Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Luizguto

[Resolvido!] Erro de MSN

Recommended Posts

Não está entrando no MSN Beta, segue Log do hijack:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:44:37, on 9/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\SOFTWA~1\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\DOCUME~1\guto\CONFIG~1\Temp\Rar$EX22.5140\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WinReg] C:\WINDOWS\system32\dk\calling.com

O4 - HKLM\..\Run: [msennger] C:\WINDOWS\system32\dk\calling.com

O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series em VIS03] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P44 "Auto EPSON Stylus Photo R200 Series em VIS03" /O18 "\\VIS03\EPSON R200" /M "Stylus Photo R200"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [hohohhaha] C:\WINDOWS\system32\dk\calling.com

O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: PowerReg SchedulerV2.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Reboot.exe

O8 - Extra context menu item: Append to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{D81BA7FA-A5E2-4CB2-A705-8EBEC2A729DB}: NameServer = 200.175.5.139,200.175.89.139

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 10572 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

• Baixe: < ComboFix.exe >

• Salve-o no Desktop!

Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

Feche todas as janelas e execute a ferramenta!

• Na solicitação: "Negação de garantia de software" --> Clique em Sim!

• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

• Abrir-se-á a janela Auto Scan. --> Aguarde!

• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

Aguarde a conclusão!

Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

• Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Compartilhar este post


Link para o post
Compartilhar em outros sites
• Baixe: < ComboFix.exe >

• Salve-o no Desktop!

Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

Feche todas as janelas e execute a ferramenta!

• Na solicitação: "Negação de garantia de software" --> Clique em Sim!

• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

• Abrir-se-á a janela Auto Scan. --> Aguarde!

• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

Aguarde a conclusão!

Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

• Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:30:35, on 9/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe

C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\SOFTWA~1\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\guto\CONFIG~1\Temp\Rar$EX00.328\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [msennger] C:\WINDOWS\system32\dk\calling.com

O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series em VIS03] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P44 "Auto EPSON Stylus Photo R200 Series em VIS03" /O18 "\\VIS03\EPSON R200" /M "Stylus Photo R200"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [hohohhaha] C:\WINDOWS\system32\dk\calling.com

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: PowerReg SchedulerV2.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Reboot.exe

O8 - Extra context menu item: Append to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{D81BA7FA-A5E2-4CB2-A705-8EBEC2A729DB}: NameServer = 200.175.5.139,200.175.89.139

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

 

ComboFix 09-03-06.02 - guto 2009-03-09 23:24:37.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1982.1445 [GMT -3:00]

Executando de: c:\documents and settings\guto\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\2.bat

C:\a1agmur.cmd

C:\autorun.inf

C:\o.exe

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

c:\windows\system32\lsprst7.dll

c:\windows\system32\nmdfgds0.dll

c:\windows\system32\nmdfgds1.dll

c:\windows\system32\olhrwef.exe

c:\windows\system32\ssprs.dll

D:\2.bat

D:\a1agmur.cmd

D:\Autorun.inf

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-10 to 2009-03-10 ))))))))))))))))))))))))))))

.

 

2009-03-09 20:48 . 2009-03-09 20:48 <DIR> d-------- C:\!KillBox

2009-03-09 16:49 . 2009-03-09 16:49 <DIR> d-------- c:\windows\Sun

2009-03-09 14:32 . 2009-03-09 14:32 <DIR> d-------- c:\arquivos de programas\MSN Toolbar

2009-03-09 14:29 . 2009-03-09 19:46 <DIR> d-------- c:\windows\SxsCaPendDel

2009-03-08 01:31 . 2009-03-08 01:30 108,446 -r-hs---- C:\i.com

2009-03-07 01:48 . 2009-03-07 01:48 <DIR> d-------- c:\documents and settings\guto\Dados de aplicativos\IObit

2009-03-07 01:48 . 2009-03-07 01:48 <DIR> d-------- c:\arquivos de programas\IObit

2009-03-07 00:30 . 2009-03-07 00:30 <DIR> d-------- c:\arquivos de programas\MSXML 6.0

2009-03-07 00:26 . 2009-03-07 00:26 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-07 00:24 . 2009-03-07 11:07 <DIR> d-------- c:\windows\system32\CatRoot_bak

2009-03-07 00:18 . 2008-06-14 14:59 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-03-07 00:18 . 2008-06-14 14:59 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-07 00:13 . 2008-08-14 10:45 2,184,576 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-07 00:13 . 2008-08-14 10:45 2,140,160 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-07 00:13 . 2008-08-14 10:45 2,061,952 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-07 00:13 . 2008-08-14 10:45 2,019,840 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-07 00:09 . 2008-10-24 08:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-03-06 18:25 . 2009-03-07 00:31 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-06 16:28 . 2009-03-07 13:48 <DIR> d-------- C:\clip_ana e mariana

2009-03-06 11:32 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-03-06 11:32 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-03-06 11:32 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-03-05 13:39 . 2009-03-05 13:39 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-03-04 21:08 . 2009-03-04 21:07 109,434 -r-hs---- C:\dbrxubcw.com

2009-03-02 23:05 . 2009-03-02 23:05 <DIR> d-------- c:\arquivos de programas\Java

2009-03-02 23:05 . 2009-03-02 23:05 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-02 23:05 . 2009-03-02 23:05 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-02 23:02 . 2009-03-02 23:02 <DIR> d-------- C:\Arquivos de Programas RFB

2009-03-02 13:47 . 2009-03-02 13:47 <DIR> d-------- c:\arquivos de programas\Alwil Software

2009-02-25 17:57 . 2009-02-25 17:57 125 --a------ c:\documents and settings\guto\lxctrb.bat

2009-02-14 09:54 . 2009-02-14 13:54 2,078,720 --a------ C:\Beach Boys - Barbra Ann.mp3

2009-02-13 13:32 . 2009-02-13 13:35 <DIR> d-------- c:\arquivos de programas\AIKO 82D

2009-02-13 13:32 . 2008-01-30 10:31 100,864 --a------ c:\windows\system32\drivers\ZTEusbser6k.sys

2009-02-13 13:32 . 2008-01-30 10:31 100,864 --a------ c:\windows\system32\drivers\ZTEusbnmea.sys

2009-02-13 13:32 . 2008-01-30 10:31 100,864 --a------ c:\windows\system32\drivers\ZTEusbmdm6k.sys

2009-02-13 13:31 . 2009-02-13 13:32 <DIR> d-------- c:\windows\system32\SupportAppXL

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-09 17:54 --------- d-----w c:\arquivos de programas\Windows Live

2009-03-09 17:32 --------- d-----w c:\documents and settings\guto\Dados de aplicativos\MegauploadToolbar

2009-03-02 17:23 --------- d-----w c:\arquivos de programas\Sony

2009-02-13 16:32 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-02-05 15:23 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg7

2009-02-05 00:31 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Grisoft

2009-01-21 08:25 --------- d-----w c:\arquivos de programas\Microsoft

2009-01-21 08:24 --------- d-----w c:\arquivos de programas\Windows Live SkyDrive

2009-01-21 08:18 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2009-01-12 12:24 --------- d-----w c:\documents and settings\guto\Dados de aplicativos\Image Zone Express

2008-12-19 17:22 5,632 --sha-w c:\arquivos de programas\Thumbs.db

2008-06-04 19:48 81,920 ----a-w c:\documents and settings\guto\Dados de aplicativos\ezpinst.exe

2008-06-04 19:48 47,360 ----a-w c:\documents and settings\guto\Dados de aplicativos\pcouffin.sys

2003-12-09 11:03 277,360 ----a-w c:\arquivos de programas\PowerDVD.CHM

2003-11-24 18:07 98,304 ----a-w c:\arquivos de programas\UI_RES.dll

2003-11-24 12:25 77,824 ----a-w c:\arquivos de programas\PwrDVDRC.dll

2003-11-24 12:25 335,872 ----a-w c:\arquivos de programas\DVD_RES.dll

2003-11-24 12:25 335,872 ------w c:\arquivos de programas\CLAudRC.dll

2003-11-24 12:25 12,288 ----a-w c:\arquivos de programas\OSD_MLang.dll

2003-11-24 12:24 12,288 ----a-w c:\arquivos de programas\AppBarCom_RES.dll

2003-10-14 20:12 5,550,080 ----a-w c:\arquivos de programas\ui_skin.dll

2003-10-08 17:04 189 ------w c:\arquivos de programas\PowerDVD.sim

2003-09-05 19:25 98,304 ----a-w c:\arquivos de programas\CLDShowX.dll

2003-09-05 19:25 409,600 ----a-w c:\arquivos de programas\PowerDVD.exe

2003-09-05 19:25 294,912 ----a-w c:\arquivos de programas\dvd_x.imp

2003-09-05 19:25 286,720 ----a-w c:\arquivos de programas\AppBarCom.dll

2003-09-05 19:25 282,624 ----a-w c:\arquivos de programas\Vr_x.imp

2003-09-05 19:25 278,528 ----a-w c:\arquivos de programas\CLInet.dll

2003-09-05 19:25 188,416 ----a-w c:\arquivos de programas\vcd20_x.imp

2003-09-05 19:25 151,552 ----a-w c:\arquivos de programas\dxm_x.imp

2003-09-05 19:25 139,264 ----a-w c:\arquivos de programas\acd_x.imp

2003-09-05 19:16 57,344 ----a-w c:\arquivos de programas\dvdrgn.exe

2003-09-05 19:16 323,584 ----a-w c:\arquivos de programas\ddtester.exe

2003-09-05 19:16 274,432 ----a-w c:\arquivos de programas\cldma.exe

2003-09-05 19:16 167,936 ----a-w c:\arquivos de programas\cltest.exe

2003-06-16 14:07 67 ----a-w c:\arquivos de programas\OLREG.URL

2003-06-16 14:07 642 ----a-w c:\arquivos de programas\powerdvd.exe.manifest

2003-06-16 14:07 4,710 ----a-w c:\arquivos de programas\uninst.ico

2003-06-16 09:07 119 ------w c:\arquivos de programas\iPower.txt

2003-06-01 19:57 16,950 ------w c:\arquivos de programas\Readme.htm

1999-02-02 03:00 266,293 ----a-w c:\arquivos de programas\msvcrt.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"hohohhaha"="c:\windows\system32\dk\calling.com" [2006-05-13 696320]

"AdobeUpdater"="c:\arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]

"Acrobat Assistant 8.0"="d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]

"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-07-02 77824]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"msennger"="c:\windows\system32\dk\calling.com" [2006-05-13 696320]

"Auto EPSON Stylus Photo R200 Series em VIS03"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-02 148888]

"nwiz"="nwiz.exe" [2006-10-31 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\guto\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

PowerReg SchedulerV2.exe [2008-07-02 256000]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-05-27 295606]

Adobe Acrobat Synchronizer.lnk - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

BTTray.lnk - c:\arquivos de programas\Software WIDCOMM\Bluetooth\BTTray.exe [2005-10-09 610365]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

Reboot.exe [2006-12-29 409088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"vidc.3IV2"= 3ivxVfWCodec.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\WINDOWS\\system32\\dk\\calling.com"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2009-02-13 81920]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29fbe781-b19a-11dd-a3ce-001bb9b1bb13}]

\Shell\AutoRun\command - E:\abk.bat

\Shell\explore\Command - E:\abk.bat

\Shell\open\Command - E:\abk.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3da3698e-c780-11dd-a219-001bb9b1bb13}]

\Shell\AutoRun\command - e:\restore\S-1-5-21-1486476501-1644491937-682003330-1013\autorun.exe

\Shell\open\command - e:\restore\S-1-5-21-1486476501-1644491937-682003330-1013\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{495681ba-c91c-11dd-a21f-001bb9b1bb13}]

\Shell\AutoRun\command - RESTORE\S-1-5-21-1486476501-1644491937-682003330-1013\autorun.exe

\Shell\open\command - RESTORE\S-1-5-21-1486476501-1644491937-682003330-1013\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{977342c6-6ad9-11dd-bfab-001bb9b1bb13}]

\Shell\AutoRun\command - E:\0w.com

\Shell\explore\Command - E:\0w.com

\Shell\open\Command - E:\0w.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4296f73-f905-11dd-a27c-0ec6bac321d0}]

\Shell\AutoRun\command - e:\restore\S-1-5-21-1486476501-1644491937-682003330-1013\autorun.exe

\Shell\open\command - e:\restore\S-1-5-21-1486476501-1644491937-682003330-1013\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b815e66d-f9e7-11dd-a27e-0fc6bac321d0}]

\Shell\AutoRun\command - E:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d71a2281-c6d9-11dd-a217-806d6172696f}]

\Shell\AutoRun\command - G:\0w.com

\Shell\explore\Command - G:\0w.com

\Shell\open\Command - G:\0w.com

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe

 

 

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = *.local

IE: c:\arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

IE: Append to existing PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {D81BA7FA-A5E2-4CB2-A705-8EBEC2A729DB} = 200.175.5.139,200.175.89.139

FF - ProfilePath - c:\documents and settings\guto\Dados de aplicativos\Mozilla\Firefox\Profiles\2a48mumi.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-09 23:26:52

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:55,ec,1d,61,e1,14,ad,89,41,70,5c,2a,35,3e,b1,c9,f7,79,3d,30,80,

42,33,8c,40,80,b7,b7,cc,a5,25,db,68,ac,9b,b9,ab,c0,b8,d6,53,cb,e4,17,0d,fd,\

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:55,ec,1d,61,e1,14,ad,89,41,70,5c,2a,35,3e,b1,c9,f7,79,3d,30,80,

42,33,8c,40,80,b7,b7,cc,a5,25,db,68,ac,9b,b9,ab,c0,b8,d6,53,cb,e4,17,0d,fd,\

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\rundll32.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Software WIDCOMM\Bluetooth\BTStackServer.exe

c:\windows\system32\wdfmgr.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

c:\arquivos de programas\Canon\CAL\CALMAIN.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-09 23:29:11 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-10 02:29:09

 

Pré-execução: 9.648.484.352 bytes disponíveis

Pós execução: 9,707,917,312 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

270 --- E O F --- 2009-03-08 03:47:55

Compartilhar este post


Link para o post
Compartilhar em outros sites

Conecte o seu pendrive nas portas USB e realize os procedimentos abaixos

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

c:\windows\system32\dk\calling.com

E:\abk.bat

e:\restore\S-1-5-21-1486476501-1644491937-682003330-1013\autorun.exe

E:\0w.com

E:\AutoRun.exe

G:\0w.com

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hohohhaha"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msennger"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29fbe781-b19a-11dd-a3ce-001bb9b1bb13}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3da3698e-c780-11dd-a219-001bb9b1bb13}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{495681ba-c91c-11dd-a21f-001bb9b1bb13}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{977342c6-6ad9-11dd-bfab-001bb9b1bb13}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4296f73-f905-11dd-a27c-0ec6bac321d0}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b815e66d-f9e7-11dd-a27e-0fc6bac321d0}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d71a2281-c6d9-11dd-a217-806d6172696f}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites
Conecte o seu pendrive nas portas USB e realize os procedimentos abaixos

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

c:\windows\system32\dk\calling.com

E:\abk.bat

e:\restore\S-1-5-21-1486476501-1644491937-682003330-1013\autorun.exe

E:\0w.com

E:\AutoRun.exe

G:\0w.com

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hohohhaha"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msennger"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29fbe781-b19a-11dd-a3ce-001bb9b1bb13}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3da3698e-c780-11dd-a219-001bb9b1bb13}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{495681ba-c91c-11dd-a21f-001bb9b1bb13}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{977342c6-6ad9-11dd-bfab-001bb9b1bb13}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4296f73-f905-11dd-a27c-0ec6bac321d0}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b815e66d-f9e7-11dd-a27e-0fc6bac321d0}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d71a2281-c6d9-11dd-a217-806d6172696f}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:00:48, on 10/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\SOFTWA~1\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\guto\CONFIG~1\Temp\Rar$EX00.937\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series em VIS03] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P44 "Auto EPSON Stylus Photo R200 Series em VIS03" /O18 "\\VIS03\EPSON R200" /M "Stylus Photo R200"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: PowerReg SchedulerV2.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Reboot.exe

O8 - Extra context menu item: Append to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{D81BA7FA-A5E2-4CB2-A705-8EBEC2A729DB}: NameServer = 200.175.5.139,200.175.89.139

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 10180 bytes

 

 

ComboFix 09-03-06.02 - guto 2009-03-10 22:52:29.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1982.1516 [GMT -3:00]

Executando de: c:\documents and settings\guto\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\guto\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE ::

c:\windows\system32\dk\calling.com

E:\0w.com

E:\abk.bat

E:\AutoRun.exe

e:\restore\S-1-5-21-1486476501-1644491937-682003330-1013\autorun.exe

G:\0w.com

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\dk\calling.com

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-11 to 2009-03-11 ))))))))))))))))))))))))))))

.

 

2009-03-10 10:52 . 2009-03-10 10:52 54,156 --ah----- c:\windows\QTFont.qfn

2009-03-10 10:52 . 2009-03-10 10:52 1,409 --a------ c:\windows\QTFont.for

2009-03-09 20:48 . 2009-03-09 20:48 <DIR> d-------- C:\!KillBox

2009-03-09 16:49 . 2009-03-09 16:49 <DIR> d-------- c:\windows\Sun

2009-03-09 14:32 . 2009-03-09 14:32 <DIR> d-------- c:\arquivos de programas\MSN Toolbar

2009-03-09 14:29 . 2009-03-09 19:46 <DIR> d-------- c:\windows\SxsCaPendDel

2009-03-08 01:31 . 2009-03-08 01:30 108,446 -r-hs---- C:\i.com

2009-03-07 01:48 . 2009-03-07 01:48 <DIR> d-------- c:\documents and settings\guto\Dados de aplicativos\IObit

2009-03-07 01:48 . 2009-03-07 01:48 <DIR> d-------- c:\arquivos de programas\IObit

2009-03-07 00:30 . 2009-03-07 00:30 <DIR> d-------- c:\arquivos de programas\MSXML 6.0

2009-03-07 00:26 . 2009-03-07 00:26 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-07 00:24 . 2009-03-07 11:07 <DIR> d-------- c:\windows\system32\CatRoot_bak

2009-03-07 00:18 . 2008-06-14 14:59 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-03-07 00:18 . 2008-06-14 14:59 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-07 00:13 . 2008-08-14 10:45 2,184,576 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-07 00:13 . 2008-08-14 10:45 2,140,160 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-07 00:13 . 2008-08-14 10:45 2,061,952 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-07 00:13 . 2008-08-14 10:45 2,019,840 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-07 00:09 . 2008-10-24 08:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-03-06 18:25 . 2009-03-07 00:31 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-06 16:28 . 2009-03-07 13:48 <DIR> d-------- C:\clip_ana e mariana

2009-03-06 11:32 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-03-06 11:32 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-03-06 11:32 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-03-05 13:39 . 2009-03-05 13:39 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-03-04 21:08 . 2009-03-04 21:07 109,434 -r-hs---- C:\dbrxubcw.com

2009-03-02 23:05 . 2009-03-02 23:05 <DIR> d-------- c:\arquivos de programas\Java

2009-03-02 23:05 . 2009-03-02 23:05 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-02 23:05 . 2009-03-02 23:05 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-02 23:02 . 2009-03-02 23:02 <DIR> d-------- C:\Arquivos de Programas RFB

2009-03-02 13:47 . 2009-03-02 13:47 <DIR> d-------- c:\arquivos de programas\Alwil Software

2009-02-25 17:57 . 2009-02-25 17:57 125 --a------ c:\documents and settings\guto\lxctrb.bat

2009-02-14 09:54 . 2009-02-14 13:54 2,078,720 --a------ C:\Beach Boys - Barbra Ann.mp3

2009-02-13 13:32 . 2009-02-13 13:35 <DIR> d-------- c:\arquivos de programas\AIKO 82D

2009-02-13 13:32 . 2008-01-30 10:31 100,864 --a------ c:\windows\system32\drivers\ZTEusbser6k.sys

2009-02-13 13:32 . 2008-01-30 10:31 100,864 --a------ c:\windows\system32\drivers\ZTEusbnmea.sys

2009-02-13 13:32 . 2008-01-30 10:31 100,864 --a------ c:\windows\system32\drivers\ZTEusbmdm6k.sys

2009-02-13 13:31 . 2009-02-13 13:32 <DIR> d-------- c:\windows\system32\SupportAppXL

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-09 17:54 --------- d-----w c:\arquivos de programas\Windows Live

2009-03-09 17:32 --------- d-----w c:\documents and settings\guto\Dados de aplicativos\MegauploadToolbar

2009-03-02 17:23 --------- d-----w c:\arquivos de programas\Sony

2009-02-13 16:32 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-02-06 21:52 49,504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-05 15:23 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg7

2009-02-05 00:31 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Grisoft

2009-01-21 08:25 --------- d-----w c:\arquivos de programas\Microsoft

2009-01-21 08:24 --------- d-----w c:\arquivos de programas\Windows Live SkyDrive

2009-01-21 08:18 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2009-01-12 12:24 --------- d-----w c:\documents and settings\guto\Dados de aplicativos\Image Zone Express

2008-12-19 17:22 5,632 --sha-w c:\arquivos de programas\Thumbs.db

2008-06-04 19:48 81,920 ----a-w c:\documents and settings\guto\Dados de aplicativos\ezpinst.exe

2008-06-04 19:48 47,360 ----a-w c:\documents and settings\guto\Dados de aplicativos\pcouffin.sys

2003-12-09 11:03 277,360 ----a-w c:\arquivos de programas\PowerDVD.CHM

2003-11-24 18:07 98,304 ----a-w c:\arquivos de programas\UI_RES.dll

2003-11-24 12:25 77,824 ----a-w c:\arquivos de programas\PwrDVDRC.dll

2003-11-24 12:25 335,872 ----a-w c:\arquivos de programas\DVD_RES.dll

2003-11-24 12:25 335,872 ------w c:\arquivos de programas\CLAudRC.dll

2003-11-24 12:25 12,288 ----a-w c:\arquivos de programas\OSD_MLang.dll

2003-11-24 12:24 12,288 ----a-w c:\arquivos de programas\AppBarCom_RES.dll

2003-10-14 20:12 5,550,080 ----a-w c:\arquivos de programas\ui_skin.dll

2003-10-08 17:04 189 ------w c:\arquivos de programas\PowerDVD.sim

2003-09-05 19:25 98,304 ----a-w c:\arquivos de programas\CLDShowX.dll

2003-09-05 19:25 409,600 ----a-w c:\arquivos de programas\PowerDVD.exe

2003-09-05 19:25 294,912 ----a-w c:\arquivos de programas\dvd_x.imp

2003-09-05 19:25 286,720 ----a-w c:\arquivos de programas\AppBarCom.dll

2003-09-05 19:25 282,624 ----a-w c:\arquivos de programas\Vr_x.imp

2003-09-05 19:25 278,528 ----a-w c:\arquivos de programas\CLInet.dll

2003-09-05 19:25 188,416 ----a-w c:\arquivos de programas\vcd20_x.imp

2003-09-05 19:25 151,552 ----a-w c:\arquivos de programas\dxm_x.imp

2003-09-05 19:25 139,264 ----a-w c:\arquivos de programas\acd_x.imp

2003-09-05 19:16 57,344 ----a-w c:\arquivos de programas\dvdrgn.exe

2003-09-05 19:16 323,584 ----a-w c:\arquivos de programas\ddtester.exe

2003-09-05 19:16 274,432 ----a-w c:\arquivos de programas\cldma.exe

2003-09-05 19:16 167,936 ----a-w c:\arquivos de programas\cltest.exe

2003-06-16 14:07 67 ----a-w c:\arquivos de programas\OLREG.URL

2003-06-16 14:07 642 ----a-w c:\arquivos de programas\powerdvd.exe.manifest

2003-06-16 14:07 4,710 ----a-w c:\arquivos de programas\uninst.ico

2003-06-16 09:07 119 ------w c:\arquivos de programas\iPower.txt

2003-06-01 19:57 16,950 ------w c:\arquivos de programas\Readme.htm

1999-02-02 03:00 266,293 ----a-w c:\arquivos de programas\msvcrt.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-09_23.28.34.35 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-03-10 13:47:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_67c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"AdobeUpdater"="c:\arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]

"Acrobat Assistant 8.0"="d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]

"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-07-02 77824]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"Auto EPSON Stylus Photo R200 Series em VIS03"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-02 148888]

"nwiz"="nwiz.exe" [2006-10-31 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\guto\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

PowerReg SchedulerV2.exe [2008-07-02 256000]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-05-27 295606]

Adobe Acrobat Synchronizer.lnk - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

BTTray.lnk - c:\arquivos de programas\Software WIDCOMM\Bluetooth\BTTray.exe [2005-10-09 610365]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

Reboot.exe [2006-12-29 409088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"vidc.3IV2"= 3ivxVfWCodec.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2009-02-13 81920]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = *.local

IE: c:\arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

IE: Append to existing PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {D81BA7FA-A5E2-4CB2-A705-8EBEC2A729DB} = 200.175.5.139,200.175.89.139

FF - ProfilePath - c:\documents and settings\guto\Dados de aplicativos\Mozilla\Firefox\Profiles\2a48mumi.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-10 22:53:35

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:55,ec,1d,61,e1,14,ad,89,41,70,5c,2a,35,3e,b1,c9,f7,79,3d,30,80,

42,33,8c,40,80,b7,b7,cc,a5,25,db,68,ac,9b,b9,ab,c0,b8,d6,53,cb,e4,17,0d,fd,\

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:55,ec,1d,61,e1,14,ad,89,41,70,5c,2a,35,3e,b1,c9,f7,79,3d,30,80,

42,33,8c,40,80,b7,b7,cc,a5,25,db,68,ac,9b,b9,ab,c0,b8,d6,53,cb,e4,17,0d,fd,\

.

Tempo para conclusão: 2009-03-10 22:54:41

ComboFix-quarantined-files.txt 2009-03-11 01:54:32

ComboFix2.txt 2009-03-10 02:29:13

 

Pré-execução: 8.745.242.624 bytes disponíveis

Pós execução: 8,757,329,920 bytes disponíveis

 

217 --- E O F --- 2009-03-08 03:47:55

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.