[Arquivado] socket error #10061

[cleyanders 0]

Pessoal estou tendo problemas quando um sistema meu tenta enviar um email dá o seguinte erro : Socket Error # 10061 Connection Refused

Pesquisei na internet e não consegui arrumar isso. Se puderem analisar pra mim este log e me ajudar a localizar o erro. Fiz alguns testes e não tive sucesso.

 

o Log do HijackThis

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 17:04:39, on 26/03/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Arquivos de programas\LogMeIn\RaMaint.exe

C:\Arquivos de programas\LogMeIn\LogMeIn.exe

C:\WINDOWS\LogWatNT.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\FrameworkService.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\MSDE\MSSQL$EPOSERVER\Binn\sqlservr.exe

C:\Arquivos de programas\Microsoft SQL Server\MSSQL$SQLNG\Binn\sqlservr.exe

C:\Arquivos de programas\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\EVENTPARSER.EXE

C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\NAIMSERV.EXE

C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\srvmon.exe

C:\Arquivos de programas\Info Manager\infomanager.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\UdaterUI.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\McTray.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\mEICssenger\meicssenger.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\MSDE\MSSQL$EPOSERVER\Binn\sqlagent.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\eMule\emule.exe

c:\arquiv~1\intern~1\iexplore.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Teste\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.escolaimaculada.com.br/intranet

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Arquivos de programas\BitDownload\TorrentManager.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [info Manager] C:\Arquivos de programas\Info Manager\infomanager.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [meicssenger] C:\Arquivos de programas\mEICssenger\meicssenger.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [CurbFive] C:\DOCUME~1\cley\DADOSD~1\SECTMA~1\seek amen.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: Gerenciador de serviços.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?0b75d6e0195e4292b0b58d14e93ff544

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?0b75d6e0195e4292b0b58d14e93ff544

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = imaculada.com.br

O17 - HKLM\Software\..\Telephony: DomainName = imaculada.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{8F146BBF-92B8-45CC-8CBF-8D8C5E1677C9}: NameServer = 201.10.128.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = imaculada.com.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = imaculada.com.br

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: McAfee ProtectionPilot 1.5.0 Event Parser (EVENTPARSER150) - Network Associates, Inc. - C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\EVENTPARSER.EXE

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\LogMeIn.exe

O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)

O23 - Service: McAfee ProtectionPilot 1.5.0 Server (NAIMSERV150) - Network Associates, Inc. - C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\NAIMSERV.EXE

O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\ARQUIV~1\Borland\vbroker\bin\oad.exe

O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\ARQUIV~1\Borland\vbroker\bin\osagent.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

[jgarcia 1]

Opa cleyanders,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

[cleyanders 0]

fiz como você falou, seguem os logs...:

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 09:27:41, on 30/03/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Arquivos de programas\LogMeIn\RaMaint.exe

C:\Arquivos de programas\LogMeIn\LogMeIn.exe

C:\WINDOWS\LogWatNT.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\FrameworkService.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\MSDE\MSSQL$EPOSERVER\Binn\sqlservr.exe

C:\Arquivos de programas\Microsoft SQL Server\MSSQL$SQLNG\Binn\sqlservr.exe

C:\Arquivos de programas\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\EVENTPARSER.EXE

C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\NAIMSERV.EXE

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\srvmon.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\MSDE\MSSQL$EPOSERVER\Binn\sqlagent.EXE

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\Info Manager\infomanager.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\UdaterUI.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\McTray.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\mEICssenger\meicssenger.exe

C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE

D:\Programas\MinhaWeb\MinhaWeb.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Teste\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.escolaimaculada.com.br/intranet

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [info Manager] C:\Arquivos de programas\Info Manager\infomanager.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [meicssenger] C:\Arquivos de programas\mEICssenger\meicssenger.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Global Startup: Gerenciador de serviços.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?0b75d6e0195e4292b0b58d14e93ff544

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?0b75d6e0195e4292b0b58d14e93ff544

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = imaculada.com.br

O17 - HKLM\Software\..\Telephony: DomainName = imaculada.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{8F146BBF-92B8-45CC-8CBF-8D8C5E1677C9}: NameServer = 201.10.128.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = imaculada.com.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = imaculada.com.br

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: LMIinit - LMIinit.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: McAfee ProtectionPilot 1.5.0 Event Parser (EVENTPARSER150) - Network Associates, Inc. - C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\EVENTPARSER.EXE

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\LogMeIn.exe

O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)

O23 - Service: McAfee ProtectionPilot 1.5.0 Server (NAIMSERV150) - Network Associates, Inc. - C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\NAIMSERV.EXE

O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

 

 

 

o relatório do BankerFix:

 

BankerFix 2.2 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

=======================================================

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[jgarcia 1]

Opa cleyanders,

 

Não há entradas anormais em seu log. O problema persiste?

[cleyanders 0]

Sim o problema continua... Estou achando muito estranho em casa consigo enviar o email através do meu aplicativo, mas aqui no trabalho não....

[jgarcia 1]

Opa cleyanders,

 

Baixe o SilentRunners.

 

Extraia o arquivo SilentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo.

 

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole em sua próxima resposta.

 

Abraços.

 

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

[cleyanders 0]

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"meicssenger" = "C:\Arquivos de programas\mEICssenger\meicssenger.exe" [null data]

"MsnMsgr" = ""C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background" [MS]

"NBJ" = ""C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]

"FreeRAM XP" = ""C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win" ["YourWare Solutions "]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"eMuleAutoStart" = "C:\Arquivos de programas\eMule\emule.exe -AutoStart" ["http://www.emule-project.net"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Info Manager" = "C:\Arquivos de programas\Info Manager\infomanager.exe" [null data]

"McAfeeUpdaterUI" = ""C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey" ["McAfee, Inc."]

"ShStatEXE" = ""C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE" ["McAfee, Inc."]

"Windows Defender" = ""C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide" [MS]

"!AVG Anti-Spyware" = ""C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

"AVG7_CC" = "C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\ARQUIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy"

-> {HKLM...CLSID} = "scriptproxy"

\InProcServer32\(Default) = "C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll" ["McAfee, Inc."]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Toolbar Helper"

\InProcServer32\(Default) = "C:\Arquivos de programas\Windows Live Toolbar\msntb.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"

-> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook"

\InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"

-> {HKLM...CLSID} = "Shell Extension for CDRW"

\InProcServer32\(Default) = "C:\Arquivos de programas\Ahead\InCD\incdshx.dll" ["Nero AG"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento"

\InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

-> {HKLM...CLSID} = "AVG7 Find Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"

-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"

\InProcServer32\(Default) = "C:\ARQUIV~1\WIFD1F~1\MpShHook.dll" [MS]

<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> avgwlntf\DLLName = "avgwlntf.dll" ["GRISOFT, s.r.o."]

<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

<<!>> LMIinit\DLLName = "LMIinit.dll" [file not found]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\McAfee\VirusScan Enterprise\shext.dll" ["McAfee, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\McAfee\VirusScan Enterprise\shext.dll" ["McAfee, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\McAfee\VirusScan Enterprise\shext.dll" ["McAfee, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\cley\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

 

 

Startup items in "cley" & "All Users" startup folders:

------------------------------------------------------

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

"Gerenciador de serviços" -> shortcut to: "C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n" [MS]

"Service Manager" -> shortcut to: "C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n" [MS]

 

 

Enabled Scheduled Tasks:

------------------------

 

"Check Updates for Windows Live Toolbar" -> launches: "C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE" [MS]

"MP Scheduled Scan" -> launches: "C:\Arquivos de programas\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

-> {HKLM...CLSID} = "Windows Live Toolbar"

\InProcServer32\(Default) = "C:\Arquivos de programas\Windows Live Toolbar\msntb.dll" [MS]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)

-> {HKLM...CLSID} = "Windows Live Toolbar"

\InProcServer32\(Default) = "C:\Arquivos de programas\Windows Live Toolbar\msntb.dll" [MS]

[jgarcia 1]

Opa cleyanders,

 

O log está incompleto. Um documento completo apresenta uma conjuntura parecida com esta (Post #9).

 

Retorne com um log na íntegra.

 

Abraços.

[cleyanders 0]

Desculpe acho q não copiei direito.. segue o log completo...

 

 

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"meicssenger" = "C:\Arquivos de programas\mEICssenger\meicssenger.exe" [null data]

"MsnMsgr" = ""C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background" [MS]

"NBJ" = ""C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]

"FreeRAM XP" = ""C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win" ["YourWare Solutions "]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"eMuleAutoStart" = "C:\Arquivos de programas\eMule\emule.exe -AutoStart" ["http://www.emule-project.net"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Info Manager" = "C:\Arquivos de programas\Info Manager\infomanager.exe" [null data]

"McAfeeUpdaterUI" = ""C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey" ["McAfee, Inc."]

"ShStatEXE" = ""C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE" ["McAfee, Inc."]

"Windows Defender" = ""C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide" [MS]

"!AVG Anti-Spyware" = ""C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

"AVG7_CC" = "C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\ARQUIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy"

-> {HKLM...CLSID} = "scriptproxy"

\InProcServer32\(Default) = "C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll" ["McAfee, Inc."]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Toolbar Helper"

\InProcServer32\(Default) = "C:\Arquivos de programas\Windows Live Toolbar\msntb.dll" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"

-> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook"

\InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"

-> {HKLM...CLSID} = "Shell Extension for CDRW"

\InProcServer32\(Default) = "C:\Arquivos de programas\Ahead\InCD\incdshx.dll" ["Nero AG"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento"

\InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

-> {HKLM...CLSID} = "AVG7 Find Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"

-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"

\InProcServer32\(Default) = "C:\ARQUIV~1\WIFD1F~1\MpShHook.dll" [MS]

<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> avgwlntf\DLLName = "avgwlntf.dll" ["GRISOFT, s.r.o."]

<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

<<!>> LMIinit\DLLName = "LMIinit.dll" [file not found]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\McAfee\VirusScan Enterprise\shext.dll" ["McAfee, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\McAfee\VirusScan Enterprise\shext.dll" ["McAfee, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\McAfee\VirusScan Enterprise\shext.dll" ["McAfee, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\cley\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

 

 

Startup items in "cley" & "All Users" startup folders:

------------------------------------------------------

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

"Gerenciador de serviços" -> shortcut to: "C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n" [MS]

"Service Manager" -> shortcut to: "C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n" [MS]

 

 

Enabled Scheduled Tasks:

------------------------

 

"Check Updates for Windows Live Toolbar" -> launches: "C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE" [MS]

"MP Scheduled Scan" -> launches: "C:\Arquivos de programas\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

-> {HKLM...CLSID} = "Windows Live Toolbar"

\InProcServer32\(Default) = "C:\Arquivos de programas\Windows Live Toolbar\msntb.dll" [MS]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)

-> {HKLM...CLSID} = "Windows Live Toolbar"

\InProcServer32\(Default) = "C:\Arquivos de programas\Windows Live Toolbar\msntb.dll" [MS]

 

Explorer Bars

 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Pesquisar"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"

\InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"

\InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Pesquisar"

 

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Arquivos de programas\Messenger\msmsgs.exe" [MS]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]

AVG7 Alert Manager Server, Avg7Alrt, "C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]

AVG7 Resident Shield Service, AvgCoreSvc, "C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe" ["GRISOFT, s.r.o."]

AVG7 Update Service, Avg7UpdSvc, "C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]

Event Log Watch, LogWatch, "C:\WINDOWS\LogWatNT.exe" [null data]

Firebird Guardian - DefaultInstance, FirebirdGuardianDefaultInstance, "C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -s" ["The Firebird Project"]

Firebird Server - DefaultInstance, FirebirdServerDefaultInstance, "C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s" ["The Firebird Project"]

GEARSecurity, GEARSecurity, "C:\WINDOWS\System32\GEARSec.exe" ["GEAR Software"]

InCD Helper, InCDsrv, "C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe" ["Nero AG"]

LogMeIn, LogMeIn, ""C:\Arquivos de programas\LogMeIn\LogMeIn.exe"" ["LogMeIn, Inc."]

LogMeIn Maintenance Service, LMIMaint, ""C:\Arquivos de programas\LogMeIn\RaMaint.exe"" ["LogMeIn, Inc."]

McAfee Framework Service, McAfeeFramework, ""C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\FrameworkService.exe" /ServiceStart" ["McAfee, Inc."]

McAfee McShield, McShield, ""C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe"" ["McAfee, Inc."]

McAfee ProtectionPilot 1.5.0 Event Parser, EVENTPARSER150, ""C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\EVENTPARSER.EXE"" ["Network Associates, Inc."]

McAfee ProtectionPilot 1.5.0 Server, NAIMSERV150, ""C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\NAIMSERV.EXE"" ["Network Associates, Inc."]

McAfee Task Manager, McTaskManager, ""C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe"" ["McAfee, Inc."]

MSSQL$EPOSERVER, MSSQL$EPOSERVER, "C:\Arquivos de programas\Arquivos comuns\McAfee\MSDE\MSSQL$EPOSERVER\Binn\sqlservr.exe -sEPOSERVER" [MS]

MSSQL$SQLNG, MSSQL$SQLNG, "C:\Arquivos de programas\Microsoft SQL Server\MSSQL$SQLNG\Binn\sqlservr.exe -sSQLNG" [null data]

Norton Ghost, Norton Ghost, "C:\Arquivos de programas\Symantec\Norton Ghost\Agent\PQV2iSvc.exe" ["Symantec Corporation"]

Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader, usnjsvc, ""C:\Arquivos de programas\MSN Messenger\usnsvc.exe"" [MS]

SQLAgent$EPOSERVER, SQLAgent$EPOSERVER, "C:\Arquivos de programas\Arquivos comuns\McAfee\MSDE\MSSQL$EPOSERVER\Binn\sqlagent.EXE -i EPOSERVER" [MS]

VNC Server Version 4, WinVNC4, ""C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service" ["RealVNC Ltd."]

Windows Defender, WinDefend, ""C:\Arquivos de programas\Windows Defender\MsMpEng.exe"" [MS]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzlnt07\Driver = "hpzlnt07.dll" ["HP"]

LogMeIn Printer Port Monitor\Driver = "LMIport.dll" ["3am Labs, Inc."]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

 

 

----------

<<!>>: Suspicious data at a malware launch point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 86 seconds, including 12 seconds for message boxes)

[jgarcia 1]

Opa cleyanders,

 

Poste um novo log do HijackThis.

 

Abraços.

[cleyanders 0]

Segue o novo log, e muito obrigado pela atenção até agora em relação ao problema que insiste em ficar no micro... até agora não funcionou.

 

Logfile of HijackThis v1.99.1

Scan saved at 07:59:23, on 17/04/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Arquivos de programas\LogMeIn\RaMaint.exe

C:\Arquivos de programas\LogMeIn\LogMeIn.exe

C:\WINDOWS\LogWatNT.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\FrameworkService.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\MSDE\MSSQL$EPOSERVER\Binn\sqlservr.exe

C:\Arquivos de programas\Microsoft SQL Server\MSSQL$SQLNG\Binn\sqlservr.exe

C:\Arquivos de programas\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\McAfee\MSDE\MSSQL$EPOSERVER\Binn\sqlagent.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\EVENTPARSER.EXE

C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\NAIMSERV.EXE

C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\srvmon.exe

C:\Arquivos de programas\Info Manager\infomanager.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\UdaterUI.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\McTray.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\LogMeIn\LogMeInSystray.exe

C:\Arquivos de programas\mEICssenger\meicssenger.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Teste\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.escolaimaculada.com.br/intranet

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [info Manager] C:\Arquivos de programas\Info Manager\infomanager.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\LogMeInSystray.exe"

O4 - HKCU\..\Run: [meicssenger] C:\Arquivos de programas\mEICssenger\meicssenger.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O4 - Global Startup: Gerenciador de serviços.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?0b75d6e0195e4292b0b58d14e93ff544

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?0b75d6e0195e4292b0b58d14e93ff544

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = imaculada.com.br

O17 - HKLM\Software\..\Telephony: DomainName = imaculada.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{8F146BBF-92B8-45CC-8CBF-8D8C5E1677C9}: NameServer = 192.168.20.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = imaculada.com.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = imaculada.com.br

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: McAfee ProtectionPilot 1.5.0 Event Parser (EVENTPARSER150) - Network Associates, Inc. - C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\EVENTPARSER.EXE

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\LogMeIn.exe

O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)

O23 - Service: McAfee ProtectionPilot 1.5.0 Server (NAIMSERV150) - Network Associates, Inc. - C:\Arquivos de programas\McAfee\ProtectionPilot\1.5.0\NAIMSERV.EXE

O23 - Service: Norton Ghost - Symantec Corporation - C:\Arquivos de programas\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

[jgarcia 1]

Opa cleyanders,

 

Execute o Active Scan da Panda e retorne com o resultado.

 

Abraços.

[cleyanders 0]

1 Vírus limpo e 18 Spywares não limpos....

[cleyanders 0]

Desculpe o post anterior está errado. o Active Scan havia travado e eu pensei q era só passar o q ele havia citado na tela. Porém rodei ele novamente ai ele mostrou o seguinte relatório:Incident Status Location Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\cley\Cookies\cley@ads.pointroll[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\cley\Cookies\cley@ig.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\cley\Cookies\cley@terra.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[.terra.com.br/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[.ig.com.br/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[.uol.com.br/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[de.uol.com.br/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[.2o7.net/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[.overture.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[server.iad.liveperson.net/hc/63271561] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[server.iad.liveperson.net/hc/63271561] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[.com.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jorge\Dados de aplicativos\Mozilla\Firefox\Profiles\6yltah6m.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\carlota\Cookies\carlota@de.uol.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\carlota\Cookies\carlota@uol.com[1].txt Spyware:Cookie/Admotion Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\Péricles\Cookies\péricles@admotion.com[2].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\Péricles\Cookies\péricles@de.uol.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\Péricles\Cookies\péricles@terra.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\Péricles\Cookies\péricles@terra.com[2].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\Péricles\Cookies\péricles@uol.com[2].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\valeria\Cookies\valeria@de.uol.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\valeria\Cookies\valeria@ig.com[2].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\valeria\Cookies\valeria@terra.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\valeria\Cookies\valeria@uol.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Usuarios\bosco\Cookies\bosco@acesso.uol.com[2].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Usuarios\bosco\Cookies\bosco@de.uol.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Usuarios\bosco\Cookies\bosco@ig.com[2].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Usuarios\bosco\Cookies\bosco@terra.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Usuarios\bosco\Cookies\bosco@uol.com[2].txt

[jgarcia 1]

Opa cleyanders,

 

Baixe o CCleaner em:

CCleaner

 

Execute o CCleaner e clique em Executar Cleaner.

 

Execute o Active Scan novamente e veja se ainda detecta algo.

 

Aguardo retorno.

 

Um abraço.

[cleyanders 0]

Desculpe a demora, estou tendo outros problemas urgentes pra resolver e não tive tempo. Porém esse problema tb é importante para mim, estou agora passando o CCLeaner e logo após vou executar o Active Scan.Porém tenho umas dúvidas: Tentei executar o programa em q o erro 10061# aparece no servidor da empresa e ocorre o mesmo erro lá.Tentei em um notebook na mesma rede e dá o erro: 10053#Será q é algo no modem? Será q não tem q liberar alguma porta no modem da ADLS ?? Pq em 3 micros da empresa ocorreu este erro?

[cleyanders 0]

segue o relatório do Active Scan depois do CCleaner:Incident Status Location Virus:Trj/Conhook.BN Disinfected C:\Arquivos de programas\eMule\Incoming\(Serial) delphi for php1 by DEViANCE (SVCD).zip[setup.exe] Virus:W32/Puce.F.worm Not disinfected C:\Arquivos de programas\eMule\Incoming\Camtasia Studio 4.0.0 + KeyGen + codecs (screen recorder)(1).rar[setup.exe] Adware:Adware/Lop Not disinfected C:\Arquivos de programas\eMule\Incoming\code gear php_fastest_BitTorrent_downloader.zip[bitDownload-3.0-setup.exe] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[.terra.com.br/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[.uol.com.br/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[de.uol.com.br/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\cley\Dados de aplicativos\Mozilla\Firefox\Profiles\m1ogax5y.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jorge\Dados de aplicativos\Mozilla\Firefox\Profiles\6yltah6m.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\carlota\Cookies\carlota@de.uol.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\carlota\Cookies\carlota@uol.com[1].txt Spyware:Cookie/Admotion Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\Péricles\Cookies\péricles@admotion.com[2].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\Péricles\Cookies\péricles@de.uol.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\Péricles\Cookies\péricles@terra.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\Péricles\Cookies\péricles@terra.com[2].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\Péricles\Cookies\péricles@uol.com[2].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\valeria\Cookies\valeria@de.uol.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\valeria\Cookies\valeria@ig.com[2].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\valeria\Cookies\valeria@terra.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Bosco\Documents and Settings\valeria\Cookies\valeria@uol.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Usuarios\bosco\Cookies\bosco@acesso.uol.com[2].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Usuarios\bosco\Cookies\bosco@de.uol.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Usuarios\bosco\Cookies\bosco@ig.com[2].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Usuarios\bosco\Cookies\bosco@terra.com[1].txt Spyware:Cookie/Com.com Not disinfected E:\Pre-Universitário33\Usuarios\bosco\Cookies\bosco@uol.com[2].txt

[jgarcia 1]

Opa cleyanders,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\Arquivos de programas\eMule\Incoming\Camtasia Studio 4.0.0 + KeyGen + codecs (screen recorder)(1).rar

C:\Arquivos de programas\eMule\Incoming\code gear php_fastest_BitTorrent_downloader.zip

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Execute o CCleaner e clique em Executar Cleaner novamente.

 

Verifique se o Active Scan ainda detecta algo.

 

Aguardo retorno.

 

Um abraço.

[Shine 0]

TÓPICO ARQUIVADO

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada

para um moderador da área juntamente com o link para este tópico e explique

o motivo da reabertura.