Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
othon

PC infectado, abrindo sites como nadadevirus, protejaseudrive, hopeless romantic etc

Recommended Posts

Começou esse domingo... No Internet Explorer é só abrir que já aparecem uns três pop-ups desses, no Firefox normalmente abre só um tal de Gladiatus.

O problema é que ele tá 'bloqueando' vários sites, a maioria relacionado com o Google: Orkut, blogspot, inclusive o Google mesmo, a página de pesquisas. Tá atrapalhando demais.

Segue o log do HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:46:03, on 24/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Regiane\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)

O1 - Hosts: 69.5.88.72 www.megaupload.com

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [8c9f378a] rundll32.exe "C:\WINDOWS\system32\xidnxpfc.dll",b

O4 - HKLM\..\Run: [bM8fac0416] Rundll32.exe "C:\WINDOWS\system32\iuicfyuq.dll",s

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iLike] C:\Arquivos de programas\iLike\1.1.27\ilikesidebar.exe /checkforupdate

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CC5C7FFD-E058-4390-A22A-FD08CCD9A3CE} (JoyOnPlay Control) - http://www.pangonline.com.br/common/com/ongamenet.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_23.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{13FEFBC5-F471-4234-A4B3-F391CA2EFD09}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{D091081B-948F-47AE-9C0B-E81CA5FD165E}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{13FEFBC5-F471-4234-A4B3-F391CA2EFD09}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

--

End of file - 12350 bytes

Por favor, me ajudem :/

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! othon

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

------------------------

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Está aí o log do ComboFix e do HiJackThis.

    ComboFix 08-04-24.1 - Regiane 2008-04-27 15:36:43.7 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.203 [GMT -3:00]

    Executando de: C:\Documents and Settings\Regiane\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    ---- Previous Run -------

    .

    C:\WINDOWS\cookies.ini

    C:\WINDOWS\pskt.ini

    C:\WINDOWS\system32\azip32.dll

    C:\WINDOWS\system32\byXRHXQK.dll

    C:\WINDOWS\system32\drivers\privada.zip

    C:\WINDOWS\system32\gobncupv.ini

    C:\WINDOWS\system32\Iijlnnnn.ini

    C:\WINDOWS\system32\Iijlnnnn.ini2

    C:\WINDOWS\system32\iuicfyuq.dll

    C:\WINDOWS\system32\khfEXoMF.dll

    C:\WINDOWS\system32\mcrh.tmp

    C:\WINDOWS\system32\nnnnljiI.dll

    C:\WINDOWS\system32\qoMfdeET.dll

    C:\WINDOWS\system32\sbajdggl.dll

    C:\WINDOWS\system32\TEedfMoq.ini

    C:\WINDOWS\system32\TEedfMoq.ini2

    C:\WINDOWS\system32\vjuupuca.dll

    C:\WINDOWS\system32\vmewvupf.dll

    C:\WINDOWS\system32\vpucnbog.dll

    C:\WINDOWS\system32\yhclmsxk.dll

    C:\WINDOWS\tse.exe

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))))

    .

    2008-04-26 23:09 . 2008-04-27 15:32 <DIR> d-------- C:\Arquivos de programas\MegaJogos

    2008-04-26 13:49 . 2008-04-26 13:49 <DIR> d-------- C:\Arquivos de programas\IObit

    2008-04-26 13:47 . 2008-04-26 13:27 6,553,344 --a------ C:\AWCSetup.exe

    2008-04-24 19:01 . 2008-04-25 19:36 1,509,399 ---hs---- C:\WINDOWS\system32\cfpxndix.ini

    2008-04-24 06:39 . 2008-04-23 21:23 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

    2008-04-23 21:22 . 2008-04-24 08:27 <DIR> d-------- C:\Documents and Settings\Regiane\.housecall6.6

    2008-04-23 20:01 . 2008-04-23 20:01 <DIR> d-------- C:\Arquivos de programas\Panda Security

    2008-04-23 19:50 . 2008-04-23 19:50 <DIR> d-------- C:\Arquivos de programas\CCleaner

    2008-04-23 18:54 . 2008-04-24 18:56 1,540,797 ---hs---- C:\WINDOWS\system32\wvhttrsw.ini

    2008-04-22 18:51 . 2008-04-23 18:52 1,542,589 ---hs---- C:\WINDOWS\system32\eeqjnhcx.ini

    2008-04-21 10:49 . 2008-04-22 18:49 1,542,237 ---hs---- C:\WINDOWS\system32\cradqdak.ini

    2008-04-20 10:49 . 2008-04-21 10:41 1,541,697 ---hs---- C:\WINDOWS\system32\xnvbdgdc.ini

    2008-04-20 10:46 . 2008-04-26 14:20 109,831 --a------ C:\WINDOWS\BM8fac0416.xml

    2008-04-19 14:57 . 2008-04-19 14:56 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp

    2008-04-19 14:57 . 2008-04-19 14:57 13,023 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat

    2008-04-19 14:43 . 2008-04-19 14:56 4,229,496 --a------ C:\dMC-r12.3_UP_BY_DJ_RAJ_.exe

    2008-04-19 14:10 . 2008-04-19 14:56 <DIR> d-------- C:\Arquivos de programas\Illustrate

    2008-04-19 13:02 . 2008-04-19 13:02 <DIR> d-------- C:\Arquivos de programas\Alcohol Soft

    2008-04-15 19:31 . 2008-04-15 19:31 <DIR> d-------- C:\Arquivos de programas\iPod

    2008-04-12 22:02 . 2008-04-12 22:02 <DIR> d-------- C:\Arquivos de programas\7-Zip

    2008-04-12 13:12 . 2008-04-12 13:12 <DIR> d-------- C:\5a4249cc5402db88dee41b

    2008-04-09 20:18 . 2008-04-09 20:18 0 --a------ C:\WINDOWS\system32\psfxin.exe

    2008-04-09 20:08 . 2008-04-09 20:08 0 --a------ C:\Documents and Settings\Regiane\psxfin.exe

    2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

    2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-12-25 18:04 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    2008-04-27 18:35 --------- d-----w C:\Documents and Settings\Regiane\Dados de aplicativos\uTorrent

    2008-04-27 18:23 --------- d-----w C:\Arquivos de programas\Mozilla Firefox 3 Beta 3

    2008-04-26 21:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

    2008-04-19 21:10 --------- d-----w C:\Arquivos de programas\DOSBox-0.72

    2008-04-19 17:56 4,229,496 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe

    2008-04-19 15:06 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

    2008-04-19 01:44 --------- d-----w C:\Arquivos de programas\MSN Messenger

    2008-04-19 01:44 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

    2008-04-18 01:20 --------- d-----w C:\Arquivos de programas\ACAD2000

    2008-04-16 01:14 --------- d-----w C:\Arquivos de programas\Apple Software Update

    2008-04-15 22:32 --------- d-----w C:\Arquivos de programas\iTunes

    2008-04-15 22:25 --------- d-----w C:\Arquivos de programas\QuickTime

    2008-04-12 19:40 --------- d-----w C:\Documents and Settings\Regiane\Dados de aplicativos\LimeWire

    2008-03-22 21:20 --------- d-----w C:\Arquivos de programas\Programas RFB

    2008-03-22 19:17 --------- d-----w C:\Arquivos de programas\Programas SRF

    2008-03-20 14:59 --------- d-----w C:\Documents and Settings\Regiane\Dados de aplicativos\iLike

    2008-03-20 14:58 --------- d-----w C:\Arquivos de programas\iLike

    2008-03-20 14:15 --------- d-----w C:\Arquivos de programas\Bruno Kitsune Web-Site

    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

    2008-03-17 23:12 --------- d-----w C:\Arquivos de programas\MP3 WAV Converter

    2008-03-16 14:40 --------- d-----w C:\Arquivos de programas\LimeWire

    2008-03-15 21:29 --------- d-----w C:\Documents and Settings\Regiane\Dados de aplicativos\AccurateRip

    2008-03-09 16:29 --------- d-----w C:\Arquivos de programas\eMule

    2008-03-02 19:02 --------- d-----w C:\Arquivos de programas\Motorola Phone Tools

    2008-03-02 18:58 --------- d-----w C:\Arquivos de programas\Avanquest update

    2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

    2008-02-28 21:50 --------- d-----w C:\Documents and Settings\Regiane\Dados de aplicativos\Skype

    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

    2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

    2008-02-16 01:11 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

    2008-01-29 16:44 9 ----a-w C:\Documents and Settings\Regiane\ZincPasswords.bin

    2008-01-29 16:44 28,462 ----a-w C:\Documents and Settings\Regiane\ZincGamesList.bin

    2008-01-29 15:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

    2007-07-19 23:07 25,600 ----a-w C:\Documents and Settings\Regiane\usbsermptxp.sys

    2007-07-19 23:07 22,768 ----a-w C:\Documents and Settings\Regiane\usbsermpt.sys

    2007-06-17 22:37 0 ----a-w C:\Documents and Settings\Regiane\cmd.exe

    2007-06-13 22:54 8,920 ----a-w C:\Arquivos de programas\CinemaForgethumbnail.jpg

    2007-05-22 20:48 6,656 --sha-w C:\Arquivos de programas\Thumbs.db

    2007-03-21 00:58 92,064 ----a-w C:\Documents and Settings\Regiane\mqdmmdm.sys

    2007-03-21 00:58 9,232 ----a-w C:\Documents and Settings\Regiane\mqdmmdfl.sys

    2007-03-21 00:58 79,328 ----a-w C:\Documents and Settings\Regiane\mqdmserd.sys

    2007-03-21 00:58 66,656 ----a-w C:\Documents and Settings\Regiane\mqdmbus.sys

    2007-03-21 00:58 6,208 ----a-w C:\Documents and Settings\Regiane\mqdmcmnt.sys

    2007-03-21 00:58 5,936 ----a-w C:\Documents and Settings\Regiane\mqdmwhnt.sys

    2007-03-21 00:58 4,048 ----a-w C:\Documents and Settings\Regiane\mqdmcr.sys

    2007-03-10 16:49 1,307,954 ----a-w C:\Arquivos de programas\Receitanet2007_02.EXE

    2007-03-10 16:48 3,090,675 ----a-w C:\Arquivos de programas\irpf2007v1.0.exe

    2006-12-26 23:03 3,438 ----a-w C:\Arquivos de programas\tibiaauto-debug-cavebot.txt

    2006-10-29 23:14 8,920 ----a-w C:\Arquivos de programas\thumbnail.jpg

    2006-01-28 23:59 3,890,462 ----a-w C:\Arquivos de programas\CinemaForgecinemaforge.xmfg

    2006-01-28 23:59 3,890,462 ----a-w C:\Arquivos de programas\cinemaforge.xmfg

    2005-07-17 14:18 1,721,856 ----a-w C:\Arquivos de programas\CinemaForgeffmpeg.exe

    2005-07-17 13:18 1,721,856 ----a-w C:\Arquivos de programas\ffmpeg.exe

    2005-06-24 22:39 13,104 ----a-w C:\Arquivos de programas\cinemaforge.chm

    2005-02-23 03:51 2,167 ----a-w C:\Arquivos de programas\CinemaForgecinema1.xmfg

    2005-02-23 02:51 2,167 ----a-w C:\Arquivos de programas\cinema1.xmfg

    2004-09-20 12:49 1,179,648 ----a-w C:\Arquivos de programas\CinemaForgeffmpegphotos.exe

    2004-09-20 11:49 1,179,648 ----a-w C:\Arquivos de programas\ffmpegphotos.exe

    2004-08-04 02:01 25,856 ----a-w C:\WINDOWS\inf\usbprint.sys

    1997-06-21 19:55 1,078 ----a-w C:\Arquivos de programas\CinemaForgecinemaforge.ico

    1997-06-21 18:55 1,078 ----a-w C:\Arquivos de programas\cinemaforge.ico

    .

    ------- Sigcheck -------

    2004-08-04 00:45 14336 5de3e7b6f7624552f2f06664f110820d C:\WINDOWS\system32\svchost.exe

    2004-08-04 00:45 14336 5de3e7b6f7624552f2f06664f110820d C:\WINDOWS\system32\dllcache\svchost.exe

    2004-08-04 00:45 82944 a5163442377d3c305bbff612f80047d7 C:\WINDOWS\system32\ws2_32.dll

    2004-08-04 00:45 82944 a5163442377d3c305bbff612f80047d7 C:\WINDOWS\system32\dllcache\ws2_32.dll

    2006-04-20 09:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

    2007-10-30 13:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

    2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

    2006-04-20 08:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

    2008-02-09 14:00 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\dllcache\tcpip.sys

    2008-02-09 14:00 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\drivers\tcpip.sys

    2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\system32\winlogon.exe

    2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\system32\dllcache\winlogon.exe

    2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys

    2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

    2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys

    2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

    2004-08-04 00:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\system32\ctfmon.exe

    2004-08-04 00:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\system32\dllcache\ctfmon.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

    "Smapp"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

    "Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

    "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]

    "smapp"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

    C:\Documents and Settings\Regiane\Menu Iniciar\Programas\Inicializar\

    Last.fm Helper.lnk - C:\Arquivos de programas\Last.fm\LastFMHelper.exe [2007-07-08 15:55:14 106496]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

    "NoResolveSearch"= 1 (0x1)

    "NoPopUpsOnBoot"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "SENTINEL"= snti386.dll

    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    "C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

    "C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

    "C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

    "C:\\Arquivos de programas\\eMule\\emule.exe"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

    "C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

    "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

    "C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

    "C:\\WINDOWS\\system32\\dpvsetup.exe"=

    "C:\\WINDOWS\\system32\\rundll32.exe"=

    "C:\\Arquivos de programas\\Java\\jre1.6.0_01\\bin\\javaw.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "2940:TCP"= 2940:TCP:.

    "7171:TCP"= 7171:TCP:Open Tibia Server

    "32459:TCP"= 32459:TCP:32459

    "8080:TCP"= 8080:TCP:uTorrent

    "47624:TCP"= 47624:TCP:AOEII

    "30086:TCP"= 30086:TCP:utorrent

    "30086:UDP"= 30086:UDP:utorrent

    "23792:TCP"= 23792:TCP:BitComet 23792 TCP

    "23792:UDP"= 23792:UDP:BitComet 23792 UDP

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

    R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;C:\WINDOWS\system32\drivers\psxpad.sys [2002-05-15 16:24]

    R3 PsxPortEnumerator;Psx Port Enumerator;C:\WINDOWS\system32\Drivers\psxenum.sys [2002-09-26 08:36]

    R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-05-10 15:10]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56c14c30-18df-11db-8b37-000ea65c4b45}]

    \Shell\Auto\command - MicrosoftPowerPoint.exe

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9b63283-b944-11dc-8ffc-000ea65c4b45}]

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    "2008-04-22 01:31:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

    "2008-04-27 18:24:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

    - C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

    "2008-04-27 18:21:30 C:\WINDOWS\Tasks\star1.job"

    - c:\autoexec.bat

    "2008-04-27 18:43:02 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

    - C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

    .

    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-04-27 15:40:16

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-04-27 15:46:19

    ComboFix-quarantined-files.txt 2008-04-27 18:45:23

    Pre-Run: 4,217,651,200 bytes disponíveis

    Post-Run: 4,437,344,256 bytes disponíveis

    249 --- E O F --- 2008-04-27 03:19:11

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 15:50:16, on 27/4/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

    C:\Arquivos de programas\Windows Defender\MSASCui.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Last.fm\LastFMHelper.exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Documents and Settings\Regiane\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKCU\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

    O4 - HKCU\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

    O4 - HKCU\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

    O4 - Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

    O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {CC5C7FFD-E058-4390-A22A-FD08CCD9A3CE} (JoyOnPlay Control) - http://www.pangonline.com.br/common/com/ongamenet.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_23.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{13FEFBC5-F471-4234-A4B3-F391CA2EFD09}: NameServer = 200.204.0.10 200.204.0.138

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D091081B-948F-47AE-9C0B-E81CA5FD165E}: NameServer = 200.204.0.10,200.204.0.138

    O17 - HKLM\System\CS1\Services\Tcpip\..\{13FEFBC5-F471-4234-A4B3-F391CA2EFD09}: NameServer = 200.204.0.10 200.204.0.138

    O17 - HKLM\System\CS2\Services\Tcpip\..\{13FEFBC5-F471-4234-A4B3-F391CA2EFD09}: NameServer = 200.204.0.10 200.204.0.138

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

    O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    --

    End of file - 9251 bytes

    Acho que resolveu o problema.

    Valeu mesmo joram!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Boa Tarde! othon

    <!> Delete:

    C:\QooBox

    C:\ComboFix.txt << Log anterior do ComboFix.

    -----------------------

    >@< Selecione e copie,todo o conteúdo que está na área do código,para o Bloco de Notas.

    >@< Salve-o,no Desktop,com o nome: CFScript.txt

    File::
    C:\WINDOWS\system32\cfpxndix.ini
    C:\WINDOWS\system32\wvhttrsw.ini
    C:\WINDOWS\system32\eeqjnhcx.ini
    C:\WINDOWS\system32\cradqdak.ini
    C:\WINDOWS\system32\xnvbdgdc.ini
    C:\WINDOWS\Tasks\star1.job
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56c14c30-18df-11db-8b37-000ea65c4b45}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9b63283-b944-11dc-8ffc-000ea65c4b45}]
    Folder::
    C:\5a4249cc5402db88dee41b

    >@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

    >@< Veja a demonstração!

    cpiadecfscriptxt7.gif

    >@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

    >@< Caso não reinicie,faça-o manualmente!

    >@< Durante a execução,não utilize o teclado ou Mouse!

    >@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×