Ir ao conteúdo
  • Cadastre-se
silvamandy

System error code:1400 o identificardor da janela é inválido

Recommended Posts

Não sei o q aconcetecu mas não consigo abrir o tópico q enviei ontem, mas me pediram pra baixar o combofix, fiz todo o procedimento como me pediram e copiei o Log :

ComboFix 08-03-21.2 - usuario 2008-03-22 16:36:46.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.648 [GMT -3:00]

Executando de: C:\combofx\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

The following files were disabled during the run:

C:\WINDOWS\svcpool.dll

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\MyWay

C:\Arquivos de programas\MyWay\myBar\History\search

C:\Arquivos de programas\MyWay\myBar\Settings\prevcfg.htm

C:\WINDOWS\atualmente.dll

C:\WINDOWS\ctfmon.exe

C:\WINDOWS\winhlp.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))

.

2008-03-22 16:39 . 2008-03-22 16:39 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-03-21 23:19 . 2008-03-21 23:20 <DIR> d-------- C:\combofx

2008-03-21 18:55 . 2008-03-21 18:55 <DIR> d-------- C:\WINDOWS\_tmp

2008-03-21 18:07 . 2008-03-21 18:08 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-03-21 17:56 . 2008-03-21 17:56 <DIR> d-------- C:\Arquivos de programas\IObit

2008-03-21 16:43 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

2008-03-21 16:43 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

2008-03-21 16:43 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

2008-03-21 15:29 . 2008-03-21 15:29 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-03-21 12:55 . 2008-03-22 16:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-21 12:55 . 2008-03-22 03:08 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-21 12:42 . 2008-03-21 12:43 <DIR> d-------- C:\hijackthis

2008-03-19 01:15 . 2008-03-19 01:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-19 01:15 . 2008-03-19 01:15 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-19 01:14 . 2008-03-19 01:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-03-19 01:14 . 2008-03-19 01:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-03-18 18:26 . 2008-03-18 18:26 <DIR> d-------- C:\Arquivos de programas\MSNFans Live Winks

2008-03-18 13:07 . 2008-03-18 13:07 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-03-18 12:51 . 2008-03-18 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-18 12:51 . 2008-03-18 18:49 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-03-18 12:51 . 2008-03-18 13:00 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-18 03:25 . 2008-03-18 03:25 2,887,680 --a------ C:\WINDOWS\system32\VagalumePluginWMP.dll

2008-03-16 13:48 . 2008-03-16 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-03-15 16:45 . 2008-03-15 17:29 <DIR> d-------- C:\LIZZIE_MCGUIRE

2008-03-14 22:15 . 2008-03-21 18:00 <DIR> d-------- C:\Arquivos de programas\Norton Security Scan

2008-03-14 16:56 . 2008-03-14 17:01 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-03-14 16:56 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-03-14 12:45 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-03-14 12:45 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-03-14 12:45 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2008-03-11 20:26 . 2008-03-21 18:05 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-03-09 12:12 . 2008-03-14 00:13 11,664 --a------ C:\WINDOWS\mssnmsgr.dll

2008-03-09 10:40 . 2008-03-09 10:42 758,784 --a------ C:\WINDOWS\gbiehbsb.dll

2008-03-09 10:40 . 2008-03-09 10:40 121,344 --------- C:\WINDOWS\svcpool.dll

2008-03-09 10:40 . 2008-03-14 21:06 2,576 --a------ C:\WINDOWS\svchost

2008-03-03 16:32 . 2008-03-04 13:36 <DIR> d-------- C:\THE_FAMILY_STONE

2008-02-24 17:35 . 2008-02-24 17:36 <DIR> d-------- C:\Alguém tem que ceder

2008-02-23 17:48 . 2008-02-23 17:48 <DIR> d-------- C:\Arquivos de programas\Electronic Arts

2008-02-22 01:45 . 2008-02-22 01:45 <DIR> d-------- C:\Arquivos de programas\Garden Dreams

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-22 19:28 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Skype

2008-03-22 01:25 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\skypePM

2008-03-21 16:23 --------- d-----w C:\Arquivos de programas\AdVantage

2008-03-20 15:37 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-20 12:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-03-17 02:16 --------- d-----w C:\Arquivos de programas\Atrativa Games

2008-03-17 02:15 --------- d-----w C:\Arquivos de programas\Macromedia

2008-03-17 02:15 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-03-17 02:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-16 13:39 --------- d-----w C:\Documents and Settings\Mandy\Dados de aplicativos\Ahead

2008-03-14 21:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Sandlot Shared

2008-03-13 04:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-03 19:28 --------- d-----w C:\Arquivos de programas\DVD Shrink

2008-02-20 18:43 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2008-02-20 18:41 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-02-20 18:41 --------- d-----w C:\Arquivos de programas\Skype

2008-02-20 18:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2008-02-17 19:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-02-14 16:34 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\LimeWire

2008-02-14 04:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NeptunesAdve

2008-02-13 17:11 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\PlayFirst

2008-02-13 17:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst

2008-02-10 16:43 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Jane s Hotel

2008-02-09 22:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NannyMania

2008-02-09 20:55 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Gaijin Ent

2008-02-09 02:28 --------- d-----w C:\Arquivos de programas\CallIT

2008-02-08 05:07 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\My Games

2008-02-08 02:47 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\GanymedeNet

2008-02-08 02:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Sandlot Games

2008-02-05 04:39 --------- d-----w C:\Arquivos de programas\EA GAMES

2008-02-05 04:27 --------- d-----w C:\Arquivos de programas\thesims2 moda

2008-02-02 20:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-02-02 20:44 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-02-02 20:44 --------- d-----w C:\Arquivos de programas\FLV Player

2008-02-02 18:00 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-02-02 16:19 --------- d-----w C:\Arquivos de programas\Total Video Converter

2008-01-20 22:56 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-01-19 17:53 3,657,160 ----a-w C:\daemon4120-lite.exe

2008-01-01 00:15 20,992 ----a-w C:\WINDOWS\jestertb.dll

2007-12-23 23:34 5,825,192 ----a-w C:\Firefox Setup 2.0.0.11.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

2008-03-09 10:42 758784 --a------ C:\WINDOWS\gbiehbsb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [ ]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2008-01-17 13:51 486856]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 14:53 307200]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-08-03 03:53 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2006-08-25 02:52 176128 C:\WINDOWS\system32\VTTrayp.exe]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"SMSERIAL"="sm56hlpr.exe" [2000-11-22 11:40 462848 C:\WINDOWS\sm56hlpr.exe]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"Motive SmartBridge"="C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 15:46 397312]

"AudioDeck"="C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 07:28 540672]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-01-07 19:13 77824]

C:\Documents and Settings\usuario\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

Assistente Tecnico Speedy.lnk - C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2007-11-30 13:05:16 217088]

Digimax Viewer 2.0.lnk - C:\Arquivos de programas\Samsung\Digimax Viewer 2.0\STImgBrowser.exe [2007-08-28 10:00:18 626688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2000-11-22 11:40 462848 C:\WINDOWS\sm56hlpr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\WinRAR\\WinRAR.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Documents and Settings\\usuario\\Meus documentos\\Amanda\\slides\\incredimail_install.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImLc.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [2006-07-04 16:17]

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-21 22:23:54 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Arquivos de programas\Norton Security Scan\Nss.exe

"2008-03-22 05:56:02 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-22 16:39:49

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SMSERIAL = sm56hlpr.exe?

AudioDeck = C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???d:\audio\via???????|???|?????????????????????????

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\svcpool.dll

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\WINDOWS\svcpool.dll

PROCESS: C:\WINDOWS\system32\csrss.exe

-> C:\WINDOWS\svcpool.dll

.

Tempo para conclusão: 2008-03-22 16:40:40

ComboFix-quarantined-files.txt 2008-03-22 19:40:36

.

2008-03-19 05:04:01 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

Folder::
C:\WINDOWS\_tmp
File::
C:\WINDOWS\mssnmsgr.dll
C:\WINDOWS\gbiehbsb.dll
C:\WINDOWS\svcpool.dll,
C:\WINDOWS\svchost
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"gbieh.1"=-

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

segue o log do combofix:

ComboFix 08-03-21.2 - usuario 2008-03-23 21:38:01.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.766 [GMT -3:00]

Executando de: C:\combofx\ComboFix.exe

Command switches used :: C:\combofx\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\WINDOWS\gbiehbsb.dll

C:\WINDOWS\mssnmsgr.dll

C:\WINDOWS\svchost

C:\WINDOWS\svcpool.dll,

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\_tmp

C:\WINDOWS\gbiehbsb.dll

C:\WINDOWS\mssnmsgr.dll

C:\WINDOWS\svchost

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))))

.

2008-03-21 23:19 . 2008-03-23 21:38 <DIR> d-------- C:\combofx

2008-03-21 18:07 . 2008-03-22 18:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-03-21 17:56 . 2008-03-21 17:56 <DIR> d-------- C:\Arquivos de programas\IObit

2008-03-21 16:43 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

2008-03-21 16:43 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

2008-03-21 16:43 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

2008-03-21 15:29 . 2008-03-21 15:29 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-03-21 12:55 . 2008-03-23 21:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-21 12:55 . 2008-03-22 03:08 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-21 12:42 . 2008-03-21 12:43 <DIR> d-------- C:\hijackthis

2008-03-19 01:15 . 2008-03-19 01:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-19 01:15 . 2008-03-19 01:15 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-19 01:14 . 2008-03-19 01:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-03-19 01:14 . 2008-03-19 01:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-03-18 18:26 . 2008-03-18 18:26 <DIR> d-------- C:\Arquivos de programas\MSNFans Live Winks

2008-03-18 13:07 . 2008-03-18 13:07 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-03-18 12:51 . 2008-03-18 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-18 12:51 . 2008-03-18 18:49 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-03-18 12:51 . 2008-03-18 13:00 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-18 03:25 . 2008-03-18 03:25 2,887,680 --a------ C:\WINDOWS\system32\VagalumePluginWMP.dll

2008-03-16 13:48 . 2008-03-16 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-03-15 16:45 . 2008-03-15 17:29 <DIR> d-------- C:\LIZZIE_MCGUIRE

2008-03-14 22:15 . 2008-03-21 18:00 <DIR> d-------- C:\Arquivos de programas\Norton Security Scan

2008-03-14 16:56 . 2008-03-14 17:01 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-03-14 16:56 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-03-14 12:45 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-03-14 12:45 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-03-14 12:45 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2008-03-11 20:26 . 2008-03-21 18:05 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-03-09 10:40 . 2008-03-09 10:40 121,344 --------- C:\WINDOWS\svcpool.dll

2008-03-03 16:32 . 2008-03-04 13:36 <DIR> d-------- C:\THE_FAMILY_STONE

2008-02-24 17:35 . 2008-02-24 17:36 <DIR> d-------- C:\Alguém tem que ceder

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-24 00:21 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\skypePM

2008-03-24 00:21 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Skype

2008-03-23 15:25 --------- d-----w C:\Arquivos de programas\AdVantage

2008-03-20 15:37 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-20 12:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-03-17 02:16 --------- d-----w C:\Arquivos de programas\Atrativa Games

2008-03-17 02:15 --------- d-----w C:\Arquivos de programas\Macromedia

2008-03-17 02:15 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-03-17 02:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-16 13:39 --------- d-----w C:\Documents and Settings\Mandy\Dados de aplicativos\Ahead

2008-03-14 21:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Sandlot Shared

2008-03-13 04:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-03 19:28 --------- d-----w C:\Arquivos de programas\DVD Shrink

2008-02-23 20:48 --------- d-----w C:\Arquivos de programas\Electronic Arts

2008-02-22 04:45 --------- d-----w C:\Arquivos de programas\Garden Dreams

2008-02-20 18:43 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2008-02-20 18:41 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-02-20 18:41 --------- d-----w C:\Arquivos de programas\Skype

2008-02-20 18:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2008-02-17 19:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-02-14 16:34 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\LimeWire

2008-02-14 04:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NeptunesAdve

2008-02-13 17:11 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\PlayFirst

2008-02-13 17:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst

2008-02-10 16:43 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Jane s Hotel

2008-02-09 22:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NannyMania

2008-02-09 20:55 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Gaijin Ent

2008-02-09 02:28 --------- d-----w C:\Arquivos de programas\CallIT

2008-02-08 05:07 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\My Games

2008-02-08 02:47 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\GanymedeNet

2008-02-08 02:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Sandlot Games

2008-02-05 04:39 --------- d-----w C:\Arquivos de programas\EA GAMES

2008-02-05 04:27 --------- d-----w C:\Arquivos de programas\thesims2 moda

2008-02-02 20:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-02-02 20:44 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-02-02 20:44 --------- d-----w C:\Arquivos de programas\FLV Player

2008-02-02 18:00 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-02-02 16:19 --------- d-----w C:\Arquivos de programas\Total Video Converter

2008-01-20 22:56 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-01-19 17:53 3,657,160 ----a-w C:\daemon4120-lite.exe

2008-01-01 00:15 20,992 ----a-w C:\WINDOWS\jestertb.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [ ]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2008-01-17 13:51 486856]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 14:53 307200]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-08-03 03:53 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2006-08-25 02:52 176128 C:\WINDOWS\system32\VTTrayp.exe]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"SMSERIAL"="sm56hlpr.exe" [2000-11-22 11:40 462848 C:\WINDOWS\sm56hlpr.exe]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"Motive SmartBridge"="C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 15:46 397312]

"AudioDeck"="C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 07:28 540672]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-01-07 19:13 77824]

C:\Documents and Settings\usuario\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

Assistente Tecnico Speedy.lnk - C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2007-11-30 13:05:16 217088]

Digimax Viewer 2.0.lnk - C:\Arquivos de programas\Samsung\Digimax Viewer 2.0\STImgBrowser.exe [2007-08-28 10:00:18 626688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2000-11-22 11:40 462848 C:\WINDOWS\sm56hlpr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\WinRAR\\WinRAR.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Documents and Settings\\usuario\\Meus documentos\\Amanda\\slides\\incredimail_install.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImLc.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [2006-07-04 16:17]

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-21 22:23:54 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Arquivos de programas\Norton Security Scan\Nss.exe

"2008-03-22 20:56:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-23 21:41:12

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SMSERIAL = sm56hlpr.exe?

AudioDeck = C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???d:\audio\via???????|???|?????????????????????????

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\tsd32.dll

.

Tempo para conclusão: 2008-03-23 21:42:23

ComboFix-quarantined-files.txt 2008-03-24 00:41:44

ComboFix2.txt 2008-03-22 19:40:41

.

2008-03-19 05:04:01 --- E O F ---

e este é o log do hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 22:09:29, on 23/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\WINDOWS\gbiehbsb.dll (file missing)

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O4 - Global Startup: Digimax Viewer 2.0.lnk = ?

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk789YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0A2DBDA2-C339-475B-8BF0-D148FD452D54}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{0A2DBDA2-C339-475B-8BF0-D148FD452D54}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk789YYBR

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- No mais, o log está limpo :)

- Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

- Atualize o Internet Explorer:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oie boa noite!:)

Pessoal preciso da ajuda de vocês estou com um probleminha.

Toda Vez q inicio meu windows aparece 3 caixa de diálogo...

Uma diz:

Smart bridge Alerts motive SB.exe - Ponto de entrada não encontrado.

Ao outra caixa de diálogo diz:Error unknown switch in.comand line.

E a última caixa de diálogo diz:

Rundll erro ao carregar c:\windows\gbiehbsb.dll não foi possível encontrar o módulo especificado

Se alguém puder me ajudar a solucionar estes probleminhas ficarei grata!

Valeu:aplausos:

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

´Boa noite aqui está o log do combofix:

ComboFix 08-03-25.1 - usuario 2008-03-25 23:49:59.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.602 [GMT -3:00]

Executando de: C:\ComboFix\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))

.

2008-03-25 23:40 . 2008-03-25 23:40 <DIR> d-------- C:\WINDOWS\LastGood

2008-03-25 15:50 . 2008-03-25 15:51 <DIR> d-------- C:\Arquivos de programas\LimeWire

2008-03-25 13:15 . 2008-03-25 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-03-25 13:15 . 2008-03-25 13:15 <DIR> d-------- C:\Arquivos de programas\Avira

2008-03-25 00:58 . 2008-03-25 13:04 <DIR> d-------- C:\Arquivos de programas\F-Secure

2008-03-24 23:49 . 2008-03-24 23:50 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-03-24 23:43 . 2007-12-06 23:09 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-03-24 23:43 . 2007-07-01 00:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-03-24 23:43 . 2007-07-01 00:36 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-03-24 23:43 . 2007-12-06 23:09 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-03-24 23:43 . 2007-12-06 23:09 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-03-24 23:43 . 2007-12-06 23:09 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-03-24 23:43 . 2007-12-06 23:09 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-03-24 23:43 . 2007-12-06 23:09 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-03-24 23:43 . 2007-12-06 08:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-03-24 16:15 . 2008-03-24 16:15 <DIR> d-------- C:\Recnet

2008-03-24 16:15 . 2008-03-24 16:15 127 --a------ C:\WINDOWS\REC-NET.INI

2008-03-24 15:55 . 2008-03-24 15:55 <DIR> d-------- C:\Documents and Settings\usuario\.receitanet

2008-03-24 15:54 . 2008-03-25 13:03 0 --a------ C:\WINDOWS\vpd.properties

2008-03-24 13:29 . 2008-03-24 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HipSoft

2008-03-21 23:19 . 2008-03-24 23:34 <DIR> d-------- C:\combofx

2008-03-21 18:07 . 2008-03-22 18:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-03-21 17:56 . 2008-03-21 17:56 <DIR> d-------- C:\Arquivos de programas\IObit

2008-03-21 16:43 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

2008-03-21 16:43 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

2008-03-21 16:43 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

2008-03-21 15:29 . 2008-03-24 15:54 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-03-21 12:42 . 2008-03-24 23:25 <DIR> d-------- C:\hijackthis

2008-03-19 01:15 . 2008-03-19 01:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-19 01:15 . 2008-03-19 01:15 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-19 01:14 . 2008-03-19 01:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-03-19 01:14 . 2008-03-19 01:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-03-18 18:26 . 2008-03-18 18:26 <DIR> d-------- C:\Arquivos de programas\MSNFans Live Winks

2008-03-18 13:07 . 2008-03-18 13:07 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-03-18 12:51 . 2008-03-18 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-18 12:51 . 2008-03-18 18:49 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-03-18 12:51 . 2008-03-18 13:00 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-18 03:25 . 2008-03-18 03:25 2,887,680 --a------ C:\WINDOWS\system32\VagalumePluginWMP.dll

2008-03-16 13:48 . 2008-03-16 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-03-15 16:45 . 2008-03-15 17:29 <DIR> d-------- C:\LIZZIE_MCGUIRE

2008-03-14 22:15 . 2008-03-21 18:00 <DIR> d-------- C:\Arquivos de programas\Norton Security Scan

2008-03-14 16:56 . 2008-03-14 17:01 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-03-14 16:56 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-03-14 12:45 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-03-14 12:45 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-03-14 12:45 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2008-03-11 20:26 . 2008-03-21 18:05 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-03-03 16:32 . 2008-03-04 13:36 <DIR> d-------- C:\THE_FAMILY_STONE

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-25 21:45 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Skype

2008-03-25 21:44 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\skypePM

2008-03-25 20:12 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\LimeWire

2008-03-24 16:28 --------- d-----w C:\Arquivos de programas\Atrativa Games

2008-03-24 13:48 --------- d-----w C:\Arquivos de programas\AdVantage

2008-03-20 15:37 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-20 12:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-03-17 02:15 --------- d-----w C:\Arquivos de programas\Macromedia

2008-03-17 02:15 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-03-17 02:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-16 13:39 --------- d-----w C:\Documents and Settings\Mandy\Dados de aplicativos\Ahead

2008-03-14 21:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Sandlot Shared

2008-03-13 04:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-03 19:28 --------- d-----w C:\Arquivos de programas\DVD Shrink

2008-02-23 20:48 --------- d-----w C:\Arquivos de programas\Electronic Arts

2008-02-22 04:45 --------- d-----w C:\Arquivos de programas\Garden Dreams

2008-02-20 18:43 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2008-02-20 18:41 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-02-20 18:41 --------- d-----w C:\Arquivos de programas\Skype

2008-02-20 18:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2008-02-17 19:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-02-14 04:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NeptunesAdve

2008-02-13 17:11 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\PlayFirst

2008-02-13 17:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst

2008-02-10 16:43 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Jane s Hotel

2008-02-09 22:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NannyMania

2008-02-09 20:55 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Gaijin Ent

2008-02-09 02:28 --------- d-----w C:\Arquivos de programas\CallIT

2008-02-08 05:07 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\My Games

2008-02-08 02:47 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\GanymedeNet

2008-02-08 02:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Sandlot Games

2008-02-05 04:39 --------- d-----w C:\Arquivos de programas\EA GAMES

2008-02-05 04:27 --------- d-----w C:\Arquivos de programas\thesims2 moda

2008-02-02 20:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-02-02 20:44 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-02-02 20:44 --------- d-----w C:\Arquivos de programas\FLV Player

2008-02-02 18:00 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-02-02 16:19 --------- d-----w C:\Arquivos de programas\Total Video Converter

2008-01-20 22:56 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-01-19 17:53 3,657,160 ----a-w C:\daemon4120-lite.exe

2008-01-01 00:15 20,992 ----a-w C:\WINDOWS\jestertb.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2008-01-17 13:51 486856]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 14:53 307200]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-08-03 03:53 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2006-08-25 02:52 176128 C:\WINDOWS\system32\VTTrayp.exe]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"SMSERIAL"="sm56hlpr.exe" [2000-11-22 11:40 462848 C:\WINDOWS\sm56hlpr.exe]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"Motive SmartBridge"="C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 15:46 397312]

"AudioDeck"="C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 07:28 540672]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-01-07 19:13 77824]

C:\Documents and Settings\usuario\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

Assistente Tecnico Speedy.lnk - C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2007-11-30 13:05:16 217088]

Digimax Viewer 2.0.lnk - C:\Arquivos de programas\Samsung\Digimax Viewer 2.0\STImgBrowser.exe [2007-08-28 10:00:18 626688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2000-11-22 11:40 462848 C:\WINDOWS\sm56hlpr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\WinRAR\\WinRAR.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImLc.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [2006-07-04 16:17]

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-21 22:23:54 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Arquivos de programas\Norton Security Scan\Nss.exe

"2008-03-26 01:56:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-25 23:52:09

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SMSERIAL = sm56hlpr.exe?

AudioDeck = C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???d:\audio\via???????|???|?????????????????????????

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-03-25 23:52:45

ComboFix-quarantined-files.txt 2008-03-26 02:52:28

ComboFix2.txt 2008-03-25 02:18:24

.

2008-03-19 05:04:01 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"gbieh.1"=-

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oieeeeeee!!!Aqui está o log do Combofix:

ComboFix 08-03-26.3 - usuario 2008-03-28 2:24:08.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.551 [GMT -3:00]

Executando de: C:\comboFix\ComboFix.exe

Command switches used :: C:\comboFix\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))))

.

2008-03-27 19:25 . 2008-03-27 19:26 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Preclick Photo Organizer

2008-03-27 19:25 . 2008-03-27 19:25 <DIR> d-------- C:\Arquivos de programas\Preclick

2008-03-27 19:15 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-03-27 19:15 . 2002-01-05 14:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2008-03-27 19:15 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-03-27 19:15 . 2003-08-07 15:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll

2008-03-27 19:14 . 2008-03-27 20:30 <DIR> d-------- C:\Arquivos de programas\Extra Photo to Video Converter Free

2008-03-27 18:52 . 2008-03-27 18:53 <DIR> d-------- C:\Arquivos de programas\Flash Slideshow Maker Professional

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\system32\mdum.dIl

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\sfvir.dIl

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\hnnic.dIl

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\csesh.dIl

2008-03-27 18:12 . 2008-03-27 18:12 249,856 --------- C:\WINDOWS\Setup1.exe

2008-03-27 18:12 . 2008-03-27 18:12 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-03-27 18:06 . 2008-03-27 18:06 <DIR> d-------- C:\WINDOWS\LastGood

2008-03-27 02:29 . 2008-03-27 02:29 <DIR> d-------- C:\Arquivos de programas\Winks Installer

2008-03-26 21:15 . 2008-03-26 21:15 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Fuzzy Games

2008-03-26 17:03 . 2008-03-26 17:03 <DIR> d-------- C:\OutDemo

2008-03-26 09:25 . 2008-03-26 09:25 2,074 --a------ C:\WINDOWS\system32\nortons.exe

2008-03-26 09:25 . 2008-03-26 09:25 2,074 --a------ C:\WINDOWS\system32\IEXPLORES.EXE

2008-03-26 09:25 . 2008-03-26 09:25 2,074 --a------ C:\WINDOWS\system\msnmsssgser.exe

2008-03-25 15:50 . 2008-03-25 15:51 <DIR> d-------- C:\Arquivos de programas\LimeWire

2008-03-25 13:15 . 2008-03-25 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-03-25 00:58 . 2008-03-25 13:04 <DIR> d-------- C:\Arquivos de programas\F-Secure

2008-03-24 23:49 . 2008-03-24 23:50 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-03-24 23:43 . 2007-12-06 23:09 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-03-24 23:43 . 2007-07-01 00:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-03-24 23:43 . 2007-07-01 00:36 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-03-24 23:43 . 2007-12-06 23:09 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-03-24 23:43 . 2007-12-06 23:09 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-03-24 23:43 . 2007-12-06 23:09 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-03-24 23:43 . 2007-12-06 23:09 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-03-24 23:43 . 2007-12-06 23:09 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-03-24 23:43 . 2007-12-06 08:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-03-24 16:15 . 2008-03-24 16:15 127 --a------ C:\WINDOWS\REC-NET.INI

2008-03-24 15:55 . 2008-03-24 15:55 <DIR> d-------- C:\Documents and Settings\usuario\.receitanet

2008-03-24 15:54 . 2008-03-25 13:03 0 --a------ C:\WINDOWS\vpd.properties

2008-03-24 13:29 . 2008-03-24 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HipSoft

2008-03-21 18:07 . 2008-03-22 18:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-03-21 17:56 . 2008-03-21 17:56 <DIR> d-------- C:\Arquivos de programas\IObit

2008-03-21 16:43 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

2008-03-21 16:43 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

2008-03-21 16:43 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

2008-03-21 15:29 . 2008-03-24 15:54 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-03-21 12:42 . 2008-03-24 23:25 <DIR> d-------- C:\hijackthis

2008-03-19 01:15 . 2008-03-19 01:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-19 01:15 . 2008-03-19 01:15 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-19 01:14 . 2008-03-19 01:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-03-19 01:14 . 2008-03-19 01:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-03-18 18:26 . 2008-03-18 18:26 <DIR> d-------- C:\Arquivos de programas\MSNFans Live Winks

2008-03-18 13:07 . 2008-03-18 13:07 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-03-18 12:51 . 2008-03-18 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-18 12:51 . 2008-03-18 18:49 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-03-18 12:51 . 2008-03-18 13:00 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-18 03:25 . 2008-03-18 03:25 2,887,680 --a------ C:\WINDOWS\system32\VagalumePluginWMP.dll

2008-03-16 13:48 . 2008-03-16 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-03-15 16:45 . 2008-03-15 17:29 <DIR> d-------- C:\LIZZIE_MCGUIRE

2008-03-14 22:15 . 2008-03-21 18:00 <DIR> d-------- C:\Arquivos de programas\Norton Security Scan

2008-03-14 16:56 . 2008-03-14 17:01 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-03-14 16:56 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-03-14 12:45 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-03-14 12:45 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-03-14 12:45 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2008-03-11 20:26 . 2008-03-21 18:05 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-03-03 16:32 . 2008-03-04 13:36 <DIR> d-------- C:\THE_FAMILY_STONE

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-28 04:08 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-28 03:58 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\LimeWire

2008-03-28 02:26 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\skypePM

2008-03-28 02:26 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Skype

2008-03-27 00:15 --------- d-----w C:\Arquivos de programas\Atrativa Games

2008-03-24 13:48 --------- d-----w C:\Arquivos de programas\AdVantage

2008-03-20 12:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-03-17 02:15 --------- d-----w C:\Arquivos de programas\Macromedia

2008-03-17 02:15 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-03-17 02:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-16 13:39 --------- d-----w C:\Documents and Settings\Mandy\Dados de aplicativos\Ahead

2008-03-14 21:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Sandlot Shared

2008-03-13 04:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-03 19:28 --------- d-----w C:\Arquivos de programas\DVD Shrink

2008-02-23 20:48 --------- d-----w C:\Arquivos de programas\Electronic Arts

2008-02-22 04:45 --------- d-----w C:\Arquivos de programas\Garden Dreams

2008-02-20 18:43 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2008-02-20 18:41 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-02-20 18:41 --------- d-----w C:\Arquivos de programas\Skype

2008-02-20 18:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2008-02-17 19:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-02-14 04:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NeptunesAdve

2008-02-13 17:11 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\PlayFirst

2008-02-13 17:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst

2008-02-10 16:43 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Jane s Hotel

2008-02-09 22:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NannyMania

2008-02-09 20:55 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Gaijin Ent

2008-02-09 02:28 --------- d-----w C:\Arquivos de programas\CallIT

2008-02-08 05:07 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\My Games

2008-02-08 02:47 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\GanymedeNet

2008-02-08 02:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Sandlot Games

2008-02-05 04:39 --------- d-----w C:\Arquivos de programas\EA GAMES

2008-02-05 04:27 --------- d-----w C:\Arquivos de programas\thesims2 moda

2008-02-02 20:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-02-02 20:44 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-02-02 20:44 --------- d-----w C:\Arquivos de programas\FLV Player

2008-02-02 18:00 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-02-02 16:19 --------- d-----w C:\Arquivos de programas\Total Video Converter

2008-01-20 22:56 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-01-19 17:53 3,657,160 ----a-w C:\daemon4120-lite.exe

2008-01-01 00:15 20,992 ----a-w C:\WINDOWS\jestertb.dll

.

((((((((((((((((((((((((((((( snapshot@2008-03-25_23.52.21,34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-07-12 23:27:10 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll

+ 2007-03-06 01:01:00 215,264 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:02:08 384,224 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll

+ 2007-08-13 21:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll

- 2007-08-13 21:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll

+ 2007-07-12 23:31:30 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll

+ 2000-07-15 03:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2008-01-17 13:51 486856]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 14:53 307200]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-08-03 03:53 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2006-08-25 02:52 176128 C:\WINDOWS\system32\VTTrayp.exe]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"SMSERIAL"="sm56hlpr.exe" [2000-11-22 11:40 462848 C:\WINDOWS\sm56hlpr.exe]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"Motive SmartBridge"="C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 15:46 397312]

"AudioDeck"="C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 07:28 540672]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-01-07 19:13 77824]

C:\Documents and Settings\usuario\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

Assistente Tecnico Speedy.lnk - C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2007-11-30 13:05:16 217088]

Digimax Viewer 2.0.lnk - C:\Arquivos de programas\Samsung\Digimax Viewer 2.0\STImgBrowser.exe [2007-08-28 10:00:18 626688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2000-11-22 11:40 462848 C:\WINDOWS\sm56hlpr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\WinRAR\\WinRAR.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImLc.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [2006-07-04 16:17]

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-21 22:23:54 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Arquivos de programas\Norton Security Scan\Nss.exe

"2008-03-28 04:56:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-28 02:26:19

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SMSERIAL = sm56hlpr.exe?

AudioDeck = C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???d:\audio\via???????|???|?????????????????????????

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-03-28 2:27:00

ComboFix-quarantined-files.txt 2008-03-28 05:26:44

ComboFix2.txt 2008-03-26 02:56:45

ComboFix3.txt 2008-03-25 02:18:24

Pre-Run: 27,558,293,504 bytes disponíveis

Post-Run: 27,549,945,856 bytes disponíveis

.

2008-03-26 06:18:59 --- E O F ---

E este é o do Hijack this!

Logfile of HijackThis v1.99.1

Scan saved at 02:38:11, on 28/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O4 - Global Startup: Digimax Viewer 2.0.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0A2DBDA2-C339-475B-8BF0-D148FD452D54}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{0A2DBDA2-C339-475B-8BF0-D148FD452D54}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"gbieh.1"=-

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite...

O arquivo do combofix, sumiu do C: o q faço?Baixo outro/?Eu tinha exluido ele depois q resolvi aquele primeiro problema, quando você me pediu pra baixar ele novamente eu baixei e agora ele sumiu de novo mas não exclui...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi já fiz o download novamente e fiz como pediu aqui está o log do combofix:

ComboFix 08-03-30.3 - usuario 2008-03-31 14:44:24.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.641 [GMT -3:00]

Executando de: C:\ComboFix.exe

Command switches used :: C:\Documents and Settings\usuario\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-28 to 2008-03-31 ))))))))))))))))))))))))))))))))

.

2008-03-31 14:41 . 2008-03-31 14:41 1,603,483 --a------ C:\ComboFix.exe

2008-03-31 14:29 . 2008-03-31 14:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-31 14:29 . 2008-03-31 14:29 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-30 23:16 . 2008-03-30 23:16 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Zylom

2008-03-30 23:16 . 2008-03-30 23:16 <DIR> d-------- C:\Arquivos de programas\Zylom Games

2008-03-30 15:11 . 2008-03-30 15:11 <DIR> d-------- C:\WINDOWS\Sun

2008-03-28 20:38 . 2008-03-28 20:39 <DIR> d-------- C:\LG_VDR

2008-03-28 03:04 . 2008-03-28 03:12 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\WildBit Viewer

2008-03-28 03:03 . 2008-03-28 03:03 <DIR> d-------- C:\Arquivos de programas\WildBit Viewer

2008-03-28 03:03 . 2003-06-19 14:46 491,520 --a------ C:\WINDOWS\system32\lkVCDimager.dll

2008-03-28 03:03 . 2006-10-02 13:44 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-03-28 03:03 . 2006-08-05 12:06 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-03-28 03:02 . 2008-03-28 03:03 <DIR> d-------- C:\Arquivos de programas\The FilmMachine

2008-03-27 19:25 . 2008-03-27 19:26 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Preclick Photo Organizer

2008-03-27 19:25 . 2008-03-27 19:25 <DIR> d-------- C:\Arquivos de programas\Preclick

2008-03-27 19:15 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-03-27 19:15 . 2002-01-05 14:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2008-03-27 19:15 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-03-27 19:15 . 2003-08-07 15:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll

2008-03-27 19:14 . 2008-03-27 20:30 <DIR> d-------- C:\Arquivos de programas\Extra Photo to Video Converter Free

2008-03-27 18:52 . 2008-03-27 18:53 <DIR> d-------- C:\Arquivos de programas\Flash Slideshow Maker Professional

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\system32\mdum.dIl

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\sfvir.dIl

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\hnnic.dIl

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\csesh.dIl

2008-03-27 18:12 . 2008-03-27 18:12 249,856 --------- C:\WINDOWS\Setup1.exe

2008-03-27 18:12 . 2008-03-27 18:12 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-03-27 02:29 . 2008-03-27 02:29 <DIR> d-------- C:\Arquivos de programas\Winks Installer

2008-03-26 21:15 . 2008-03-26 21:15 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Fuzzy Games

2008-03-26 17:03 . 2008-03-26 17:03 <DIR> d-------- C:\OutDemo

2008-03-26 09:25 . 2008-03-26 09:25 2,074 --a------ C:\WINDOWS\system32\nortons.exe

2008-03-26 09:25 . 2008-03-26 09:25 2,074 --a------ C:\WINDOWS\system32\IEXPLORES.EXE

2008-03-26 09:25 . 2008-03-26 09:25 2,074 --a------ C:\WINDOWS\system\msnmsssgser.exe

2008-03-25 15:50 . 2008-03-25 15:51 <DIR> d-------- C:\Arquivos de programas\LimeWire

2008-03-25 13:15 . 2008-03-25 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-03-25 00:58 . 2008-03-25 13:04 <DIR> d-------- C:\Arquivos de programas\F-Secure

2008-03-24 23:49 . 2008-03-24 23:50 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-03-24 23:43 . 2007-12-06 23:09 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-03-24 23:43 . 2007-07-01 00:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-03-24 23:43 . 2007-07-01 00:36 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-03-24 23:43 . 2007-12-06 23:09 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-03-24 23:43 . 2007-12-06 23:09 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-03-24 23:43 . 2007-12-06 23:09 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-03-24 23:43 . 2007-12-06 23:09 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-03-24 23:43 . 2007-12-06 23:09 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-03-24 23:43 . 2007-12-06 08:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-03-24 16:15 . 2008-03-24 16:15 127 --a------ C:\WINDOWS\REC-NET.INI

2008-03-24 15:55 . 2008-03-24 15:55 <DIR> d-------- C:\Documents and Settings\usuario\.receitanet

2008-03-24 15:54 . 2008-03-25 13:03 0 --a------ C:\WINDOWS\vpd.properties

2008-03-24 13:29 . 2008-03-24 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HipSoft

2008-03-21 18:07 . 2008-03-22 18:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-03-21 17:56 . 2008-03-21 17:56 <DIR> d-------- C:\Arquivos de programas\IObit

2008-03-21 16:43 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

2008-03-21 16:43 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

2008-03-21 16:43 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

2008-03-21 15:29 . 2008-03-24 15:54 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-03-21 12:42 . 2008-03-28 02:38 <DIR> d-------- C:\hijackthis

2008-03-19 01:15 . 2008-03-19 01:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-19 01:15 . 2008-03-19 01:15 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-19 01:14 . 2008-03-19 01:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-03-19 01:14 . 2008-03-19 01:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-03-18 18:26 . 2008-03-18 18:26 <DIR> d-------- C:\Arquivos de programas\MSNFans Live Winks

2008-03-18 13:07 . 2008-03-18 13:07 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-03-18 12:51 . 2008-03-18 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-18 12:51 . 2008-03-18 18:49 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-03-18 12:51 . 2008-03-18 13:00 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-18 03:25 . 2008-03-18 03:25 2,887,680 --a------ C:\WINDOWS\system32\VagalumePluginWMP.dll

2008-03-16 13:48 . 2008-03-16 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-03-15 16:45 . 2008-03-15 17:29 <DIR> d-------- C:\LIZZIE_MCGUIRE

2008-03-14 22:15 . 2008-03-21 18:00 <DIR> d-------- C:\Arquivos de programas\Norton Security Scan

2008-03-14 16:56 . 2008-03-14 17:01 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-03-14 16:56 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-03-14 12:45 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-03-14 12:45 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-03-14 12:45 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2008-03-11 20:26 . 2008-03-21 18:05 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-03-03 16:32 . 2008-03-04 13:36 <DIR> d-------- C:\THE_FAMILY_STONE

2008-02-24 17:35 . 2008-02-24 17:36 <DIR> d-------- C:\Alguém tem que ceder

2008-02-23 17:48 . 2008-02-23 17:48 <DIR> d-------- C:\Arquivos de programas\Electronic Arts

2008-02-22 01:45 . 2008-02-22 01:45 <DIR> d-------- C:\Arquivos de programas\Garden Dreams

2008-02-20 15:43 . 2008-03-31 13:31 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\skypePM

2008-02-20 15:43 . 2008-02-20 15:43 32 --a------ C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2008-02-20 15:41 . 2008-03-31 14:02 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Skype

2008-02-20 15:41 . 2008-02-20 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-02-20 15:41 . 2008-02-20 15:41 <DIR> d-------- C:\Arquivos de programas\Skype

2008-02-20 15:41 . 2008-02-20 15:41 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-02-17 16:48 . 2008-03-30 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-02-15 19:18 . 2008-02-15 19:18 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-02-15 19:18 . 2008-02-15 19:18 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-02-14 01:40 . 2008-02-14 01:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NeptunesAdve

2008-02-13 09:03 . 2008-03-13 01:02 1,930 --a------ C:\WINDOWS\system32\MRT.INI

2008-02-10 13:43 . 2008-02-10 13:43 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Jane s Hotel

2008-02-09 19:04 . 2008-02-09 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NannyMania

2008-02-09 17:55 . 2008-02-09 17:55 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Gaijin Ent

2008-02-08 23:28 . 2008-02-08 23:28 <DIR> d-------- C:\Arquivos de programas\CallIT

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-30 20:05 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-29 02:11 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\LimeWire

2008-03-28 23:38 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-03-24 13:48 --------- d-----w C:\Arquivos de programas\AdVantage

2008-03-17 02:15 --------- d-----w C:\Arquivos de programas\Macromedia

2008-03-17 02:15 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-03-17 02:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-16 13:39 --------- d-----w C:\Documents and Settings\Mandy\Dados de aplicativos\Ahead

2008-03-13 04:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-03 19:28 --------- d-----w C:\Arquivos de programas\DVD Shrink

2008-02-05 04:39 --------- d-----w C:\Arquivos de programas\EA GAMES

2008-02-02 18:00 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-01-20 22:56 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-01-19 17:53 3,657,160 ----a-w C:\daemon4120-lite.exe

2008-01-01 00:15 20,992 ----a-w C:\WINDOWS\jestertb.dll

2007-12-07 02:09 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

.

((((((((((((((((((((((((((((( snapshot@2008-03-25_23.52.21,34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-07-12 23:27:10 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll

+ 2006-08-29 17:17:22 161,976 ----a-w C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll

+ 2007-03-06 01:01:00 215,264 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:02:08 384,224 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll

+ 2007-08-13 21:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll

- 2007-05-17 19:30:48 318,976 ----a-w C:\WINDOWS\system32\avisynth.dll

+ 2005-10-28 16:44:12 308,224 ----a-w C:\WINDOWS\system32\avisynth.dll

- 2004-02-22 12:11:08 719,872 ----a-w C:\WINDOWS\system32\devil.dll

+ 2004-02-22 08:11:10 719,872 ----a-w C:\WINDOWS\system32\devil.dll

- 2007-08-13 21:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll

+ 2007-07-12 23:31:30 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll

+ 2000-07-15 03:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2008-01-17 13:51 486856]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 14:53 307200]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-08-03 03:53 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2006-08-25 02:52 176128 C:\WINDOWS\system32\VTTrayp.exe]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"SMSERIAL"="sm56hlpr.exe" [2000-11-22 11:40 462848 C:\WINDOWS\sm56hlpr.exe]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"Motive SmartBridge"="C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 15:46 397312]

"AudioDeck"="C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 07:28 540672]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-01-07 19:13 77824]

C:\Documents and Settings\usuario\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

Assistente Tecnico Speedy.lnk - C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2007-11-30 13:05:16 217088]

Digimax Viewer 2.0.lnk - C:\Arquivos de programas\Samsung\Digimax Viewer 2.0\STImgBrowser.exe [2007-08-28 10:00:18 626688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2000-11-22 11:40 462848 C:\WINDOWS\sm56hlpr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\WinRAR\\WinRAR.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImLc.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [2006-07-04 16:17]

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-30 21:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Arquivos de programas\Norton Security Scan\Nss.exe

"2008-03-31 13:56:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-31 14:46:22

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SMSERIAL = sm56hlpr.exe?

AudioDeck = C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???d:\audio\via???????|???|?????????????????????????

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-03-31 14:47:03

ComboFix-quarantined-files.txt 2008-03-31 17:46:47

ComboFix2.txt 2008-03-28 05:27:01

ComboFix3.txt 2008-03-26 02:56:45

ComboFix4.txt 2008-03-25 02:18:24

Pre-Run: 26,984,910,848 bytes disponíveis

Post-Run: 26,975,379,456 bytes disponíveis

.

2008-03-26 06:18:59 --- E O F ---

e esse é o log do hojacktihs

Logfile of HijackThis v1.99.1

Scan saved at 14:53:23, on 31/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O4 - Global Startup: Digimax Viewer 2.0.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0A2DBDA2-C339-475B-8BF0-D148FD452D54}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{0A2DBDA2-C339-475B-8BF0-D148FD452D54}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

Obrigada!:)

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui está o log do combofix:

ComboFix 08-03-30.3 - usuario 2008-04-03 0:41:27.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.628 [GMT -3:00]

Executando de: C:\ComboFix.exe

Command switches used :: C:\Documents and Settings\usuario\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))

.

2008-04-02 23:50 . 2008-04-02 23:50 <DIR> d-------- C:\WINDOWS\LastGood

2008-03-31 14:41 . 2008-03-31 14:41 1,603,483 --a------ C:\ComboFix.exe

2008-03-30 23:16 . 2008-03-30 23:16 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Zylom

2008-03-30 23:16 . 2008-03-30 23:16 <DIR> d-------- C:\Arquivos de programas\Zylom Games

2008-03-30 15:11 . 2008-03-30 15:11 <DIR> d-------- C:\WINDOWS\Sun

2008-03-28 20:38 . 2008-03-28 20:39 <DIR> d-------- C:\LG_VDR

2008-03-28 03:04 . 2008-03-28 03:12 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\WildBit Viewer

2008-03-28 03:03 . 2008-03-28 03:03 <DIR> d-------- C:\Arquivos de programas\WildBit Viewer

2008-03-28 03:03 . 2003-06-19 14:46 491,520 --a------ C:\WINDOWS\system32\lkVCDimager.dll

2008-03-28 03:03 . 2006-10-02 13:44 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-03-28 03:03 . 2006-08-05 12:06 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-03-28 03:02 . 2008-03-28 03:03 <DIR> d-------- C:\Arquivos de programas\The FilmMachine

2008-03-27 19:25 . 2008-03-27 19:26 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Preclick Photo Organizer

2008-03-27 19:25 . 2008-03-27 19:25 <DIR> d-------- C:\Arquivos de programas\Preclick

2008-03-27 19:15 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-03-27 19:15 . 2002-01-05 14:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2008-03-27 19:15 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-03-27 19:15 . 2003-08-07 15:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll

2008-03-27 19:14 . 2008-03-27 20:30 <DIR> d-------- C:\Arquivos de programas\Extra Photo to Video Converter Free

2008-03-27 18:52 . 2008-03-27 18:53 <DIR> d-------- C:\Arquivos de programas\Flash Slideshow Maker Professional

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\system32\mdum.dIl

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\sfvir.dIl

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\hnnic.dIl

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\csesh.dIl

2008-03-27 18:12 . 2008-03-27 18:12 249,856 --------- C:\WINDOWS\Setup1.exe

2008-03-27 18:12 . 2008-03-27 18:12 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-03-27 02:29 . 2008-03-27 02:29 <DIR> d-------- C:\Arquivos de programas\Winks Installer

2008-03-26 21:15 . 2008-03-26 21:15 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Fuzzy Games

2008-03-26 17:03 . 2008-03-26 17:03 <DIR> d-------- C:\OutDemo

2008-03-26 09:25 . 2008-03-26 09:25 2,074 --a------ C:\WINDOWS\system32\nortons.exe

2008-03-26 09:25 . 2008-03-26 09:25 2,074 --a------ C:\WINDOWS\system32\IEXPLORES.EXE

2008-03-26 09:25 . 2008-03-26 09:25 2,074 --a------ C:\WINDOWS\system\msnmsssgser.exe

2008-03-25 15:50 . 2008-03-25 15:51 <DIR> d-------- C:\Arquivos de programas\LimeWire

2008-03-25 13:15 . 2008-03-25 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-03-25 00:58 . 2008-03-25 13:04 <DIR> d-------- C:\Arquivos de programas\F-Secure

2008-03-24 23:49 . 2008-03-24 23:50 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-03-24 23:43 . 2007-12-06 23:09 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-03-24 23:43 . 2007-07-01 00:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-03-24 23:43 . 2007-07-01 00:36 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-03-24 23:43 . 2007-12-06 23:09 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-03-24 23:43 . 2007-12-06 23:09 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-03-24 23:43 . 2007-12-06 23:09 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-03-24 23:43 . 2007-12-06 23:09 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-03-24 23:43 . 2007-12-06 23:09 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-03-24 23:43 . 2007-12-06 08:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-03-24 16:15 . 2008-03-24 16:15 127 --a------ C:\WINDOWS\REC-NET.INI

2008-03-24 15:55 . 2008-03-24 15:55 <DIR> d-------- C:\Documents and Settings\usuario\.receitanet

2008-03-24 15:54 . 2008-03-25 13:03 0 --a------ C:\WINDOWS\vpd.properties

2008-03-24 13:29 . 2008-03-24 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HipSoft

2008-03-21 18:07 . 2008-03-22 18:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-03-21 17:56 . 2008-03-21 17:56 <DIR> d-------- C:\Arquivos de programas\IObit

2008-03-21 16:43 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

2008-03-21 16:43 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

2008-03-21 16:43 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

2008-03-21 15:29 . 2008-03-24 15:54 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-03-21 12:42 . 2008-03-31 14:53 <DIR> d-------- C:\hijackthis

2008-03-19 01:15 . 2008-03-19 01:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-19 01:15 . 2008-03-19 01:15 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-19 01:14 . 2008-03-19 01:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-03-19 01:14 . 2008-03-19 01:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-03-18 18:26 . 2008-03-18 18:26 <DIR> d-------- C:\Arquivos de programas\MSNFans Live Winks

2008-03-18 13:07 . 2008-03-18 13:07 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-03-18 12:51 . 2008-03-18 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-18 12:51 . 2008-03-18 18:49 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-03-18 12:51 . 2008-03-18 13:00 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-18 03:25 . 2008-03-18 03:25 2,887,680 --a------ C:\WINDOWS\system32\VagalumePluginWMP.dll

2008-03-16 13:48 . 2008-03-16 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-03-15 16:45 . 2008-03-15 17:29 <DIR> d-------- C:\LIZZIE_MCGUIRE

2008-03-14 22:15 . 2008-03-21 18:00 <DIR> d-------- C:\Arquivos de programas\Norton Security Scan

2008-03-14 16:56 . 2008-03-14 17:01 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-03-14 16:56 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-03-14 12:45 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-03-14 12:45 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-03-14 12:45 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2008-03-11 20:26 . 2008-03-21 18:05 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-03-03 16:32 . 2008-03-04 13:36 <DIR> d-------- C:\THE_FAMILY_STONE

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-03 02:50 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Skype

2008-04-03 02:47 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\skypePM

2008-04-02 11:27 --------- d-----w C:\Arquivos de programas\AdVantage

2008-04-01 17:56 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\LimeWire

2008-03-31 18:03 --------- d-----w C:\Arquivos de programas\Atrativa Games

2008-03-31 02:06 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-03-30 20:05 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-28 23:38 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-03-17 02:15 --------- d-----w C:\Arquivos de programas\Macromedia

2008-03-17 02:15 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-03-17 02:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-16 13:39 --------- d-----w C:\Documents and Settings\Mandy\Dados de aplicativos\Ahead

2008-03-14 21:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Sandlot Shared

2008-03-13 04:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-03 19:28 --------- d-----w C:\Arquivos de programas\DVD Shrink

2008-02-23 20:48 --------- d-----w C:\Arquivos de programas\Electronic Arts

2008-02-22 04:45 --------- d-----w C:\Arquivos de programas\Garden Dreams

2008-02-20 18:43 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2008-02-20 18:41 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-02-20 18:41 --------- d-----w C:\Arquivos de programas\Skype

2008-02-20 18:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2008-02-14 04:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NeptunesAdve

2008-02-13 17:11 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\PlayFirst

2008-02-13 17:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst

2008-02-10 16:43 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Jane s Hotel

2008-02-09 22:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NannyMania

2008-02-09 20:55 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Gaijin Ent

2008-02-09 02:28 --------- d-----w C:\Arquivos de programas\CallIT

2008-02-08 05:07 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\My Games

2008-02-08 02:47 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\GanymedeNet

2008-02-08 02:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Sandlot Games

2008-02-05 04:39 --------- d-----w C:\Arquivos de programas\EA GAMES

2008-02-05 04:27 --------- d-----w C:\Arquivos de programas\thesims2 moda

2008-01-20 22:56 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-01-19 17:53 3,657,160 ----a-w C:\daemon4120-lite.exe

.

((((((((((((((((((((((((((((( snapshot@2008-03-25_23.52.21,34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-07-12 23:27:10 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll

+ 2006-08-29 17:17:22 161,976 ----a-w C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll

+ 2007-03-06 01:01:00 215,264 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:02:08 384,224 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll

+ 2007-08-13 21:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll

- 2007-05-17 19:30:48 318,976 ----a-w C:\WINDOWS\system32\avisynth.dll

+ 2005-10-28 16:44:12 308,224 ----a-w C:\WINDOWS\system32\avisynth.dll

- 2004-02-22 12:11:08 719,872 ----a-w C:\WINDOWS\system32\devil.dll

+ 2004-02-22 08:11:10 719,872 ----a-w C:\WINDOWS\system32\devil.dll

- 2007-08-13 21:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll

+ 2007-07-12 23:31:30 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll

+ 2000-07-15 03:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2008-01-17 13:51 486856]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 14:53 307200]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-08-03 03:53 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2006-08-25 02:52 176128 C:\WINDOWS\system32\VTTrayp.exe]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"SMSERIAL"="sm56hlpr.exe" [2000-11-22 11:40 462848 C:\WINDOWS\sm56hlpr.exe]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"Motive SmartBridge"="C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 15:46 397312]

"AudioDeck"="C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 07:28 540672]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-01-07 19:13 77824]

C:\Documents and Settings\usuario\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

Assistente Tecnico Speedy.lnk - C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2007-11-30 13:05:16 217088]

Digimax Viewer 2.0.lnk - C:\Arquivos de programas\Samsung\Digimax Viewer 2.0\STImgBrowser.exe [2007-08-28 10:00:18 626688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2000-11-22 11:40 462848 C:\WINDOWS\sm56hlpr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\WinRAR\\WinRAR.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImLc.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [2006-07-04 16:17]

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-30 21:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Arquivos de programas\Norton Security Scan\Nss.exe

"2008-04-03 02:56:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-03 00:43:12

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SMSERIAL = sm56hlpr.exe?

AudioDeck = C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???d:\audio\via???????|???|?????????????????????????

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-04-03 0:43:43

ComboFix-quarantined-files.txt 2008-04-03 03:43:35

ComboFix2.txt 2008-03-31 17:47:04

ComboFix3.txt 2008-03-28 05:27:01

ComboFix4.txt 2008-03-26 02:56:45

ComboFix5.txt 2008-03-25 02:18:24

Pre-Run: 26,828,435,456 bytes disponíveis

Post-Run: 26,819,796,992 bytes disponíveis

.

2008-03-26 06:18:59 --- E O F ---

Agora do Hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 01:06:29, on 3/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Windows Live Toolbar\msn_sl.exe

C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O4 - Global Startup: Digimax Viewer 2.0.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0A2DBDA2-C339-475B-8BF0-D148FD452D54}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{0A2DBDA2-C339-475B-8BF0-D148FD452D54}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

obrigada!:lol:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi aqui está:

ComboFix 08-03-30.3 - usuario 2008-04-04 12:58:19.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.654 [GMT -3:00]

Executando de: C:\ComboFix.exe

Command switches used :: C:\Documents and Settings\usuario\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))

.

2008-03-31 14:41 . 2008-03-31 14:41 1,603,483 --a------ C:\ComboFix.exe

2008-03-30 23:16 . 2008-03-30 23:16 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Zylom

2008-03-30 23:16 . 2008-03-30 23:16 <DIR> d-------- C:\Arquivos de programas\Zylom Games

2008-03-30 15:11 . 2008-03-30 15:11 <DIR> d-------- C:\WINDOWS\Sun

2008-03-28 20:38 . 2008-03-28 20:39 <DIR> d-------- C:\LG_VDR

2008-03-28 03:03 . 2003-06-19 14:46 491,520 --a------ C:\WINDOWS\system32\lkVCDimager.dll

2008-03-28 03:02 . 2008-03-28 03:03 <DIR> d-------- C:\Arquivos de programas\The FilmMachine

2008-03-27 19:25 . 2008-03-27 19:26 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Preclick Photo Organizer

2008-03-27 19:25 . 2008-03-27 19:25 <DIR> d-------- C:\Arquivos de programas\Preclick

2008-03-27 19:15 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-03-27 19:15 . 2002-01-05 14:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2008-03-27 19:15 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-03-27 19:15 . 2003-08-07 15:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll

2008-03-27 19:14 . 2008-03-27 20:30 <DIR> d-------- C:\Arquivos de programas\Extra Photo to Video Converter Free

2008-03-27 18:52 . 2008-04-03 02:44 <DIR> d-------- C:\Arquivos de programas\Flash Slideshow Maker Professional

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\system32\mdum.dIl

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\sfvir.dIl

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\hnnic.dIl

2008-03-27 18:13 . 2008-03-27 18:13 40 --a------ C:\WINDOWS\csesh.dIl

2008-03-27 18:12 . 2008-03-27 18:12 249,856 --------- C:\WINDOWS\Setup1.exe

2008-03-27 18:12 . 2008-03-27 18:12 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-03-26 21:15 . 2008-03-26 21:15 <DIR> d-------- C:\Documents and Settings\usuario\Dados de aplicativos\Fuzzy Games

2008-03-26 17:03 . 2008-03-26 17:03 <DIR> d-------- C:\OutDemo

2008-03-26 09:25 . 2008-03-26 09:25 2,074 --a------ C:\WINDOWS\system32\nortons.exe

2008-03-26 09:25 . 2008-03-26 09:25 2,074 --a------ C:\WINDOWS\system32\IEXPLORES.EXE

2008-03-26 09:25 . 2008-03-26 09:25 2,074 --a------ C:\WINDOWS\system\msnmsssgser.exe

2008-03-25 15:50 . 2008-03-25 15:51 <DIR> d-------- C:\Arquivos de programas\LimeWire

2008-03-25 13:15 . 2008-03-25 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-03-25 00:58 . 2008-03-25 13:04 <DIR> d-------- C:\Arquivos de programas\F-Secure

2008-03-24 23:49 . 2008-03-24 23:50 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-03-24 23:43 . 2007-12-06 23:09 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-03-24 23:43 . 2007-07-01 00:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-03-24 23:43 . 2007-07-01 00:36 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-03-24 23:43 . 2007-12-06 23:09 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-03-24 23:43 . 2007-12-06 23:09 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-03-24 23:43 . 2007-12-06 23:09 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-03-24 23:43 . 2007-12-06 23:09 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-03-24 23:43 . 2007-12-06 23:09 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-03-24 23:43 . 2007-12-06 08:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-03-24 16:15 . 2008-03-24 16:15 127 --a------ C:\WINDOWS\REC-NET.INI

2008-03-24 15:55 . 2008-03-24 15:55 <DIR> d-------- C:\Documents and Settings\usuario\.receitanet

2008-03-24 15:54 . 2008-03-25 13:03 0 --a------ C:\WINDOWS\vpd.properties

2008-03-24 13:29 . 2008-03-24 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HipSoft

2008-03-21 18:07 . 2008-03-22 18:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-03-21 17:56 . 2008-03-21 17:56 <DIR> d-------- C:\Arquivos de programas\IObit

2008-03-21 16:43 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

2008-03-21 16:43 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

2008-03-21 16:43 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

2008-03-21 15:29 . 2008-03-24 15:54 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-03-21 12:42 . 2008-04-03 01:06 <DIR> d-------- C:\hijackthis

2008-03-19 01:15 . 2008-03-19 01:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-19 01:15 . 2008-03-19 01:15 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-19 01:14 . 2008-03-19 01:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-03-19 01:14 . 2008-03-19 01:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-03-18 18:26 . 2008-04-03 02:45 <DIR> d-------- C:\Arquivos de programas\MSNFans Live Winks

2008-03-18 13:07 . 2008-03-18 13:07 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-03-18 12:51 . 2008-03-18 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-18 12:51 . 2008-03-18 18:49 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-03-18 12:51 . 2008-03-18 13:00 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-18 03:25 . 2008-03-18 03:25 2,887,680 --a------ C:\WINDOWS\system32\VagalumePluginWMP.dll

2008-03-16 13:48 . 2008-03-16 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-03-15 16:45 . 2008-03-15 17:29 <DIR> d-------- C:\LIZZIE_MCGUIRE

2008-03-14 22:15 . 2008-03-21 18:00 <DIR> d-------- C:\Arquivos de programas\Norton Security Scan

2008-03-14 16:56 . 2008-03-14 17:01 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-03-14 16:56 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-03-14 12:45 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-03-14 12:45 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-03-14 12:45 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-03-14 12:45 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2008-03-11 20:26 . 2008-03-21 18:05 <DIR> d-------- C:\WINDOWS\system32\NtmsData

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-04 15:52 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\skypePM

2008-04-04 15:52 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Skype

2008-04-03 05:07 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\LimeWire

2008-04-02 11:27 --------- d-----w C:\Arquivos de programas\AdVantage

2008-03-31 18:03 --------- d-----w C:\Arquivos de programas\Atrativa Games

2008-03-31 02:06 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-03-30 20:05 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-28 23:38 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-03-17 02:15 --------- d-----w C:\Arquivos de programas\Macromedia

2008-03-17 02:15 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-03-17 02:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-16 13:39 --------- d-----w C:\Documents and Settings\Mandy\Dados de aplicativos\Ahead

2008-03-14 21:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Sandlot Shared

2008-03-13 04:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-03 19:28 --------- d-----w C:\Arquivos de programas\DVD Shrink

2008-02-23 20:48 --------- d-----w C:\Arquivos de programas\Electronic Arts

2008-02-22 04:45 --------- d-----w C:\Arquivos de programas\Garden Dreams

2008-02-20 18:43 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2008-02-20 18:41 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-02-20 18:41 --------- d-----w C:\Arquivos de programas\Skype

2008-02-20 18:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2008-02-14 04:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NeptunesAdve

2008-02-13 17:11 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\PlayFirst

2008-02-13 17:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst

2008-02-10 16:43 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Jane s Hotel

2008-02-09 22:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NannyMania

2008-02-09 20:55 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\Gaijin Ent

2008-02-09 02:28 --------- d-----w C:\Arquivos de programas\CallIT

2008-02-08 05:07 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\My Games

2008-02-08 02:47 --------- d-----w C:\Documents and Settings\usuario\Dados de aplicativos\GanymedeNet

2008-02-08 02:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Sandlot Games

2008-02-05 04:39 --------- d-----w C:\Arquivos de programas\EA GAMES

2008-02-05 04:27 --------- d-----w C:\Arquivos de programas\thesims2 moda

2008-01-20 22:56 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-01-19 17:53 3,657,160 ----a-w C:\daemon4120-lite.exe

.

((((((((((((((((((((((((((((( snapshot@2008-03-25_23.52.21,34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-07-12 23:27:10 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll

+ 2006-08-29 17:17:22 161,976 ----a-w C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll

+ 2007-03-06 01:01:00 215,264 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:02:08 384,224 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll

+ 2007-08-13 21:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll

- 2007-08-13 21:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll

+ 2007-07-12 23:31:30 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll

+ 2000-07-15 03:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2008-01-17 13:51 486856]

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 14:53 307200]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-08-03 03:53 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2006-08-25 02:52 176128 C:\WINDOWS\system32\VTTrayp.exe]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"SMSERIAL"="sm56hlpr.exe" [2000-11-22 11:40 462848 C:\WINDOWS\sm56hlpr.exe]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"Motive SmartBridge"="C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 15:46 397312]

"AudioDeck"="C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 07:28 540672]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-01-07 19:13 77824]

C:\Documents and Settings\usuario\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

Assistente Tecnico Speedy.lnk - C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2007-11-30 13:05:16 217088]

Digimax Viewer 2.0.lnk - C:\Arquivos de programas\Samsung\Digimax Viewer 2.0\STImgBrowser.exe [2007-08-28 10:00:18 626688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2000-11-22 11:40 462848 C:\WINDOWS\sm56hlpr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\WinRAR\\WinRAR.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImLc.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [2006-07-04 16:17]

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-30 21:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Arquivos de programas\Norton Security Scan\Nss.exe

"2008-04-04 15:56:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-04 13:00:25

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SMSERIAL = sm56hlpr.exe?

AudioDeck = C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1???d:\audio\via???????|???|?????????????????????????

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-04-04 13:01:07

ComboFix-quarantined-files.txt 2008-04-04 16:00:51

ComboFix2.txt 2008-04-03 03:43:44

ComboFix3.txt 2008-03-31 17:47:04

ComboFix4.txt 2008-03-28 05:27:01

ComboFix5.txt 2008-03-26 02:56:45

Pre-Run: 26,731,409,408 bytes disponíveis

Post-Run: 26,721,370,112 bytes disponíveis

.

2008-03-26 06:18:59 --- E O F ---

hijack this

Logfile of HijackThis v1.99.1

Scan saved at 13:10:00, on 4/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O4 - Global Startup: Digimax Viewer 2.0.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0A2DBDA2-C339-475B-8BF0-D148FD452D54}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{0A2DBDA2-C339-475B-8BF0-D148FD452D54}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

Obrigada!:)

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Abra o HijackThis, clique em Do a system scan only e marque a entrada abaixo:

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 22:31:22, on 5/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O4 - Global Startup: Digimax Viewer 2.0.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0A2DBDA2-C339-475B-8BF0-D148FD452D54}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{0A2DBDA2-C339-475B-8BF0-D148FD452D54}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigadaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Valeu Mesmooooooooooooooooooooooooooo!!!!!!!!!!!:)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×