Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
helder123456

Regedit bloqueado, sem botão direito no IE, e gerenciador de tarefas bloqueado!

Recommended Posts

Gente ajuda plz, aqui ta regedit bloqueado, sem botão direito no IE, e o gerenciador de tarefas tava bloqueado, consegui desbloqueiar o gerenciador de tarefas fazendo isso: Assim: fui em INICIAR EXECUTAR e digitei GPEDIT.MSC.

Abriu uma janela denominada Diretivas de Grupo.

Naveguei até Configuração do Usuário Modelos Administrativos>

> Sistema> Opções do Ctrl + Alt + Del.

Do lado direito dei um duplo clique em Remover "Gerenciador de Tarefas" e

marquei a opção "DESATIVADO" e depois apertei ok ai voltou a abrir, ai coloquei de novo na opção "NÃO CONFIGURADO". Ai consegui desbloqueiá-lo.

Mas o regedit ainda está bloqueado e não funciona o botão direito no IE, ajuda plz :/.

-

Edit:

O gerenciador de tarefas após desligar e ligar o pc, voltou a estar bloqueado. :/

-

Aqui ta o log o HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 20:34:30, on 22/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\csrss.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.BIN

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\Microsoft\msapp.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hs24.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: Shell=explorer.exe "C:\WINDOWS\csrss.exe"

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {0B627136-410A-4EE2-83B3-2B33D0B89685} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {57C41B65-9836-478D-AD37-842D77C8E7E3} - C:\WINDOWS\system32\Macromed\Flash\flash.dll

O2 - BHO: (no name) - {65BFA841-C5A1-41D6-AD7F-8797348852C1} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033 -noicon

O4 - Startup: BrOffice.org 2.4.lnk = C:\Arquivos de programas\BrOffice.org 2.4\program\quickstart.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.14\AMVConverter\grab.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: Download All by FlashGet - D:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - D:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.14\MediaManager\grab.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\irmaos\Menu Iniciar\Programas\IMVU\Run IMVU.lnk

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: rqRLeeDv - rqRLeeDv.dll (file missing)

O20 - Winlogon Notify: WBSrv - C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Editado por helder123456

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites
5. Computadores com Windows XP deverão instalar o Console de Recuperação:

Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".

Clique em "OK" ao EULA.

Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

Ai eu fui no link: ##### "Como usar o combo fix" #####

E tinha:

Se você usa Windows XP e não tem o CD do WindowsD, o ComboFix inclui um método que permite instalar o Console de Recuperação do Windows fazendo o download de um arquivo a partir do site da Microsoft. Para isso, siga estas instruções:

Clique no seguinte link para ir para o site da Microsoft:

http://support.microsoft.com/kb/310994

Navegue nessa pagina, e clique no download apropriado para a sua versão do Windows XP (Home ou Professional) e Service Pack que tem instalado. Quando clicar no link para fazer o download do arquivo certifique-se de estar salvando no seu desktop.

Mas eu não consigui achar o download para o Windows XP Professional com o Service Pack 3. Ajuda plz. ://

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pode usar o para o SP2 mesmo, no entanto houve uma mudança no ComboFix que permite você instalar o Console de Recuperação durante sua execução.

No aguardo do log.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aparentemente após o uso do combofix o problema desapareceu :D, mas não sei se está limpo, estão aqui está o log, Agradeço desde já :D :

ComboFix 08-10-24.02 - irmaos 2008-10-26 0:06:01.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1596 [GMT -3:00]

Executando de: C:\Documents and Settings\irmaos\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\a.exe

C:\WINDOWS\csrss.exe

C:\WINDOWS\regedit.com

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\ppXIPqru.ini

C:\WINDOWS\system32\ppXIPqru.ini2

C:\WINDOWS\system32\taskmgr.com

C:\WINDOWS\WINDOWS

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-26 to 2008-10-26 ))))))))))))))))))))))))))))

.

2008-10-25 11:52 . 2008-10-25 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-10-25 11:52 . 2008-10-25 11:52 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2008-10-25 11:51 . 2008-10-25 11:51 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-10-24 09:55 . 2008-10-24 09:55 <DIR> d-------- C:\WINDOWS\Eurobattle.net Installer

2008-10-24 07:17 . 2008-10-15 13:36 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-20 18:49 . 2008-10-25 20:28 <DIR> d-------- C:\Arquivos de programas\WarRock

2008-10-19 12:04 . 2008-10-19 12:04 <DIR> d-------- C:\Arquivos de programas\LRC Editor 4

2008-10-19 12:03 . 2008-10-19 12:04 <DIR> d-------- C:\Arquivos de programas\MP3 Player Utilities 4.14

2008-10-18 07:06 . 2008-10-18 07:06 36,096 -r-hs---- C:\WINDOWS\system32\drive21.sys

2008-10-15 19:14 . 2008-08-14 10:24 2,193,408 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-15 19:14 . 2008-08-14 10:24 2,149,376 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-15 19:14 . 2008-08-14 10:24 2,070,272 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-15 19:14 . 2008-08-14 10:24 2,028,032 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-15 18:41 . 2008-09-08 07:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-15 18:40 . 2008-09-15 12:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-04 08:47 . 2008-10-04 08:47 <DIR> d-------- C:\Arquivos de programas\Stardock

2008-09-30 22:51 . 2008-10-01 20:39 <DIR> d-------- C:\Arquivos de programas\LooksBuilder

2008-09-30 13:52 . 2008-09-30 13:58 <DIR> d-------- C:\Documents and Settings\irmaos\Dados de aplicativos\IMVUClient

2008-09-29 16:46 . 2008-10-22 00:59 0 --a------ C:\dump_dvd.vob

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-26 03:09 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\uTorrent

2008-10-26 03:09 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\Orbit

2008-10-26 03:02 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\BrOffice.org2

2008-10-26 02:32 4,048 ----a-w C:\WINDOWS\msapps\msapp.dll

2008-10-25 14:16 --------- d-----w C:\Arquivos de programas\Warcraft III

2008-10-22 23:52 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-10-22 23:34 11,940 ----a-w C:\Arquivos de programas\hijackthis.log

2008-10-20 21:49 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-10-16 15:29 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\IMVU

2008-10-16 03:29 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-10-15 17:33 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\DVD Flick

2008-10-02 21:41 --------- d-----w C:\Arquivos de programas\Soldat

2008-10-02 21:35 --------- d-----w C:\Arquivos de programas\Diablo II

2008-09-30 16:52 --------- d-----w C:\Arquivos de programas\IMVU

2008-09-25 16:30 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\Skype

2008-09-23 23:43 --------- d-----w C:\Arquivos de programas\GTA San Andreas

2008-09-16 05:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-09-16 05:50 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\Apple Computer

2008-09-16 05:47 --------- d-----w C:\Arquivos de programas\QuickTime

2008-09-16 05:47 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Apple

2008-09-16 05:46 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-09-16 05:46 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-09-16 04:20 --------- d-----w C:\Arquivos de programas\QuickMediaConverter

2008-09-16 03:46 --------- d-----w C:\Arquivos de programas\Unity

2008-09-16 03:05 --------- d-----w C:\Arquivos de programas\ZipGenius 6

2008-09-16 03:05 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-09-16 03:05 --------- d-----w C:\Arquivos de programas\Winamp Remote

2008-09-16 03:05 --------- d-----w C:\Arquivos de programas\TmNationsForever

2008-09-16 03:05 --------- d-----w C:\Arquivos de programas\Thoosje Sidebar V2.3

2008-09-16 02:56 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\Ahead

2008-09-16 02:42 --------- d-----w C:\Arquivos de programas\DivX

2008-09-16 02:42 --------- d-----w C:\Arquivos de programas\AVIXDVD

2008-09-16 02:21 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-09-16 02:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-09-16 02:13 --------- d-----w C:\Arquivos de programas\Nero

2008-09-16 02:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

2008-09-12 17:19 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-09-12 17:19 --------- d-----w C:\Arquivos de programas\Circle Developement

2008-09-11 12:46 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\skypePM

2008-09-11 12:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-09-11 12:44 --------- d-----w C:\Arquivos de programas\Skype

2008-09-11 12:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2008-09-08 22:43 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\Hamachi

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-03 14:21 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\DivX

2008-09-03 13:37 --------- d-----w C:\Arquivos de programas\AviSynth 2.5

2008-08-31 21:07 --------- d-----w C:\Arquivos de programas\Fix8

2008-08-31 21:07 --------- d-----w C:\Arquivos de programas\EnvieAlegria

2008-08-31 21:07 --------- d-----w C:\Arquivos de programas\DVD Flick

2008-08-31 21:07 --------- d-----w C:\Arquivos de programas\Dicionário de Sinônimos -completo-

2008-08-28 22:38 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-08-28 22:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-28 22:07 --------- d-----w C:\Arquivos de programas\Adobe after effects

2008-08-26 02:15 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\Media Player Classic

2008-05-16 23:11 11,504 ----a-w C:\Arquivos de programas\IP Changer.rar

2008-01-01 01:58 22,328 ----a-w C:\Documents and Settings\irmaos\Dados de aplicativos\PnkBstrK.sys

2007-02-07 20:50 19,456 ----a-w C:\Arquivos de programas\IP Changer.exe

2006-01-07 15:56 727 ----a-w C:\Arquivos de programas\info_awl.txt

2006-01-07 15:54 894 ----a-w C:\Arquivos de programas\wazne.txt

2005-02-16 14:06 218,112 ----a-w C:\Arquivos de programas\HijackThis.exe

2008-05-08 19:51 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008050820080509\index.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="C:\Arquivos de programas\uTorrent\uTorrent.exe" [2008-08-23 267056]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-12-28 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2007-09-18 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2007-12-27 949376]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 7700480]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-19 86016]

"Ink Monitor"="C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2004-03-31 258114]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"EPSON Stylus C45 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-12-30 185896]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696]

"w3dr.exe"="D:\Arquivos de programas\Warcraft III\w3dr.exe" [2008-08-03 61440]

"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 C:\WINDOWS\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2007-04-19 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 15360]

C:\Documents and Settings\irmaos\Menu Iniciar\Programas\Inicializar\

BrOffice.org 2.4.lnk - C:\Arquivos de programas\BrOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-02-28 1674440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\LevelUpGames\\Grand Chase\\main.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"C:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"C:\\Arquivos de programas\\GameSpy\\Comrade\\Comrade.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\LevelUpGames\\Grand Chase\\grandchase.exe"=

"D:\\Arquivos de programas\\TibiCam 8.0\\TibiCAM\\TibiCAM.exe"=

"D:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

"C:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

"C:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\World of Warcraft\\Launcher.exe"=

"D:\\Arquivos de programas\\Warcraft III\\w3l.exe"=

"C:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"=

"C:\\Arquivos de programas\\TmNationsForever\\TmForever.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\SecondLife\\SLVoice.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Arquivos de programas\\Little_fighter_3\\LF3??????.exe"=

"D:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=

"C:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=

"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\WINDOWS\\system32\\mmc.exe"=

"C:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"D:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"C:\Arquivos de programas\Little_fighter_3\LF3??????.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"17771:UDP"= 17771:UDP:Hamachi

"12975:TCP"= 12975:TCP:Hamachi 2

"32976:TCP"= 32976:TCP:Hamachi 3

"6112:TCP"= 6112:TCP:6112

"6113:TCP"= 6113:TCP:6113

R1 ZWmiApRplLL;Ativa o download e instalação das atualizações do Windows...;C:\WINDOWS\system32\drive21.sys [2008-10-18 36096]

R2 MobiCap;Fix8 Live Cam, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\MobiCap.sys [2007-11-15 19968]

S2 RPCH;Remote Procedure Call (HPM);C:\Arquivos de programas\NetMeeting\Intell.exe [2005-06-16 397824]

S3 GNCT511;Genius VideoCAM NB;C:\WINDOWS\system32\DRIVERS\gnct511.sys [2002-11-14 229376]

S3 XDva095;XDva095;C:\WINDOWS\system32\XDva095.sys [ ]

S3 XDva110;XDva110;C:\WINDOWS\system32\XDva110.sys [ ]

S3 XDva115;XDva115;C:\WINDOWS\system32\XDva115.sys [ ]

S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd4b0232-b4e4-11dc-bc1c-00e07de3147b}]

\Shell\AutoRun\command - J:\NTruntr.exe

\Shell\explore\Command - J:\NTruntr.exe

\Shell\open\Command - J:\NTruntr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2411758-210e-11dd-be19-00e07de3147b}]

\Shell\AutoRun\command - J:\NTruntr.exe

\Shell\explore\Command - J:\NTruntr.exe

\Shell\open\Command - J:\NTruntr.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-26 C:\WINDOWS\Tasks\AE6C34BF918FB0AB.job

- c:\docume~1\irmaos\dadosd~1\thatfl~1\film mapi boob.exe [2008-07-22 16:52]

2008-10-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

- - - - ORFÃOS REMOVIDOS - - - -

BHO-{0B627136-410A-4EE2-83B3-2B33D0B89685} - (no file)

ShellExecuteHooks-{00B85470-D7A2-456A-AE04-EB9ABF822FE4} - C:\WINDOWS\TEMP\Down(0)ffow.dll

Notify-rqRLeeDv - rqRLeeDv.dll

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

MSConfigStartUp-NBKeyScan - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

MSConfigStartUp-way bend - C:\DOCUME~1\irmaos\DADOSD~1\THATFL~1\Mode Browse Chic.exe

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\irmaos\Dados de aplicativos\Mozilla\Firefox\Profiles\1zq6cvfa.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.hs24.com.br/

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-26 00:08:22

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\ESET\nod32krn.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.bin

.

**************************************************************************

.

Tempo para conclusão: 2008-10-26 0:16:29 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-10-26 03:15:26

Pré-execução: 16 pasta(s) 15.448.190.976 bytes disponíveis

Pós execução: 16 pasta(s) 15,393,820,672 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

267 --- E O F --- 2008-10-24 16:03:23

Compartilhar este post


Link para o post
Compartilhar em outros sites

Conecte suas mídias removíveis na máquina.

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":


File::

J:\NTruntr.exe
C:\WINDOWS\Tasks\AE6C34BF918FB0AB.job

Folder::

c:\docume~1\irmaos\dadosd~1\thatfl~1

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd4b0232-b4e4-11dc-bc1c-00e07de3147b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2411758-210e-11dd-be19-00e07de3147b}]

FireFox::

FireFox -: Profile - C:\Documents and Settings\irmaos\Dados de aplicativos\Mozilla\Firefox\Profiles\1zq6cvfa.defa ult\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.hs24.com.br/

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Como assim "Conecte suas mídias removíveis na máquina"? =/

Pendrive, MP3, MP4, etc.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do Combo Fix:

ComboFix 08-10-24.02 - irmaos 2008-10-27 22:15:27.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1528 [GMT -3:00]

Executando de: C:\Documents and Settings\irmaos\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\irmaos\Desktop\CFScript.txt

* Criado um novo ponto de restauro

* Resident AV is active

FILE ::

C:\WINDOWS\Tasks\AE6C34BF918FB0AB.job

J:\NTruntr.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\irmaos\dadosd~1\thatfl~1

c:\docume~1\irmaos\dadosd~1\thatfl~1\0

c:\docume~1\irmaos\dadosd~1\thatfl~1\aqdczcyk.exe

c:\docume~1\irmaos\dadosd~1\thatfl~1\film mapi boob.exe

c:\docume~1\irmaos\dadosd~1\thatfl~1\forkthunkcashcurb.exe

c:\docume~1\irmaos\dadosd~1\thatfl~1\geubyaxe.exe

c:\docume~1\irmaos\dadosd~1\thatfl~1\jldeoldm.exe

c:\docume~1\irmaos\dadosd~1\thatfl~1\kvckduxf.exe

c:\docume~1\irmaos\dadosd~1\thatfl~1\mdszzmem.exe

c:\docume~1\irmaos\dadosd~1\thatfl~1\nssjduyp.exe

c:\docume~1\irmaos\dadosd~1\thatfl~1\rhzgmneq.exe

c:\docume~1\irmaos\dadosd~1\thatfl~1\ssjqarow.exe

c:\docume~1\irmaos\dadosd~1\thatfl~1\vmtxsysu.exe

C:\WINDOWS\Tasks\AE6C34BF918FB0AB.job

J:\autorun.inf

J:\NTruntr.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-28 to 2008-10-28 ))))))))))))))))))))))))))))

.

2008-10-25 11:52 . 2008-10-25 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-10-25 11:52 . 2008-10-25 11:52 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2008-10-25 11:51 . 2008-10-25 11:51 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-10-24 09:55 . 2008-10-24 09:55 <DIR> d-------- C:\WINDOWS\Eurobattle.net Installer

2008-10-24 07:17 . 2008-10-15 13:36 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-20 18:49 . 2008-10-26 22:38 <DIR> d-------- C:\Arquivos de programas\WarRock

2008-10-19 12:04 . 2008-10-19 12:04 <DIR> d-------- C:\Arquivos de programas\LRC Editor 4

2008-10-19 12:03 . 2008-10-19 12:04 <DIR> d-------- C:\Arquivos de programas\MP3 Player Utilities 4.14

2008-10-18 07:06 . 2008-10-18 07:06 36,096 -r-hs---- C:\WINDOWS\system32\drive21.sys

2008-10-15 19:14 . 2008-08-14 10:24 2,193,408 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-15 19:14 . 2008-08-14 10:24 2,149,376 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-15 19:14 . 2008-08-14 10:24 2,070,272 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-15 19:14 . 2008-08-14 10:24 2,028,032 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-15 18:41 . 2008-09-08 07:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-15 18:40 . 2008-09-15 12:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-04 08:47 . 2008-10-04 08:47 <DIR> d-------- C:\Arquivos de programas\Stardock

2008-09-30 22:51 . 2008-10-01 20:39 <DIR> d-------- C:\Arquivos de programas\LooksBuilder

2008-09-30 13:52 . 2008-09-30 13:58 <DIR> d-------- C:\Documents and Settings\irmaos\Dados de aplicativos\IMVUClient

2008-09-29 16:46 . 2008-10-22 00:59 0 --a------ C:\dump_dvd.vob

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-27 23:33 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\uTorrent

2008-10-27 23:23 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\Orbit

2008-10-27 23:20 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\BrOffice.org2

2008-10-27 16:09 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\Skype

2008-10-27 11:10 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\skypePM

2008-10-26 02:32 4,048 ----a-w C:\WINDOWS\msapps\msapp.dll

2008-10-25 14:16 --------- d-----w C:\Arquivos de programas\Warcraft III

2008-10-22 23:52 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-10-22 23:51 182,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-10-22 23:34 11,940 ----a-w C:\Arquivos de programas\hijackthis.log

2008-10-20 21:49 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-10-16 15:29 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\IMVU

2008-10-16 03:29 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-10-15 17:33 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\DVD Flick

2008-10-02 21:41 --------- d-----w C:\Arquivos de programas\Soldat

2008-10-02 21:35 --------- d-----w C:\Arquivos de programas\Diablo II

2008-09-30 16:52 --------- d-----w C:\Arquivos de programas\IMVU

2008-09-23 23:43 --------- d-----w C:\Arquivos de programas\GTA San Andreas

2008-09-16 05:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-09-16 05:50 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\Apple Computer

2008-09-16 05:47 --------- d-----w C:\Arquivos de programas\QuickTime

2008-09-16 05:47 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Apple

2008-09-16 05:46 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-09-16 05:46 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-09-16 04:20 --------- d-----w C:\Arquivos de programas\QuickMediaConverter

2008-09-16 03:46 --------- d-----w C:\Arquivos de programas\Unity

2008-09-16 03:05 --------- d-----w C:\Arquivos de programas\ZipGenius 6

2008-09-16 03:05 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-09-16 03:05 --------- d-----w C:\Arquivos de programas\Winamp Remote

2008-09-16 03:05 --------- d-----w C:\Arquivos de programas\TmNationsForever

2008-09-16 03:05 --------- d-----w C:\Arquivos de programas\Thoosje Sidebar V2.3

2008-09-16 02:56 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\Ahead

2008-09-16 02:42 --------- d-----w C:\Arquivos de programas\DivX

2008-09-16 02:42 --------- d-----w C:\Arquivos de programas\AVIXDVD

2008-09-16 02:21 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-09-16 02:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-09-16 02:13 --------- d-----w C:\Arquivos de programas\Nero

2008-09-16 02:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-12 17:19 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-09-12 17:19 --------- d-----w C:\Arquivos de programas\Circle Developement

2008-09-11 12:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-09-11 12:44 --------- d-----w C:\Arquivos de programas\Skype

2008-09-11 12:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2008-09-08 22:43 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\Hamachi

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-03 14:21 --------- d-----w C:\Documents and Settings\irmaos\Dados de aplicativos\DivX

2008-09-03 13:37 --------- d-----w C:\Arquivos de programas\AviSynth 2.5

2008-08-31 21:07 --------- d-----w C:\Arquivos de programas\Fix8

2008-08-31 21:07 --------- d-----w C:\Arquivos de programas\EnvieAlegria

2008-08-31 21:07 --------- d-----w C:\Arquivos de programas\DVD Flick

2008-08-31 21:07 --------- d-----w C:\Arquivos de programas\Dicionário de Sinônimos -completo-

2008-08-28 22:38 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-08-28 22:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-28 22:07 --------- d-----w C:\Arquivos de programas\Adobe after effects

2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-14 13:24 2,149,376 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:24 2,028,032 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-07-28 11:40 1,003,520 ----a-w C:\WINDOWS\system32\VSFilter.dll

2008-05-16 23:11 11,504 ----a-w C:\Arquivos de programas\IP Changer.rar

2008-01-01 01:58 22,328 ----a-w C:\Documents and Settings\irmaos\Dados de aplicativos\PnkBstrK.sys

2007-02-07 20:50 19,456 ----a-w C:\Arquivos de programas\IP Changer.exe

2006-01-07 15:56 727 ----a-w C:\Arquivos de programas\info_awl.txt

2006-01-07 15:54 894 ----a-w C:\Arquivos de programas\wazne.txt

2005-02-16 14:06 218,112 ----a-w C:\Arquivos de programas\HijackThis.exe

2008-05-08 19:51 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008050820080509\index.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="C:\Arquivos de programas\uTorrent\uTorrent.exe" [2008-08-23 267056]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-12-28 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2007-09-18 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2007-12-27 949376]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 7700480]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-19 86016]

"Ink Monitor"="C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2004-03-31 258114]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"EPSON Stylus C45 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-12-30 185896]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696]

"w3dr.exe"="D:\Arquivos de programas\Warcraft III\w3dr.exe" [2008-08-03 61440]

"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 C:\WINDOWS\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2007-04-19 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 15360]

C:\Documents and Settings\irmaos\Menu Iniciar\Programas\Inicializar\

BrOffice.org 2.4.lnk - C:\Arquivos de programas\BrOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-02-28 1674440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\LevelUpGames\\Grand Chase\\main.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"C:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"C:\\Arquivos de programas\\GameSpy\\Comrade\\Comrade.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\LevelUpGames\\Grand Chase\\grandchase.exe"=

"D:\\Arquivos de programas\\TibiCam 8.0\\TibiCAM\\TibiCAM.exe"=

"D:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

"C:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

"C:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\World of Warcraft\\Launcher.exe"=

"D:\\Arquivos de programas\\Warcraft III\\w3l.exe"=

"C:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"=

"C:\\Arquivos de programas\\TmNationsForever\\TmForever.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\SecondLife\\SLVoice.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Arquivos de programas\\Little_fighter_3\\LF3??????.exe"=

"D:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=

"C:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=

"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=

"C:\\WINDOWS\\system32\\mmc.exe"=

"C:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"D:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"C:\Arquivos de programas\Little_fighter_3\LF3??????.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"17771:UDP"= 17771:UDP:Hamachi

"12975:TCP"= 12975:TCP:Hamachi 2

"32976:TCP"= 32976:TCP:Hamachi 3

"6112:TCP"= 6112:TCP:6112

"6113:TCP"= 6113:TCP:6113

R1 ZWmiApRplLL;Ativa o download e instalação das atualizações do Windows...;C:\WINDOWS\system32\drive21.sys [2008-10-18 36096]

R2 MobiCap;Fix8 Live Cam, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\MobiCap.sys [2007-11-15 19968]

S2 RPCH;Remote Procedure Call (HPM);C:\Arquivos de programas\NetMeeting\Intell.exe [2005-06-16 397824]

S3 GNCT511;Genius VideoCAM NB;C:\WINDOWS\system32\DRIVERS\gnct511.sys [2002-11-14 229376]

S3 XDva095;XDva095;C:\WINDOWS\system32\XDva095.sys [ ]

S3 XDva110;XDva110;C:\WINDOWS\system32\XDva110.sys [ ]

S3 XDva115;XDva115;C:\WINDOWS\system32\XDva115.sys [ ]

S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-27 22:17:52

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

**************************************************************************

.

Tempo para conclusão: 2008-10-27 22:20:48

ComboFix-quarantined-files.txt 2008-10-28 01:19:45

ComboFix2.txt 2008-10-26 03:16:29

Pré-execução: 16 pasta(s) 15.334.404.096 bytes disponíveis

Pós execução: 16 pasta(s) 15,321,128,960 bytes disponíveis

238 --- E O F --- 2008-10-24 16:03:23

-

Log do HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 22:22:22, on 27/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.BIN

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hs24.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [w3dr.exe] D:\Arquivos de programas\Warcraft III\w3dr.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033 -noicon

O4 - Startup: BrOffice.org 2.4.lnk = C:\Arquivos de programas\BrOffice.org 2.4\program\quickstart.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.14\AMVConverter\grab.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: Download All by FlashGet - D:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - D:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.14\MediaManager\grab.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\irmaos\Menu Iniciar\Programas\IMVU\Run IMVU.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Os problemas persistem?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Agora ja tá tudo normal, obrigado e valeu a paciência. :D:D

Obs.: Mas tem vezes que quando eu fecho a janela do IE, abre uma nova janela e começa a abrir muitas e muitas abas até que depois de uns segundos para de abrir mais abas, isso é mais antigo do que esse problema de bloquear, isso também é um desses problemas?

Valeu aí! :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aparentemente você tem o C2.Lop, havia me esquecido dele, apenas foi eliminado o tarefa para reinstalar-lo.

Faça o download do Lop Uninstaller

Se ao tentar efetuar o Download, aparecer alguma mensagem de restrição, siga os seguintes passos:

  • Abra o Internet Explorer, clique em Ferramentas em seguida Opções da Internet, clique na guia Segurança clique em Sites Confiáveis e em seguida clique em Sites, no campo Adicionar este site à zona coloque:
    http://lop.com e clique em Adicionar
  • Desmarque a opção: Exigir Verificação do Servidor(https)
  • Clique em Ok em todas as janelas e tente realizar o download novamente.

Se o seu antivírus detectar algum problema no arquivo, ignore. O arquivo é seguro.

Desabilite seu antivírus e qualquer anti spyware. Rode-o. Coloque os números e confirme.

  • Abra novamente o Internet Explorer, clique em Ferramentas em seguida Opções da Internet, clique na guia Segurança clique em Sites Confiáveis em seguida clique em Sites.
  • Clique em: http://lop.com e clique em Remover.
  • Clique em Ok em todas as janelas.

Faça o download do findlop

Tire os arquivos do ZIP para qualquer pasta.

Rode o findlop.bat.

Poste o arquivo c:\findlop.txt em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui está:

[TRACE] Enumerating jobs and queues

[TRACE] Activating job 'AppleSoftwareUpdate.job'

[TRACE] Printing all job properties

ApplicationName: 'C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe'

Parameters: '-task'

WorkingDirectory: ''

Comment: ''

Creator: 'SYSTEM'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 10/24/2008 10:16:00

NextRun: 10/31/2008 10:16:00

StartError: S_OK

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 0

SystemRequired = 0

Hidden = 0

TaskFlags: 0

1 Trigger

Trigger 0:

Type: Weekly

WeeksInterval: 1

DaysOfTheWeek: .....F.

StartDate: 09/16/2008

EndDate: 00/00/0000

StartTime: 10:16

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Os problemas persistem?

Compartilhar este post


Link para o post
Compartilhar em outros sites

É que tipo, só acontecia às vezes, e também abria umas janelas do site do mercado livre, mas essas janelas já pararam de abrir a algum tempo, ai só tava esse problema de quando fechava o IE abria uma janela e começava a abrir várias abas, mas de quando eu postei falando disso até o dia de hoje não aconteceu mais, acho que já esta tudo bem.

Brigado mesmo ae! :D:D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Parabéns, seu log está limpo.

De agora em diante fique ALERTA!

Para finalizar faça o seguinte:

Vá em Iniciar > Executar e digite combofix /u. Isso desinstalará o ComboFix de sua máquina.

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Sugiro também que consulte este artigo: Proteja seu PC

Mais algum problema com o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpa a demora pra postar, não havia percebido que havia uma segunda página no tópico. :X

Agora pouco antes de entrar aqui no tópico aconteceu o seguinte:

Eu estava usando a net e abri uma aba e quase na mesma hora, quando fui clica nela sem querer fechei-a, aí começou a abrir várias abas de novo e só depois de um tempinho parou pra eu poder fechá-las. :/

Obs.: Ainda estou com o Combofix, e quanto ao CCleaner eu já possuo-o, utilizo todos os dias ele e o Advanced WindowsCare V2 Personal antes de desligar o pc, brigado. :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste novo log do Hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui está:

Logfile of HijackThis v1.99.1

Scan saved at 00:52:21, on 08/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\KP Software\KP-Anti Mosquitoes.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hs24.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [w3dr.exe] D:\Arquivos de programas\Warcraft III\w3dr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033 -noicon

O4 - Startup: BrOffice.org 2.4.lnk = C:\Arquivos de programas\BrOffice.org 2.4\program\quickstart.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.14\AMVConverter\grab.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: Download All by FlashGet - D:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - D:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.14\MediaManager\grab.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\irmaos\Menu Iniciar\Programas\IMVU\Run IMVU.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?AuthParam=1225493474_d850939d14f19a87d7ecbebb7e2f0ec9&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab&File=jinstall-6u10-windows-i586-jc.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Execute o ComboFix novamente por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui está: :)

ComboFix 08-11-07.01 - irmaos 2008-11-08 18:19:30.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1503 [GMT -3:00]

Executando de: c:\documents and settings\irmaos\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

* Resident AV is active

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-08 to 2008-11-08 ))))))))))))))))))))))))))))

.

2008-11-08 14:05 . 2008-11-08 14:05 <DIR> d-------- c:\arquivos de programas\OGPlanet

2008-10-31 19:51 . 2008-11-08 01:04 <DIR> d-------- c:\documents and settings\irmaos\Dados de aplicativos\LimeWire

2008-10-31 19:50 . 2008-10-31 19:50 <DIR> d-------- c:\windows\Sun

2008-10-31 19:50 . 2008-10-31 19:50 <DIR> d-------- c:\arquivos de programas\Java

2008-10-31 19:50 . 2008-10-31 19:50 410,976 --a------ c:\windows\system32\deploytk.dll

2008-10-31 19:50 . 2008-10-31 19:50 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-10-31 19:44 . 2008-10-31 19:45 <DIR> d-------- c:\arquivos de programas\LimeWire

2008-10-30 18:15 . 2008-10-30 18:15 <DIR> d-------- c:\arquivos de programas\findlop

2008-10-25 11:52 . 2008-10-25 11:54 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2008-10-25 11:52 . 2008-10-25 11:52 <DIR> d-------- c:\arquivos de programas\Lavasoft

2008-10-25 11:51 . 2008-10-25 11:51 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-10-24 09:55 . 2008-10-24 09:55 <DIR> d-------- c:\windows\Eurobattle.net Installer

2008-10-24 07:17 . 2008-10-15 13:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-10-20 18:49 . 2008-11-02 16:00 <DIR> d-------- c:\arquivos de programas\WarRock

2008-10-19 12:04 . 2008-10-19 12:04 <DIR> d-------- c:\arquivos de programas\LRC Editor 4

2008-10-19 12:03 . 2008-10-19 12:04 <DIR> d-------- c:\arquivos de programas\MP3 Player Utilities 4.14

2008-10-18 07:06 . 2008-10-18 07:06 36,096 -r-hs---- c:\windows\system32\drive21.sys

2008-10-15 19:14 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-15 19:14 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-15 19:14 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-15 19:14 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-15 18:41 . 2008-09-08 07:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

2008-10-15 18:40 . 2008-09-15 12:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-08 21:16 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\uTorrent

2008-11-08 21:16 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\Orbit

2008-11-08 19:37 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\BrOffice.org2

2008-11-08 03:52 12,165 ----a-w c:\arquivos de programas\hijackthis.log

2008-11-03 14:35 --------- d-----w c:\arquivos de programas\uTorrent

2008-11-03 03:33 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\IMVU

2008-11-03 01:22 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\Skype

2008-11-03 00:20 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\skypePM

2008-10-26 02:32 4,048 ----a-w c:\windows\msapps\msapp.dll

2008-10-25 14:16 --------- d-----w c:\arquivos de programas\Warcraft III

2008-10-22 23:52 159,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-10-22 23:51 182,928 ----a-w c:\windows\system32\PnkBstrB.exe

2008-10-20 21:49 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-10-16 03:29 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2008-10-15 17:33 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\DVD Flick

2008-10-04 11:47 --------- d-----w c:\arquivos de programas\Stardock

2008-10-02 21:41 --------- d-----w c:\arquivos de programas\Soldat

2008-10-02 21:35 --------- d-----w c:\arquivos de programas\Diablo II

2008-10-01 23:39 --------- d-----w c:\arquivos de programas\LooksBuilder

2008-09-30 16:58 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\IMVUClient

2008-09-30 16:52 --------- d-----w c:\arquivos de programas\IMVU

2008-09-23 23:43 --------- d-----w c:\arquivos de programas\GTA San Andreas

2008-09-16 05:51 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2008-09-16 05:50 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\Apple Computer

2008-09-16 05:47 --------- d-----w c:\arquivos de programas\QuickTime

2008-09-16 05:47 --------- d-----w c:\arquivos de programas\Arquivos comuns\Apple

2008-09-16 05:46 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Apple

2008-09-16 05:46 --------- d-----w c:\arquivos de programas\Apple Software Update

2008-09-16 04:20 --------- d-----w c:\arquivos de programas\QuickMediaConverter

2008-09-16 03:46 --------- d-----w c:\arquivos de programas\Unity

2008-09-16 03:05 --------- d-----w c:\arquivos de programas\ZipGenius 6

2008-09-16 03:05 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2008-09-16 03:05 --------- d-----w c:\arquivos de programas\Winamp Remote

2008-09-16 03:05 --------- d-----w c:\arquivos de programas\TmNationsForever

2008-09-16 03:05 --------- d-----w c:\arquivos de programas\Thoosje Sidebar V2.3

2008-09-16 02:56 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\Ahead

2008-09-16 02:42 --------- d-----w c:\arquivos de programas\DivX

2008-09-16 02:42 --------- d-----w c:\arquivos de programas\AVIXDVD

2008-09-16 02:21 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead

2008-09-16 02:13 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Nero

2008-09-16 02:13 --------- d-----w c:\arquivos de programas\Nero

2008-09-16 02:01 --------- d-----w c:\arquivos de programas\Arquivos comuns\Nero

2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys

2008-09-12 17:19 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2008-09-12 17:19 --------- d-----w c:\arquivos de programas\Circle Developement

2008-09-11 12:44 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Skype

2008-09-11 12:44 --------- d-----w c:\arquivos de programas\Skype

2008-09-11 12:44 --------- d-----w c:\arquivos de programas\Arquivos comuns\Skype

2008-09-08 22:43 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\Hamachi

2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys

2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll

2008-08-14 13:24 2,149,376 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 13:24 2,028,032 ----a-w c:\windows\system32\ntkrnlpa.exe

2008-05-16 23:11 11,504 ----a-w c:\arquivos de programas\IP Changer.rar

2008-01-01 01:58 22,328 ----a-w c:\documents and settings\irmaos\Dados de aplicativos\PnkBstrK.sys

2007-02-07 20:50 19,456 ----a-w c:\arquivos de programas\IP Changer.exe

2006-01-07 15:56 727 ----a-w c:\arquivos de programas\info_awl.txt

2006-01-07 15:54 894 ----a-w c:\arquivos de programas\wazne.txt

2005-02-16 14:06 218,112 ----a-w c:\arquivos de programas\HijackThis.exe

2008-05-08 19:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008050820080509\index.dat

.

((((((((((((((((((((((((((((( snapshot@2008-10-26_ 0.15.09.04 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-08-06 19:22:02 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll

+ 2008-11-04 13:15:38 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll

- 2008-08-06 19:30:48 202,168 ------w c:\windows\system32\Adobe\Director\swdir.dll

+ 2008-11-04 13:24:12 202,168 ----a-w c:\windows\system32\Adobe\Director\swdir.dll

- 2008-08-06 19:22:42 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll

+ 2008-11-04 13:16:16 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll

- 2008-08-06 18:45:40 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

+ 2008-11-04 12:56:40 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

- 2008-08-06 19:22:44 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

+ 2008-11-04 13:16:20 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

- 2008-08-06 18:35:52 706,048 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll

+ 2008-11-04 12:41:22 710,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll

- 2008-08-06 18:35:52 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

+ 2008-11-04 12:41:22 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

- 2008-08-06 18:42:04 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll

+ 2008-11-04 12:52:10 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll

+ 2008-11-08 19:50:45 181,624 ----atw c:\windows\system32\Adobe\Shockwave 11\nssstub.exe

- 2008-08-06 18:35:52 54,656 ----a-w c:\windows\system32\Adobe\Shockwave 11\pccuapi.dll

+ 2008-11-04 12:41:22 54,656 ----a-w c:\windows\system32\Adobe\Shockwave 11\pccuapi.dll

- 2008-08-06 19:21:14 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll

+ 2008-11-04 13:14:58 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll

- 2008-08-06 19:24:14 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll

+ 2008-11-04 13:16:52 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll

+ 2008-11-04 13:23:52 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1100470.exe

- 2008-08-06 19:24:56 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

+ 2008-11-04 13:14:42 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

- 2008-08-06 19:21:04 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

+ 2008-11-04 13:14:40 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

- 2008-08-06 18:35:52 50,808 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

+ 2008-11-04 12:41:22 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

+ 2008-10-31 22:50:10 144,792 ----a-w c:\windows\system32\java.exe

+ 2008-10-31 22:50:10 144,792 ----a-w c:\windows\system32\javaw.exe

+ 2008-10-31 22:50:10 148,888 ----a-w c:\windows\system32\javaws.exe

+ 2008-11-08 19:38:09 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7ec.dat

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2008-08-23 267056]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-12-28 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856]

"DAEMON Tools"="c:\arquivos de programas\DAEMON Tools\daemon.exe" [2007-09-18 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="c:\arquivos de programas\Eset\nod32kui.exe" [2007-12-27 949376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-04-19 86016]

"Ink Monitor"="c:\arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2004-03-31 258114]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-12-30 185896]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696]

"w3dr.exe"="d:\arquivos de programas\Warcraft III\w3dr.exe" [2008-08-03 61440]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-10-31 136600]

"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2008-11-08 181624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\irmaos\Menu Iniciar\Programas\Inicializar\

BrOffice.org 2.4.lnk - c:\arquivos de programas\BrOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-02-28 1674440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\LevelUpGames\\Grand Chase\\main.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\Arquivos de programas\\GameSpy\\Comrade\\Comrade.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\LevelUpGames\\Grand Chase\\grandchase.exe"=

"d:\\Arquivos de programas\\TibiCam 8.0\\TibiCAM\\TibiCAM.exe"=

"d:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\World of Warcraft\\Launcher.exe"=

"d:\\Arquivos de programas\\Warcraft III\\w3l.exe"=

"c:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"=

"c:\\Arquivos de programas\\TmNationsForever\\TmForever.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\SecondLife\\SLVoice.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\Little_fighter_3\\LF3??????.exe"=

"d:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=

"c:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"d:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"c:\arquivos de programas\Little_fighter_3\LF3??????.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"17771:UDP"= 17771:UDP:Hamachi

"12975:TCP"= 12975:TCP:Hamachi 2

"32976:TCP"= 32976:TCP:Hamachi 3

"6112:TCP"= 6112:TCP:6112

"6113:TCP"= 6113:TCP:6113

R1 ZWmiApRplLL;Ativa o download e instalação das atualizações do Windows...;c:\windows\system32\drive21.sys [2008-10-18 36096]

R2 JavaQuickStarterService;Java Quick Starter;c:\arquivos de programas\Java\jre6\bin\jqs.exe [2008-10-31 152984]

R2 MobiCap;Fix8 Live Cam, WDM Video Capture;c:\windows\system32\DRIVERS\MobiCap.sys [2007-11-15 19968]

S2 RPCH;Remote Procedure Call (HPM);c:\arquivos de programas\NetMeeting\Intell.exe [2005-06-16 397824]

S3 GNCT511;Genius VideoCAM NB;c:\windows\system32\DRIVERS\gnct511.sys [2002-11-14 229376]

S3 XDva095;XDva095;c:\windows\system32\XDva095.sys [ ]

S3 XDva110;XDva110;c:\windows\system32\XDva110.sys [ ]

S3 XDva115;XDva115;c:\windows\system32\XDva115.sys [ ]

S3 XDva120;XDva120;c:\windows\system32\XDva120.sys [ ]

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-08 c:\windows\Tasks\NSSstub.job

- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2008-11-08 16:50]

.

.

------- Scan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.hs24.com.br/

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

O8 -: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 -: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 -: Add to AMV Converter... - c:\arquivos de programas\MP3 Player Utilities 4.14\AMVConverter\grab.html

O8 -: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 -: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 -: Download All by FlashGet - d:\arquivos de programas\FlashGet\jc_all.htm

O8 -: Download using FlashGet - d:\arquivos de programas\FlashGet\jc_link.htm

O8 -: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 -: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.14\MediaManager\grab.html

O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\irmaos\Menu Iniciar\Programas\IMVU\Run IMVU.lnk

O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\irmaos\Menu Iniciar\Programas\IMVU\Run IMVU.lnk -

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab

c:\windows\Downloaded Program Files\InstallClient.inf

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-08 18:20:34

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-11-08 18:21:02

ComboFix-quarantined-files.txt 2008-11-08 21:20:57

ComboFix2.txt 2008-10-28 01:20:48

ComboFix3.txt 2008-10-26 03:16:29

Pré-execução: 16 pasta(s) 14.872.584.192 bytes disponíveis

Pós execução: 16 pasta(s) 14,898,819,072 bytes disponíveis

285 --- E O F --- 2008-10-24 16:03:23

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virusscan.jotti.org/

Em File to upload coloque: c:\windows\system32\drive21.sys

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":


File::

c:\windows\system32\drive21.sys

Driver::

ZWmiApRplLL

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui estão: :)

ComboFix:

ComboFix 08-11-12.01 - irmaos 2008-11-13 23:50:40.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1526 [GMT -3:00]

Executando de: c:\documents and settings\irmaos\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\irmaos\Desktop\CFScript.txt

* Criado um novo ponto de restauro

* Resident AV is active

FILE ::

c:\windows\system32\drive21.sys

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drive21.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ZWMIAPRPLLL

-------\Service_ZWmiApRplLL

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-14 to 2008-11-14 ))))))))))))))))))))))))))))

.

2008-11-13 11:15 . 2008-11-13 11:16 412,469 --a------ c:\windows\EPSTPLOG.BAK

2008-11-12 11:18 . 2008-11-12 11:18 15,038 --a------ c:\windows\EPISMP00.SWB

2008-11-12 05:48 . 2008-11-12 05:48 1,393 --a------ c:\windows\imsins.BAK

2008-11-12 05:44 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 05:43 . 2008-09-04 14:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-08 19:52 . 2008-11-08 19:52 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Symantec Shared

2008-11-08 19:51 . 2008-11-09 18:00 <DIR> d-------- c:\arquivos de programas\Norton Security Scan

2008-11-08 14:05 . 2008-11-08 14:05 <DIR> d-------- c:\arquivos de programas\OGPlanet

2008-10-31 19:51 . 2008-11-11 16:38 <DIR> d-------- c:\documents and settings\irmaos\Dados de aplicativos\LimeWire

2008-10-31 19:50 . 2008-10-31 19:50 <DIR> d-------- c:\windows\Sun

2008-10-31 19:50 . 2008-10-31 19:50 <DIR> d-------- c:\arquivos de programas\Java

2008-10-31 19:50 . 2008-10-31 19:50 410,976 --a------ c:\windows\system32\deploytk.dll

2008-10-31 19:50 . 2008-10-31 19:50 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-10-31 19:44 . 2008-10-31 19:45 <DIR> d-------- c:\arquivos de programas\LimeWire

2008-10-30 18:15 . 2008-10-30 18:15 <DIR> d-------- c:\arquivos de programas\findlop

2008-10-25 11:52 . 2008-10-25 11:54 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2008-10-25 11:52 . 2008-10-25 11:52 <DIR> d-------- c:\arquivos de programas\Lavasoft

2008-10-25 11:51 . 2008-10-25 11:51 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-10-24 09:55 . 2008-10-24 09:55 <DIR> d-------- c:\windows\Eurobattle.net Installer

2008-10-24 07:17 . 2008-10-15 13:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-10-20 18:49 . 2008-11-02 16:00 <DIR> d-------- c:\arquivos de programas\WarRock

2008-10-19 12:04 . 2008-10-19 12:04 <DIR> d-------- c:\arquivos de programas\LRC Editor 4

2008-10-19 12:03 . 2008-10-19 12:04 <DIR> d-------- c:\arquivos de programas\MP3 Player Utilities 4.14

2008-10-15 19:14 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-15 19:14 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-15 19:14 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-15 19:14 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-15 18:41 . 2008-09-08 07:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

2008-10-15 18:40 . 2008-09-15 12:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-14 02:56 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\uTorrent

2008-11-14 02:56 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\Orbit

2008-11-14 02:55 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\BrOffice.org2

2008-11-12 08:50 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2008-11-08 03:52 12,165 ----a-w c:\arquivos de programas\hijackthis.log

2008-11-03 14:35 --------- d-----w c:\arquivos de programas\uTorrent

2008-11-03 03:33 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\IMVU

2008-11-03 01:22 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\Skype

2008-11-03 00:20 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\skypePM

2008-10-26 02:32 4,048 ----a-w c:\windows\msapps\msapp.dll

2008-10-25 17:04 --------- d-----w c:\arquivos de programas\GTA San Andreas

2008-10-25 14:16 --------- d-----w c:\arquivos de programas\Warcraft III

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-22 23:52 159,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-10-22 23:51 182,928 ----a-w c:\windows\system32\PnkBstrB.exe

2008-10-20 21:49 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-10-15 17:33 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\DVD Flick

2008-10-04 11:47 --------- d-----w c:\arquivos de programas\Stardock

2008-10-02 21:41 --------- d-----w c:\arquivos de programas\Soldat

2008-10-02 21:35 --------- d-----w c:\arquivos de programas\Diablo II

2008-10-01 23:39 --------- d-----w c:\arquivos de programas\LooksBuilder

2008-09-30 19:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-30 16:58 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\IMVUClient

2008-09-30 16:52 --------- d-----w c:\arquivos de programas\IMVU

2008-09-16 05:51 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2008-09-16 05:50 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\Apple Computer

2008-09-16 05:47 --------- d-----w c:\arquivos de programas\QuickTime

2008-09-16 05:47 --------- d-----w c:\arquivos de programas\Arquivos comuns\Apple

2008-09-16 05:46 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Apple

2008-09-16 05:46 --------- d-----w c:\arquivos de programas\Apple Software Update

2008-09-16 04:20 --------- d-----w c:\arquivos de programas\QuickMediaConverter

2008-09-16 03:46 --------- d-----w c:\arquivos de programas\Unity

2008-09-16 03:05 --------- d-----w c:\arquivos de programas\ZipGenius 6

2008-09-16 03:05 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2008-09-16 03:05 --------- d-----w c:\arquivos de programas\Winamp Remote

2008-09-16 03:05 --------- d-----w c:\arquivos de programas\TmNationsForever

2008-09-16 03:05 --------- d-----w c:\arquivos de programas\Thoosje Sidebar V2.3

2008-09-16 02:56 --------- d-----w c:\documents and settings\irmaos\Dados de aplicativos\Ahead

2008-09-16 02:42 --------- d-----w c:\arquivos de programas\DivX

2008-09-16 02:42 --------- d-----w c:\arquivos de programas\AVIXDVD

2008-09-16 02:21 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead

2008-09-16 02:13 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Nero

2008-09-16 02:13 --------- d-----w c:\arquivos de programas\Nero

2008-09-16 02:01 --------- d-----w c:\arquivos de programas\Arquivos comuns\Nero

2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys

2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll

2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll

2008-08-14 13:24 2,149,376 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 13:24 2,028,032 ----a-w c:\windows\system32\ntkrnlpa.exe

2008-05-16 23:11 11,504 ----a-w c:\arquivos de programas\IP Changer.rar

2008-01-01 01:58 22,328 ----a-w c:\documents and settings\irmaos\Dados de aplicativos\PnkBstrK.sys

2007-02-07 20:50 19,456 ----a-w c:\arquivos de programas\IP Changer.exe

2006-01-07 15:56 727 ----a-w c:\arquivos de programas\info_awl.txt

2006-01-07 15:54 894 ----a-w c:\arquivos de programas\wazne.txt

2005-02-16 14:06 218,112 ----a-w c:\arquivos de programas\HijackThis.exe

2008-05-08 19:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008050820080509\index.dat

.

((((((((((((((((((((((((((((( snapshot_2008-11-08_18.20.48,18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2008-11-08 22:51:59 29,184 ----a-r c:\windows\Installer\{3FADAA19-E595-44CA-A072-58B6B0851768}\Icon3FADAA191.exe

+ 2008-11-12 08:47:49 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe

- 2008-10-16 03:29:25 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-11-12 08:50:29 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2008-10-16 03:29:26 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-11-12 08:50:30 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-10-16 03:29:25 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-11-12 08:50:30 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2008-10-16 03:29:25 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2008-11-12 08:50:30 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2008-10-16 03:29:26 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2008-11-12 08:50:30 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2008-10-16 03:29:26 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-11-12 08:50:30 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-10-16 03:29:26 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-11-12 08:50:30 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-10-16 03:29:25 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-11-12 08:50:30 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2008-10-16 03:29:26 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-11-12 08:50:30 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2008-10-16 03:29:26 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-11-12 08:50:30 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2008-10-16 03:29:26 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-11-12 08:50:30 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-10-16 03:29:25 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-11-12 08:50:29 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-04-13 22:20:36 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll

+ 2008-09-10 01:15:24 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll

- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe

+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe

- 2007-11-30 11:18:16 18,296 ------w c:\windows\system32\spmsg.dll

+ 2008-07-08 12:58:40 18,296 ------w c:\windows\system32\spmsg.dll

+ 2008-11-14 02:55:28 16,384 ----atw c:\windows\temp\Perflib_Perfdata_684.dat

+ 2008-09-30 19:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll

+ 2008-09-30 19:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2008-08-23 267056]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-12-28 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-13 68856]

"DAEMON Tools"="c:\arquivos de programas\DAEMON Tools\daemon.exe" [2007-09-18 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="c:\arquivos de programas\Eset\nod32kui.exe" [2007-12-27 949376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-04-19 86016]

"Ink Monitor"="c:\arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2004-03-31 258114]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE" [2004-01-14 99840]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-12-30 185896]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696]

"w3dr.exe"="d:\arquivos de programas\Warcraft III\w3dr.exe" [2008-08-03 61440]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-10-31 136600]

"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\irmaos\Menu Iniciar\Programas\Inicializar\

BrOffice.org 2.4.lnk - c:\arquivos de programas\BrOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-02-28 1674440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\LevelUpGames\\Grand Chase\\main.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\Arquivos de programas\\GameSpy\\Comrade\\Comrade.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\LevelUpGames\\Grand Chase\\grandchase.exe"=

"d:\\Arquivos de programas\\TibiCam 8.0\\TibiCAM\\TibiCAM.exe"=

"d:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\World of Warcraft\\Launcher.exe"=

"d:\\Arquivos de programas\\Warcraft III\\w3l.exe"=

"c:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"=

"c:\\Arquivos de programas\\TmNationsForever\\TmForever.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\SecondLife\\SLVoice.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\Little_fighter_3\\LF3??????.exe"=

"d:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=

"c:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"d:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"c:\arquivos de programas\Little_fighter_3\LF3??????.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"17771:UDP"= 17771:UDP:Hamachi

"12975:TCP"= 12975:TCP:Hamachi 2

"32976:TCP"= 32976:TCP:Hamachi 3

"6112:TCP"= 6112:TCP:6112

"6113:TCP"= 6113:TCP:6113

R2 MobiCap;Fix8 Live Cam, WDM Video Capture;c:\windows\system32\DRIVERS\MobiCap.sys [2007-11-15 19968]

S2 RPCH;Remote Procedure Call (HPM);c:\arquivos de programas\NetMeeting\Intell.exe [2005-06-16 397824]

S3 GNCT511;Genius VideoCAM NB;c:\windows\system32\DRIVERS\gnct511.sys [2002-11-14 229376]

S3 XDva095;XDva095;c:\windows\system32\XDva095.sys [ ]

S3 XDva110;XDva110;c:\windows\system32\XDva110.sys [ ]

S3 XDva115;XDva115;c:\windows\system32\XDva115.sys [ ]

S3 XDva120;XDva120;c:\windows\system32\XDva120.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd4b0232-b4e4-11dc-bc1c-00e07de3147b}]

\Shell\AutoRun\command - J:\NTruntr.exe

\Shell\explore\Command - J:\NTruntr.exe

\Shell\open\Command - J:\NTruntr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2411758-210e-11dd-be19-00e07de3147b}]

\Shell\AutoRun\command - J:\NTruntr.exe

\Shell\explore\Command - J:\NTruntr.exe

\Shell\open\Command - J:\NTruntr.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-09 c:\windows\Tasks\Norton Security Scan for irmaos.job

- c:\arquivos de programas\Norton Security Scan\Nss.exe [2008-09-19 04:18]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-13 23:55:12

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\BrOffice.org 2.4\program\soffice.exe

c:\arquivos de programas\Orbitdownloader\orbitnet.exe

c:\arquivos de programas\BrOffice.org 2.4\program\soffice.bin

c:\arquivos de programas\ESET\nod32krn.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-11-14 0:03:24 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-11-14 03:02:21

ComboFix2.txt 2008-11-08 21:21:03

ComboFix3.txt 2008-10-28 01:20:48

ComboFix4.txt 2008-10-26 03:16:29

Pré-execução: 16 pasta(s) 15.143.350.272 bytes disponíveis

Pós execução: 16 pasta(s) 15,249,248,256 bytes disponíveis

295 --- E O F --- 2008-11-12 08:50:32

HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 00:04:00, on 14/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

D:\Arquivos de programas\Warcraft III\w3dr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\BrOffice.org 2.4\program\soffice.BIN

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hs24.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [w3dr.exe] D:\Arquivos de programas\Warcraft III\w3dr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033 -noicon

O4 - Startup: BrOffice.org 2.4.lnk = C:\Arquivos de programas\BrOffice.org 2.4\program\quickstart.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.14\AMVConverter\grab.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: Download All by FlashGet - D:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - D:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.14\MediaManager\grab.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\irmaos\Menu Iniciar\Programas\IMVU\Run IMVU.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/windows-ie/en/AMClient.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?AuthParam=1225493474_d850939d14f19a87d7ecbebb7e2f0ec9&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab&File=jinstall-6u10-windows-i586-jc.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×