Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Alex dos Santos

[Resolvido!]Problema com virus

Recommended Posts

Olá amigos. Gostaria de saber se alguém sabe analisar este log do highkack pois não tenho conhecimento suficiente para poder fazer as alterações necessárias com segurança.

 

Este é o log do highjack, alguém pode me ajudar? Obrigado.. Alex dos Santos

 

Logfile of HijackThis v1.99.1

Scan saved at 17:46:58, on 20/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\caissdt.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [CaISSDT] "C:\Arquivos de programas\CA\eTrust Internet Security Suite\caissdt.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r

O4 - HKLM\..\Run: [Keyzel Service] C:\WINDOWS\tasklist32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.1_03\bin\npjpi141_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.1_03\bin\npjpi141_03.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152058377734

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152230723406

O16 - DPF: {8C8C5C51-BE1C-11D8-9A58-0040A7066255} (InternetIDX Class) - https://ww7.banrisul.com.br/bsd/link/BSDSI6XW_IIDXCOM.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{2F143475-6CEF-4B27-A147-AFE872256C4A}: NameServer = 192.168.1.1,200.176.2.10

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Arquivos de programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Alex dos Santos,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar.

C:\WINDOWS\tasklist32.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

O4 - HKLM\..\Run: [Keyzel Service] C:\WINDOWS\tasklist32.exe

Clique em Fix Checked.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Poste o novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu executei o processo recomendado.

Segue o novo log

 

Logfile of HijackThis v1.99.1

Scan saved at 15:46:22, on 21/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\caissdt.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [CaISSDT] "C:\Arquivos de programas\CA\eTrust Internet Security Suite\caissdt.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.1_03\bin\npjpi141_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.1_03\bin\npjpi141_03.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152058377734

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152230723406

O16 - DPF: {8C8C5C51-BE1C-11D8-9A58-0040A7066255} (InternetIDX Class) - https://ww7.banrisul.com.br/bsd/link/BSDSI6XW_IIDXCOM.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{2F143475-6CEF-4B27-A147-AFE872256C4A}: NameServer = 192.168.1.1,200.176.2.10

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Arquivos de programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

 

 

 

Eu gostaria de saber o que são estes dois registros abaixo.

 

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

 

Abraços

Alex dos Santos

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Alex dos Santos,

 

O seu log está LIMPO. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como.

 

... quanto à sua dúvida:

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

Os executáveis acima são parte integrante dos Controladores Gráficos da S3 (S3 Graphics Co).

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Alex dos Santos,

 

Poste o log normalmente, assim como fez para a primeira máquina. ;)

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK segue o log abaixo.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:27:12, on 27/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\oracle\ora92\bin\omtsreco.exe

C:\Arquivos de programas\Print Audit Inc\Print Audit 5\Data\pa5clcom.exe

C:\Arquivos de programas\Print Audit Inc\Print Audit 5\cpaudit\pa5cacom.exe

C:\Arquivos de programas\Print Audit Inc\Print Audit 5\fmconnect\pa5fmcnc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe

C:\Arquivos de programas\Print Audit Inc\Print Audit 5\Data\pa5clcfg.exe

C:\Arquivos de programas\Print Audit Inc\Print Audit 5\Client\pa5clint.exe

C:\Arquivos de programas\Print Audit Inc\Print Audit 5\fmconnect\pa5fmcfg.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe

C:\Arquivos de programas\Arovax Shield\ArovaxShield.exe

C:\Arquivos de programas\ColarIsto\ColarIsto.exe

C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\caissdt.exe

C:\Arquivos de programas\WinClamAVShield\sp_clam.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Sharp\Sharpdesk\SharpTray.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Emule Speed Booster\Emule Speed Booster.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\WINDOWS\system32\mstsc.exe

C:\Arquivos de programas\Quest Software\Toad for Oracle\TOAD.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\alexdpd\Desktop\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [PA5 Comm Config] C:\Arquivos de programas\Print Audit Inc\Print Audit 5\Data\pa5clcfg.exe

O4 - HKLM\..\Run: [PrintAudit5] C:\Arquivos de programas\Print Audit Inc\Print Audit 5\Client\pa5clint.exe

O4 - HKLM\..\Run: [PA5 FM Config] C:\Arquivos de programas\Print Audit Inc\Print Audit 5\fmconnect\pa5fmcfg.exe

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKLM\..\Run: [Arovax Shield] C:\Arquivos de programas\Arovax Shield\ArovaxShield.exe -tray

O4 - HKLM\..\Run: [ColarIsto] C:\Arquivos de programas\ColarIsto\ColarIsto.exe

O4 - HKLM\..\Run: [cctray] "C:\Arquivos de programas\CA\eTrust Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [CaISSDT] "C:\Arquivos de programas\CA\eTrust Internet Security Suite\caissdt.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sharpTray] "C:\Arquivos de programas\Sharp\Sharpdesk\SharpTray.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Emule Speed Booster] "C:\Arquivos de programas\Emule Speed Booster\Emule Speed Booster.exe" -tray

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Descarga selecionada pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Descarregar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Descarregar site com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Descarregar tudo com Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146263720603

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CPERSNET

O17 - HKLM\Software\..\Telephony: DomainName = CPERSNET

O17 - HKLM\System\CCS\Services\Tcpip\..\{73795E67-FE6A-48B5-808E-9D2F8BD44191}: NameServer = 192.0.0.8,192.0.0.17

O17 - HKLM\System\CCS\Services\Tcpip\..\{B53B404F-521C-4DDA-9CF9-52136EC7A458}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CPERSNET

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CPERSNET

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\ARQUIV~1\QUESTS~1\TOADFO~1\RNetPin.dll

O18 - Filter: text/html - (no CLSID) - (no file)

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe

O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE

O23 - Service: OracleorantClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: Print Audit 5 Client Communicator (PA5ClientCommunicator) - PJLM Software Inc. - C:\Arquivos de programas\Print Audit Inc\Print Audit 5\Data\pa5clcom.exe

O23 - Service: Print Audit 5 Copy Audit Communicator (PA5CopyAuditCommunicator) - Print Audit - C:\Arquivos de programas\Print Audit Inc\Print Audit 5\cpaudit\pa5cacom.exe

O23 - Service: Print Audit 5 Facilities Manager Connector (PA5FmConnector) - PJLM Software Inc. - C:\Arquivos de programas\Print Audit Inc\Print Audit 5\fmconnect\pa5fmcnc.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)

O23 - Service: TOPConnect 4.0 Server (top4) - Unknown owner - C:\Arquivos de programas\TOPConnect 4.0\topconnect.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Alex dos Santos,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

Desinstale:

-> Arovax AntiSpyware

-> Arovax Shield

 

Utilize Adicionar / Remover programas.

 

Desinstale, um a um, e reinicie após tê-los desinstalado.

 

Obs.: Caso não encontre algum dos programas acima citados na lista apenas passe para a próxima etapa.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar.

C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe

C:\Arquivos de programas\Arovax Shield\ArovaxShield.exe

C:\WINDOWS\system\smss.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w

O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKLM\..\Run: [Arovax Shield] C:\Arquivos de programas\Arovax Shield\ArovaxShield.exe -tray

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O18 - Filter: text/html - (no CLSID) - (no file)

Clique em Fix Checked.

 

3ª Etapa

 

Ainda em Modo Seguro localize e delete:

 

C:\Arquivos de programas\Arovax AntiSpyware <- a pasta

C:\Arquivos de programas\Arovax Shield <- a pasta

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Poste o novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o novo log. E um muito obrigado pela ajuda.

 

Logfile of HijackThis v1.99.1

Scan saved at 17:56:54, on 29/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\oracle\ora92\bin\omtsreco.exe

C:\Arquivos de programas\Print Audit Inc\Print Audit 5\Data\pa5clcom.exe

C:\Arquivos de programas\Print Audit Inc\Print Audit 5\cpaudit\pa5cacom.exe

C:\Arquivos de programas\Print Audit Inc\Print Audit 5\fmconnect\pa5fmcnc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe

C:\Arquivos de programas\Print Audit Inc\Print Audit 5\Data\pa5clcfg.exe

C:\Arquivos de programas\Print Audit Inc\Print Audit 5\Client\pa5clint.exe

C:\Arquivos de programas\Print Audit Inc\Print Audit 5\fmconnect\pa5fmcfg.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\ColarIsto\ColarIsto.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\cctray\cctray.exe

C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

C:\Arquivos de programas\CA\eTrust Internet Security Suite\caissdt.exe

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\WinClamAVShield\sp_clam.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Sharp\Sharpdesk\SharpTray.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Emule Speed Booster\Emule Speed Booster.exe

C:\Arquivos de programas\eMule\emule.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Documents and Settings\alexdpd\Desktop\hijackthis\HijackThis.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [PA5 Comm Config] C:\Arquivos de programas\Print Audit Inc\Print Audit 5\Data\pa5clcfg.exe

O4 - HKLM\..\Run: [PrintAudit5] C:\Arquivos de programas\Print Audit Inc\Print Audit 5\Client\pa5clint.exe

O4 - HKLM\..\Run: [PA5 FM Config] C:\Arquivos de programas\Print Audit Inc\Print Audit 5\fmconnect\pa5fmcfg.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [ColarIsto] C:\Arquivos de programas\ColarIsto\ColarIsto.exe

O4 - HKLM\..\Run: [cctray] "C:\Arquivos de programas\CA\eTrust Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

O4 - HKLM\..\Run: [CaISSDT] "C:\Arquivos de programas\CA\eTrust Internet Security Suite\caissdt.exe"

O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sharpTray] "C:\Arquivos de programas\Sharp\Sharpdesk\SharpTray.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Emule Speed Booster] "C:\Arquivos de programas\Emule Speed Booster\Emule Speed Booster.exe" -tray

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Descarga selecionada pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Descarregar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Descarregar site com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Descarregar tudo com Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146263720603

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CPERSNET

O17 - HKLM\Software\..\Telephony: DomainName = CPERSNET

O17 - HKLM\System\CCS\Services\Tcpip\..\{73795E67-FE6A-48B5-808E-9D2F8BD44191}: NameServer = 192.0.0.8,192.0.0.17

O17 - HKLM\System\CCS\Services\Tcpip\..\{B53B404F-521C-4DDA-9CF9-52136EC7A458}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CPERSNET

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CPERSNET

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\ARQUIV~1\QUESTS~1\TOADFO~1\RNetPin.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe

O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE

O23 - Service: OracleorantClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: Print Audit 5 Client Communicator (PA5ClientCommunicator) - PJLM Software Inc. - C:\Arquivos de programas\Print Audit Inc\Print Audit 5\Data\pa5clcom.exe

O23 - Service: Print Audit 5 Copy Audit Communicator (PA5CopyAuditCommunicator) - Print Audit - C:\Arquivos de programas\Print Audit Inc\Print Audit 5\cpaudit\pa5cacom.exe

O23 - Service: Print Audit 5 Facilities Manager Connector (PA5FmConnector) - PJLM Software Inc. - C:\Arquivos de programas\Print Audit Inc\Print Audit 5\fmconnect\pa5fmcnc.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)

O23 - Service: TOPConnect 4.0 Server (top4) - Unknown owner - C:\Arquivos de programas\TOPConnect 4.0\topconnect.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Arquivos de programas\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

 

Abraços

Alex dos Santos

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.