[Arquivado] Vírus com nome de usuário

jucca · Junho 10, 2009

Olá

Acredito ter pego um vírus antigo, em algum cd antigo que infelizmente tive que consultar, o AV não pegou nada na hora.

Mas depois cai numa tela de MS-Dos umas 2x, e começa a pegar um punhado de vírus na pasta drivers.

Alguns: amd64si.sys, acpi32.sys, ati64.sys e systemntmi.sys.

O Norton Corporate 10 que tenho parece não dar conta.

Além disso identifiquei nos processos um arquivo com o nome de meu usuário, terminação .exe.

É o zero.exe. Quando tento finalizá-lo, ele inutiliza o botão, mas fazendo rapidamente consegui derrubá-lo.

Achei ele na raiz da pasta do usuário, deletei, mas ele voltou.

Ainda estou passando o AV por completo, não terminou e parece que não vai adiantar, então peço ajuda.

Vai o hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:01:37, on 10/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\xampp\filezillaftp\filezillaserver.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Fábrica de Bits\ACORDA\acorda.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Clipdiary\clipdiary.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\arquivos de programas\money\System\reminder.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

C:\Arquivos de programas\EverNote\EverNote\EverNote.exe

C:\Arquivos de programas\SpeedFan\speedfan.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Symantec AntiVirus\vpc32.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Java\jre6\launch4j-tmp\frd.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\ZERO\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe calc.ifo beforemain

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ACORDA] C:\Arquivos de programas\Fábrica de Bits\ACORDA\acorda.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [clipdiary] C:\Arquivos de programas\Clipdiary\clipdiary.exe

O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Reminder] C:\arquivos de programas\money\System\reminder.exe

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [uniClipper] "C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [ZERO] C:\Documents and Settings\ZERO\ZERO.exe /i

O4 - HKUS\S-1-5-21-1417001333-117609710-1801674531-1007\..\RunOnce: [NeroHomeFirstStart] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMFirstStart.exe (User 'postgres')

O4 - Startup: BrOffice.org 3.0.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe

O4 - Startup: EverNote.lnk = C:\Arquivos de programas\EverNote\EverNote\EverNote.exe

O4 - Startup: SpeedFan.lnk = C:\Arquivos de programas\SpeedFan\speedfan.exe

O8 - Extra context menu item: Add to Evernote - res://C:\Arquivos de programas\Evernote\Evernote3\enbar.dll/2000

O8 - Extra context menu item: Add to EverNote - res://C:\Arquivos de programas\EverNote\EverNote\enbar.dll/2000

O8 - Extra context menu item: Anexar a PDF existente - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Arquivos de programas\Advanced JPEG Compressor\ajcieex.htm

O8 - Extra context menu item: Sothink SWF Decompiler - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll

O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll

O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Arquivos de programas\Evernote\Evernote3\enbar.dll

O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Arquivos de programas\Evernote\Evernote3\enbar.dll

O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229888865593

O17 - HKLM\System\CCS\Services\Tcpip\..\{30049034-4DD7-4B50-AF6C-58AE41F55B23}: NameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{36244340-CB28-4CFB-BCD2-C19D022CED36}: NameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{30049034-4DD7-4B50-AF6C-58AE41F55B23}: NameServer = 192.168.1.254

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\xampp\filezillaftp\filezillaserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9cdad1353c2a4) (gupdate1c9cdad1353c2a4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-shareware.exe (file missing)

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Arquivos de programas\PostgreSQL\8.2\bin\pg_ctl.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--

End of file - 19827 bytes

Power Max · Junho 10, 2009

:thumbsup: Olá Jucca!

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

- Faça o download do ComboFix e salve-o no desktop (área de trabalho):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

OBS: Para que a ferramenta seja executada é necessário que esteja no desktop (área de trabalho)

Mantenha a tecla [shift] pressionada enquanto espeta o Pendrive, MP3, etc... na porta USB (caso você tenha algum destes) e se tiver mais de um, conecte todos.

Neste caso de você ter alguma destas mídias citadas acima deixe de apertar a tecla [shift] só quando o Pendrive (ou outras mídias) for identificado no Windows explorer. Não os tire até completar todas as instruções.

* Desative, temporariamente, o seu antivírus;

* Feche todas as janelas abertas;

* Dê um duplo clique no arquivo ComboFix;

* Na próxima janela clique em Executar, aceite o contrato e aguarde até que o relatório seja gerado;

OBS: Caso não queira que seja instalado o console de recuperação do Windows, clique em "Não" e depois concorde que a verificação prossiga.

Ao ser instalado o console, na inicialização do sistema será apresentada a tela para seleção dos sistemas operacionais.

Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

* Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento;

* O ComboFix "poderá" reiniciar o PC automaticamente para completar o processo de remoção.

* Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

* Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.

* Para parar ou sair do ComboFix, tecle "N".

* Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC e o pendrive depois disto.

jucca · Junho 10, 2009

Vai o log solicitado, consegui via Modo de Segurança.

Grato

Jucca

ComboFix 09-06-09.06 - ZERO 10/06/2009 12:51.3 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2997 [GMT -3:00]

Executando de: c:\documents and settings\ZERO\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ATI64SI

-------\Service_ati64si

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-10 to 2009-06-10 ))))))))))))))))))))))))))))

.

2009-06-09 22:39 . 2009-06-09 22:39 806764 ---ha-w- c:\windows\system32\mlfcache.dat

2009-06-08 23:18 . 2009-06-08 23:18 -------- d-----w- c:\arquivos de programas\iPod

2009-06-08 23:18 . 2009-06-08 23:18 -------- d-----w- c:\arquivos de programas\iTunes

2009-06-08 23:12 . 2009-06-08 23:12 75048 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

2009-06-08 23:11 . 2009-06-08 23:11 -------- d-----w- c:\arquivos de programas\Safari

2009-06-08 22:36 . 2009-06-08 22:38 -------- d---a-w- C:\android-sdk-windows-1.5_r1

2009-06-07 14:16 . 2009-06-07 14:16 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\YoudaGames

2009-06-07 14:16 . 2009-06-07 14:16 -------- d-----w- C:\games

2009-06-06 16:03 . 2009-06-06 16:29 -------- d-----w- c:\arquivos de programas\Desafio Sebrae 2009

2009-06-05 14:39 . 2009-06-10 07:13 -------- d---a-w- c:\arquivos de programas\FreeRapid-0.82

2009-06-04 19:32 . 2009-06-04 19:32 -------- d-----w- c:\arquivos de programas\SistemaPrice

2009-06-04 19:32 . 2009-06-04 19:32 286720 ------w- c:\windows\Setup1.exe

2009-06-04 19:32 . 2009-06-04 19:32 73216 ----a-w- c:\windows\ST6UNST.EXE

2009-06-04 03:41 . 2009-06-04 03:41 -------- d-----w- c:\arquivos de programas\Opera

2009-06-01 14:29 . 2009-06-01 14:29 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\BlogDesk

2009-06-01 14:29 . 2006-03-21 13:27 276320 ----a-w- c:\windows\system32\csftpapi.dll

2009-06-01 14:29 . 2006-03-21 13:27 202576 ----a-w- c:\windows\system32\csncdapi.dll

2009-06-01 14:29 . 2006-01-30 20:26 765952 ----a-w- c:\windows\system32\PolarSpellChecker.dll

2009-06-01 14:29 . 2003-02-20 13:59 221184 ----a-w- c:\windows\system32\TidyATL.dll

2009-06-01 14:29 . 2009-06-01 14:29 -------- d-----w- c:\arquivos de programas\BlogDesk

2009-06-01 01:23 . 2009-06-01 01:23 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\Yik-Fai Hung

2009-06-01 01:22 . 2009-06-01 01:23 -------- d-----w- c:\arquivos de programas\ecto 2

2009-05-29 00:00 . 2009-06-10 00:36 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-05-28 21:36 . 2009-06-10 00:36 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\ConceptDraw MINDMAP

2009-05-28 21:34 . 2009-05-28 21:34 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\ConceptDraw MindMap 6

2009-05-28 21:32 . 2009-06-07 01:36 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\ConceptDraw Project 5

2009-05-28 21:31 . 2009-05-28 21:31 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\CSOdessa

2009-05-28 21:28 . 2009-05-28 23:57 -------- d-----w- c:\arquivos de programas\ConceptDraw Office

2009-05-21 14:12 . 2009-06-09 22:38 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\Apple Computer

2009-05-21 14:12 . 2009-03-19 19:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-05-21 14:12 . 2008-04-17 15:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2009-05-21 14:11 . 2009-05-21 14:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-05-21 14:10 . 2009-05-21 14:10 -------- d-----w- c:\arquivos de programas\Apple Software Update

2009-05-21 14:09 . 2009-03-26 18:23 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-05-21 14:09 . 2009-03-26 18:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-05-21 14:09 . 2009-06-08 23:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2009-05-21 14:09 . 2009-05-21 14:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple

2009-05-21 14:00 . 1998-06-18 03:00 102912 ----a-w- c:\windows\system32\VB6STKIT.DLL

2009-05-21 14:00 . 2009-05-21 14:00 -------- d-----w- c:\arquivos de programas\iPranks Backup Utility

2009-05-17 12:12 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-05-17 12:12 . 2008-04-13 19:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2009-05-17 12:12 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-05-17 12:12 . 2008-04-14 03:20 159232 ----a-w- c:\windows\system32\ptpusd.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-10 16:05 . 2008-12-23 12:06 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\Skype

2009-06-10 16:04 . 2008-12-21 21:32 -------- d-----w- c:\arquivos de programas\SpeedFan

2009-06-10 16:03 . 2008-12-21 14:30 -------- d-----w- c:\arquivos de programas\Symantec AntiVirus

2009-06-10 16:02 . 2008-12-21 20:00 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\clipdiary

2009-06-10 16:02 . 2008-12-23 22:40 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\VMware

2009-06-10 16:01 . 2009-02-17 11:16 -------- d-----w- c:\documents and settings\postgres\Dados de aplicativos\VMware

2009-06-10 16:01 . 2008-12-23 12:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\VMware

2009-06-10 15:39 . 2009-01-04 20:02 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\uTorrent

2009-06-10 15:24 . 2009-01-04 20:02 -------- d-----w- c:\arquivos de programas\uTorrent

2009-06-10 15:12 . 2009-03-01 14:40 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\skypePM

2009-06-10 06:10 . 2009-02-09 16:56 -------- d-----w- c:\arquivos de programas\Mozilla Firefox1

2009-06-10 04:48 . 2009-01-11 03:06 -------- d-----w- c:\arquivos de programas\LogMeIn

2009-06-10 04:39 . 2008-12-21 23:28 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\ConceptDraw MINDMAP 5 Professional

2009-06-09 17:14 . 2008-12-23 12:21 -------- d-----w- c:\arquivos de programas\Mozilla Thunderbird

2009-06-09 14:39 . 2008-12-21 20:11 3296 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2009-06-08 23:16 . 2008-12-23 12:21 -------- d-----w- c:\arquivos de programas\QuickTime Alternative

2009-06-05 19:38 . 2008-12-21 16:10 1 ----a-w- c:\documents and settings\ZERO\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2009-06-05 15:01 . 2008-12-24 12:54 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\XnView

2009-06-04 14:23 . 2009-01-04 19:04 1901 ----a-w- c:\windows\panose.bin

2009-06-02 22:46 . 2008-12-21 19:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-05-28 22:19 . 2009-03-31 19:52 -------- d-----w- c:\arquivos de programas\Google

2009-05-25 02:02 . 2008-12-21 23:26 -------- d-----w- c:\arquivos de programas\Celtx

2009-05-21 14:11 . 2008-12-23 12:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-05-21 14:11 . 2009-04-17 02:38 -------- d-----w- c:\arquivos de programas\Bonjour

2009-05-14 19:56 . 2009-01-10 23:36 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\dvdcss

2009-05-10 05:20 . 2009-05-10 05:20 -------- d-----w- c:\arquivos de programas\Electronic Arts

2009-05-09 15:23 . 2008-12-24 18:52 -------- d-----w- c:\arquivos de programas\Notepad++

2009-05-09 04:41 . 2009-05-02 23:19 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-05-08 06:48 . 2009-05-03 03:30 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-05-08 06:48 . 2009-05-03 03:29 183112 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-05-05 03:26 . 2009-05-05 03:26 1694 ----a-w- c:\windows\system32\ealregsnapshot1.reg

2009-05-02 23:11 . 2009-05-02 23:11 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\Leadertech

2009-04-30 16:16 . 2008-12-21 22:14 -------- d-----w- c:\arquivos de programas\X-Fonter

2009-04-26 15:34 . 2009-02-03 18:42 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\Vso

2009-04-24 17:44 . 2009-04-24 17:44 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\Broad Intelligence

2009-04-24 17:43 . 2009-04-24 17:43 -------- d-----w- c:\arquivos de programas\MediaCoder

2009-04-24 16:38 . 2009-04-24 16:38 -------- d-----w- c:\arquivos de programas\BitComet FLV Converter

2009-04-24 16:11 . 2009-04-24 16:11 -------- d-----w- c:\arquivos de programas\popsoftware

2009-04-24 15:51 . 2009-01-07 13:08 -------- d-----w- c:\arquivos de programas\Alldj_DVD_To_AVI

2009-04-24 15:48 . 2008-12-21 21:27 -------- d-----w- c:\arquivos de programas\Media Converter SA Edition

2009-04-24 15:42 . 2009-04-24 15:41 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\vlc

2009-04-24 15:40 . 2008-12-21 18:11 -------- d-----w- c:\arquivos de programas\VideoLAN

2009-04-19 21:24 . 2008-12-21 17:52 -------- d-----w- c:\arquivos de programas\PowerISO

2009-04-19 19:30 . 2009-04-19 19:30 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-04-18 23:54 . 2001-10-28 18:07 85146 ----a-w- c:\windows\system32\perfc016.dat

2009-04-18 23:54 . 2001-10-28 18:07 484330 ----a-w- c:\windows\system32\perfh016.dat

2009-04-18 14:45 . 2009-04-18 14:45 -------- d-----w- c:\arquivos de programas\FLAC

2009-04-17 08:52 . 2009-04-05 05:52 -------- d-----w- c:\documents and settings\ZERO\Dados de aplicativos\Alien Skin

2009-04-17 04:23 . 2008-12-21 18:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-04-17 04:21 . 2009-04-17 04:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Control Panels

2009-04-17 04:20 . 2009-04-17 04:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ALM

2009-04-17 04:09 . 2009-04-17 04:09 -------- d-----w- c:\arquivos de programas\QuickTime

2009-04-17 02:33 . 2009-04-17 02:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2009-04-17 00:06 . 2008-12-24 19:46 -------- d-----w- c:\arquivos de programas\ClickFont

2009-04-04 22:18 . 2009-02-19 05:47 8 ----a-w- c:\windows\system32\nvModes.dat

2009-04-04 12:53 . 2009-04-04 12:53 152576 ----a-w- c:\documents and settings\ZERO\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

2009-04-01 01:06 . 2009-04-01 01:06 0 ----a-w- c:\windows\system32\_r_a_p_.tmp

2009-03-24 14:55 . 2009-03-24 14:56 720896 ----a-w- c:\windows\iun6002.exe

2009-03-19 19:32 . 2009-03-19 19:32 23400 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys

2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w- c:\windows\system32\drivers\scdemu.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

"clipdiary"="c:\arquivos de programas\Clipdiary\clipdiary.exe" [2007-05-22 208896]

"VisualTaskTips"="c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2006-07-31 36864]

"Skype"="c:\arquivos de programas\Skype\\Phone\Skype.exe" [2009-04-16 24264488]

"Reminder"="c:\arquivos de programas\money\System\reminder.exe" [1998-07-25 36864]

"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

"UniClipper"="c:\arquivos de programas\EverNote\EverNote\UniClipper.exe" [2007-12-11 1078208]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 3735552]

"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2009-02-11 270128]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2008-12-21 2250256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2006-03-07 53408]

"vptray"="c:\arquiv~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]

"PWRISOVM.EXE"="c:\arquivos de programas\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]

"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]

"ACORDA"="c:\arquivos de programas\Fábrica de Bits\ACORDA\acorda.exe" [2004-09-05 483328]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"vmware-tray"="c:\arquivos de programas\VMware\VMware Workstation\vmware-tray.exe" [2007-05-02 68400]

"QuickTime Task"="c:\arquivos de programas\QuickTime Alternative\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]

c:\documents and settings\ZERO\Menu Iniciar\Programas\Inicializar\

BrOffice.org 3.0.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2008-12-15 384000]

EverNote.lnk - c:\arquivos de programas\EverNote\EverNote\EverNote.exe [2008-12-21 4008384]

SpeedFan.lnk - c:\arquivos de programas\SpeedFan\speedfan.exe [2005-9-13 2469376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\arquiv~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ZERO^Menu Iniciar^Programas^Inicializar^EverNote.lnk]

path=c:\documents and settings\ZERO\Menu Iniciar\Programas\Inicializar\EverNote.lnk

backup=c:\windows\pss\EverNote.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ZERO^Menu Iniciar^Programas^Inicializar^WinMySQLadmin.lnk]

path=c:\documents and settings\ZERO\Menu Iniciar\Programas\Inicializar\WinMySQLadmin.lnk

backup=c:\windows\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Arquivos de programas\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Arquivos de programas\\IncrediMail\\bin\\ImLc.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\Arquivos de programas\\Irrational Games\\Freedom Force\\fforce.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\VoipRaider.com\\VoipRaider\\VoipRaider.exe"=

"c:\\xampp\\apache\\bin\\apache.exe"=

"c:\\xampp\\mysql\\bin\\mysqld.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\PowerISO\\PWRISOVM.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\WINWORD.EXE"=

"c:\\Arquivos de programas\\LogMeIn\\x86\\LMIGuardian.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5432:TCP"= 5432:TCP:Postgres

"5432:UDP"= 5432:UDP:Postgres

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [24/7/2008 17:46 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [11/1/2009 00:07 47640]

R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\arquivos de programas\PostgreSQL\8.2\bin\pg_ctl.exe [30/1/2009 03:32 94376]

R2 SentinelKeysServer;Sentinel Keys Server;c:\arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [27/4/2007 00:00 316992]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/2/2009 20:01 101936]

R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [21/12/2008 11:47 36864]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [21/12/2008 12:01 222976]

S2 gupdate1c9cdad1353c2a4;Google Update Service (gupdate1c9cdad1353c2a4);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [5/5/2009 15:12 133104]

S3 cpuz130;cpuz130;\??\c:\docume~1\ZERO\CONFIG~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ZERO\CONFIG~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 CrystalSysInfo;CrystalSysInfo;c:\arquivos de programas\MediaCoder\SysInfo.sys [25/9/2007 11:59 15152]

S3 PciCon;PciCon;\??\h:\pcicon.sys --> h:\PciCon.sys [?]

S3 SavRoam;SAVRoam;c:\arquivos de programas\Symantec AntiVirus\SavRoam.exe [17/3/2006 05:34 115952]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-06-09 c:\windows\Tasks\1-Click Maintenance.job

- c:\arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 21:35]

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2009-06-10 c:\windows\Tasks\BackupZero.job

- c:\bat\BackupZero.bat [2009-01-06 00:27]

2009-06-10 c:\windows\Tasks\Copia.job

- c:\bat\Copia.bat [2009-01-06 10:15]

2009-06-10 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-05 18:12]

2009-06-10 c:\windows\Tasks\SDMsgUpdate (TE).job

- c:\arquiv~1\SMARTD~1\Messages\SDNotify.exe [2009-03-07 10:29]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-ZERO - c:\documents and settings\ZERO\ZERO.exe

Notify-LMIinit - LMIinit.dll

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote - c:\arquivos de programas\Evernote\Evernote3\enbar.dll/2000

IE: Add to EverNote - c:\arquivos de programas\EverNote\EverNote\enbar.dll/2000

IE: Anexar a PDF existente - c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Anexar destino do link a PDF existente - c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Open using &Advanced JPEG Compressor - c:\arquivos de programas\Advanced JPEG Compressor\ajcieex.htm

IE: Sothink SWF Decompiler - c:\arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm

TCP: {30049034-4DD7-4B50-AF6C-58AE41F55B23} = 192.168.1.254

TCP: {36244340-CB28-4CFB-BCD2-C19D022CED36} = 192.168.1.254

FF - ProfilePath - c:\documents and settings\ZERO\Dados de aplicativos\Mozilla\Firefox\Profiles\xe4g2bkb.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\arquivos de programas\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll

FF - component: c:\arquivos de programas\Evernote\Evernote3\FfTbClipper\components\enbar3.dll

FF - component: c:\arquivos de programas\Google\Google Gears\Firefox\components\gears.dll

FF - component: c:\documents and settings\ZERO\Dados de aplicativos\Mozilla\Firefox\Profiles\xe4g2bkb.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - component: c:\documents and settings\ZERO\Dados de aplicativos\Mozilla\Firefox\Profiles\xe4g2bkb.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdeploytk.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npnul32.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPOFF12.DLL

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPOFFICE.DLL

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin2.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin3.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin4.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin5.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin6.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin7.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\ZERO\Dados de aplicativos\Mozilla\Firefox\Profiles\xe4g2bkb.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox1\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-10 13:03

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]

"ImagePath"="c:/xampp/mysql/bin/mysqld-shareware.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]

"ImagePath"="c:/xampp/mysql/bin/mysqld-shareware.exe"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(588)

c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(644)

c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(4972)

c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll

c:\windows\system32\nview.dll

c:\arquivos de programas\VisualTaskTips\VttHooks.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

c:\arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Symantec AntiVirus\DefWatch.exe

c:\xampp\FileZillaFTP\FileZillaServer.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\LogMeIn\x86\ramaint.exe

c:\arquivos de programas\LogMeIn\x86\LogMeIn.exe

c:\arquivos de programas\LogMeIn\x86\LMIGuardian.exe

c:\arquivos de programas\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\arquivos de programas\PostgreSQL\8.2\bin\postgres.exe

c:\arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

c:\arquivos de programas\Symantec AntiVirus\Rtvscan.exe

c:\arquivos de programas\PostgreSQL\8.2\bin\postgres.exe

c:\arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

c:\arquivos de programas\PostgreSQL\8.2\bin\postgres.exe

c:\arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

c:\windows\system32\vmnat.exe

c:\windows\system32\vmnetdhcp.exe

c:\windows\system32\rundll32.exe

c:\arquivos de programas\LogMeIn\x86\LMIGuardian.exe

c:\arquivos de programas\Skype\Phone\Skype.exe

c:\arquivos de programas\iPod\bin\iPodService.exe

c:\arquivos de programas\BrOffice.org 3\program\soffice.exe

c:\arquivos de programas\BrOffice.org 3\program\soffice.bin

c:\arquivos de programas\Windows Live\Contacts\wlcomm.exe

c:\arquivos de programas\Skype\Plugin Manager\skypePM.exe

c:\documents and settings\ZERO\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

c:\windows\system32\taskmgr.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-06-10 13:10 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-06-10 16:10

Pré-execução: 22 pasta(s) 28.254.085.120 bytes disponíveis

Pós execução: 22 pasta(s) 28.226.498.560 bytes disponíveis

366 --- E O F --- 2009-05-28 03:52

jucca · Junho 10, 2009

Aqui o Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:15:38, on 10/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\xampp\filezillaftp\filezillaserver.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\ARQUIV~1\SYMANT~1\VPTray.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Clipdiary\clipdiary.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\arquivos de programas\money\System\reminder.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

C:\Arquivos de programas\SpeedFan\speedfan.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\explorer.exe