Jump to content


Photo

Btqsvc.exe

Started By helioth, 15/04/2009, 19:18

  • This topic is locked This topic is locked
6 replies to this topic

#1 helioth

helioth

    Projeção A

  • Usuários
  • 683 posts
  • Sexo:Masculino
  • Localidade:Mauá city - ABC - SP

Posted 15/04/2009, 19:18

Seguinte estou com aquele velho problema do orkut, que ao se logar ele mostra a mensagem:

Google Error
We're sorry...
... but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now.
We'll restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected, you might want to run a virus checker or spyware remover to make sure that your systems are free of viruses and other spurious software.
We apologize for the inconvenience, and hope we'll see you again on Google.

O que acontece, esse arquivo do titulo do tópico não sai no remover programas, e dando um fix no HJT também não... <_< É muito suspeito esse arquivo....

Também passei o Ad-ware e meu antivirus, o Eset mas não resolveu o problema.... :unsure:

Enfim segue o meu log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:57, on 15/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe
C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Arquivos de programas\Google\Google Talk\googletalk.exe
C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Nando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Arquivos de programas\Opera\opera.exe
C:\Arquivos de programas\Mozilla Thunderbird 3 Beta 2\thunderbird.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
E:\programas\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1154709617156
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextus.ob...ronGameHost.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: BTQueue (BTQService) - Unknown owner - C:\Arquivos de programas\BTQueue\btqsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11974 bytes

Bons ventos!

Edição feita por: helioth, 15/04/2009, 19:19.

Fórum WMO - Equipe de Design - Monitor
Macho que é macho não chupa mel, masca abelha.
Posted Image

#2 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 18/04/2009, 00:28

1) Baixe o ComboFix em: Combofix

3) Para saber como usar o Combofix acesse:

http://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

4) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

Você usa algum proxy?


#3 helioth

helioth

    Projeção A

  • Usuários
  • 683 posts
  • Sexo:Masculino
  • Localidade:Mauá city - ABC - SP

Posted 18/04/2009, 11:35

Não utilizo proxy...

Ele tinha dado um erro na execução do combofix "O pv.cfexe encontrou um problema e precisa ser fechado", com as opções de fechar ou depurar, eu fechei e continuou.
Segue o log gerado do combofix:

ComboFix 09-04-18.05 - Nando 18/04/2009 11:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.511.202 [GMT -3:00]
Executando de: c:\documents and settings\Nando\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-18 to 2009-04-18 ))))))))))))))))))))))))))))
.

2009-04-17 02:37 . 2009-03-27 06:53 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 02:37 . 2008-04-21 21:15 216064 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 18:20 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 18:20 . 2009-03-06 14:20 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 18:20 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 18:20 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 18:20 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 18:20 . 2009-02-09 10:53 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 18:20 . 2009-02-09 10:53 731648 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 18:20 . 2009-02-09 10:53 730624 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 18:20 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-12 02:03 . 2009-04-12 02:20 -------- d-----w C:\OutputFolder
2009-04-12 02:00 . 2007-04-12 17:19 129024 ----a-w c:\windows\system32\AVERM.dll
2009-04-12 02:00 . 2006-09-26 16:57 28672 ----a-w c:\windows\system32\AVEQT.dll
2009-04-12 00:17 . 2008-04-27 13:33 765952 ----a-w c:\windows\system32\xvidcore.dll
2009-04-12 00:17 . 2007-06-28 21:55 77824 ----a-w c:\windows\system32\xvid.ax
2009-04-12 00:17 . 2008-04-27 13:35 180224 ----a-w c:\windows\system32\xvidvfw.dll
2009-04-12 00:07 . 2005-08-26 01:10 9804 ----a-w c:\windows\system\vdremote.dll
2009-04-12 00:07 . 2005-08-26 01:09 7244 ----a-w c:\windows\system\vdsvrlnk.dll
2009-04-04 16:29 . 2008-05-09 10:55 180224 -c----w c:\windows\system32\dllcache\scrobj.dll
2009-04-04 16:29 . 2008-05-09 10:55 90112 -c----w c:\windows\system32\dllcache\wshext.dll
2009-04-04 16:29 . 2008-05-09 10:55 172032 -c----w c:\windows\system32\dllcache\scrrun.dll
2009-04-04 16:29 . 2008-05-09 08:45 135168 -c----w c:\windows\system32\dllcache\cscript.exe
2009-04-04 16:29 . 2008-05-08 11:24 155648 -c----w c:\windows\system32\dllcache\wscript.exe
2009-04-03 23:37 . 2009-04-03 23:37 -------- d-----w c:\windows\l2schemas
2009-04-03 23:37 . 2009-04-03 23:37 -------- d-----w c:\windows\system32\bits
2009-04-03 23:33 . 2009-04-03 23:37 -------- d-----w c:\windows\ServicePackFiles
2009-04-03 23:23 . 2009-04-03 23:23 -------- d-----w c:\windows\EHome
2009-03-28 19:08 . 2009-03-28 19:09 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-03-25 03:22 . 2009-01-18 21:35 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-25 03:01 . 2009-04-06 03:09 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-03-25 03:00 . 2009-03-25 03:00 -------- dc-h--w c:\documents and settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-25 02:59 . 2009-03-25 03:01 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Lavasoft
2009-03-21 14:08 . 2009-03-21 14:08 1028608 -c----w c:\windows\system32\dllcache\kernel32.dll
2009-03-20 18:03 . 2002-05-31 04:10 294400 ----a-w c:\windows\system32\ETXCodec.dll
2009-03-20 18:03 . 2009-03-20 18:03 -------- d-----w c:\documents and settings\Nando\WINDOWS
2009-03-20 16:44 . 2005-07-20 21:05 75264 ----a-w c:\windows\system32\zlib1.dll
2009-03-20 16:44 . 2004-02-12 11:39 438272 ----a-w c:\windows\system32\vp6vfw.dll
2009-03-20 16:44 . 2001-08-23 19:25 1706800 ----a-w c:\windows\system32\gdiplus.dll
2009-03-20 16:33 . 2009-04-17 03:00 -------- d-----w c:\documents and settings\Nando\Tracing
2009-03-20 15:33 . 2009-03-20 15:33 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-03-20 15:32 . 2006-11-29 16:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-03-20 14:37 . 2009-03-20 14:37 -------- d-sh--w c:\documents and settings\Nando\PrivacIE
2009-03-20 14:37 . 2009-03-20 14:37 -------- d-sh--w c:\documents and settings\Nando\IECompatCache
2009-03-20 14:19 . 2009-03-20 14:19 -------- d-sh--w c:\documents and settings\Nando\IETldCache
2009-03-20 03:39 . 2009-03-20 03:39 -------- d-----w c:\windows\ie8updates
2009-03-20 03:36 . 2009-04-03 23:37 -------- d-----w c:\windows\system32\pt-BR
2009-03-20 03:36 . 2009-03-20 03:38 -------- dc-h--w c:\windows\ie8
2009-03-20 03:34 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 13:42 . 2009-03-25 16:08 12988 ----a-w C:\aaw7boot.log
2009-04-17 15:30 . 2008-07-27 19:01 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Google Updater
2009-04-17 03:00 . 2009-03-10 16:50 -------- d-----w c:\arquivos de programas\Mozilla Thunderbird 3 Beta 2
2009-04-16 14:23 . 2004-08-04 12:00 67232 ----a-w c:\windows\system32\perfc016.dat
2009-04-16 14:23 . 2004-08-04 12:00 425072 ----a-w c:\windows\system32\perfh016.dat
2009-04-12 02:01 . 2009-04-12 02:00 -------- d-----w c:\arquivos de programas\Allok Video Joiner
2009-04-12 00:33 . 2009-03-18 04:00 -------- d-----w c:\arquivos de programas\Avidemux 2.4
2009-04-12 00:17 . 2009-04-12 00:17 -------- d-----w c:\arquivos de programas\Xvid
2009-04-07 04:32 . 2008-07-24 15:06 -------- d-----w c:\arquivos de programas\Opera
2009-04-06 02:43 . 2009-04-06 02:43 -------- d-----w c:\arquivos de programas\ADShareit
2009-04-06 00:20 . 2009-04-06 00:20 -------- d-----w c:\arquivos de programas\Sonic Foundry
2009-04-06 00:19 . 2009-04-06 00:19 -------- d-----w c:\arquivos de programas\Sonic Foundry Setup
2009-04-04 02:04 . 2008-07-23 21:59 51120 ----a-w c:\documents and settings\Nando\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2009-04-03 23:29 . 2004-08-04 12:00 251696 --sha-r C:\ntldr
2009-04-03 19:45 . 2009-01-21 19:59 -------- d-----w c:\documents and settings\Nando\Dados de aplicativos\FileZilla
2009-03-31 19:15 . 2008-08-02 14:56 -------- d-----w c:\documents and settings\Nando\Dados de aplicativos\Alien Skin
2009-03-31 17:59 . 2009-03-31 17:59 -------- d-----w c:\arquivos de programas\Alien Skin
2009-03-28 22:22 . 2008-12-17 19:29 -------- d-----w c:\arquivos de programas\CDBurnerXP
2009-03-28 19:08 . 2009-03-28 19:08 -------- d-----w c:\arquivos de programas\DVD Shrink
2009-03-28 17:38 . 2009-03-28 17:38 -------- d-----w c:\arquivos de programas\MySearch
2009-03-28 17:32 . 2009-03-28 17:26 -------- d-----w c:\arquivos de programas\ElcomSoft
2009-03-25 02:59 . 2009-03-25 02:59 -------- d-----w c:\arquivos de programas\Lavasoft
2009-03-20 19:03 . 2009-03-20 19:03 -------- d-----w c:\arquivos de programas\MSXML 4.0
2009-03-20 18:03 . 2009-03-20 18:03 -------- d-----w c:\arquivos de programas\Etymonix
2009-03-20 17:51 . 2009-03-20 17:51 -------- d-----w c:\arquivos de programas\Essentials Codec Pack
2009-03-20 16:44 . 2009-03-20 16:44 -------- d-----w c:\arquivos de programas\VideoCharge Software
2009-03-20 16:44 . 2006-08-16 16:50 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information
2009-03-20 16:44 . 2006-08-16 16:49 -------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield
2009-03-20 15:35 . 2009-03-20 15:28 -------- d-----w c:\arquivos de programas\Microsoft
2009-03-20 15:35 . 2009-03-20 15:35 -------- d-----w c:\arquivos de programas\Microsoft Office Outlook Connector
2009-03-20 15:34 . 2009-03-20 15:27 -------- d-----w c:\arquivos de programas\Windows Live
2009-03-20 15:34 . 2009-03-20 15:34 -------- d-----w c:\arquivos de programas\Microsoft Sync Framework
2009-03-20 15:32 . 2009-03-20 15:32 -------- d-----w c:\arquivos de programas\Microsoft SQL Server Compact Edition
2009-03-20 15:28 . 2009-03-20 15:28 -------- d-----w c:\arquivos de programas\Windows Live SkyDrive
2009-03-20 14:57 . 2009-03-20 14:57 -------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live
2009-03-20 02:51 . 2009-03-20 02:51 -------- d-----w c:\arquivos de programas\Arquivos comuns\xing shared
2009-03-20 02:51 . 2008-07-27 19:14 -------- d-----w c:\arquivos de programas\Arquivos comuns\Real
2009-03-20 02:50 . 2008-07-23 22:22 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-20 02:50 . 2008-07-23 22:22 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-19 03:53 . 2009-03-19 03:53 -------- d-----w c:\arquivos de programas\bobyte
2009-03-19 03:32 . 2009-03-19 03:32 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Pinnacle VideoSpin
2009-03-19 03:28 . 2009-03-19 03:28 -------- d-----w c:\arquivos de programas\Arquivos comuns\Yahoo!
2009-03-19 03:28 . 2009-03-19 03:28 -------- d-----w c:\arquivos de programas\Pinnacle
2009-03-19 03:28 . 2009-03-19 03:28 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\VideoSpin
2009-03-19 03:25 . 2009-03-19 03:25 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Pinnacle
2009-03-18 04:40 . 2009-03-18 04:01 -------- d-----w c:\documents and settings\Nando\Dados de aplicativos\avidemux
2009-03-15 01:57 . 2008-07-27 19:01 -------- d-----w c:\arquivos de programas\Google
2009-03-11 16:50 . 2009-03-11 16:50 -------- d-----w c:\arquivos de programas\Programas RFB
2009-03-11 00:42 . 2009-03-11 00:42 -------- d-----w c:\arquivos de programas\Ares
2009-03-10 16:50 . 2009-03-10 16:50 -------- d-----w c:\documents and settings\Nando\Dados de aplicativos\Thunderbird
2009-03-08 07:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 07:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 07:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 07:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 07:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 07:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 07:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 07:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 07:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 07:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2004-08-04 12:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-02-28 02:17 . 2009-02-28 02:17 -------- d-----w c:\documents and settings\Nando\Dados de aplicativos\ACD Systems
2009-02-28 02:15 . 2009-02-28 02:14 -------- d-----w c:\arquivos de programas\Arquivos comuns\ACD Systems
2009-02-28 02:15 . 2009-02-28 02:15 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\ACD Systems
2009-02-28 02:14 . 2009-02-28 02:14 -------- d-----w c:\arquivos de programas\ACD Systems
2009-02-26 16:57 . 2009-01-18 14:23 -------- d-----w c:\arquivos de programas\Microsoft Silverlight
2009-02-24 17:07 . 2009-01-29 19:26 -------- d-----w c:\arquivos de programas\VDOWNLOADER
2009-02-22 15:37 . 2009-02-22 15:37 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-02-22 15:36 . 2009-02-22 15:36 -------- d-----w c:\arquivos de programas\Arquivos comuns\Motorola Shared
2009-02-09 14:06 . 2004-08-04 12:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:25 . 2004-08-04 00:40 2028032 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:25 . 2004-08-04 12:00 2149376 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2004-08-04 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2004-08-04 12:00 731648 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2004-08-04 12:00 730624 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 2004-08-04 12:00 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:53 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-06 22:14 . 2009-02-06 22:14 308088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 21:52 . 2009-02-06 21:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-29 16:07 . 2009-01-29 16:04 4833 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-01-29 16:07 . 2009-01-29 16:07 51983 ----a-w c:\windows\BricoPackUninst.cmd
2008-09-12 18:50 . 2008-08-23 00:06 2828 --sha-w c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys
2008-09-12 18:50 . 2008-08-23 00:06 168 --sh--r c:\documents and settings\All Users\Dados de aplicativos\32C5ED3730.sys
2007-11-28 20:2008-07-27 19:05 21:55 . c:\arquivos de programas\mozilla firefox\components\jar50.dll
2007-11-28 20:2008-07-27 19:05 21:55 . c:\arquivos de programas\mozilla firefox\components\jsd3250.dll
2007-11-28 20:2008-07-27 19:05 21:55 . c:\arquivos de programas\mozilla firefox\components\myspell.dll
2007-11-28 20:2008-07-27 19:05 21:55 . c:\arquivos de programas\mozilla firefox\components\spellchk.dll
2007-11-28 20:2008-07-27 19:05 21:55 . c:\arquivos de programas\mozilla firefox\components\xpinstal.dll
2008-12-29 20:49 . 2008-12-29 20:48 48 --sh--w c:\windows\S22E49965.tmp
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-27 68856]
"Google Update"="c:\documents and settings\Nando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
"ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-02-03 1004544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-11-24 136600]
"egui"="c:\arquivos de programas\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Adobe Photo Downloader"="c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Acrobat Assistant 8.0"="c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"QuickTime Task"="c:\arquivos de programas\QuickTime Alternative\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-03-20 198160]
"Ad-Watch"="c:\arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-06 515416]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-12 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-9-17 295606]
Adobe Acrobat Synchronizer.lnk - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe [2009-04-06 951632]
R3 BTQService;BTQueue;c:\arquivos de programas\BTQueue\btqsvc.exe [2006-06-23 18944]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-06 64160]
S0 xmasbus;xmasbus;c:\windows\system32\DRIVERS\xmasbus.sys [2003-12-21 140800]
S0 xmasscsi;xmasscsi;c:\windows\System32\Drivers\xmasscsi.sys [2003-12-20 5504]
S2 ekrn;Eset Service;c:\arquivos de programas\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S2 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2006-05-08 57152]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-04-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 03:08]

2009-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2009-04-18 c:\windows\Tasks\User_Feed_Synchronization-{DFFCA5C6-6A0A-4548-8B56-33D1FD210460}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

2009-04-18 c:\windows\Tasks\WECPUpdate.job
- c:\arquivos de programas\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 14:28]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 11:20
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,6f,cb,72,60,89,
56,d7,20,c8,28,51,af,b0,29,a3,98,66,16,e2,2f,b6,c6,6f,11,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,94,08,23,b5,ff,
e0,63,dc,71,3b,04,66,8b,46,0d,96,00,c3,c0,5c,bf,b3,15,3c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,63,79,39,f4,c1,
e6,b6,59,25,da,ec,7e,55,20,c9,26,2e,8c,f5,e3,98,53,a1,38,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,3a,95,4c,b4,34,
b1,d4,ab,3e,1e,9e,e0,57,5a,93,61,a8,a1,5c,9f,b2,fe,92,0e,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,1e,de,53,32,96,
4c,19,c7,cd,44,cd,b9,a6,33,6c,cd,8a,69,2d,24,43,3b,cc,56,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,a5,55,77,b1,72,
d4,69,9a,b0,18,ed,a7,3f,8d,37,a4,0c,1f,92,5d,f5,9f,5c,a5,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,1d,5a,68,da,e2,
39,fd,1d,31,77,e1,ba,b1,f8,68,02,40,ac,20,5b,a8,53,81,76,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,31,7f,2d,43,9b,
71,8f,22,83,6c,56,8b,a0,85,96,ab,02,46,05,a1,f2,f8,ef,18,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,98,8b,4b,ff,ed,
02,f9,f6,51,fa,6e,91,28,9e,14,cc,13,48,a5,7a,91,14,60,2a,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,6d,a7,2d,98,9f,
93,31,1d,b1,cd,45,5a,a8,c4,f8,b9,af,a5,d5,f1,4a,b3,96,53,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,48,8d,b5,9e,b6,
ce,ae,4b,e3,0e,66,d5,eb,bc,2f,6b,72,48,7d,ab,5c,59,a3,e6,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,12,5f,ad,19,3b,
84,ac,17,fa,ea,66,7f,d4,3b,6b,70,ab,31,a4,84,b4,31,a4,d6,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(2104)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2009-04-18 11:24
ComboFix-quarantined-files.txt 2009-04-18 14:22

Pré-execução: 17 pasta(s) 18.032.164.864 bytes disponíveis
Pós execução: 16 pasta(s) 18.020.028.416 bytes disponíveis

333 --- E O F --- 2009-04-17 04:44


Agora segue o log do HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:37, on 18/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe
C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Nando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Opera\opera.exe
E:\programas\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1154709617156
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextus.ob...ronGameHost.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: BTQueue (BTQService) - Unknown owner - C:\Arquivos de programas\BTQueue\btqsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11187 bytes
Fórum WMO - Equipe de Design - Monitor
Macho que é macho não chupa mel, masca abelha.
Posted Image

#4 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 20/04/2009, 21:36

Bom, pela minha análise, BTQueue é um sistema de torrent.

Pode ser algum erro do google, já tentou trocar o navegador?


#5 helioth

helioth

    Projeção A

  • Usuários
  • 683 posts
  • Sexo:Masculino
  • Localidade:Mauá city - ABC - SP

Posted 20/04/2009, 22:22

Bom isso pode ter a ver, eu tenho instalado o utorrent aqui, mas creio que não tem ligação com esse arquivo, sei lá.....

No opera tem um lance de torrent também, e é o opera é que dá mais erro ao entrar no orkut, mas já tive esse problemas em outro navegadores também. É muito estranho. :ponder:
Mas valeu Leone, vou ver o que faço aqui, se arrumar eu posto aqui...
Fórum WMO - Equipe de Design - Monitor
Macho que é macho não chupa mel, masca abelha.
Posted Image

#6 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 20/04/2009, 22:37

Certo, aguardo sua resposta, só para dar uma ajuda o arquivo Btqsvc.exe pertence ao Bitorrent.


#7 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 30/04/2009, 09:14

Tópico Fechado!

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi fechado.
Caso necessite que o tópico seja reaberto, entre em contato com um dos moderadores do fórum..


Voltar para Casos Arquivados


1 user(s) are reading this topic

0 membro(s), 1 visitante(s) e 0 membros anônimo(s)

  1. Fórum WMO
  2. Troubleshooting - resolvendo problemas
  3. Segurança
  4. Remoção de Pragas Virtuais
  5. Casos Arquivados
  6. Privacy Policy
  7. Regras ·
IPB Skin By Virteq