[Resolvido] Log do HijackThis

Segue meu log, tem uns problemas que nem formatando sai, o Ctrl+Alt+Del não funciona corretamente, ele abre por 1 seg e fecha, até o HijackThis ta abrindo e fechando rápido, maior trabalho para conseguir o Log.Logfile of HijackThis v1.99.1Scan saved at 17:26:59, on 4/2/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\bin\Apache\Apache.exeC:\WINDOWS\Explorer.EXEC:\bin\Apache\Apache.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exeC:\bin\mysql\bin\mysqld-nt.exeC:\WINDOWS\System32\tcpsvcs.exeC:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exeC:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exeC:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeC:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Arquivos de programas\Common files\SearchUpgrader\SearchUpgrader.exeC:\WINDOWS\System32\msconfigsd.exeC:\WINDOWS\System32\crssr.exeC:\WINDOWS\System32\ctfmon.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\Arquivos de programas\Intelig\Discador Intelig\interdial.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\Arquivos de programas\eMule\eMule.exeC:\HijackThis\HijackThis.exeR3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\ARQUIV~1\PERFEC~1\BHO\PERFEC~1.DLLO2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\ARQUIV~1\PERFEC~1\BHO\PERFEC~1.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exeO4 - HKLM\..\Run: [searchUpgrader] C:\Arquivos de programas\Common files\SearchUpgrader\SearchUpgrader.exeO4 - HKLM\..\Run: [Microsoft Configusd] msconfigsd.exeO4 - HKLM\..\Run: [MS taskbar] crssr.exeO4 - HKLM\..\RunServices: [Microsoft Configusd] msconfigsd.exeO4 - HKLM\..\RunServices: [MS taskbar] crssr.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Microsoft Configusd] msconfigsd.exeO4 - HKCU\..\Run: [MS taskbar] crssr.exeO4 - HKCU\..\RunServices: [Microsoft Configusd] msconfigsd.exeO4 - Startup: WinMySQLadmin.lnk = C:\bin\mysql\bin\winmysqladmin.exeO4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO14 - IERESET.INF: SEARCH_PAGE_URL=& - HKLM\System\CCS\Services\Tcpip\..\{EC21249F-F14D-4627-AD49-29914DDD2666}: NameServer = - Service: Apache - Unknown owner - C:\bin\Apache\Apache.exe" --ntservice (file missing)O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exeO23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt".exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Caro Essential,


Vamos lá.


Habilite o Windows para mostrar todos os arquivos (até ocultos).



--> PerfectNavBHO Class e/ou NavErrRedir Class

--> SearchUpgrader


Utilize Adicionar / Remover programas.


Desinstale, um a um, e reinicie após tê-lo desinstalado.


Obs.: Caso não encontre algum dos programas na lista, apenas passe para a próxima etapa.


1ª Etapa


Baixe o Killbox em:



Baixe, mas não execute ainda.


Baixe o tool da Symantec em:

Removal tool Adware.Keenval


Baixe, mas não execute ainda.


Baixe o SpySweeper em:



Baixe e atualize, mas não execute ainda.


2ª Etapa


Execute o KillBox:

1) Selecione Delete on reboot;


2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar:



C:\Arquivos de programas\Common files\SearchUpgrader


3) Retorne ao Killbox. Clique em File --> Paste from clipboard --> All files.


4) Aperte no "X". Responda “não” à pergunta.


É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível.


3ª Etapa


Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).


Execute o HijackThis, clique em Do a system scan only e marque:

R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\ARQUIV~1\PERFEC~1\BHO\PERFEC~1.DLL

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\ARQUIV~1\PERFEC~1\BHO\PERFEC~1.DLL

O4 - HKLM\..\Run: [searchUpgrader] C:\Arquivos de programas\Common files\SearchUpgrader\SearchUpgrader.exe

O4 - HKLM\..\Run: [Microsoft Configusd] msconfigsd.exe

O4 - HKLM\..\Run: [MS taskbar] crssr.exe

O4 - HKLM\..\RunServices: [Microsoft Configusd] msconfigsd.exe

O4 - HKLM\..\RunServices: [MS taskbar] crssr.exe

O4 - HKCU\..\Run: [Microsoft Configusd] msconfigsd.exe

O4 - HKCU\..\Run: [MS taskbar] crssr.exe

O4 - HKCU\..\RunServices: [Microsoft Configusd] msconfigsd.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Clique em Fix Checked.


4ª Etapa


Ainda em Modo Seguro faça o seguinte:


1) Execute o tool da Symantec.


2) Execute uma verificação completa com o SpySweeper.


5ª Etapa


Reinicie em modo normal.


Verifique se os problemas foram resolvidos e poste o novo log.


Aguardo retorno.


Um abraço.

Oi Amigo, desculpe que eu demorei um pouquinho, ja fiz as etapas, agora parece que esta tudo ok, segue o novo Log.Logfile of HijackThis v1.99.1Scan saved at 18:32:15, on 5/2/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\bin\Apache\Apache.exeC:\WINDOWS\system32\rundll32.exeC:\bin\Apache\Apache.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exeC:\bin\mysql\bin\mysqld-nt.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\tcpsvcs.exeC:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exeC:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exeC:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeC:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\WINDOWS\system32\itunesff.exeC:\windows\winsysban5.exeC:\WINDOWS\System32\spxp.exeC:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\System32\ctfmon.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\Arquivos de programas\Free Download Manager\fdm.exeC:\Arquivos de programas\Intelig\Discador Intelig\interdial.exeC:\HijackThis\HijackThis.exeO3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exeO4 - HKLM\..\Run: [itunesff] C:\WINDOWS\system32\itunesff.exe -go -c200 -wO4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exeO4 - HKLM\..\Run: [winsysban] C:\windows\winsysban5.exeO4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exeO4 - HKLM\..\Run: [The Service Pack Loader] spxp.exeO4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintrayO4 - HKLM\..\RunServices: [The Service Pack Loader] spxp.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorunO4 - Startup: WinMySQLadmin.lnk = C:\bin\mysql\bin\winmysqladmin.exeO4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: Download all by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htmO8 - Extra context menu item: Download by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htmO8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htmO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000O14 - IERESET.INF: SEARCH_PAGE_URL=& - DPF: {33331111-1111-1111-1111-611111193423} - O16 - DPF: {33331111-1111-1111-1111-611111193429} - O16 - DPF: {33331111-1111-1111-1111-615111193427} - O16 - DPF: {33331111-1131-1111-1111-611111193428} - O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cabO20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\t2r8lc9u1f.dllO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO23 - Service: Apache - Unknown owner - C:\bin\Apache\Apache.exe" --ntservice (file missing)O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exeO23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt".exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exeAbraço!

Caro Essential,


Ainda há o que fazer. Vamos lá.


1ª Etapa


Execute o KillBox:

1) Selecione Delete on reboot;


2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar:







3) Retorne ao Killbox. Clique em File --> Paste from clipboard --> All files.


4) Aperte no "X". Responda “não” à pergunta.


É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível.


2ª Etapa


Reinicie o computador em Modo Seguro.


Execute o HijackThis, clique em Do a system scan only e marque:

O4 - HKLM\..\Run: [itunesff] C:\WINDOWS\system32\itunesff.exe -go -c200 -w

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe

O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban5.exe

O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe

O4 - HKLM\..\Run: [The Service Pack Loader] spxp.exe

O4 - HKLM\..\RunServices: [The Service Pack Loader] spxp.exe

O16 - DPF: {33331111-1111-1111-1111-611111193423} -

O16 - DPF: {33331111-1111-1111-1111-611111193429} -

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {33331111-1131-1111-1111-611111193428} -

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\

O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\t2r8lc9u1f.dll

Clique em Fix Checked.


3ª Etapa


Reinicie em modo normal.


Vou precisar de um log do L2MFix. Clique aqui e baixe.


Extraia os arquivos e rode o l2mfix.bat --> opção "run find log". Depois de alguns minutos o bloco de notas deve abrir com um log. É o conteúdo deste log que você deverá colar em sua próxima resposta, bem como o novo log do Hijack.


Aguardo retorno.


Um abraço.

Fiz tudo, só não enconteri a linha "O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\t2r8lc9u1f.dll".

Segue abaixo os Novos Logs:


Log do L2MFIX:


L2MFIX find log 010406

These are the registry keys present




Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]







[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]







[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]











[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]








[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]










[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]








[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]







[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]



















[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]















[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]







[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]

















Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]





Shell Extension key:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"



"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"







Windows Registry Editor Version 5.00






[HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\Implemented Categories]



[HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]







Windows Registry Editor Version 5.00





[HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\Implemented Categories]



[HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]







Windows Registry Editor Version 5.00





[HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\Implemented Categories]



[HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]







Windows Registry Editor Version 5.00





[HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\Implemented Categories]



[HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]









Files Found are not all bad files:



cutsrv.dll Sun 5 Feb 2006 22:44:28 ..S.R 236.940 231,39 K

ddtmsft.dll Sun 5 Feb 2006 18:28:36 ..S.R 235.932 230,40 K

dlcdll.dll Sun 5 Feb 2006 15:13:48 ..S.R 234.910 229,40 K

fdftk.dll Sun 27 Nov 2005 22:14:16 A.... 417.792 408,00 K

fribidi.dll Sun 27 Nov 2005 22:14:18 A.... 90.112 88,00 K

gds32.dll Sun 27 Nov 2005 22:14:16 A.... 346.624 338,50 K

libeay32.dll Sun 27 Nov 2005 22:14:16 A.... 1.089.536 1,04 M

libmhash.dll Sun 27 Nov 2005 22:14:16 A.... 165.643 161,76 K

libmysql.dll Sun 27 Nov 2005 22:14:18 A.... 1.069.056 1,02 M

lvlq09~1.dll Sun 5 Feb 2006 22:41:38 ..S.R 235.932 230,40 K

mshtml.dll Sat 4 Feb 2006 23:31:54 A.... 2.793.984 2,66 M

msql.dll Sun 27 Nov 2005 22:14:16 A.... 57.344 56,00 K

msssc.dll Tue 31 Jan 2006 21:29:52 A.... 44 0,04 K

niwrssk.dll Sun 5 Feb 2006 17:32:26 ..S.R 235.290 229,77 K

ntwdblib.dll Sun 27 Nov 2005 22:14:16 A.... 278.800 272,27 K

php5ap~1.dll Sun 27 Nov 2005 22:13:56 A.... 36.925 36,06 K

php5ap~2.dll Sun 27 Nov 2005 22:13:56 A.... 36.924 36,06 K

php5ap~3.dll Sun 27 Nov 2005 22:13:56 A.... 53.314 52,06 K

php5is~1.dll Sun 27 Nov 2005 22:13:56 A.... 28.731 28,05 K

php5ns~1.dll Sun 27 Nov 2005 22:13:56 A.... 28.731 28,05 K

php5ts.dll Sun 27 Nov 2005 22:13:56 A.... 4.272.184 4,07 M

q4nu0e~1.dll Sun 5 Feb 2006 22:43:08 ..S.R 236.077 230,54 K

sacbase.dll Sun 5 Feb 2006 22:42:32 ..S.R 235.761 230,23 K

ssleay32.dll Sun 27 Nov 2005 22:14:16 A.... 200.704 196,00 K

stleay32.dll Sun 5 Feb 2006 22:43:04 ..S.R 235.761 230,23 K

winnb61.dll Sat 4 Feb 2006 23:34:08 A.... 753.787 736,12 K

wrlogo~1.dll Wed 25 Jan 2006 11:06:02 A.... 492.544 481,00 K

wrlzma.dll Wed 25 Jan 2006 11:05:58 A.... 17.920 17,50 K

yaz.dll Sun 27 Nov 2005 22:14:18 A.... 360.448 352,00 K


29 items found: 29 files (8 H/S), 0 directories.

Total of file sizes: 14.477.750 bytes 13,80 M

Locate .tmp files:



guard.tmp Sun 5 Feb 2006 22:44:42 A.... 237.010 231,45 K


1 item found: 1 file, 0 directories.

Total of file sizes: 237.010 bytes 231,45 K



Directory Listing of system files:

O volume na unidade C nÆo tem nome.

O n£mero de s‚rie do volume ‚ 74FA-6284


Pasta de C:\WINDOWS\System32


05/02/2006 22:44 236.940 cUtsrv.dll

05/02/2006 22:43 236.077 q4nu0e59eh.dll

05/02/2006 22:43 235.761 stleay32.dll

05/02/2006 22:42 235.761 sacbase.dll

05/02/2006 22:41 235.932 lvlq0935e.dll

05/02/2006 18:28 235.932 ddtmsft.dll

05/02/2006 17:32 235.290 niwrssk.dll

05/02/2006 15:13 234.910 dlcdll.dll

04/02/2006 23:31 <DIR> dllcache

01/02/2006 21:03 <DIR> Microsoft

8 arquivo(s) 1.886.603 bytes

2 pasta(s) 27.161.673.728 bytes dispon¡veis



Log do HijackThis:


Logfile of HijackThis v1.99.1

Scan saved at 22:50:20, on 5/2/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:











C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe




C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe


C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe


C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe


C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe




O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\RunServices: [The Service Pack Loader] spxp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - Startup: WinMySQLadmin.lnk = C:\bin\mysql\bin\winmysqladmin.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000


O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\lv0209doe.dll (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Apache - Unknown owner - C:\bin\Apache\Apache.exe" --ntservice (file missing)

O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exe

O23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt".exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

Caro Essential,


Rode o arquivo l2mfix.bat, aperte <Enter>, então digite 2 e aperte Enter novamente. Depois disso, você deverá apertar qualquer tecla e o computador será reiniciado.


Após reiniciar, sua área de trabalho deve sumir e reaparecer. A correção ainda não terminou. Quando ela terminar o Bloco de Notas deve abrir com um log. Anexe este log na sua resposta como você fez antes, junto com um novo log do HijackThis.


Vá até a pasta l2mfix que foi criada e copie o arquivo ntrights para o C:\


Clique em Iniciar --> Executar, digite cmd e clique em OK. Um prompt de comando vai aparecer.


Digite o seguinte:


cd c:\

Enter. Agora digite o seguinte comando:


ntrights -u Administradores +r SeDebugPrivilege > log.txt

Atenção --> Certifique-se digitar este comando corretamente.


Enter novamente. Agora deverá existir um arquivo chamado c:\log.txt. Abra-o e cole o conteúdo aqui.


Aguardo retorno.


Um abraço.

Segue os Novos Logs:


Primeiro Log pedido do L2mfix:


L2mfix 010406

Creating Account.

Comando conclu¡do com ˆxito.


Adding Administrative privleges.

Checking for L2MFix account(0=no 1=yes):


Granting SeDebugPrivilege to L2MFIX ... successful


Running From:



Killing Processes!


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003

Killing PID 568 'smss.exe'


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003

Killing PID 672 'winlogon.exe'

Killing PID 672 'winlogon.exe'


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003

Killing PID 1288 'explorer.exe'

Killing PID 1288 'explorer.exe'


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003

Killing PID 228 'rundll32.exe'

Restoring Sedebugprivilege:


Scanning First Pass. Please Wait!


First Pass Completed


Second Pass Scanning


Second pass Completed!

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

1 arquivo(s) copiado(s).

Deleting: C:\WINDOWS\system32\cUtsrv.dll

Successfully Deleted: C:\WINDOWS\system32\cUtsrv.dll

Deleting: C:\WINDOWS\system32\ddtmsft.dll

Successfully Deleted: C:\WINDOWS\system32\ddtmsft.dll

Deleting: C:\WINDOWS\system32\dlcdll.dll

Successfully Deleted: C:\WINDOWS\system32\dlcdll.dll

Deleting: C:\WINDOWS\system32\lvlq0935e.dll

Successfully Deleted: C:\WINDOWS\system32\lvlq0935e.dll

Deleting: C:\WINDOWS\system32\niwrssk.dll

Successfully Deleted: C:\WINDOWS\system32\niwrssk.dll

Deleting: C:\WINDOWS\system32\q4nu0e59eh.dll

Successfully Deleted: C:\WINDOWS\system32\q4nu0e59eh.dll

Deleting: C:\WINDOWS\system32\sacbase.dll

Successfully Deleted: C:\WINDOWS\system32\sacbase.dll

Deleting: C:\WINDOWS\system32\stleay32.dll

Successfully Deleted: C:\WINDOWS\system32\stleay32.dll

Deleting: C:\WINDOWS\system32\guard.tmp

Successfully Deleted: C:\WINDOWS\system32\guard.tmp



0 arquivo(s) copiado(s).




Restoring Windows Update Certificates.:


The following Is the Current Export of the Winlogon notify key:


Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]







[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]







[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]











[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]








[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]










[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]








[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]







[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]



















[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]















[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]







[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]















The following are the files found:












Registry Entries that were Deleted:

Please verify that the listing looks ok.

If there was something deleted wrongly there are backups in the backreg folder.


Windows Registry Editor Version 5.00






[HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\Implemented Categories]



[HKEY_CLASSES_ROOT\CLSID\{9070BF60-701C-4594-B48A-127EFB28AD3E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]







Windows Registry Editor Version 5.00





[HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\Implemented Categories]



[HKEY_CLASSES_ROOT\CLSID\{C66C7087-15D2-445F-91A0-DFDF14C99701}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]







Windows Registry Editor Version 5.00





[HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\Implemented Categories]



[HKEY_CLASSES_ROOT\CLSID\{1AA057D9-7BFF-42A7-921D-FF67B9A983DA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]







Windows Registry Editor Version 5.00





[HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\Implemented Categories]



[HKEY_CLASSES_ROOT\CLSID\{B452151B-65FD-43B3-960C-23C03DD4B9C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]









[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]











[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


Desktop.ini Contents:




Checking for L2MFix account(0=no 1=yes):


Zipping up files for submission:

adding: dlls/cUtsrv.dll (188 bytes security) (deflated 5%)

adding: dlls/ddtmsft.dll (188 bytes security) (deflated 5%)

adding: dlls/dlcdll.dll (188 bytes security) (deflated 5%)

adding: dlls/guard.tmp (188 bytes security) (deflated 5%)

adding: dlls/lvlq0935e.dll (188 bytes security) (deflated 5%)

adding: dlls/niwrssk.dll (188 bytes security) (deflated 5%)

adding: dlls/q4nu0e59eh.dll (188 bytes security) (deflated 5%)

adding: dlls/sacbase.dll (188 bytes security) (deflated 5%)

adding: dlls/stleay32.dll (188 bytes security) (deflated 5%)

adding: backregs/1AA057D9-7BFF-42A7-921D-FF67B9A983DA.reg (212 bytes security) (deflated 70%)

adding: backregs/9070BF60-701C-4594-B48A-127EFB28AD3E.reg (212 bytes security) (deflated 69%)

adding: backregs/B452151B-65FD-43B3-960C-23C03DD4B9C9.reg (212 bytes security) (deflated 70%)

adding: backregs/C66C7087-15D2-445F-91A0-DFDF14C99701.reg (212 bytes security) (deflated 70%)

adding: backregs/notibac.reg (188 bytes security) (deflated 87%)

adding: backregs/shell.reg (188 bytes security) (deflated 60%)


Segundo Log pedido do L2mfix:

Granting SeDebugPrivilege to Adiministradores ... failed (GetAccountSid(Adiministradores)=1332


Novo Log do HijackThis:


Logfile of HijackThis v1.99.1

Scan saved at 00:11:38, on 9/2/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:











C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe




C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe


C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe


C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe


C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Intelig\Discador Intelig\interdial.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe



O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\RunServices: [The Service Pack Loader] spxp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - Startup: WinMySQLadmin.lnk = C:\bin\mysql\bin\winmysqladmin.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000


O17 - HKLM\System\CCS\Services\Tcpip\..\{EC21249F-F14D-4627-AD49-29914DDD2666}: NameServer =

O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\lv0209doe.dll (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Apache - Unknown owner - C:\bin\Apache\Apache.exe" --ntservice (file missing)

O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\hpdj.exe

O23 - Service: MySQL - Unknown owner - C:\bin\mysql\bin\mysqld-nt".exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

Fiz, mais ai criou um novo usuario e nem sabia a senha, ai começou a dar poblemas impossivel de navegar tive que formatar, segue um novo log do HijackThis:


Logfile of HijackThis v1.99.1

Scan saved at 21:08:47, on 12/2/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:









C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe


C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe


C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe


C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe


C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Discador iBest\baloon.exe


C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Arquivos de programas\Intelig\Discador Intelig\interdial.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE




R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGv6\Discador iG.exe" boot

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\RunServices: [Microsoft Configusd] msconfigsd.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Discador iBest\baloon.exe"

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll


O17 - HKLM\System\CCS\Services\Tcpip\..\{4EC11050-9A84-4F79-BD4A-F18B4CD309A2}: NameServer =

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: hpdj - HP - C:\DOCUME~1\William\CONFIG~1\Temp\hpdj.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

Caro Essential,


Não há entradas anormais no log, mas o sistema operacional está bastante desatualizado.



Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.

