09 1601304] "QuickTime Task"="c:\arquivos de programas\QuickTime Alternative\QTSystem\qttask.exe" [2008-09-06 413696] "LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "RTHDCPL"="RTHDCPL.EXE" [2006-12-17 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-15 c:\windows\SkyTel.exe] "Tweak UI"="TWEAKUI.CPL" [1998-05-11 c:\windows\system32\TWEAKUI.CPL] "nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Acrobat Assistant.lnk - c:\arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-01-19 49254] HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-05-23 1678536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-09 07:41 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^VisualTaskTips.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\VisualTaskTips.lnk backup=c:\windows\pss\VisualTaskTips.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Claudinei^Menu Iniciar^Programas^Inicializar^Rapidown.lnk] path=c:\documents and settings\Claudinei\Menu Iniciar\Programas\Inicializar\Rapidown.lnk backup=c:\windows\pss\Rapidown.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-05-16 10:27 153136 c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-27 01:47 31016 c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-02-19 03:41 49152 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 17:30 249856 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 17:30 81920 c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 16:57 153136 c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 02:41 8523776 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 02:41 81920 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PSI_SVC_2"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "NVSvc"=2 (0x2) "NMIndexingService"=3 (0x3) "NBService"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "Macromedia Licensing Service"=3 (0x3) "idsvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\IncrediMail\\bin\\IMApp.exe"= "c:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe"= "c:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "c:\\Arquivos de programas\\Corel\\CorelDRAW Graphics Suite 13\\Programs\\CorelDRW.exe"= "c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= "c:\\Arquivos de programas\\Adobe\\Photoshop CS\\Photoshop.exe"= "c:\\Arquivos de programas\\Corel\\CorelDRAW Graphics Suite 13\\Programs\\CorelPP.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"= "c:\\Arquivos de programas\\IncrediMail\\bin\\ImLc.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-08-15 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-15 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-15 107272] R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2008-08-29 26752] R4 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-01-09 903960] R4 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-01-09 298264] R4 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [2008-07-24 12856] R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-21 47640] S3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;c:\windows\system32\drivers\atl02_xp.sys [2008-05-22 28416] S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilDrv10820.sys --> c:\arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilDrv10820.sys [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ mStart Page = hxxp://www.google.com.br/ mWindow Title = Microsoft Internet Explorer uInternet Settings,ProxyServer = 192.168.1.1:8080 IE: &Add animation to IncrediMail Style Box - c:\arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {FAD6EF47-6C0D-4A47-A6F8-89D811DE2755} = 200.176.2.10,200.176.2.12 DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab FF - ProfilePath - c:\documents and settings\Claudinei\Dados de aplicativos\Mozilla\Firefox\Profiles\57mwd174.default\ FF - prefs.js: browser.search.selectedEngine - MyStart Search FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/english/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs&search= FF - prefs.js: network.proxy.ftp - 192.168.1.1 FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - 192.168.1.1 FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - 192.168.1.1 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - 192.168.1.1 FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - 192.168.1.1 FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 1 FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\arquivos de programas\Mozilla Firefox\components\xpinstal.dll FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-20 10:33:14 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(604) c:\windows\system32\sfc_os.dll c:\windows\system32\LMIinit.dll c:\windows\system32\COMRes.dll c:\windows\system32\LMIRfsClientNP.dll c:\windows\system32\cscui.dll . Tempo para conclusão: 2009-01-20 10:34:33 ComboFix-quarantined-files.txt 2009-01-20 12:34:31 ComboFix2.txt 2009-01-20 12:11:11 ComboFix3.txt 2009-01-19 20:18:25 Pré-execução: 3.425.157.120 bytes disponíveis Pós execução: 3,406,221,312 bytes disponíveis Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5 276 ________________________________________________________________________________ _____ ________________________________________________________________________________ _____ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:40:05, on 20/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\ARQUIV~1\AVG\AVG8\avgam.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080 O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Email Addresses Hunter by Solution Software Logic (Freewhere version) - {FCADDC14-BD46-408A-7777-CDBE1C6D3BBB} - C:\ARQUIV~1\EMAILE~1\EHunter.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\styler\TB\StylerTB.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTSystem\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [incrediMail] C:\Arquivos de programas\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [CGFLoader] C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe O4 - HKCU\..\Run: [CalibrizeResume] C:\Arquivos de programas\Calibrize\CalibrizeResume.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{FAD6EF47-6C0D-4A47-A6F8-89D811DE2755}: NameServer = 200.176.2.10,200.176.2.12 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe -- End of file - 7080 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 20, 2009 Boa Tarde! Stiegel <@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK. <@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança ) <@> Clique em Executar --> Aguarde! <@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK. <@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório! ----------------------------------- <@> Baixe: < OTMoveIt3 > <@> Salve-o no desktop e,execute-o aí mesmo! XXXXXXXXXXXXXXXXXXXXXXXXXXX :Processes explorer.exe :Files c:\windows\system32\killVBS.vbs :Commands [purity] [emptytemp] [start explorer] [Reboot] XXXXXXXXXXXXXXXXXXXXXXXXXXX <@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta. <@> Ps: Área abaixo de "Paste Instructions for Items to be Moved". <@> Clique em MoveIt. <@> Na solicitação de reboot,confirme! <@> Terminando,verifique o conteúdo texto da pasta: C:\_OTMoveIt\MovedFiles <@> Copie e poste,seu relatório mais recente: C:\_OTMoveIt\MovedFiles\xxxx2009_xxxxxx.log <-- <@> Ps: Como a ferramenta não sobreescreve seus relatórios,há que observar o que foi gerado após sua execução. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Fevereiro 23, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
