Jump to content


Photo

Diversos Problemas

Started By Jécik, 09/01/2009, 18:12

  • This topic is locked This topic is locked
7 replies to this topic

#1 Jécik

Jécik

    Novato no fórum

  • Usuários
  • 4 posts
  • Sexo:Feminino
  • Localidade:Doir Irmãos - RS

Posted 09/01/2009, 18:12

Oi pessoal, eu to com uma série de pequenos problemas no meu pc.

Eu já tentei várias coisas pra tentar arrumar vários dos problemas, mas alguns problemas ainda permanecem os mesmos.

Um deles é que eu não consigo ver os nomes dos usuários na listagem dos programas que estão em execução do gerenciador de tarefas.
Outro deles é que eu não consigo fazer a troca rápida de usuários. Eu chego na tela, digito o usuário, a senha, e quando a tela muda como se fosse carregar as configurações, simplesmente volta pra mesma tela de login.

Outra coisa que tá acontecendo, é que eu não consigo mais abrir o IE. Tenho a versão 6.0.

Eu fiz a reinstalação do OS essa semana, para Windows XP SP3.

Não consigo baixar nada do site da microsoft, nem nenhum download que seja redirecionado pro site da microsoft...


Eu fiz o log do hijackthis, que segue abaixo:






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37 , on 9/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Java\jre1.6.0_07\bin\javaw.exe
C:\Arquivos de programas\FrostWire\FrostWire.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Jécik\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.1.2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\system32\wscript.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {d9ad1747-7b19-4dea-bc02-0ab12c4fc468} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdgfx.exe] C:\WINDOWS\system32\kdgfx.exe
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download using YTdown - C:\Documents and Settings\Jécik\Dados de aplicativos\Mc & RENOX\YTdown\YTdown.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1199581357281
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zon...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C934B56-6614-47B2-9A31-922B0154B1A5}: NameServer = 85.255.112.148;85.255.112.215
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
O17 - HKLM\System\CS3\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
O17 - HKLM\System\CS4\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\adialhk.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

--
End of file - 7867 bytes











Por favor, me ajudem no que puderem. To bastante sem grana pra mandar formatar todo o pc, sem perder os meus arquivos do HD...



Desde já agradeço a atenção.


#2 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 09/01/2009, 21:48

fix checked nas entradas abaixo:

[N] - O2 - BHO: (no name) - {d9ad1747-7b19-4dea-bc02-0ab12c4fc468} - (no file)
 [?] - O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdgfx.exe] C:\WINDOWS\system32\kdgfx.exe
 [?] - O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
 [X] - O17 - HKLM\System\CCS\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
 [X] - O17 - HKLM\System\CCS\Services\Tcpip\..\{3C934B56-6614-47B2-9A31-922B0154B1A5}: NameServer = 85.255.112.148;85.255.112.215
 [X] - O17 - HKLM\System\CS1\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
 [X] - O17 - HKLM\System\CS2\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
 [X] - O17 - HKLM\System\CS3\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
 [X] - O17 - HKLM\System\CS4\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215

COMBOFIX


 Baixe o ComboFix em: ComboFix

1) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;
2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);
3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;
4) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

Edição feita por: Northon, 09/01/2009, 21:49.


#3 Jécik

Jécik

    Novato no fórum

  • Usuários
  • 4 posts
  • Sexo:Feminino
  • Localidade:Doir Irmãos - RS

Posted 09/01/2009, 21:53

fix checked nas entradas abaixo:

[N] - O2 - BHO: (no name) - {d9ad1747-7b19-4dea-bc02-0ab12c4fc468} - (no file)
 [?] - O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdgfx.exe] C:\WINDOWS\system32\kdgfx.exe
 [?] - O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
 [X] - O17 - HKLM\System\CCS\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
 [X] - O17 - HKLM\System\CCS\Services\Tcpip\..\{3C934B56-6614-47B2-9A31-922B0154B1A5}: NameServer = 85.255.112.148;85.255.112.215
 [X] - O17 - HKLM\System\CS1\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
 [X] - O17 - HKLM\System\CS2\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
 [X] - O17 - HKLM\System\CS3\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
 [X] - O17 - HKLM\System\CS4\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215

COMBOFIX


 Baixe o ComboFix em: ComboFix

1) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;
2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);
3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;
4) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.




Não consigo baixar o combofix pelo link que vc me mandou!

fix checked nas entradas abaixo:

[N] - O2 - BHO: (no name) - {d9ad1747-7b19-4dea-bc02-0ab12c4fc468} - (no file)
 [?] - O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdgfx.exe] C:\WINDOWS\system32\kdgfx.exe
 [?] - O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
 [X] - O17 - HKLM\System\CCS\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
 [X] - O17 - HKLM\System\CCS\Services\Tcpip\..\{3C934B56-6614-47B2-9A31-922B0154B1A5}: NameServer = 85.255.112.148;85.255.112.215
 [X] - O17 - HKLM\System\CS1\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
 [X] - O17 - HKLM\System\CS2\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
 [X] - O17 - HKLM\System\CS3\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215
 [X] - O17 - HKLM\System\CS4\Services\Tcpip\..\{0C65F5C4-D4C6-45AB-8E4F-DB2B1086A3B2}: NameServer = 85.255.112.148;85.255.112.215

COMBOFIX


 Baixe o ComboFix em: ComboFix

1) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;
2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);
3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;
4) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.




Não consigo baixar o combofix pelo link que vc me mandou!



baixei do site do superdownloads, pode ser???


#4 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 09/01/2009, 22:56

Sim é claro, faça o que eu pedi na mensagem anterior.


#5 Jécik

Jécik

    Novato no fórum

  • Usuários
  • 4 posts
  • Sexo:Feminino
  • Localidade:Doir Irmãos - RS

Posted 09/01/2009, 23:22

Olá!


Segue o log do combofix:










ComboFix 09-01-08.05 - Jécik 2009-01-09 23:19:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1535.1152 [GMT -2:00]
Executando de: c:\documents and settings\Jécik\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\arquivos de programas\Mozilla Firefox\components\iamfamous.dll
C:\autorun.inf
c:\documents and settings\Jécik\Dados de aplicativos\3D Sexvilla 2.058.002 OxS!®.exe
c:\documents and settings\Jécik\Dados de aplicativos\inst.exe
C:\resycled
c:\resycled\boot.com
c:\resycled\bootmatrix.com
c:\windows\BMcb77e6b5.txt
c:\windows\jestertb.dll
c:\windows\pskt.ini
c:\windows\system32\drivers\msqpdxrnsrglct.sys
c:\windows\system32\hidrwupd.dll
c:\windows\system32\kdgfx.exe
c:\windows\system32\llkkj.ini
c:\windows\system32\llkkj.ini2
c:\windows\system32\msqpdxfrmpjtlw.dll
c:\windows\system32\NCTAudioInformation2.dll
c:\windows\system32\rasqervy.dll
c:\windows\system32\sdfinacs.dll
c:\windows\system32\wuasirvy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS
-------\Legacy_ASC3550U
-------\Legacy_GBPDIST
-------\Service_asc3550u
-------\Service_gbpdist


(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-10 to 2009-01-10 ))))))))))))))))))))))))))))
.

2009-01-09 19:15 . 2009-01-09 21:08 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-01-09 19:15 . 2009-01-09 19:18 <DIR> d-------- c:\arquivos de programas\Spybot - Search & Destroy
2009-01-09 18:28 . 2009-01-09 18:31 <DIR> d-------- c:\arquivos de programas\Vagalume
2009-01-07 23:08 . 2009-01-07 23:08 1,891 --a------ c:\windows\imsins.BAK
2009-01-07 20:29 . 2009-01-07 20:29 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2009-01-07 19:08 . 2009-01-07 19:08 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA
2009-01-07 00:18 . 2009-01-07 00:18 <DIR> d-------- c:\arquivos de programas\Marcos Velasco Security
2009-01-06 21:49 . 2009-01-06 21:49 <DIR> d-------- c:\arquivos de programas\GPLGS
2009-01-06 20:22 . 2006-03-02 10:00 10,129,408 --a--c--- c:\windows\system32\dllcache\hwxkor.dll
2009-01-06 20:21 . 2008-04-13 20:18 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-01-06 20:20 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll
2009-01-06 20:18 . 2009-01-06 20:18 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-06 20:18 . 2009-01-06 20:18 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-06 20:18 . 2009-01-06 20:18 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-01-06 20:18 . 2009-01-06 20:18 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-01-06 20:18 . 2009-01-06 20:18 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-01-06 20:18 . 2009-01-06 20:18 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-01-06 20:17 . 2006-03-02 10:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-01-06 20:17 . 2008-04-13 20:20 7,168 --a--c--- c:\windows\system32\dllcache\bitsprx4.dll
2009-01-06 20:17 . 2008-04-13 20:20 7,168 --a------ c:\windows\system32\bitsprx4.dll
2009-01-06 20:02 . 2009-01-06 20:02 4,444 --a------ c:\windows\system32\pid.PNF
2009-01-06 19:38 . 2008-04-13 21:20 2,038,809 --a--c--- c:\windows\system32\dllcache\NT5.CAT
2009-01-06 19:38 . 2008-04-13 21:30 1,233,746 --a--c--- c:\windows\system32\dllcache\SP3.CAT
2009-01-06 19:38 . 2008-04-13 21:30 1,233,746 -ra------ c:\windows\SETFF.tmp
2009-01-06 19:38 . 2008-04-13 21:20 1,088,840 --a--c--- c:\windows\system32\dllcache\NTPRINT.CAT
2009-01-06 19:38 . 2008-04-13 21:20 1,088,840 -ra------ c:\windows\SET100.tmp
2009-01-06 19:38 . 2008-04-13 21:20 634,592 --a--c--- c:\windows\system32\dllcache\NT5INF.CAT
2009-01-06 19:38 . 2008-04-13 21:20 16,825 -ra------ c:\windows\SET10C.tmp
2009-01-05 21:07 . 2009-01-05 21:08 <DIR> d-------- c:\windows\addins
2009-01-05 21:07 . 2006-03-02 10:00 11,264 --a------ c:\windows\system32\fxssend.exe
2009-01-05 21:07 . 2006-03-02 10:00 11,264 --a--c--- c:\windows\system32\dllcache\fxssend.exe
2009-01-05 21:05 . 2006-03-02 10:00 31,744 --a------ c:\windows\system32\fxsroute.dll
2009-01-05 21:05 . 2006-03-02 10:00 31,744 --a--c--- c:\windows\system32\dllcache\fxsroute.dll
2009-01-05 21:04 . 2009-01-05 21:04 1,793 --a------ c:\windows\system32\fxsperf.ini
2009-01-05 21:03 . 2009-01-05 21:03 1,361 --a------ c:\windows\system32\fxscount.h
2009-01-05 21:01 . 2006-03-02 10:00 137,216 --a------ c:\windows\system32\fxsclntr.dll
2009-01-05 21:01 . 2006-03-02 10:00 137,216 --a--c--- c:\windows\system32\dllcache\fxsclntr.dll
2009-01-05 21:00 . 2006-03-02 10:00 112,128 --a------ c:\windows\system32\fxscfgwz.dll
2009-01-05 21:00 . 2006-03-02 10:00 112,128 --a--c--- c:\windows\system32\dllcache\fxscfgwz.dll
2009-01-05 20:57 . 2009-01-05 20:57 <DIR> d-------- C:\Inetpub
2009-01-05 20:57 . 2009-01-06 18:52 33,090 --a------ c:\windows\setupapi.old
2009-01-05 20:29 . 2009-01-05 20:29 0 --a------ c:\windows\system32\killVBS.vbs
2009-01-05 00:24 . 2004-08-04 01:45 219,648 --a------ c:\windows\system32\uxtheme.uxtender
2009-01-05 00:24 . 2004-08-04 01:45 219,648 --a------ c:\windows\system32\uxtheme.backup
2008-12-21 17:01 . 2008-12-21 19:51 <DIR> d-------- c:\arquivos de programas\Submachine5_at
2008-12-20 10:15 . 2008-12-20 10:15 <DIR> d-------- c:\documents and settings\Jécik\Dados de aplicativos\VitySoft
2008-12-20 10:13 . 2008-12-20 10:14 <DIR> d-------- c:\arquivos de programas\Oxin's Style!
2008-12-20 09:12 . 2008-12-20 09:12 <DIR> d-------- C:\Program Files
2008-12-16 09:10 . 2009-01-07 16:29 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-16 09:10 . 2008-12-16 09:10 1,409 --a------ c:\windows\QTFont.for

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 02:10 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab
2009-01-10 01:32 737,312 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-10 01:32 3,600 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-10 01:23 4,071,456 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-10 01:23 32,888 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-09 21:17 --------- d-----w c:\documents and settings\Jécik\Dados de aplicativos\FrostWire
2009-01-09 20:31 2,887,680 ----a-w c:\windows\system32\VagalumePluginWMP.dll
2009-01-09 20:30 --------- d-----w c:\arquivos de programas\FrostWire
2009-01-07 22:11 --------- d-----w c:\arquivos de programas\Windows Live
2009-01-07 21:22 --------- d-----w c:\arquivos de programas\Messenger Plus! Live
2009-01-07 01:43 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe
2008-12-22 23:09 --------- d-----w c:\arquivos de programas\Skype
2008-12-22 22:46 --------- d-----w c:\arquivos de programas\Rockstar Games
2008-12-22 22:45 --------- d-----w c:\arquivos de programas\Apple Software Update
2008-12-20 10:51 --------- d-----w c:\arquivos de programas\Puxa Rápido
2008-12-13 21:14 --------- d-----w c:\arquivos de programas\Frets on Fire
2008-12-10 00:52 --------- d-----w c:\arquivos de programas\Arquivos comuns\DVDVideoSoft
2008-12-10 00:50 --------- d-----w c:\arquivos de programas\DVDVideoSoft
2008-12-07 16:22 --------- d-----w c:\arquivos de programas\Kaspersky Lab
2008-12-07 16:01 --------- d-----w c:\documents and settings\Jécik\Dados de aplicativos\Kaspersky_Key_Finder_(KKF
2008-12-07 15:59 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-12-07 15:59 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-12-07 15:18 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avg8
2008-12-07 15:15 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2008-12-06 13:59 --------- d-----w c:\arquivos de programas\Avira
2008-12-06 13:54 --------- d-----w c:\arquivos de programas\AVG
2008-12-06 13:23 --------- d-----w c:\arquivos de programas\DirectX
2008-12-06 12:57 --------- d-----w c:\arquivos de programas\Xvid
2008-12-06 12:30 --------- d-----w c:\arquivos de programas\WinAVI Video Converter
2008-12-06 12:29 --------- d-----w c:\arquivos de programas\Nero
2008-12-06 12:14 --------- d-----w c:\arquivos de programas\FLV Player
2008-12-06 12:13 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information
2008-12-06 12:12 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield
2008-12-06 11:56 --------- d-----w c:\arquivos de programas\Borland
2008-12-06 11:54 --------- d-----w c:\arquivos de programas\Arquivos comuns\Borland Shared
2008-12-06 11:49 --------- d-----w c:\arquivos de programas\Apollo 3GP Video Converter
2008-11-29 16:32 --------- d-----w c:\documents and settings\Jécik\Dados de aplicativos\fretsonfire
2008-11-25 21:36 --------- d-----w c:\arquivos de programas\Bluetooth
2008-11-22 03:54 --------- d-----w c:\arquivos de programas\LimeWire
2008-11-22 03:52 --------- d-----w c:\arquivos de programas\Paint Shop Pro
2008-11-20 01:05 --------- d-----w c:\arquivos de programas\Software WIDCOMM
2008-11-20 00:22 --------- d-----w c:\arquivos de programas\BrOffice.org 3
2008-11-19 19:53 --------- d-----w c:\arquivos de programas\Windows Live Safety Center
2008-11-18 01:08 768 --sha-w C:\ndwjovma.sys
2008-11-17 23:12 249,856 ------w c:\windows\Setup1.exe
2008-11-16 22:46 --------- d-----w c:\arquivos de programas\BrOffice.org 2.4
2008-11-15 19:13 --------- d-----w c:\arquivos de programas\Pro Pinball
2008-11-15 17:52 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-11-12 23:01 --------- d-----w c:\arquivos de programas\MSXML 4.0
2008-11-11 22:00 218,376 ----a-w c:\windows\system32\klogon.dll
2008-11-11 21:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat
2008-11-11 20:35 --------- d-----w c:\arquivos de programas\Moleskinsoft Clone Remover 3.2.1
2008-11-11 01:45 --------- d-----w c:\arquivos de programas\DivX
2008-11-10 23:36 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avira
2008-04-05 12:25 35 ----a-w c:\documents and settings\Default User\start.bat
2008-03-08 17:03 32 ----a-w c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat
2008-01-17 22:24 1,813,003 ----a-w c:\arquivos de programas\pdfedit.zip
2007-10-03 22:22 47,360 ----a-w c:\documents and settings\Jécik\Dados de aplicativos\pcouffin.sys
2007-08-08 02:46 591,872 ----a-w c:\documents and settings\Default User\celgen.exe
2006-11-21 22:40 2,483,706 ----a-w c:\windows\inf\SET43.tmp
2005-11-03 23:29 72,832 ----a-r c:\windows\inf\CamAvb.sys
2007-12-21 00:44 848 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-06-08 23:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008060820080609\index.dat
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-12 5898240]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-12 270336]
"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-12 86016]
"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-01-10 385024]
"nwiz"="nwiz.exe" [2006-04-12 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Monitor.lnk]
backup=c:\windows\pss\Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcb77e6b5
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verificador de Calendário Ulead Photo Express

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 14:24 1694208 c:\arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 c:\arquivos de programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
--a------ 2007-05-10 17:58 344064 c:\windows\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"NBService"=3 (0x3)
"gbpdist"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"MDM"=2 (0x2)
"InterBaseServer"=3 (0x3)
"InterBaseGuardian"=2 (0x2)
"avg8emc"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"usnjsvc"=3 (0x3)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"BlueSoleilCS"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"idsvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s
"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" -atboottime
"VirtualCloneDrive"="c:\arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"HP Software Update"=c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
"wcmdmgr"=c:\windows\wt\updater\wcmdmgrl.exe -launch

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"=
"c:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 21512]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-15 27904]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 usb2vcom;Nokia CA-42 USB;c:\windows\system32\drivers\usb2vcom.sys [2007-08-09 30272]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4189e7d8-997e-11dd-a115-000fea2aedfc}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4189e7d9-997e-11dd-a115-000fea2aedfc}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c884d28d-a614-11dd-a144-000fea2aedfc}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c884d28e-a614-11dd-a144-000fea2aedfc}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-01-10 c:\windows\Tasks\User_Feed_Synchronization-{AD7CEA91-45F2-4129-9DEA-80BFBB5458E7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 19:36]
.
- - - - ORFÃOS REMOVIDOS - - - -

URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
WebBrowser-{07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKLM-Run-c:\windows\system32\kdgfx.exe - c:\windows\system32\kdgfx.exe
MSConfigStartUp-kdgfx - c:\windows\system32\kdgfx.exe


.
------- Scan Suplementar -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 10.1.1.2:8080
uInternet Settings,ProxyOverride = *.local
IE: c:\arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm
IE: Add to AMV Convert Tool... - c:\arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Banner Ad Blocker - c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Download using YTdown - c:\documents and settings\Jécik\Dados de aplicativos\Mc & RENOX\YTdown\YTdown.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Jécik\Dados de aplicativos\Mozilla\Firefox\Profiles\jzh3zrlz.default\
FF - component: c:\arquivos de programas\Mozilla Firefox\components\iamfamous.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 00:09:41
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*NULL*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-01-10 0:15:39 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-01-10 02:15:23

Pré-execução: 19 pasta(s) 15,098,908,672 bytes disponíveis
Pós execução: 18 pasta(s) 15,099,822,080 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /tutag=f95vwo

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
331 --- E O F --- 2008-06-05 23:39:29
















Segue novo log do hijackthis:











Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:18 , on 10/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jécik\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.1.2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download using YTdown - C:\Documents and Settings\Jécik\Dados de aplicativos\Mc & RENOX\YTdown\YTdown.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1199581357281
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zon...nt.cab56907.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

--
End of file - 7001 bytes








Já percebi mudanças significativas no pc, como por exemplo agora já aparecem os nomes de usuários no gerenciador de tarefas, e o internet explorer 7 apareceu na minha área de trabalho, porém o firefox não era mais meu navegador padrão, e eu alterei isso, pq prefiro ele...


#6 Leone Fernandes

Leone Fernandes

    (y)

  • Usuários
  • 585 posts
  • Sexo:Masculino
  • Localidade:Belo Horizonte - MG

Posted 10/01/2009, 21:38

Olá Jécik,
--

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)


Essa entrada listada pelo HijackThis é referente ao LinkScanner que é parte integrante do AVG, pois a Grisoft adquiriu essa esaa empresa. (Exploit Prevention Labs).

Portanto trata-se de um software legitimo e pode ficar tranquilo.

--

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Desnecessária (desativada).
--

Sendo assim o seu computador está limpo. :lol:
- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro.

Faça o download do CCleaner:

  • Clique em Salvar e quando terminado o download, faça a instalação;
  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados
- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;

- Se não tiver mais problema, diga que o seu caso foi resolvido.


#7 Jécik

Jécik

    Novato no fórum

  • Usuários
  • 4 posts
  • Sexo:Feminino
  • Localidade:Doir Irmãos - RS

Posted 10/01/2009, 22:27

- Se não tiver mais problema, diga que o seu caso foi resolvido.




Posso dizer tranquilamente que meu caso foi resolvido, mas queria saber se você poderia me ajudar eno caso do meu namorado, que tá no link abaixo!!!!!!


http://forum.wmonlin...howtopic=212038


Muito obrigada amigo!!!!!!!!!!!!!

Se não fosse você, eu teria que gastar uma nota preta que eu não tenho pra mandar um cara fazer a manutenção do meu pc!!!!!!!!!!!!

OBRIGADÃO!!!!!!!!!!!!


(alegria imensa de dizer isso):
RESOLVIIIIIIIIIIIIIIDOOOOOOOOOOOOOOOOOOOOOOOOOO

Edição feita por: Jécik, 10/01/2009, 22:29.


#8 Allex Severino

Allex Severino

    Será?!?!?!

  • Usuários
  • 793 posts
  • Sexo:Masculino
  • Localidade:São Luís de Montes Belos - GO

Posted 10/01/2009, 22:35

Problema Resolvido!

Caso o autor necessite que seu tópico seja reaberto, entrar em contato com a equipe de moderação.
Meu post lhe ajudou? Clicar no Posted Image é uma das formas de agradecer.
Voltar para Casos Solucionados


1 user(s) are reading this topic

0 membro(s), 1 visitante(s) e 0 membros anônimo(s)

  1. Fórum WMO
  2. Troubleshooting - resolvendo problemas
  3. Segurança
  4. Remoção de Pragas Virtuais
  5. Casos Solucionados
  6. Privacy Policy
  7. Regras ·
IPB Skin By Virteq