ComboFix 08-05-21.2 - Odair 2008-05-22 11:19:38.2 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.595 [GMT -3:00] Executando de: C:\Documents and Settings\Odair\Desktop\ComboFix.exe * Criado um novo ponto de restauro [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Arquivos de programas\NetProject C:\Arquivos de programas\NetProject\ot.ico C:\Arquivos de programas\NetProject\ts.ico C:\Arquivos de programas\XP Antivirus C:\Arquivos de programas\XP Antivirus\xpa.exe C:\WINDOWS\Help\svhost.txt C:\WINDOWS\system32\ftpd.dll . ((((((((((((((((((((((( Ficheiros criados de 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))) . 2008-05-22 11:10 . 2008-05-22 11:10 d-------- C:\Arquivos de programas\Trend Micro 2008-05-20 19:45 . 2008-05-20 19:45 d--h----- C:\WINDOWS\$hf_mig$ 2008-05-20 19:38 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-05-20 19:38 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-05-20 19:38 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-05-20 19:38 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-05-20 19:38 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-05-19 18:51 . 2008-05-19 18:51 d-------- C:\WINDOWS\system32\CatRoot 2008-05-19 17:19 . 2008-05-19 17:20 d-------- C:\Arquivos de programas\Microsoft AntiSpyware 2008-05-15 19:19 . 2008-05-15 19:19 44,032 --ahs---- C:\WINDOWS\Thumbs.db 2008-05-15 19:19 . 2008-05-15 19:19 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db 2008-05-14 20:45 . 2008-05-14 20:45 d-------- C:\Documents and Settings\Odair\Dados de aplicativos\Simply Super Software 2008-05-14 20:45 . 2008-05-14 20:45 d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Simply Super Software 2008-05-14 20:45 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-05-14 20:45 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-05-14 20:45 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-05-14 20:45 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-05-14 20:45 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-05-14 20:27 . 2008-05-14 20:28 d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-13 20:54 . 2008-05-13 20:54 d--h----- C:\WINDOWS\PIF 2008-05-12 20:54 . 1998-05-11 20:01 159,744 --a------ C:\WINDOWS\system32\MFCANS32.DLL 2008-05-12 20:53 . 2008-05-12 20:53 d-------- C:\Documents and Settings\Odair\WINDOWS 2008-05-12 20:53 . 2004-08-04 03:45 611,328 --a------ C:\WINDOWS\system32\COMCTL32.NU6 2008-05-12 20:52 . 2001-08-09 17:00 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll 2008-05-12 20:52 . 2001-08-09 17:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2008-05-12 20:52 . 2001-08-09 17:00 252,176 --a------ C:\WINDOWS\system32\msrd2x35.dll 2008-05-12 20:52 . 2001-08-09 17:00 123,664 --a------ C:\WINDOWS\system32\Msjint35.dll 2008-05-12 20:52 . 2001-08-09 17:00 24,848 --a------ C:\WINDOWS\system32\msjter35.dll 2008-05-12 20:51 . 2008-05-12 20:51 d-------- C:\Documents and Settings\Odair\Dados de aplicativos\Symantec 2008-05-12 20:51 . 2008-05-12 20:51 d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec 2008-05-12 20:51 . 2008-05-12 20:51 d-------- C:\Arquivos de programas\Symantec 2008-05-12 20:51 . 2008-05-12 20:51 d-------- C:\Arquivos de programas\Norton SystemWorks 2008-05-12 20:51 . 2008-05-12 20:51 d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared 2008-05-12 20:51 . 1998-06-26 00:00 89,600 --a------ C:\WINDOWS\system32\MSCAL.OCX 2008-05-12 20:36 . 2001-10-28 09:07 2,178,131 --a------ C:\WINDOWS\system32\dllcache\shvlres.dll 2008-05-12 20:35 . 2001-10-28 09:06 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-05-12 20:34 . 2004-08-04 00:45 290,816 --a------ C:\WINDOWS\system32\dllcache\adsiis51.dll 2008-05-12 20:34 . 2004-08-04 00:45 43,520 --a------ C:\WINDOWS\system32\dllcache\admwprox.dll 2008-05-12 20:34 . 2003-03-24 15:52 20,540 --a------ C:\WINDOWS\system32\dllcache\admin.dll 2008-05-12 20:34 . 2003-03-24 15:52 16,439 --a------ C:\WINDOWS\system32\dllcache\admin.exe 2008-05-12 20:33 . 2008-05-12 20:33 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-05-12 20:33 . 2008-05-12 20:33 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-05-12 20:33 . 2008-05-12 20:33 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-05-12 20:33 . 2008-05-12 20:33 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-05-12 20:33 . 2008-05-12 20:33 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-05-12 20:33 . 2008-05-12 20:33 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-05-12 20:22 . 2008-05-12 20:37 288 --a------ C:\WINDOWS\system32\$winnt$.inf 2008-05-11 22:16 . 2008-05-11 22:16 5,407 --a------ C:\WINDOWS\setupapi.old 2008-05-10 10:19 . 2008-05-10 10:19 d-------- C:\Arquivos de programas\GordianKnot 2008-05-10 10:19 . 2008-05-10 10:19 d-------- C:\Arquivos de programas\Gabest 2008-05-10 10:19 . 2008-05-10 10:19 d-------- C:\Arquivos de programas\DivXCodec 2008-05-10 10:19 . 2008-05-10 10:19 196,608 --a------ C:\WINDOWS\system32\avisynth.dll 2008-05-08 21:06 . 2008-05-08 21:06 d-------- C:\!KillBox 2008-05-05 19:23 . 2008-05-05 19:23 0 --a------ C:\WINDOWS\wlistHMFAxCoreb87a3ba110a2e61f4e8cc36138706083 2008-05-05 19:23 . 2008-05-05 19:23 0 --a------ C:\WINDOWS\wlistHMFAxCore2b93570a53dc457d47a0cedd5ee335b3 2008-05-05 19:23 . 2008-05-05 19:23 0 --a------ C:\WINDOWS\hlistHMFAxCoreb87a3ba110a2e61f4e8cc36138706083 2008-05-05 19:23 . 2008-05-05 19:23 0 --a------ C:\WINDOWS\hlistHMFAxCore2b93570a53dc457d47a0cedd5ee335b3 2008-05-04 20:16 . 2008-05-04 20:16 d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab 2008-05-04 20:16 . 2008-05-14 20:21 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-05-04 20:16 . 2008-05-14 20:21 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-05-04 20:16 . 2008-05-22 10:55 39,456 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-04 20:16 . 2008-05-22 10:55 1,604 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-05-04 20:16 . 2008-05-22 10:55 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-04 20:16 . 2008-05-22 10:55 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-05-04 20:13 . 2008-05-04 20:13 d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files 2008-05-04 19:41 . 2008-05-04 19:41 d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8 2008-05-01 15:11 . 2008-05-01 15:11 d-------- C:\Arquivos de programas\Crux Calculator v5 2008-05-01 14:16 . 2008-05-01 14:16 d-------- C:\Lixo 2008-05-01 14:16 . 2008-05-01 14:16 842 --a------ C:\WINDOWS\system32\tizan.reg 2008-05-01 14:15 . 2008-05-01 14:15 d-------- C:\fotos 2008-04-30 21:27 . 2008-04-30 21:27 d-------- C:\Documents and Settings\Odair\Dados de aplicativos\Shareaza 2008-04-30 21:14 . 2008-04-30 21:14 d-------- C:\Arquivos de programas\Shareaza Applications 2008-04-30 21:14 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx 2008-04-24 22:37 . 2008-04-24 22:37 d-------- C:\Arquivos de programas\MicroTech 2008-04-24 22:37 . 2008-04-24 22:37 737,280 --a------ C:\WINDOWS\iun6002.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-10 13:19 414,272 ----a-w C:\WINDOWS\system32\DivXc32f.dll 2008-05-10 13:19 414,272 ----a-w C:\WINDOWS\system32\DivXc32.dll 2008-05-10 13:19 33,280 ----a-w C:\WINDOWS\system32\Huffyuv.dll 2008-05-01 17:16 371,712 ----a-w C:\WINDOWS\Help\protectgb.exe 2008-03-16 21:16 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll 2001-11-23 15:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2004-08-04 06:45 4,096 --sha-w C:\WINDOWS\system32\1112.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Camfrog"="C:\Arquivos de programas\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 03:22 36352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 06:22 577536 C:\WINDOWS\soundman.exe] "ATIModeChange"="Ati2mdxx.exe" [2005-09-14 23:53 25088 C:\WINDOWS\system32\Ati2mdxx.exe] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\ARQUIV~1\KASPER~1\KASPER~2.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "msacm.lameacm"= LameACM.dll "VIDC.HFYU"= huffyuv.dll "VIDC.PIMJ"= pvljpg20.dll "VIDC.MJPX"= pvmjpg21.dll "VIDC.PVW2"= pvwv220.dll "VIDC.MSZH"= avimszh.dll "VIDC.ZLIB"= avizlib.dll "VIDC.vcr1"= ativcr1.dll "VIDC.vcr2"= ativcr2.dll "VIDC.ASV1"= asusasv1.dll "VIDC.ASV2"= asusasv2.dll "VIDC.I263"= i263_32.drv "vidc.MJPG"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk] backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AVerQuick.lnk] backup=C:\WINDOWS\pss\AVerQuick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Color Calibration.lnk] backup=C:\WINDOWS\pss\Color Calibration.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^InternetExplorer.exe] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^InterVideo WinCinema Manager.lnk] backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^NaturalColorLoad.lnk] backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^PalTalk.lnk] backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] -ra------ 2007-03-01 10:37 2321600 C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2005-09-14 21:05 344064 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetExplorer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2004-08-04 00:56 1667584 C:\Arquivos de programas\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Msn 8.0 Live] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Arquivos de programas\\MSN Messenger\\MSNMSGR.EXE"= "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= R1 HMFAxCore2b93570a53dc457d47a0cedd5ee335b3;HMFAxCore2b93570a53dc457d47a0cedd5ee335b3;C:\WINDOWS\system32\drivers\HMFAxCore2b93570a53dc457d47a0cedd5ee335b3.sys [2008-01-24 16:07] R1 HMFAxCoreb87a3ba110a2e61f4e8cc36138706083;HMFAxCoreb87a3ba110a2e61f4e8cc36138706083;C:\WINDOWS\system32\drivers\HMFAxCoreb87a3ba110a2e61f4e8cc36138706083.sys [2008-01-24 16:05] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] S3 AVerBDA3x;AVerMedia SAA713x BDA Service;C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys [2007-03-05 06:53] S3 memsysdrv;memsysdrv;C:\WINDOWS\system32\drivers\memsysdrv.sys [2007-08-15 21:48] S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2006-07-16 22:53] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22f6d936-16ab-11dc-88da-806d6172696f}] \shell\play\command - C:\Arquivos de programas\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6de487c5-04f2-11dc-9e02-806d6172696f}] \Shell\AutoRun\command - E:\Setup.EXE *Newly Created Service* - CATCHME . Conteúdo da pasta 'Tarefas Agendadas' "2008-05-10 03:32:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-10 04:00:00 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-10 05:00:00 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-10 06:00:00 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-10 07:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-10 08:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-10 09:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-10 10:00:02 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-10 11:00:02 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-10 12:00:02 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-10 13:00:00 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-11 14:00:00 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-11 15:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-11 16:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-11 17:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-11 18:00:02 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-11 19:00:02 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-11 20:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-11 21:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-11 22:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-11 23:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-10 00:00:02 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-10 01:00:02 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-10 02:00:02 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\system32\m1r3n0lp.exe "2008-05-11 22:41:16 C:\WINDOWS\Tasks\derrubabagbd.job" - c:\start1.bat . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-22 11:29:19 Windows 5.1.2600 Service Pack 2 FAT NTAPI Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-05-22 11:30:43 ComboFix-quarantined-files.txt 2008-05-22 14:30:40 Pre-Run: 11,512,266,752 bytes disponíveis Post-Run: 11,480,612,864 bytes disponíveis 275