[Arquivado] IE abrindo sozinho toda hora

[Leoking 0]

Quando estou no pc,a cada 15 segundos come;ca a abrir páginas no IE,endereçadas http://qaz[XXXX].xhost.ro/ , e após uma mensagem: 'O caminho 'alex116' não existe ou não é um diretório'

*[XXXX]: número de 2000~2015

pelo amor de Deus alguém me ajude!

 

aí vai meu log:

 

Logfile of HijackThis v1.99.1

Scan saved at 23:56:09, on 28/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Stardock\Object Desktop\KLP\Keys.exe

C:\Arquivos de programas\Stardock\Object Desktop\IconX\IconX.exe

C:\Arquivos de programas\Stardock\Object Desktop\RightClick\RightClick.exe

C:\WINDOWS\system32\winlogin.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Arquivos de programas\Logitech\Video\LogiTray.exe

C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Desktop\Programas\HijackThis.exe

 

F3 - REG:win.ini: run=C:\WINDOWS\system32\winlogin.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\PROTECT\protect.sld,C:\WINDOWS\system32\userinit.exe,

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [Protect] "C:\WINDOWS\PROTECT\protect.exe" /a

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Arquivos de programas\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [FreeRAM XP] "D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe" -win

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

O4 - Global Startup: Execute a Ferramenta de Registo do Nintendo Wi-Fi USB Connector...lnk = C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000

O8 - Extra context menu item: Analisar com LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Parser.html

O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download usando Assistente LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Wizard.html

O8 - Extra context menu item: Download usando LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\AddUrl.html

O8 - Extra context menu item: Download with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun ?I Java ?R?“?\?[?? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//h...ALStreaming.cab

O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab

O16 - DPF: {731E2481-5410-49C6-BE75-083740869284} (QOnlineCtrl Class) - http://www.meteosonline.jp/QOnline.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D41CE0FC-D720-413E-A9A6-82EC4CDAE742} (Session Class) - http://segalink.jp/_app/SJSessionAX.cab

O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (????????????) - http://www.filebank.co.jp/setup/win/fbx2.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: MCPClient - C:\Arquivos de programas\Arquivos comuns\Stardock\mcpstub.dll

O20 - Winlogon Notify: WBSrv - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Valeu!

[jgarcia 1]

Opa Leoking,

 

1. Baixe o SmitfraudFix;

 

2. Desabilite a proteção do seu anti-vírus (temporariamente);

 

3. Extraia o arquivo SmitFraudFix para o seu desktop;

 

4. Reinicie em Modo Seguro;

 

5. Execute o SmitfraudFix dando um duplo clique sobre smitfraudfix.cmd --> escolha a Opção 2;

 

6. Responda sim (y) à pergunta sobre a limpeza no registro (Do you want to clean the registry?);

 

7. Aguarde o término do scan e a geração do log;

 

8. Reinicie em Modo Normal;

 

9. Reabilite o seu anti-vírus;

 

10. Poste o log do SmitfraudFix (opção 2) + log HijackThis (gerado em Modo Normal).

 

Abraços.

[Leoking 0]

Obrigado mesmo jgarcia (sabia que você ia me salvar)!!!

 

aí vai meu log do Smitfraudfix:

 

SmitFraudFix v2.158

 

Scan done at 11:21:19,98, 29/03/2007 qui

Run from D:\Desktop\SmitfraudFix

OS: Microsoft Windows XP [versao 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Killing process

 

 

ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ hosts

 

 

127.0.0.1 localhost

127.0.0.1 www.jetix.com.br

127.0.0.1 www.jetix.com.br/Series/

127.0.0.1 www.jetix.com.br/Series/WITCH/

127.0.0.1 www.disney.com.br/Publishing/Witchmagazine/

127.0.0.1 www.winxclub.com/

127.0.0.1 www.winxclub.com

127.0.0.1 www.disney.com.br

127.0.0.1 www.4kids.tv

127.0.0.1 barbie.everythinggirl.com

127.0.0.1 senna.globo.com

127.0.0.1 myscene.everythinggirl.com

127.0.0.1 www.winxclub.tv

127.0.0.1 igirl.ig.com.br

127.0.0.1 www.disney.pt

127.0.0.1 sitedaswitch.tripod.com

127.0.0.1 www.barbie-japan.com

127.0.0.1 br.barbie.com

127.0.0.1 es.barbie.com

127.0.0.1 uk.barbie.com

127.0.0.1 fr.barbie.com

127.0.0.1 www.barbie.de

127.0.0.1 www.barbie.nl

127.0.0.1 humortadela3.uol.com.br

127.0.0.1 humortadela.uol.com.br

127.0.0.1 ad.yieldmanager.com

127.0.0.1 content.yieldmanager.edgesuite.net

127.0.0.1 winx-candy-witch.mylog.pl

127.0.0.1 www.flogao.com/winxclubrasiloficial

127.0.0.1 bloomka.mylog.pl

127.0.0.1 shapely-bloom.mylog.pl

127.0.0.1 fotolog.terra.com.br/julianacasal

127.0.0.1 fotolog.terra.com.br/aisha_winx

127.0.0.1 4kids.tv

127.0.0.1 bloom-claudia.mylog.pl

127.0.0.1 www.bratzpetz.com

127.0.0.1 www.bratz.com

127.0.0.1 www.cutewinx.com

127.0.0.1 winx-i-linx.mylog.pl

127.0.0.1 games.bratz.com

127.0.0.1 fotolog.terra.com.br

127.0.0.1 www.freewebs.com/magicofwinxclub

127.0.0.1 www.winxclub.us

127.0.0.1 www.flogao.com

127.0.0.1 zwinky.smileycentral.com

127.0.0.1 http://www.freewebs.com/magicofwinxclub/bloomsenchantix.htm

127.0.0.1 www.alemdalenda.com.br

127.0.0.1 www.on.br

127.0.0.1 asimpatiquinhas.blogspot.com

127.0.0.1 atrevida.uol.com.br

127.0.0.1 www.betinhocarrero.com.br

127.0.0.1 www.corbinbleu.com

 

 

ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Deleting infected files

 

 

ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Deleting Temp Files

 

 

ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

"Startup"="MCPSystemStartup"

 

 

ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Registry Cleaning

 

Registry Cleaning done.

 

ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ End

 

E o do Hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:29:45, on 29/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Arquivos comuns\Stardock\SDMCP.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\Arquivos de programas\Stardock\Object Desktop\KLP\Keys.exe

C:\Arquivos de programas\Stardock\Object Desktop\IconX\IconX.exe

C:\Arquivos de programas\Stardock\Object Desktop\RightClick\RightClick.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Arquivos de programas\Logitech\Video\LogiTray.exe

C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe

C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\WINDOWS\system32\dllcache\wordpad.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Desktop\Programas\HijackThis.exe

 

F2 - REG:system.ini: UserInit=C:\WINDOWS\PROTECT\protect.sld,C:\WINDOWS\system32\userinit.exe,

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [Protect] "C:\WINDOWS\PROTECT\protect.exe" /a

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Arquivos de programas\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [FreeRAM XP] "D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe" -win

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

O4 - Global Startup: Execute a Ferramenta de Registo do Nintendo Wi-Fi USB Connector...lnk = C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000

O8 - Extra context menu item: Analisar com LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Parser.html

O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download usando Assistente LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Wizard.html

O8 - Extra context menu item: Download usando LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\AddUrl.html

O8 - Extra context menu item: Download with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun ?I Java ?R?“?\?[?? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//h...ALStreaming.cab

O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab

O16 - DPF: {731E2481-5410-49C6-BE75-083740869284} (QOnlineCtrl Class) - http://www.meteosonline.jp/QOnline.cab

O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D41CE0FC-D720-413E-A9A6-82EC4CDAE742} (Session Class) - http://segalink.jp/_app/SJSessionAX.cab

O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (????????????) - http://www.filebank.co.jp/setup/win/fbx2.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: MCPClient - C:\Arquivos de programas\Arquivos comuns\Stardock\mcpstub.dll

O20 - Winlogon Notify: WBSrv - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

 

[]'s

[jgarcia 1]

Opa Leoking,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\PROTECT\protect.sld

C:\WINDOWS\PROTECT\protect.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

F2 - REG:system.ini: UserInit=C:\WINDOWS\PROTECT\protect.sld,C:\WINDOWS\system32\userinit.exe,

O4 - HKLM\..\Run: [Protect] "C:\WINDOWS\PROTECT\protect.exe" /a

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O11 - Options group: [iNTERNATIONAL] International*

Clique em Fix Checked.

 

3ª Etapa

 

Ainda em Modo Seguro localize e delete:

 

C:\WINDOWS\PROTECT <- a pasta

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Submeta o arquivo abaixo ao site VirusTotal:

C:\WINDOWS\system32\dllcache\wordpad.exe

 

Retorne com o resultado e um novo log do HijackThis.

 

Um abraço.

[Leoking 0]

Opa,estou de volta!

 

aí vai o log:

 

Logfile of HijackThis v1.99.1

Scan saved at 12:25:25, on 30/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Arquivos de programas\Arquivos comuns\Stardock\SDMCP.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Stardock\Object Desktop\KLP\Keys.exe

C:\Arquivos de programas\Stardock\Object Desktop\IconX\IconX.exe

C:\Arquivos de programas\Stardock\Object Desktop\RightClick\RightClick.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Arquivos de programas\Logitech\Video\LogiTray.exe

C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllcache\wordpad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Desktop\Programas\HijackThis.exe

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Arquivos de programas\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [FreeRAM XP] "D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe" -win

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

O4 - Global Startup: Execute a Ferramenta de Registo do Nintendo Wi-Fi USB Connector...lnk = C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: Analisar com LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Parser.html

O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download usando Assistente LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Wizard.html

O8 - Extra context menu item: Download usando LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\AddUrl.html

O8 - Extra context menu item: Download with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun ?I Java ?R?“?\?[?? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//h...ALStreaming.cab

O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab

O16 - DPF: {731E2481-5410-49C6-BE75-083740869284} (QOnlineCtrl Class) - http://www.meteosonline.jp/QOnline.cab

O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D41CE0FC-D720-413E-A9A6-82EC4CDAE742} (Session Class) - http://segalink.jp/_app/SJSessionAX.cab

O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (????????????) - http://www.filebank.co.jp/setup/win/fbx2.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: MCPClient - C:\Arquivos de programas\Arquivos comuns\Stardock\mcpstub.dll

O20 - Winlogon Notify: WBSrv - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

 

e a do Virus Total:

 

STATUS: FINISHED

Complete scanning result of "wordpad.exe", received in VirusTotal at 03.30.2007, 05:24:09 (CET).

 

Antivirus Version Update Result

AhnLab-V3 2007.3.30.0 03.29.2007 no virus found

AntiVir 7.3.1.46 03.29.2007 no virus found

Authentium 4.93.8 03.30.2007 no virus found

Avast 4.7.936.0 03.29.2007 no virus found

AVG 7.5.0.447 03.29.2007 no virus found

BitDefender 7.2 03.30.2007 no virus found

CAT-QuickHeal 9.00 03.29.2007 no virus found

ClamAV devel-20070312 03.30.2007 no virus found

DrWeb 4.33 03.29.2007 no virus found

eSafe 7.0.15.0 03.29.2007 no virus found

eTrust-Vet 30.6.3522 03.29.2007 no virus found

Ewido 4.0 03.29.2007 no virus found

FileAdvisor 1 03.30.2007 No threat detected

Fortinet 2.85.0.0 03.30.2007 no virus found

F-Prot 4.3.1.45 03.30.2007 no virus found

F-Secure 6.70.13030.0 03.30.2007 no virus found

Ikarus T3.1.1.3 03.29.2007 no virus found

Kaspersky 4.0.2.24 03.30.2007 no virus found

McAfee 4995 03.29.2007 no virus found

Microsoft 1.2306 03.30.2007 no virus found

NOD32v2 2156 03.30.2007 no virus found

Norman 5.80.02 03.29.2007 no virus found

Panda 9.0.0.4 03.29.2007 no virus found

Prevx1 V2 03.30.2007 no virus found

Sophos 4.16.0 03.29.2007 no virus found

Sunbelt 2.2.907.0 03.29.2007 no virus found

Symantec 10 03.30.2007 no virus found

TheHacker 6.1.6.080 03.23.2007 no virus found

UNA 1.83 03.16.2007 no virus found

VBA32 3.11.3 03.29.2007 no virus found

VirusBuster 4.3.7:9 03.29.2007 no virus found

Webwasher-Gateway 6.0.1 03.30.2007 no virus found

 

Aditional Information

File size: 215040 bytes

MD5: 27174ca329a122b1b75774bca3f0afbd

SHA1: 839112767aeb6dcfb5b73dc74ed38e76b90d22f4

Bit9 info: http://fileadvisor.bit9.com/services/extin...75774bca3f0afbd

[jgarcia 1]

Opa Leoking,

 

O seu log está LIMPO. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como.

 

Abraços.

[Leoking 0]

o services.exe está fechando sozinho,daí começa uma contagem... e o pc reinicia!

pode me salvar? xD

 

aí vai o log:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:15:01, on 2/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Stardock\Object Desktop\KLP\Keys.exe

C:\Arquivos de programas\Stardock\Object Desktop\RightClick\RightClick.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Arquivos de programas\Logitech\Video\LogiTray.exe

C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe

C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\WINDOWS\system32\dwwin.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Desktop\Programas\HijackThis.exe

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Arquivos de programas\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [FreeRAM XP] "D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe" -win

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe

O4 - Global Startup: Execute a Ferramenta de Registo do Nintendo Wi-Fi USB Connector...lnk = C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: Analisar com LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Parser.html

O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download usando Assistente LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Wizard.html

O8 - Extra context menu item: Download usando LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\AddUrl.html

O8 - Extra context menu item: Download with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun ?I Java ?R?“?\?[?? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//h...ALStreaming.cab

O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab

O16 - DPF: {731E2481-5410-49C6-BE75-083740869284} (QOnlineCtrl Class) - http://www.meteosonline.jp/QOnline.cab

O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D41CE0FC-D720-413E-A9A6-82EC4CDAE742} (Session Class) - http://segalink.jp/_app/SJSessionAX.cab

O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (????????????) - http://www.filebank.co.jp/setup/win/fbx2.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: MCPClient - C:\Arquivos de programas\Arquivos comuns\Stardock\mcpstub.dll

O20 - Winlogon Notify: WBSrv - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

 

[]'s

[jgarcia 1]

Opa Leoking,

 

Baixe o F-Secure Blacklight em:

F-Secure Blacklight

 

Salve-o em sua área de trabalho (desktop) e o execute. Aceite o acordo. Clique em Scan e aguarde.

 

Se ele encontrar algum arquivo, ignore, pois quero apenas o log.

 

Ao final do scan será gerado o arquivo fsbl-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta.

 

Abraços.

[Leoking 0]

o link não tá funcionando:ERROR 404: Sorry, URL not found.Please click here for the Main Index.This page will automatically load the Main Index in 10 seconds ... .eu peguei a outra versão,mas no fim do scan ela não gerou um log =/[]'s

[jgarcia 1]

Opa Leoking.

 

Eu já corrigi o link. Tente novamente.

 

Obrigado pelo toque. :thumbsup:

 

Editado: Acabei de testar e funcionou perfeitamente.

[Leoking 0]

Depois do scan foi criado um arquivo de texto,acho que é esse o log:04/04/07 10:35:53 [info]: BlackLight Engine 1.0.61 initialized04/04/07 10:35:53 [info]: OS: 5.1 build 2600 (Service Pack 2)04/04/07 10:35:53 [Note]: 7019 404/04/07 10:35:53 [Note]: 7005 004/04/07 10:35:58 [Note]: 7006 004/04/07 10:35:58 [Note]: 7011 58804/04/07 10:35:59 [Note]: 7026 004/04/07 10:35:59 [Note]: 7026 004/04/07 10:36:06 [Note]: FSRAW library version 1.7.102104/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 11:01:01 [Note]: 7007 0(bem extranho isso xD)[]'s

[jgarcia 1]

Opa Leoking,

 

Baixe o SilentRunners.

 

Extraia o arquivo SilentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo.

 

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole em sua próxima resposta.

 

Abraços.

 

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

[Leoking 0]

Opa,valeu!

Aí vai o log:

 

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"MsnMsgr" = ""C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background" [MS]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"LogitechSoftwareUpdate" = ""C:\Arquivos de programas\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]

"FreeRAM XP" = ""D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe" -win" ["YourWare Solutions "]

"MSMSGS" = ""C:\Arquivos de programas\Messenger\msmsgs.exe" /background" [MS]

"lmpc4" = "C:\Arquivos de programas\Lock My PC 4\lockpc.exe /s" ["FSPro Labs"]

"Pando" = ""C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized" ["Pando Networks"]

"(Default)" = "(empty string)" [file not found]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]

"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]

"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]

"avast!" = "C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]

"LogitechVideoRepair" = "C:\Arquivos de programas\Logitech\Video\ISStart.exe " ["Logitech Inc."]

"LogitechVideoTray" = "C:\Arquivos de programas\Logitech\Video\LogiTray.exe" ["Logitech Inc."]

"1A:Stardock TrayMonitor" = "C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe" ["Stardock"]

"BootSkin Startup Jobs" = ""C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs" [empty string]

"!AVG Anti-Spyware" = ""C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

"ccApp" = ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"osCheck" = ""C:\Arquivos de programas\Norton AntiVirus\osCheck.exe"" ["Symantec Corporation"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"

\InProcServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"

\InProcServer32\(Default) = "C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll" ["Google Inc."]

{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided)

-> {HKLM...CLSID} = "FDMIECookiesBHO Class"

\InProcServer32\(Default) = "D:\Arquivos de programas\Free Download Manager\iefdmcks.dll" [null data]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensao de icone do HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

 

[]'s

[jgarcia 1]

Opa Leoking,

 

O log está incompleto. Um documento completo apresenta uma conjuntura parecida com esta (Post #9).

 

Retorne com um log na íntegra.

 

Abraços.

[Leoking 0]

Opa,desculpa,fui na pressa.

 

Aí vai o log completo:

 

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"MsnMsgr" = ""C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background" [MS]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"LogitechSoftwareUpdate" = ""C:\Arquivos de programas\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]

"FreeRAM XP" = ""D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe" -win" ["YourWare Solutions "]

"MSMSGS" = ""C:\Arquivos de programas\Messenger\msmsgs.exe" /background" [MS]

"lmpc4" = "C:\Arquivos de programas\Lock My PC 4\lockpc.exe /s" ["FSPro Labs"]

"Pando" = ""C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized" ["Pando Networks"]

"(Default)" = "(empty string)" [file not found]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]

"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]

"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]

"avast!" = "C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]

"LogitechVideoRepair" = "C:\Arquivos de programas\Logitech\Video\ISStart.exe " ["Logitech Inc."]

"LogitechVideoTray" = "C:\Arquivos de programas\Logitech\Video\LogiTray.exe" ["Logitech Inc."]

"1A:Stardock TrayMonitor" = "C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe" ["Stardock"]

"BootSkin Startup Jobs" = ""C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs" [empty string]

"!AVG Anti-Spyware" = ""C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

"ccApp" = ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"osCheck" = ""C:\Arquivos de programas\Norton AntiVirus\osCheck.exe"" ["Symantec Corporation"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"

\InProcServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"

\InProcServer32\(Default) = "C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll" ["Google Inc."]

{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided)

-> {HKLM...CLSID} = "FDMIECookiesBHO Class"

\InProcServer32\(Default) = "D:\Arquivos de programas\Free Download Manager\iefdmcks.dll" [null data]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensao de icone do HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

-> {HKLM...CLSID} = "AlcoholShellEx"

\InProcServer32\(Default) = "C:\ARQUIV~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"

-> {HKLM...CLSID} = "RecordNow! SendToExt"

\InProcServer32\(Default) = "C:\Arquivos de programas\Sonic\RecordNow Deluxe\RecordNow! Deluxe\shlext.dll" [null data]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento"

\InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{29D37B90-E2B2-408A-8F0A-F08BF1F9B074}" = "SxContextMenu1"

-> {HKLM...CLSID} = "SxContextMenu1"

\InProcServer32\(Default) = "C:\ARQUIV~1\REACON~1.0PR\Context\context.dll" [null data]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"

-> {HKLM...CLSID} = "My Logitech Pictures"

\InProcServer32\(Default) = "C:\Arquivos de programas\Logitech\Video\Namespc2.dll" ["Logitech Inc."]

"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"

-> {HKLM...CLSID} = "CMenuExtender"

\InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Crystal Clear\iColorFolder\CMExt.dll" ["Revenger inc."]

"{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}" = "ZipGenius Shell Extension"

-> {HKLM...CLSID} = "ZipGenius Shell Extension"

\InProcServer32\(Default) = "C:\ARQUIV~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"]

"{2E5AC2E0-406D-11D4-86B3-FA5861508E25}" = "ZipGenius Zip InfoTip"

-> {HKLM...CLSID} = "ZipGenius InfoTip"

\InProcServer32\(Default) = "C:\ARQUIV~1\ZIPGEN~1\zgtips.dll" ["M.Dev Software"]

"{310A0C95-EA11-42AE-A8E4-53E69E650310}" = "ZipGenius Drop handler"

-> {HKLM...CLSID} = "ZipGenius Drag and Drop handler"

\InProcServer32\(Default) = "C:\ARQUIV~1\ZIPGEN~1\DROPHA~1.DLL" ["M.Dev Software"]

"{FE8D01BF-610A-4261-9C6E-32D65A42C907}" = "ZipGenius DnD Extract handler"

-> {HKLM...CLSID} = "ZipGenius DnD Extract handler"

\InProcServer32\(Default) = "C:\ARQUIV~1\ZIPGEN~1\ZGDRAG~1.DLL" ["M.Dev Software"]

"{2F5AC606-70CF-461C-BFE1-734234536262}" = "WindowBlinds CPL Extension"

-> {HKLM...CLSID} = "DisplayCplExt Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\wbui.dll" ["Stardock.Net, Inc"]

"{611AD258-4138-4348-A534-9856FA6BA398}" = "IconPackager Icon Handler"

-> {HKLM...CLSID} = "IPIconHandlerExt Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Stardock\Object Desktop\IconPackager\shellext.dll" ["Stardock.net, Inc"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"0aMCPClient" = "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"

-> {HKLM...CLSID} = "MCPShellInstantiator Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Stardock\MCPCore.dll" ["Stardock"]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\

<<!>> "AppInit_DLLs" = "wbsys.dll" ["Stardock.Net, Inc"]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> fsp_lmwl\DLLName = "fsp_lmwl.dll" ["FSPro Labs"]

<<!>> MCPClient\DLLName = "C:\Arquivos de programas\Arquivos comuns\Stardock\mcpstub.dll" ["Stardock"]

<<!>> WBSrv\DLLName = "C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll" ["Stardock"]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"

-> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension"

\InProcServer32\(Default) = "D:\Arquivos de programas\LeechGet 2006\ShellExtension.dll" [null data]

PandoShellExt\(Default) = "{9C150845-2A2D-44CC-90B3-AA03480AA3D2}"

-> {HKLM...CLSID} = "PDShellExt Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Pando Networks\Pando\PandoShellExt.dll" ["Pando Networks"]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = "C:\ARQUIV~1\NORTON~2\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

ZipGenius 6\(Default) = "{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}"

-> {HKLM...CLSID} = "ZipGenius Shell Extension"

\InProcServer32\(Default) = "C:\ARQUIV~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"

-> {HKLM...CLSID} = "CMenuExtender"

\InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Crystal Clear\iColorFolder\CMExt.dll" ["Revenger inc."]

LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"

-> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension"

\InProcServer32\(Default) = "D:\Arquivos de programas\LeechGet 2006\ShellExtension.dll" [null data]

PandoShellExt\(Default) = "{9C150845-2A2D-44CC-90B3-AA03480AA3D2}"

-> {HKLM...CLSID} = "PDShellExt Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Pando Networks\Pando\PandoShellExt.dll" ["Pando Networks"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

ZipGenius 6\(Default) = "{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}"

-> {HKLM...CLSID} = "ZipGenius Shell Extension"

\InProcServer32\(Default) = "C:\ARQUIV~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"

-> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension"

\InProcServer32\(Default) = "D:\Arquivos de programas\LeechGet 2006\ShellExtension.dll" [null data]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

-> {HKLM...CLSID} = "IEContextMenu Class"

\InProcServer32\(Default) = "C:\ARQUIV~1\NORTON~2\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

 

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

SxContextMenu1\(Default) = "{29D37B90-E2B2-408A-8F0A-F08BF1F9B074}"

-> {HKLM...CLSID} = "SxContextMenu1"

\InProcServer32\(Default) = "C:\ARQUIV~1\REACON~1.0PR\Context\context.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"NoDrives" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

"NoViewOnDrive" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"NoCDBurning" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

 

HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\

 

"Colors" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Configuracoes locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\Leowall.bmp"

 

 

Startup items in "Leo" & "All Users" startup folders:

-----------------------------------------------------

 

C:\Documents and Settings\Leo\Menu Iniciar\Programas\Inicializar

"Stardock ObjectDock" -> shortcut to: "C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe" ["Stardock"]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

"Google Updater" -> shortcut to: "C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe -systray -startup" ["Google"]

 

 

Enabled Scheduled Tasks:

------------------------

 

"AppleSoftwareUpdate" -> launches: "C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]

"Norton AntiVirus - Run Full System Scan - Leo" -> launches: "C:\ARQUIV~1\NORTON~2\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

"One Button Checkup do Norton SystemWorks" -> launches: "C:\Arquivos de programas\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE /AUTO" [file not found]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 25

%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

"{4D5C8C2A-D075-11D0-B416-00C04FB90376}"

-> {HKLM...CLSID} = "Microsoft CommBand"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{F2CF5485-4E02-4F68-819C-B92DE9277049}"

-> {HKLM...CLSID} = "&Links"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

 

Explorer Bars

 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Pesquisar"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Java コンソール (Sun)"

"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

-> {HKLM...CLSID} = "Web Browser Applet Control"

\InProcServer32\(Default) = "C:\WINDOWS\system32\msjava.dll" [MS]

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Pesquisar"

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Arquivos de programas\Messenger\msmsgs.exe" [MS]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]

avast! Antivirus, avast! Antivirus, ""C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]

Google Updater Service, gusvc, ""C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

StarWind iSCSI Service, StarWindService, "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

Symantec AppCore Service, SymAppCore, ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"]

Symantec Core LC, Symantec Core LC, ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]

Symantec Lic NetConnect service, CLTNetCnService, ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

 

 

Keyboard Driver Filters:

------------------------

 

HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\

"UpperFilters" = <<!>> "lmpc4" ["FSPro Labs"]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

 

 

----------

<<!>>: Suspicious data at a malware launch point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 73 seconds, including 7 seconds for message boxes)

 

[]'s!

[jgarcia 1]

Opa Leoking,

 

Baixe o Fixwareout.

 

Feche todos os programas.

 

Execute o FixWareout (dê duplo clique sobre o ícone) --> "Next" --> "Install" --> "Finish" --> aperte qualquer tecla para continuar --> caso a ferramenta peça reboot, clique em Ok.

 

Verifique o arquivo C:\fixwareout\report.txt.

 

Preciso que coloque o conteúdo do report.txt em sua próxima resposta.

 

Abraços.

[Leoking 0]

jgarcia, meu PC anda meio doido... esse problema do services.exe parou,mas eu já tive esse problema há pouco tempo atrás...então desconfio que ele voltará.

Agora apareceu um novo problema: Quando ligo o PC,logo após carregar todos os programas de inicialização,aparece uma mensagem:

Alerta de Prevenção de Execução de Dados - Microsoft Windows

 

Para ajudar a proteger seu computador, o Windows fechou este programa.

 

Nome: Windows Explorer

 

e se aperto na única opção,fechar mensagem,logo já fecha o explorer.exe e o drwtsn (alguma coisa assim).

 

O que devo fazer?

 

EDIT: não sei o que aconteceu,mas esse problema parou também(o novo que mencionei acima),mas acredito que pode voltar,como eu disse,meu computador tá ficando louco!

 

Ah, e aqui segue o log, como foi pedido:

 

 

Fixwareout Last edited 4/5/2007

Post this report in the forums please

...

ｻｻｻｻｻPrerun check

 

ｻｻｻｻｻ System restarted

 

ｻｻｻｻｻ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "System"=""

....

....

ｻｻｻｻｻ Misc files.

....

ｻｻｻｻｻ Checking for older varients.

....

 

Search five digit cs, dm, kd, jb, other, files.

The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

 

 

 

Click browse, find the file then click submit.

http://www.virustotal.com/flash/index_en.html

Or http://virusscan.jotti.org/

 

ｻｻｻｻｻ Other

 

 

 

ｻｻｻｻｻ Current runs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"

"avast!"="C:\\ARQUIV~1\\ALWILS~1\\Avast4\\ashDisp.exe"

"SoundMan"="SOUNDMAN.EXE"

"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"

"LogitechVideoRepair"="C:\\Arquivos de programas\\Logitech\\Video\\ISStart.exe "

"LogitechVideoTray"="C:\\Arquivos de programas\\Logitech\\Video\\LogiTray.exe"

"1A:Stardock TrayMonitor"="C:\\Arquivos de programas\\Arquivos comuns\\Stardock\\TrayServer.exe"

"BootSkin Startup Jobs"="\"C:\\ARQUIV~1\\Stardock\\WINCUS~1\\BootSkin\\BootSkin.exe\" /StartupJobs"

"!AVG Anti-Spyware"="\"C:\\Arquivos de programas\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

"ccApp"="\"C:\\Arquivos de programas\\Arquivos comuns\\Symantec Shared\\ccApp.exe\""

"osCheck"="\"C:\\Arquivos de programas\\Norton AntiVirus\\osCheck.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]

"ISUSPM Startup"="C:\\ARQUIV~1\\ARQUIV~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

"ISUSScheduler"="\"C:\\Arquivos de programas\\Arquivos comuns\\InstallShield\\UpdateService\\issch.exe\" -start"

"SunJavaUpdateSched"="\"C:\\Arquivos de programas\\Java\\jre1.5.0_10\\bin\\jusched.exe\""

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="\"C:\\Arquivos de programas\\MSN Messenger\\MsnMsgr.Exe\" /background"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"LogitechSoftwareUpdate"="\"C:\\Arquivos de programas\\Logitech\\Video\\ManifestEngine.exe\" boot"

"FreeRAM XP"="\"D:\\Desktop\\Programas\\FreeRAM XP Pro 1.40.exe\" -win"

"MSMSGS"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background"

"lmpc4"="C:\\Arquivos de programas\\Lock My PC 4\\lockpc.exe /s"

"Pando"="\"C:\\Arquivos de programas\\Pando Networks\\Pando\\Pando.exe\" /Minimized"

@=""

....

Hosts file was reset, If you use a custom hosts file please replace it

ｻｻｻｻｻ End report ｻｻｻｻｻ

 

Abraços!

[jgarcia 1]

Opa Leoking,

 

Execute o Active Scan da Panda e retorne com o resultado.

 

Abraços.

[Leoking 0]

O meu Avast detectou como verme =Psó tinha a opção desconectar,como faço?

[jgarcia 1]

O meu Avast detectou como verme =P

só tinha a opção desconectar,como faço?

É um falso-positivo do Avast. Desabilite-o para executar o Active Scan. ;)