[Resolvido!] Systen erro code 1400

Ohnimor · Janeiro 30, 2009

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:52:29, on 29/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: DirecX - {83FDA784-0154-418F-810B-F1839272C361} - C:\WINDOWS\system32\DirectX\Dinput\diagx3d.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\..\{7A887B90-C809-443D-9605-5A5057F69728}: NameServer = 10.5.1.1,10.5.1.2

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5754 bytes

DigRam · Janeiro 30, 2009

Bom Dia! Ohnimor

<@> Baixe: < ComboFix.exe > ( ...by sUBs )

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

--------------------------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

Ohnimor · Janeiro 30, 2009

ComboFix 09-01-21.04 - Administrador 2009-01-30 10:19:16.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1023.682 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: ESET NOD32 antivírus 3.0 *On-access scanning disabled* (Updated)

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-28 to 2009-01-30 ))))))))))))))))))))))))))))

.

2009-01-29 19:13 . 2009-01-29 19:13 <DIR> d-------- c:\arquivos de programas\Europa

2009-01-29 19:13 . 2009-01-29 19:13 60 --a------ c:\windows\QI.INI

2009-01-29 16:28 . 2009-01-29 16:28 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Leadertech

2009-01-29 13:10 . 2009-01-29 13:10 <DIR> d-------- c:\windows\Downloaded Installations

2009-01-28 14:26 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg

2009-01-28 14:26 . 2008-03-03 18:21 572 --ah----- c:\windows\nod32fixtemdono.reg

2009-01-28 14:25 . 2009-01-28 14:25 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\ESET

2009-01-28 14:25 . 2009-01-28 14:25 <DIR> d-------- c:\arquivos de programas\ESET

2009-01-28 12:52 . 2009-01-29 10:38 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\skypePM

2009-01-28 12:52 . 2009-01-28 12:52 56 --ah----- c:\windows\system32\ezsidmv.dat

2009-01-28 12:47 . 2009-01-28 12:47 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-01-28 12:47 . 2009-01-29 10:38 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Skype

2009-01-28 12:47 . 2009-01-28 15:05 <DIR> d-------- c:\arquivos de programas\Skype

2009-01-28 12:47 . 2009-01-28 12:47 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Skype

2009-01-28 12:14 . 2009-01-28 12:14 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles

2009-01-28 12:08 . 2009-01-28 12:08 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avg8

2009-01-28 01:32 . 2009-01-28 01:32 <DIR> d-------- c:\windows\system32\xircom

2009-01-28 01:32 . 2009-01-28 01:32 <DIR> d-------- c:\windows\system32\oobe

2009-01-28 01:32 . 2009-01-28 01:32 <DIR> d-------- c:\arquivos de programas\Microsoft frontpage

2009-01-27 19:58 . 2009-01-27 20:21 <DIR> d-------- c:\windows\system32\CatRoot_bak

2009-01-27 19:46 . 2008-06-14 15:59 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-01-27 19:46 . 2008-06-14 15:59 272,384 --------- c:\windows\system32\DllCache\bthport.sys

2009-01-27 19:39 . 2007-04-02 04:36 546,304 --------- c:\windows\system32\DllCache\hhctrl.ocx

2009-01-27 19:31 . 2008-09-15 13:15 1,847,040 --------- c:\windows\system32\DllCache\win32k.sys

2009-01-27 19:29 . 2008-08-14 11:39 2,190,208 --------- c:\windows\system32\DllCache\ntoskrnl.exe

2009-01-27 19:29 . 2008-08-14 11:39 2,146,816 --------- c:\windows\system32\DllCache\ntkrnlmp.exe

2009-01-27 19:29 . 2008-08-14 11:39 2,067,200 --------- c:\windows\system32\DllCache\ntkrnlpa.exe

2009-01-27 19:29 . 2008-08-14 11:39 2,024,960 --------- c:\windows\system32\DllCache\ntkrpamp.exe

2009-01-27 19:26 . 2008-12-12 15:29 3,088,384 --------- c:\windows\system32\DllCache\mshtml.dll

2009-01-27 19:13 . 2008-10-24 09:25 455,936 --------- c:\windows\system32\DllCache\mrxsmb.sys

2009-01-27 19:13 . 2008-05-08 10:28 202,752 --------- c:\windows\system32\DllCache\rmcast.sys

2009-01-27 19:11 . 2008-12-11 08:24 333,184 --------- c:\windows\system32\DllCache\srv.sys

2009-01-27 19:09 . 2008-05-01 12:32 331,776 --------- c:\windows\system32\DllCache\msadce.dll

2009-01-27 19:06 . 2008-04-11 16:40 683,520 --------- c:\windows\system32\DllCache\inetcomm.dll

2009-01-27 19:00 . 2008-10-03 08:16 247,326 --------- c:\windows\system32\DllCache\strmdll.dll

2009-01-27 18:58 . 2008-10-15 14:59 332,800 --------- c:\windows\system32\DllCache\netapi32.dll

2009-01-27 18:57 . 2008-09-04 14:45 1,106,944 --------- c:\windows\system32\DllCache\msxml3.dll

2009-01-27 18:49 . 2009-01-28 01:57 <DIR> d--h----- c:\windows\$hf_mig$

2009-01-27 18:36 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui

2009-01-27 18:36 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui

2009-01-27 18:36 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

2009-01-27 18:36 . 2008-10-16 14:07 18,968 --a------ c:\windows\system32\wuaueng.dll.mui

2009-01-26 00:25 . 2009-01-28 01:57 1,374 --a------ c:\windows\imsins.BAK

2009-01-23 20:43 . 2009-01-23 20:43 1 ---hs---- C:\MSDOS.INF

2009-01-20 19:38 . 2003-05-12 20:25 503,808 --a------ c:\windows\system32\mpeg2dmx.ax

2009-01-20 19:38 . 2001-08-18 20:00 262,144 --a------ c:\windows\system32\mpg4ds32.axu

2009-01-20 19:38 . 2003-05-21 01:10 210,432 --a------ c:\windows\system32\mpgdec.ax

2009-01-20 19:38 . 2004-04-30 21:46 28,672 --a------ c:\windows\system32\t3odm.dll

2009-01-19 22:23 . 2009-01-19 22:24 <DIR> d-------- c:\documents and settings\Administrador\.rssowl

2009-01-17 14:22 . 2009-01-17 14:23 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Winamp

2009-01-17 14:22 . 2009-01-17 14:24 <DIR> d-------- c:\arquivos de programas\Winamp

2009-01-16 22:18 . 2009-01-16 22:18 <DIR> d-------- c:\arquivos de programas\Programas RFB

2009-01-16 22:08 . 2009-01-16 22:08 <DIR> d-------- C:\Decifra

2009-01-04 13:55 . 2009-01-29 11:37 <DIR> d-------- c:\arquivos de programas\eMule

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-29 18:28 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-01-29 13:29 --------- d-----w c:\arquivos de programas\KCeasy

2009-01-28 13:52 --------- d-----w c:\arquivos de programas\Google

2009-01-28 02:43 --------- d-----w c:\arquivos de programas\Dopewars

2009-01-13 17:24 --------- d-----w c:\arquivos de programas\NEED FOR SPEED UNDERGROUND 2

2008-12-11 10:24 333,184 ----a-w c:\windows\system32\drivers\srv.sys

2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 13:00 283,648 ------w c:\windows\system32\DllCache\gdi32.dll

2008-10-19 13:30 98,304 ----a-w c:\windows\system32\CmdLineExt.dll

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-15 14:18 18,432 ------w c:\windows\system32\DllCache\iedw.exe

2008-10-03 10:16 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-06-07 13:07 5,837,792 ----a-w c:\arquivos de programas\Firefox Setup 2.0.0.14.exe

2007-12-30 02:43 5,233 ----a-w c:\arquivos de programas\IDAPI32.CFG

.

((((((((((((((((((((((((((((( snapshot@2009-01-28_15.50.01,12 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-28 13:01:34 191,384 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2009-01-29 18:27:16 195,368 ----a-w c:\windows\system32\FNTCACHE.DAT

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FDA784-0154-418F-810B-F1839272C361}]

2009-01-23 20:45 824832 --a------ c:\windows\system32\DirectX\Dinput\diagx3d.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 1867776]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-21 7561216]

"WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2008-09-12 36352]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-21 86016]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Lexmark X1100 Series"="c:\arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" [2007-12-21 1443072]

"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 c:\windows\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2006-10-21 c:\windows\system32\nwiz.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2006-04-28 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Documents and Settings\\Administrador\\Desktop\\CS\\hl.exe"=

"c:\\Documents and Settings\\Administrador\\Desktop\\Nova pasta\\hl.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3150:TCP"=

"3050:TCP"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]

R4 ekrn;Eset Service;c:\arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe [2007-12-21 468224]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-28 3584]

[HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{20947886-e78b-11dc-bdf7-000feab2b0c6}]

\Shell\AutoRun\command - E:\fooool.exe

\Shell\explore\Command - E:\fooool.exe

\Shell\open\Command - E:\fooool.exe

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

mStart Page = hxxp://br. yahoo.com

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: {7A887B90-C809-443D-9605-5A5057F69728} = 10.5.1.1,10.5.1.2

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\aj1kit0o.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.localpoint.org/

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava11.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava12.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava13.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava14.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava32.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJPI150_05.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPOJI610.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-30 10:20:38

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2009-01-30 10:21:58

ComboFix-quarantined-files.txt 2009-01-30 12:21:44

ComboFix2.txt 2009-01-28 17:50:58

Pré-execução: 16 pasta(s) 11.259.695.104 bytes disponíveis

Pós execução: 16 pasta(s) 11,264,016,384 bytes disponíveis

182 --- E O F --- 2009-01-28 03:57:51

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:29:04, on 30/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896