[Arquivado] Problemas no MSN 8.5- Erro 800401f3/ Restauração do S

[ronaldogpi 0]

Segue em anexo a resposta com relatórios do DDS e do HIJACKTHIS, sendo que o problema persiste mesmo após essa tentativa de conseguir restaurar o sistema.

_____________________________________________________

 

DDS.txt

_____________________________________________________

 

DDS (Ver_09-05-14.01) - FAT32x86

Run by Daniel at 16:43:28,64 on sáb 20/06/2009

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60337

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat

 

7.0\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\arquivos de programas\skype\toolbars\internet

 

explorer\SkypeIEPlugin.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\arquivos de

 

programas\real\realplayer\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement

 

pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft

 

office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos

 

comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de

 

programas\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows

 

live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de

 

programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [NBJ] "c:\arquivos de programas\ahead\nero backitup\NBJ.exe"

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

mRun: [WinampAgent] "c:\arquivos de programas\winamp\winampa.exe"

mRun: [VTTrayp] VTtrayp.exe

mRun: [VTTimer] VTTimer.exe

mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LtMoh] c:\arquivos de programas\ltmoh\Ltmoh.exe

mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [snpstd3] c:\windows\vsnpstd3.exe

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [AVP] "c:\arquivos de programas\kaspersky lab\kaspersky anti-virus 6.0\avp.exe"

mRun: [uSBFW] c:\arquivos de programas\net studio\usb firewall\USB FireWall.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: &Download by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\arquivos de programas\kaspersky

 

lab\kaspersky anti-virus 6.0\scieplugin.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows

 

live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

 

c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\arquivos de

 

programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

 

c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

 

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228498680593

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

 

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228411392625

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

 

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -

 

hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39826.2413194444

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} -

 

hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: {BE959707-E59A-4D10-A643-49268770758D} = 201.10.120.3,201.10.128.3

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft

 

office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: klogon - c:\windows\system32\klogon.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft

 

office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\arquivos de programas\windows

 

desktop search\MSNLNamespaceMgr.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\daniel\dadosd~1\mozilla\firefox\profiles\uuqoyxpv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - plugin: c:\arquivos de programas\google\update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll

FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.cache_size", 51200);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.ogg.enabled", true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.wave.enabled", true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText",

 

"noAccess");

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("layout.css.dpi", -1);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\all.js - pref("geo.enabled", true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\greprefs\security-prefs.js -

 

pref("security.remember_cert_checkbox_default_setting", true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix",

 

".com.br");

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr",

 

"moz35");

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox-branding.js -

 

pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",

 

true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",

 

true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",

 

false);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",

 

true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",

 

true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",

 

true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",

 

true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps",

 

false);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings",

 

false);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.cpd.history",

 

true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.cpd.formdata",

 

true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.cpd.passwords",

 

false);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.cpd.downloads",

 

true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.cpd.cookies",

 

true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.cpd.cache",

 

true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.cpd.sessions",

 

true);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",

 

false);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",

 

false);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",

 

false);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js -

 

pref("security.alternate_certificate_error_page", "certerror");

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart",

 

false);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js -

 

pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\arquivos de programas\mozilla firefox 3.1 beta 3\defaults\pref\firefox.js - pref("geo.wifi.uri",

 

"https://www.google.com/loc/json");

 

============= SERVICES / DRIVERS ===============

 

 

=============== Created Last 30 ================

 

2009-06-20 12:23 <DIR> --dsh--- C:\FOUND.104

2009-06-20 10:28 <DIR> --dsh--- C:\FOUND.103

2009-06-19 16:47 <DIR> --dsh--- C:\FOUND.102

2009-06-18 21:28 <DIR> --dsh--- C:\FOUND.101

2009-06-18 20:57 <DIR> --dsh--- C:\FOUND.100

2009-06-18 16:42 <DIR> --dsh--- C:\FOUND.099

2009-06-18 16:04 <DIR> --dsh--- C:\FOUND.098

2009-06-16 18:21 <DIR> --dsh--- C:\FOUND.097

2009-06-10 17:35 <DIR> --dsh--- C:\FOUND.096

2009-06-07 23:50 <DIR> --d----- C:\Temp

2009-06-07 23:20 <DIR> --dsh--- C:\FOUND.095

2009-06-01 12:33 <DIR> --dsh--- C:\FOUND.094

2009-05-30 20:12 <DIR> --dsh--- C:\FOUND.093

2009-05-30 11:07 <DIR> --dsh--- C:\FOUND.092

2009-05-29 07:04 <DIR> --dsh--- C:\FOUND.091

2009-05-25 12:26 <DIR> --dsh--- C:\FOUND.090

2009-05-24 13:36 <DIR> --dsh--- C:\FOUND.089

 

==================== Find3M ====================

 

2009-06-20 15:13 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx

2009-06-20 15:13 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat

2009-06-20 15:13 32 a--sh--- c:\windows\system32\drivers\fidbox.idx

2009-06-20 15:13 32 a--sh--- c:\windows\system32\drivers\fidbox.dat

2009-05-20 12:00 105,395 a------- c:\windows\system32\drivers\klin.dat

2009-05-20 12:00 94,643 a------- c:\windows\system32\drivers\klick.dat

2009-05-19 23:56 126,220,236 a------- C:\Sauv.reg

2009-05-10 14:37 410,984 a------- c:\windows\system32\deploytk.dll

2009-04-05 10:44 37,352,800 a------- c:\arquivos de programas\setup_7.0.0.290_05.04.2009_16-12.exe

2009-01-21 16:45 47,360 a------- c:\docume~1\daniel\dadosd~1\pcouffin.sys

2008-12-16 07:32 13,195 a------- c:\documents and settings\daniel\ZGUICFGW.DAT

2008-01-24 15:32 2,088 a------- c:\arquivos de programas\z3D.log

2008-01-24 15:28 2,069 a------- c:\arquivos de programas\multiAutoSave

2008-01-24 15:28 2,069 a------- c:\arquivos de programas\demo1-Start

2008-06-17 16:43 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações

 

locais\histórico\history.ie5\mshist012008061720080618\index.dat

 

============= FINISH: 16:44:01,87 ===============

 

____________________________________________________

 

ATTACH.txt

____________________________________________________

 

==== Installed Programs ======================

 

2007 Microsoft Office Suite Service Pack 1 (SP1)

Adobe Download Manager 2.2 (Só remoção)

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0.9 - Português

Agere Systems PCI Soft Modem

AIMP2

AiO_Scan_CDA

AiOSoftwareNPI

Analizador XML de Microsoft

Any Audio Converter 1.1.0

Ares 2.1.0

Assistente de Conexão do Windows Live

ASUS Probe V2.25.02

Atualização de Segurança para o Windows Media Player 11 (KB936782)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956391)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB957095)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização para Windows XP (KB951072-v2)

Atualização para Windows XP (KB951978)

AutoUpdate

AVS Audio Converter version 5.1

Blaze Video Magic 3.0

BufferChm

Bíblia Católica 2.0

CCleaner (remove only)

Choice Guard

Clean Virus MSN

ConvertXtoDVD 3.0.0.9

Counter-Strike 1.6

CustomerResearchQFolder

Destinations

DeviceManagementQFolder

Digital Video Converter v1.11.0.32

DivX Codec

DivX Converter

DivX Player

DivX Version Checker

DreaMule 3.2

eSupportQFolder

Express Burn

Extensão do Windows Live Toolbar (Windows Live Toolbar)

F300

F300_Help

Fax_CDA

Ferramenta de Carregamento do Windows Live

Foxit Reader

FoxyTunes for Firefox

Google Earth

Google Talk (remove only)

Google Update Helper

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

HP Customer Participation Program 7.0

HP Imaging Device Functions 7.0

HP Photosmart Essential

HP Photosmart, Officejet and Deskjet 7.0.A

HP Software Update

HP Solution Center 7.0

HP USB Disk Storage Format Tool

HPPhotoSmartExpress

HPProductAssistant

IBM ViaVoice TTS Runtime v5.0 - Português, Brasil

InstantShareDevicesMFC

Java 6 Update 13

Java 6 Update 4

Junk Mail filter update

K-Lite Mega Codec Pack 1.01

Kaspersky Anti-Virus 6.0

MarketResearch

Menus Inteligentes (Windows Live Toolbar)

Messenger Plus! Live

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Search Enhancement Pack

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft XML Parser

Microsoft XML Parser and SDK

Mint Online TV 2.2

Mozilla Firefox (3.0.8)

Mozilla Firefox (3.5)

MP3 Player Utilities 4.15

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 Parser and SDK

MV RegClean 5.5

NCH Toolbox

Nero OEM

NewCopy_CDA

NextUp-ScanSoft Raquel Brazilian Portuguese Voice

Nokia Connectivity Cable Driver

NTE: Strike and Retrieve

Opera 9.63

PowerDVD

ProductContextNPI

QuickTime

Readme

RealPlayer

Realtek AC'97 Audio

Recuva (remove only)

Scan

ScannerCopy

Security Update for 2007 Microsoft Office System (KB951550)

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for 2007 Microsoft Office System (KB955936)

Security Update for Microsoft Office Excel 2007 (KB955470)

Security Update for Microsoft Office OneNote 2007 (KB950130)

Security Update for Microsoft Office PowerPoint 2007 (KB951338)

Security Update for Microsoft Office Publisher 2007 (KB950114)

Security Update for Microsoft Office system 2007 (KB951808)

Security Update for Microsoft Office system 2007 (KB954326)

Security Update for Microsoft Office Word 2007 (KB950113)

Segoe UI

Skype™ 3.8

Slice Audio File Splitter

SolutionCenter

Some PDF to Word Converter 1.5

SopCast 3.0.3

Stamp ID3 Tag Editor

Status

Switch Sound File Converter

The Duel

Toolbox

TrayApp

Tron 2.0 MP Demo

Uninstall 1.0.0.1

Update for Microsoft Office Outlook 2007 (KB952142)

Update for Office 2007 (KB946691)

Update for Outlook 2007 Junk Email Filter (kb957829)

USB FireWall 1.1.3

USB PC Camera Plus

UsbFix

VC80CRTRedist - 8.0.50727.762

VDownloader 0.82

VIA/S3G Display Driver 6.14.10.0331

VirtualCS Addons V3.2 Lite

VirtualCS Addons v4.0

Visualizador do Marcador (Windows Live Toolbar)

Webcam Simulator 5.3

WebFldrs XP

WebReg

Winamp

Windows Defender

Windows Desktop Search 3.01

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Mail

Windows Live Messenger

Windows Live Sync

Windows Live Toolbar

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows Messenger 5.1

Windows XP Service Pack 3

WinPcap 3.1

WONswap

WONswap for Half-Life

 

==== End Of File ===========================

 

_____________________________________________________

 

HIJACKTHIS

_____________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:44:54, on 20/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\ltmoh\Ltmoh.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Windows NT\Acessórios\wordpad.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Daniel\Meus documentos\Downloads\hijackthis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60337

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [uSBFW] C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: @C:\Arquivos de programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Arquivos de programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228498680593

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228411392625

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728Ax....RichUpload.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\..\{BE959707-E59A-4D10-A643-49268770758D}: NameServer = 201.10.120.3,201.10.128.3

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: Serviço Google Update (gupdate1c9c1b13a0f3b7e) (gupdate1c9c1b13a0f3b7e) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 11105 bytes

________________________________________________________________________________

_________________

[DigRam 144]

Boa Noite! ronaldogpi

 

<@> Baixe: < avz4en.zip > ou < avz_antiviral_toolkit >

<@> Salve-o em Arquivos de programas,e descompacte-o aí mesmo!

<@> Abra a pasta avz4 e execute o aplicativo,com um duplo-clique. <-- Ícone escudo e espada!

<@> Conecte-se à Internet,e atualize o Toolkit. --> "File" --> "Database Update". < >

<@> Terminando,não faça ainda nenhuma verificação.

<@> Na aba "Search range",marque todas as caixinhas.

<@> Em "File types",marque o botão "All files".

<@> Em "Actions",marque: "Perform healing"

<@> Nos campos,abaixo de "Perform healing",escolha "Report only",para todos os ítens.

<@> Abaixo de "RiskWare",marque a caixa "Copy suspicious files to Quarantine". <-- Somente esta caixa!

<@> No menu "Search parameters",maximize o ajuste "Heuristic analyses".

<@> Marque a caixa "Extended analysis". <-- Somente esta caixa!

<@> Por default,não desmarque as que estão assinaladas!

<@> Feche os programas que estejam abertos,e rode a ferramenta! <-- Clique em Start.

<@> Terminando o scan,clique no ícone "Save log",para dispormos do relatório. ( avz_log )

<@> Clique,também,no ícone dos "óculos".

<@> Clique em "Save as CSV".

<@> Salve,este relatório,no desktop! <-- Formato de texto. ( *.txt )

<@> Nomeie-o como: view_log

<@> Copie e poste: avz_log.txt + view_log.txt,na sua resposta.

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

[Mário Monteiro 179]

Topico reaberto a pedido do autor post um novo log e aguarde orientações

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.