Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
othon

PC infectado, abrindo sites como nadadevirus, protejaseudrive, hopeless romantic etc

Recommended Posts

Começou esse domingo... No Internet Explorer é só abrir que já aparecem uns três pop-ups desses, no Firefox normalmente abre só um tal de Gladiatus.

O problema é que ele tá 'bloqueando' vários sites, a maioria relacionado com o Google: Orkut, blogspot, inclusive o Google mesmo, a página de pesquisas. Tá atrapalhando demais.

Segue o log do HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:46:03, on 24/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Regiane\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)

O1 - Hosts: 69.5.88.72 www.megaupload.com

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [8c9f378a] rundll32.exe "C:\WINDOWS\system32\xidnxpfc.dll",b

O4 - HKLM\..\Run: [bM8fac0416] Rundll32.exe "C:\WINDOWS\system32\iuicfyuq.dll",s

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iLike] C:\Arquivos de programas\iLike\1.1.27\ilikesidebar.exe /checkforupdate

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CC5C7FFD-E058-4390-A22A-FD08CCD9A3CE} (JoyOnPlay Control) - http://www.pangonline.com.br/common/com/ongamenet.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_23.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{13FEFBC5-F471-4234-A4B3-F391CA2EFD09}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{D091081B-948F-47AE-9C0B-E81CA5FD165E}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{13FEFBC5-F471-4234-A4B3-F391CA2EFD09}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

--

End of file - 12350 bytes

Por favor, me ajudem :/

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! othon

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

------------------------

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Está aí o log do ComboFix e do HiJackThis.

ComboFix 08-04-24.1 - Regiane 2008-04-27 15:36:43.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.203 [GMT -3:00]

Executando de: C:\Documents and Settings\Regiane\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\azip32.dll

C:\WINDOWS\system32\byXRHXQK.dll

C:\WINDOWS\system32\drivers\privada.zip

C:\WINDOWS\system32\gobncupv.ini

C:\WINDOWS\system32\Iijlnnnn.ini

C:\WINDOWS\system32\Iijlnnnn.ini2

C:\WINDOWS\system32\iuicfyuq.dll

C:\WINDOWS\system32\khfEXoMF.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\nnnnljiI.dll

C:\WINDOWS\system32\qoMfdeET.dll

C:\WINDOWS\system32\sbajdggl.dll

C:\WINDOWS\system32\TEedfMoq.ini

C:\WINDOWS\system32\TEedfMoq.ini2

C:\WINDOWS\system32\vjuupuca.dll

C:\WINDOWS\system32\vmewvupf.dll

C:\WINDOWS\system32\vpucnbog.dll

C:\WINDOWS\system32\yhclmsxk.dll

C:\WINDOWS\tse.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))))

.

2008-04-26 23:09 . 2008-04-27 15:32 <DIR> d-------- C:\Arquivos de programas\MegaJogos

2008-04-26 13:49 . 2008-04-26 13:49 <DIR> d-------- C:\Arquivos de programas\IObit

2008-04-26 13:47 . 2008-04-26 13:27 6,553,344 --a------ C:\AWCSetup.exe

2008-04-24 19:01 . 2008-04-25 19:36 1,509,399 ---hs---- C:\WINDOWS\system32\cfpxndix.ini

2008-04-24 06:39 . 2008-04-23 21:23 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-04-23 21:22 . 2008-04-24 08:27 <DIR> d-------- C:\Documents and Settings\Regiane\.housecall6.6

2008-04-23 20:01 . 2008-04-23 20:01 <DIR> d-------- C:\Arquivos de programas\Panda Security

2008-04-23 19:50 . 2008-04-23 19:50 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-04-23 18:54 . 2008-04-24 18:56 1,540,797 ---hs---- C:\WINDOWS\system32\wvhttrsw.ini

2008-04-22 18:51 . 2008-04-23 18:52 1,542,589 ---hs---- C:\WINDOWS\system32\eeqjnhcx.ini

2008-04-21 10:49 . 2008-04-22 18:49 1,542,237 ---hs---- C:\WINDOWS\system32\cradqdak.ini

2008-04-20 10:49 . 2008-04-21 10:41 1,541,697 ---hs---- C:\WINDOWS\system32\xnvbdgdc.ini

2008-04-20 10:46 . 2008-04-26 14:20 109,831 --a------ C:\WINDOWS\BM8fac0416.xml

2008-04-19 14:57 . 2008-04-19 14:56 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp

2008-04-19 14:57 . 2008-04-19 14:57 13,023 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat

2008-04-19 14:43 . 2008-04-19 14:56 4,229,496 --a------ C:\dMC-r12.3_UP_BY_DJ_RAJ_.exe

2008-04-19 14:10 . 2008-04-19 14:56 <DIR> d-------- C:\Arquivos de programas\Illustrate

2008-04-19 13:02 . 2008-04-19 13:02 <DIR> d-------- C:\Arquivos de programas\Alcohol Soft

2008-04-15 19:31 . 2008-04-15 19:31 <DIR> d-------- C:\Arquivos de programas\iPod

2008-04-12 22:02 . 2008-04-12 22:02 <DIR> d-------- C:\Arquivos de programas\7-Zip

2008-04-12 13:12 . 2008-04-12 13:12 <DIR> d-------- C:\5a4249cc5402db88dee41b

2008-04-09 20:18 . 2008-04-09 20:18 0 --a------ C:\WINDOWS\system32\psfxin.exe

2008-04-09 20:08 . 2008-04-09 20:08 0 --a------ C:\Documents and Settings\Regiane\psxfin.exe

2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-25 18:04 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-04-27 18:35 --------- d-----w C:\Documents and Settings\Regiane\Dados de aplicativos\uTorrent

2008-04-27 18:23 --------- d-----w C:\Arquivos de programas\Mozilla Firefox 3 Beta 3

2008-04-26 21:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-04-19 21:10 --------- d-----w C:\Arquivos de programas\DOSBox-0.72

2008-04-19 17:56 4,229,496 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe

2008-04-19 15:06 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-04-19 01:44 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-04-19 01:44 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-04-18 01:20 --------- d-----w C:\Arquivos de programas\ACAD2000

2008-04-16 01:14 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-04-15 22:32 --------- d-----w C:\Arquivos de programas\iTunes

2008-04-15 22:25 --------- d-----w C:\Arquivos de programas\QuickTime

2008-04-12 19:40 --------- d-----w C:\Documents and Settings\Regiane\Dados de aplicativos\LimeWire

2008-03-22 21:20 --------- d-----w C:\Arquivos de programas\Programas RFB

2008-03-22 19:17 --------- d-----w C:\Arquivos de programas\Programas SRF

2008-03-20 14:59 --------- d-----w C:\Documents and Settings\Regiane\Dados de aplicativos\iLike

2008-03-20 14:58 --------- d-----w C:\Arquivos de programas\iLike

2008-03-20 14:15 --------- d-----w C:\Arquivos de programas\Bruno Kitsune Web-Site

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-17 23:12 --------- d-----w C:\Arquivos de programas\MP3 WAV Converter

2008-03-16 14:40 --------- d-----w C:\Arquivos de programas\LimeWire

2008-03-15 21:29 --------- d-----w C:\Documents and Settings\Regiane\Dados de aplicativos\AccurateRip

2008-03-09 16:29 --------- d-----w C:\Arquivos de programas\eMule

2008-03-02 19:02 --------- d-----w C:\Arquivos de programas\Motorola Phone Tools

2008-03-02 18:58 --------- d-----w C:\Arquivos de programas\Avanquest update

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-28 21:50 --------- d-----w C:\Documents and Settings\Regiane\Dados de aplicativos\Skype

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-16 01:11 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2008-01-29 16:44 9 ----a-w C:\Documents and Settings\Regiane\ZincPasswords.bin

2008-01-29 16:44 28,462 ----a-w C:\Documents and Settings\Regiane\ZincGamesList.bin

2008-01-29 15:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

2007-07-19 23:07 25,600 ----a-w C:\Documents and Settings\Regiane\usbsermptxp.sys

2007-07-19 23:07 22,768 ----a-w C:\Documents and Settings\Regiane\usbsermpt.sys

2007-06-17 22:37 0 ----a-w C:\Documents and Settings\Regiane\cmd.exe

2007-06-13 22:54 8,920 ----a-w C:\Arquivos de programas\CinemaForgethumbnail.jpg

2007-05-22 20:48 6,656 --sha-w C:\Arquivos de programas\Thumbs.db

2007-03-21 00:58 92,064 ----a-w C:\Documents and Settings\Regiane\mqdmmdm.sys

2007-03-21 00:58 9,232 ----a-w C:\Documents and Settings\Regiane\mqdmmdfl.sys

2007-03-21 00:58 79,328 ----a-w C:\Documents and Settings\Regiane\mqdmserd.sys

2007-03-21 00:58 66,656 ----a-w C:\Documents and Settings\Regiane\mqdmbus.sys

2007-03-21 00:58 6,208 ----a-w C:\Documents and Settings\Regiane\mqdmcmnt.sys

2007-03-21 00:58 5,936 ----a-w C:\Documents and Settings\Regiane\mqdmwhnt.sys

2007-03-21 00:58 4,048 ----a-w C:\Documents and Settings\Regiane\mqdmcr.sys

2007-03-10 16:49 1,307,954 ----a-w C:\Arquivos de programas\Receitanet2007_02.EXE

2007-03-10 16:48 3,090,675 ----a-w C:\Arquivos de programas\irpf2007v1.0.exe

2006-12-26 23:03 3,438 ----a-w C:\Arquivos de programas\tibiaauto-debug-cavebot.txt

2006-10-29 23:14 8,920 ----a-w C:\Arquivos de programas\thumbnail.jpg

2006-01-28 23:59 3,890,462 ----a-w C:\Arquivos de programas\CinemaForgecinemaforge.xmfg

2006-01-28 23:59 3,890,462 ----a-w C:\Arquivos de programas\cinemaforge.xmfg

2005-07-17 14:18 1,721,856 ----a-w C:\Arquivos de programas\CinemaForgeffmpeg.exe

2005-07-17 13:18 1,721,856 ----a-w C:\Arquivos de programas\ffmpeg.exe

2005-06-24 22:39 13,104 ----a-w C:\Arquivos de programas\cinemaforge.chm

2005-02-23 03:51 2,167 ----a-w C:\Arquivos de programas\CinemaForgecinema1.xmfg

2005-02-23 02:51 2,167 ----a-w C:\Arquivos de programas\cinema1.xmfg

2004-09-20 12:49 1,179,648 ----a-w C:\Arquivos de programas\CinemaForgeffmpegphotos.exe

2004-09-20 11:49 1,179,648 ----a-w C:\Arquivos de programas\ffmpegphotos.exe

2004-08-04 02:01 25,856 ----a-w C:\WINDOWS\inf\usbprint.sys

1997-06-21 19:55 1,078 ----a-w C:\Arquivos de programas\CinemaForgecinemaforge.ico

1997-06-21 18:55 1,078 ----a-w C:\Arquivos de programas\cinemaforge.ico

.

------- Sigcheck -------

2004-08-04 00:45 14336 5de3e7b6f7624552f2f06664f110820d C:\WINDOWS\system32\svchost.exe

2004-08-04 00:45 14336 5de3e7b6f7624552f2f06664f110820d C:\WINDOWS\system32\dllcache\svchost.exe

2004-08-04 00:45 82944 a5163442377d3c305bbff612f80047d7 C:\WINDOWS\system32\ws2_32.dll

2004-08-04 00:45 82944 a5163442377d3c305bbff612f80047d7 C:\WINDOWS\system32\dllcache\ws2_32.dll

2006-04-20 09:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 13:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

2006-04-20 08:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

2008-02-09 14:00 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\dllcache\tcpip.sys

2008-02-09 14:00 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\system32\winlogon.exe

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2004-08-04 00:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\system32\ctfmon.exe

2004-08-04 00:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\system32\dllcache\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"Smapp"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]

"smapp"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\Regiane\Menu Iniciar\Programas\Inicializar\

Last.fm Helper.lnk - C:\Arquivos de programas\Last.fm\LastFMHelper.exe [2007-07-08 15:55:14 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

"NoPopUpsOnBoot"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"SENTINEL"= snti386.dll

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Arquivos de programas\\Java\\jre1.6.0_01\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2940:TCP"= 2940:TCP:.

"7171:TCP"= 7171:TCP:Open Tibia Server

"32459:TCP"= 32459:TCP:32459

"8080:TCP"= 8080:TCP:uTorrent

"47624:TCP"= 47624:TCP:AOEII

"30086:TCP"= 30086:TCP:utorrent

"30086:UDP"= 30086:UDP:utorrent

"23792:TCP"= 23792:TCP:BitComet 23792 TCP

"23792:UDP"= 23792:UDP:BitComet 23792 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;C:\WINDOWS\system32\drivers\psxpad.sys [2002-05-15 16:24]

R3 PsxPortEnumerator;Psx Port Enumerator;C:\WINDOWS\system32\Drivers\psxenum.sys [2002-09-26 08:36]

R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-05-10 15:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56c14c30-18df-11db-8b37-000ea65c4b45}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9b63283-b944-11dc-8ffc-000ea65c4b45}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-04-22 01:31:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2008-04-27 18:24:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

"2008-04-27 18:21:30 C:\WINDOWS\Tasks\star1.job"

- c:\autoexec.bat

"2008-04-27 18:43:02 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-27 15:40:16

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-04-27 15:46:19

ComboFix-quarantined-files.txt 2008-04-27 18:45:23

Pre-Run: 4,217,651,200 bytes disponíveis

Post-Run: 4,437,344,256 bytes disponíveis

249 --- E O F --- 2008-04-27 03:19:11

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:50:16, on 27/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Regiane\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKCU\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

O4 - HKCU\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CC5C7FFD-E058-4390-A22A-FD08CCD9A3CE} (JoyOnPlay Control) - http://www.pangonline.com.br/common/com/ongamenet.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_23.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{13FEFBC5-F471-4234-A4B3-F391CA2EFD09}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{D091081B-948F-47AE-9C0B-E81CA5FD165E}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{13FEFBC5-F471-4234-A4B3-F391CA2EFD09}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{13FEFBC5-F471-4234-A4B3-F391CA2EFD09}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 9251 bytes

Acho que resolveu o problema.

Valeu mesmo joram!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! othon

<!> Delete:

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

-----------------------

>@< Selecione e copie,todo o conteúdo que está na área do código,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

File::
C:\WINDOWS\system32\cfpxndix.ini
C:\WINDOWS\system32\wvhttrsw.ini
C:\WINDOWS\system32\eeqjnhcx.ini
C:\WINDOWS\system32\cradqdak.ini
C:\WINDOWS\system32\xnvbdgdc.ini
C:\WINDOWS\Tasks\star1.job
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56c14c30-18df-11db-8b37-000ea65c4b45}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9b63283-b944-11dc-8ffc-000ea65c4b45}]
Folder::
C:\5a4249cc5402db88dee41b

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Veja a demonstração!

cpiadecfscriptxt7.gif

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Caso não reinicie,faça-o manualmente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×