Júniorsc 0 Denunciar post Postado Maio 23, 2007 Olá, Há algumas semanas pedi um help pra vcs pq meu PC tava com uma série de problemas e acabei não lhes dando retorno pq o mesmo "morreu" de vez e acabei comprando uma máquina nova, que está comigo há duas semanas. Acontece que hj começou a ficar meio lento e resolvi fazer um scan online na pg da Symantec, que apontou a existência de 3 pragas, a saber: E:\WINDOWS\htmlcode.dat está infectado com Infostealer.Bancos E:\Documents and Settings\Adilio\Configurações locais\Temp\v4x3.ga2me está infectado com Adware.MaxSearch C:\Documents and Settings\Usuario\Configurações locais\Temporary Internet Files\Content.IE5\YK7TQFVC\if_z[1].htm está infectado com Downloader.Trojan Como não consegui eliminar essas porcarias, tirei um log do Hijack e resolvi pedir mais um help, se possível, a fim de eliminar essas drogas. Grato pela atenção, Júnior SC. Logfile of HijackThis v1.99.1 Scan saved at 03:30:34, on 23/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe C:\Arquivos de programas\Eset\nod32kui.exe C:\Arquivos de programas\Ahead\InCD\InCD.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\WinZip\WZQKPICK.EXE C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\Arquivos de programas\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Documents and Settings\Usuario\Desktop\HijackThis.exe O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.atrativa.com.br/yahoo/mjolauncher.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 26, 2007 Bom Dia Júniorsc! >@< Faça o download do EliTempo. >@< Salve-o no Desktop.Mas,não execute-o ainda! >@< Faça o download da EliStarA. >@< Para o download,clique ao pé da página no botão Descargar xxxx. >@< Salve-a no Desktop.Mas,não execute-a ainda! >@< Desabilite as proteções residentes de AntiVírus e AntiSpywares! >@< Reinicie o computador em Modo de Segurança! >@< Rode,agora,a ferramenta EliTempo e,ao terminar,clique em Aceptar! >@< Ainda em Modo Seguro,execute a ferramenta EliStarA,com um duplo clique no seu ícone. >@< Aceite as condições propostas e aguarde a conclusão da ferramenta. >@< EliStarA,deletará ( Opcional ) a sua página inicial.Posteriormente,voçê à configurará novamente! >@< O relatório estará em C:\infoSat.txt @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >@< Reinicie,normalmente,o computador! >@< Faça um escaneamento OnLine em Kaspersky,e poste o relatório. >@< Poste,também,infoSat.txt na sua resposta. Sem Mais! DigRam Compartilhar este post Link para o post Compartilhar em outros sites
Júniorsc 0 Denunciar post Postado Maio 29, 2007 Caro Dig Ram, Conforme suas instruções, estou enviando o relatório do Eli Start Page e outro log do Hijack também. aguardo novo contato. Um abraço, Júniorsc. Tue May 29 04:44:50 2007 EliStartPage v14.07 ©2007 S.G.H. / Satinfo S.L. -------------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\svcp.csv --> Eliminado (Fichero Complementario). C:\WINDOWS\SYSTEM32\Winsub.xml --> Eliminado (Fichero Complementario). Eliminado Servicio, "wincom32" No detectado Parche MS04-011 de Microsoft instalado. (LSASS) No detectado Parche MS04-012 de Microsoft instalado. (RPC) No detectado Parche MS06-001 de Microsoft instalado. (WMF) No detectado Parche MS06-070 de Microsoft instalado. (SServidor) ALERTA. WindowsUpdate Incompleto. Eliminadas las Paginas de Inicio y de Busqueda del IE Eliminados Ficheros Temporales del IE Tue May 29 04:48:21 2007 EliStartPage v14.07 ©2007 S.G.H. / Satinfo S.L. -------------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Tue May 29 13:08:44 2007 EliStartPage v14.07 ©2007 S.G.H. / Satinfo S.L. -------------------------------------------------- Lista de Acciones (por Acción Directa): Por favor, envienos una muestra del fichero C:\Muestras\SVCHOST.EXE.Muestra EliStartPage v14.07 a "virus@satinfo.es". Gracias. C:\WINDOWS\SVCHOST.EXE --> Eliminado No detectado Parche MS04-011 de Microsoft instalado. (LSASS) No detectado Parche MS04-012 de Microsoft instalado. (RPC) No detectado Parche MS06-001 de Microsoft instalado. (WMF) No detectado Parche MS06-070 de Microsoft instalado. (SServidor) ALERTA. WindowsUpdate Incompleto. Eliminadas las Paginas de Inicio y de Busqueda del IE Eliminados Ficheros Temporales del IE Tue May 29 13:09:04 2007 EliStartPage v14.07 ©2007 S.G.H. / Satinfo S.L. -------------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Tue May 29 13:15:08 2007 EliStartPage v14.07 ©2007 S.G.H. / Satinfo S.L. -------------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad E:\ E:\Arquivos de programas\Arquivos comuns\Real\Update_OB\UPGRDHLP.EXE --> Eliminado, CyDoor Logfile of HijackThis v1.99.1 Scan saved at 13:23:18, on 29/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe C:\Arquivos de programas\Eset\nod32kui.exe C:\Arquivos de programas\Ahead\InCD\InCD.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\vsnpstd.exe C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\WinZip\WZQKPICK.EXE C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE C:\Arquivos de programas\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Notepad.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Documents and Settings\Usuario\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.br R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.atrativa.com.br/yahoo/mjolauncher.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: WinCTL - {009541A0-3B00-1F1C-00F3-040224009C02} - C:\Arquivos de programas\Arquivos comuns\winctl.dll O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 30, 2007 Bom Dia Júniorsc! <!> Faça o download do KillBox. <!> Salve-o no Disco Local-C,em uma pasta própria < C:\Killbox.exe >. <!> Abra o KillBox e marque Delete on reboot. <!> Copie a lista,logo abaixo,para a área de transferência ( Full path of file to delete ). <!> Selecione e clique em Copiar.Ou seja,estando desconectado e com estas instruções salvas,voçê copiará esta lista para o Bloco de Notas e,dêste,para a área de transferência no KillBox. C:\Arquivos de programas\Arquivos comuns\winctl.dll C:\Muestras\SVCHOST.EXE <!> Volte ao KillBox e clique em File >> Past from clipboard >> All files. <!> Clique no botão X e,na pergunta sobre o Reboot,diga Não! <!> Reinicie o computador e entre em Modo de Segurança. <!> Durante a reinicialização aperte,intermitentemente,a tecla F8 ou F5 e,no Menu que surgir escolha:Modo Seguro ou de Segurança. <!> Abra o HijackThis e clique em Do a system scan only e marque as entradas,logo abaixo: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O21 - SSODL: WinCTL - {009541A0-3B00-1F1C-00F3-040224009C02} - C:\Arquivos de programas\Arquivos comuns\winctl.dll <!> Finalize-as,clicando em Fix checked! <!> Reinicie,normalmente,o computador! <!> Faça e poste um novo Log do HijackThis,em Modo Normal,na sua resposta. Sem Mais! DigRam Compartilhar este post Link para o post Compartilhar em outros sites
Júniorsc 0 Denunciar post Postado Junho 16, 2007 Prezado DigRam,Desculpe-me por demorar a responder-lhe, mas viajei e só retornei agora.Segui suas instruções e estou postando um novo log do HijackThis. Entretanto, percebi que um novo problema apareceu: no Internet Explorer, aparece abaixo da barra superior, um aviso de que os controles Active X estão com problemas e a página poderá apresentar problemas. Ao tentar configurá-los, em "ferramentas/opções da internet/segurança/nível personalizado/configurações". marcando "ativar" em "controles Active X e plugins", e "ok", as configurações não fixam, dando problema toda vez que troco de página. A opção "aplicar" está sempre desabilitada. Não sei se é vírus ou algum problema nos anti-vírus ou no explorer.Todavia, segue o log do Hijack, aguardando suas instruções. Mais uma vez, desculpe-me pela demora do feedback, ok?Um abraço,Júnior/Florianópolis/SC. Compartilhar este post Link para o post Compartilhar em outros sites
Júniorsc 0 Denunciar post Postado Junho 16, 2007 Prezado DigRam, Desculpe-me por demorar a responder-lhe, mas viajei e só retornei agora. Segui suas instruções e estou postando um novo log do HijackThis. Entretanto, percebi que um novo problema apareceu: no Internet Explorer, aparece abaixo da barra superior, um aviso de que os controles Active X estão com problemas e a página poderá apresentar problemas. Ao tentar configurá-los, em "ferramentas/opções da internet/segurança/nível personalizado/configurações". marcando "ativar" em "controles Active X e plugins", e "ok", as configurações não fixam, dando problema toda vez que troco de página. A opção "aplicar" está sempre desabilitada. Não sei se é vírus ou algum problema nos anti-vírus ou no explorer. Todavia, segue o log do Hijack, aguardando suas instruções. Mais uma vez, desculpe-me pela demora do feedback, ok? Um abraço, Júnior/Florianópolis/SC. Logfile of HijackThis v1.99.1 Scan saved at 18:28:18, on 16/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe C:\Arquivos de programas\Eset\nod32kui.exe C:\Arquivos de programas\Ahead\InCD\InCD.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe C:\Arquivos de programas\Microsoft Security Adviser\msctrl.exe C:\Arquivos de programas\Microsoft Security Adviser\msavsc.exe C:\Arquivos de programas\Microsoft Security Adviser\msscan.exe C:\Arquivos de programas\Microsoft Security Adviser\msiemon.exe C:\Arquivos de programas\Microsoft Security Adviser\msfw.exe C:\Arquivos de programas\Microsoft Security Adviser\mssadv.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Documents and Settings\Usuario\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Arquivos de programas\Anti-Trojan-55\ATWatch.exe O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [msctrl.exe] C:\Arquivos de programas\Microsoft Security Adviser\msctrl.exe O4 - HKLM\..\Run: [msavsc.exe] C:\Arquivos de programas\Microsoft Security Adviser\msavsc.exe O4 - HKLM\..\Run: [msscan.exe] C:\Arquivos de programas\Microsoft Security Adviser\msscan.exe O4 - HKLM\..\Run: [msiemon.exe] C:\Arquivos de programas\Microsoft Security Adviser\msiemon.exe O4 - HKLM\..\Run: [msfw.exe] C:\Arquivos de programas\Microsoft Security Adviser\msfw.exe O4 - HKLM\..\Run: [Microsoft security adviser] C:\Arquivos de programas\Microsoft Security Adviser\mssadv.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msctrl.exe] C:\Arquivos de programas\Microsoft Security Adviser\msctrl.exe O4 - HKCU\..\Run: [msavsc.exe] C:\Arquivos de programas\Microsoft Security Adviser\msavsc.exe O4 - HKCU\..\Run: [msscan.exe] C:\Arquivos de programas\Microsoft Security Adviser\msscan.exe O4 - HKCU\..\Run: [msiemon.exe] C:\Arquivos de programas\Microsoft Security Adviser\msiemon.exe O4 - HKCU\..\Run: [msfw.exe] C:\Arquivos de programas\Microsoft Security Adviser\msfw.exe O4 - HKCU\..\Run: [Microsoft security adviser] C:\Arquivos de programas\Microsoft Security Adviser\mssadv.exe O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.atrativa.com.br/yahoo/mjolauncher.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 19, 2007 Bom Dia Júniorsc! >@< Faça um scan OnLine em Kaspersky,e poste o relatório. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Júniorsc 0 Denunciar post Postado Junho 20, 2007 Caro DigRam,Desabilitei meus anti vírus (NOD 32 e Spyware Terminator) e tentei rodar o Kapersky. Entretanto, nas 3 tentativas para escanear o PC, ele travou quando escaneava o seguinte arquivo: "C:\Documents and Settings\Usuario\Configurações locais\Temp\fpce.exe". Na última tentativa, após parar messa leitura, esperei por 1:20 h. para ver se ele continuava a escanear e nada.Sendo assim, o que devo fazer?Abraços,JúniorSC/Florianópolis/SC. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 20, 2007 Caro DigRam,Desabilitei meus anti vírus (NOD 32 e Spyware Terminator) e tentei rodar o Kapersky. Entretanto, nas 3 tentativas para escanear o PC, ele travou quando escaneava o seguinte arquivo: "C:\Documents and Settings\Usuario\Configurações locais\Temp\fpce.exe". Na última tentativa, após parar messa leitura, esperei por 1:20 h. para ver se ele continuava a escanear e nada. Sendo assim, o que devo fazer? Abraços, JúniorSC/Florianópolis/SC. >@< Opa!Como o Kaspersky está apresentando erro,faça a verificação pelo Panda. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ <!> Caso consiga,faça o escaneamento OnLine,pelo Panda. <!> Na página,clique no botão Scan you PC. <!> Clique em Next. <!> Digite o seu E-Mail. <!> Clique em Send. <!> Finalize clicando em All PC. ( All My Computer ) <!> Aguarde!Pois vai demorar um pouco para concluir o scan. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ <!> Salve o relatório ( Log ) dêste escaneamento! <!> Selecione e copie para o Bloco de Notas e poste para análise. <!> Poste,também,um Log do HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Júniorsc 0 Denunciar post Postado Junho 21, 2007 Caro DigRam, Tô enviando os logs que solicitou. Um abraço, JúniorSC/Florianópolis/SC. Incidência Estado Localização Spyware:Cookie/Doubleclick Não desinfectado C:\Documents and Settings\Usuario\Cookies\usuario@doubleclick[1].txt Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Usuario\Cookies\usuario@terra.com[1].txt Spyware:Cookie/Ccbill Não desinfectado C:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\Dc103.txt Spyware:Cookie/Cgi-bin Não desinfectado C:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\Dc106.txt Spyware:Cookie/Doubleclick Não desinfectado C:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\Dc122.txt Spyware:Cookie/DriveCleaner Não desinfectado C:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\Dc123.txt Spyware:Cookie/Com.com Não desinfectado C:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\Dc167.txt Spyware:Cookie/Com.com Não desinfectado C:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\Dc279.txt Spyware:Cookie/Toplist Não desinfectado C:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\Dc286.txt Spyware:Cookie/Com.com Não desinfectado C:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\Dc291.txt Spyware:Cookie/Yadro Não desinfectado C:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\Dc436.txt Spyware:Cookie/Azjmp Não desinfectado C:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\Dc89.txt Virus:Trj/VB.WQ Desinfectado C:\svchost.exe Virus:Trj/VB.WQ Desinfectado C:\svchost2.exe Virus:Trj/VB.WQ Desinfectado C:\WINDOWS\msavsc.dll Virus:Trj/VB.WQ Desinfectado C:\WINDOWS\msctrl.dll Virus:Trj/VB.WQ Desinfectado C:\WINDOWS\msfw.dll Virus:Trj/VB.WQ Desinfectado C:\WINDOWS\msiemon.dll Virus:Trj/PayClicker.FA Desinfectado C:\WINDOWS\mssadv.dll Virus:Trj/VB.WQ Desinfectado C:\WINDOWS\msscan.dll Virus:Generic Trojan Desinfectado C:\WINDOWS\system32\alt.exe.exe Virus:Generic Trojan Desinfectado C:\WINDOWS\system32\pee.exe.exe Spyware:Cookie/Atwola Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@atwola[2].txt Spyware:Cookie/Ccbill Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@ccbill[2].txt Spyware:Cookie/Cgi-bin Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@cgi-bin[2].txt Spyware:Cookie/Com.com Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@de.uol.com[1].txt Spyware:Cookie/DriveCleaner Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@drivecleaner[2].txt Spyware:Cookie/fe.lea.lycos Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@fe.lea.lycos[1].txt Spyware:Cookie/DriveCleaner Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@go.drivecleaner[1].txt Spyware:Cookie/Com.com Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@ig.com[1].txt Spyware:Cookie/Outster Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@outster[2].txt Spyware:Cookie/Com.com Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@terra.com[2].txt Spyware:Cookie/Toplist Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@toplist[1].txt Spyware:Cookie/Com.com Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@uol.com[2].txt Spyware:Cookie/DriveCleaner Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@www.drivecleaner[2].txt Adware:Adware/Maxifiles Não desinfectado E:\Documents and Settings\A\Configurações locais\Temp\v4x3.ga2me Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado E:\fixwareout\FindT\nircmd.exe Spyware:Cookie/Com.com Não desinfectado E:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\De103.txt Spyware:Cookie/Outster Não desinfectado E:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\De139.txt Spyware:Cookie/tracker Não desinfectado E:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\De152.txt Spyware:Cookie/Com.com Não desinfectado E:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\De162.txt Spyware:Cookie/Com.com Não desinfectado E:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\De163.txt Spyware:Cookie/Com.com Não desinfectado E:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\De164.txt Spyware:Cookie/Com.com Não desinfectado E:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\De167.txt Spyware:Cookie/Xiti Não desinfectado E:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\De203.txt Spyware:Cookie/Atlas DMT Não desinfectado E:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\De33.txt Spyware:Cookie/Ccbill Não desinfectado E:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\De50.txt Spyware:Cookie/tracker Não desinfectado E:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\De57.txt Spyware:Cookie/cs.counter Não desinfectado E:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\De59.txt Spyware:Cookie/Com.com Não desinfectado E:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\De65.txt Spyware:Cookie/Doubleclick Não desinfectado E:\RECYCLER\S-1-5-21-507921405-1085031214-682003330-1003\De68.txt Logfile of HijackThis v1.99.1 Scan saved at 02:41:05, on 21/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe C:\Arquivos de programas\Eset\nod32kui.exe C:\Arquivos de programas\Ahead\InCD\InCD.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE C:\Arquivos de programas\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\ARQUIV~1\SPYWAR~1\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\winmine.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE C:\WINDOWS\system32\Notepad.exe C:\Documents and Settings\Usuario\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Arquivos de programas\Anti-Trojan-55\ATWatch.exe O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [msctrl.exe] C:\Arquivos de programas\Microsoft Security Adviser\msctrl.exe O4 - HKLM\..\Run: [msavsc.exe] C:\Arquivos de programas\Microsoft Security Adviser\msavsc.exe O4 - HKLM\..\Run: [msscan.exe] C:\Arquivos de programas\Microsoft Security Adviser\msscan.exe O4 - HKLM\..\Run: [msiemon.exe] C:\Arquivos de programas\Microsoft Security Adviser\msiemon.exe O4 - HKLM\..\Run: [msfw.exe] C:\Arquivos de programas\Microsoft Security Adviser\msfw.exe O4 - HKLM\..\Run: [Microsoft security adviser] C:\Arquivos de programas\Microsoft Security Adviser\mssadv.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msctrl.exe] C:\Arquivos de programas\Microsoft Security Adviser\msctrl.exe O4 - HKCU\..\Run: [msavsc.exe] C:\Arquivos de programas\Microsoft Security Adviser\msavsc.exe O4 - HKCU\..\Run: [msscan.exe] C:\Arquivos de programas\Microsoft Security Adviser\msscan.exe O4 - HKCU\..\Run: [msiemon.exe] C:\Arquivos de programas\Microsoft Security Adviser\msiemon.exe O4 - HKCU\..\Run: [msfw.exe] C:\Arquivos de programas\Microsoft Security Adviser\msfw.exe O4 - HKCU\..\Run: [Microsoft security adviser] C:\Arquivos de programas\Microsoft Security Adviser\mssadv.exe O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARQUIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.atrativa.com.br/yahoo/mjolauncher.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\ARQUIV~1\SPYWAR~1\sp_rsser.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 24, 2007 Bom Dia Júniorsc! >@< Faça o download do ATF Cleaner. >@< Salve-o no Desktop! >@< Reinicie o computador em Modo de Segurança. >@< Abra o ATF Cleaner. >@< Em Select Files to Delete.... >1< Clique em Select All >> Empty Selected. >2< Na janela que abrir..Done,clique Ok! >> Exit. >@< Reinicie em Modo Normal. >@< Faça um nôvo scan,pelo Panda,e poste o relatório. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Júniorsc 0 Denunciar post Postado Junho 26, 2007 Caro DigRam,Segui suas instruções e tô enviando o log do Panda. Além do Panda, dei uma examinada com o Spyware Terminator e também tô enviando o relatório do mesmo. Talvez ajude.Um abraço,Júniorsc/Florianópolis/SC.Incidência Estado Localização Spyware:Cookie/Atwola Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@atwola[2].txt Spyware:Cookie/Ccbill Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@ccbill[2].txt Spyware:Cookie/Cgi-bin Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@cgi-bin[2].txt Spyware:Cookie/Com.com Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@de.uol.com[1].txt Spyware:Cookie/DriveCleaner Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@drivecleaner[2].txt Spyware:Cookie/fe.lea.lycos Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@fe.lea.lycos[1].txt Spyware:Cookie/DriveCleaner Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@go.drivecleaner[1].txt Spyware:Cookie/Com.com Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@ig.com[1].txt Spyware:Cookie/Outster Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@outster[2].txt Spyware:Cookie/Com.com Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@terra.com[2].txt Spyware:Cookie/Toplist Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@toplist[1].txt Spyware:Cookie/Com.com Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@uol.com[2].txt Spyware:Cookie/DriveCleaner Não desinfectado E:\bkp\Documents and Settings\A Júnior\Cookies\a júnior@www.drivecleaner[2].txt Adware:Adware/Maxifiles Não desinfectado E:\Documents and Settings\A\Configurações locais\Temp\v4x3.ga2me Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado E:\fixwareout\FindT\nircmd.exe Spyware Terminator Version: 1.9.3.142Start time: 26/6/2007 01:22:31System: Windows XPUser: LimitedProcesses ScanC:\WINDOWS\system32\lsass.exe [Microsoft Corporation] C:\WINDOWS\system32\imon.dll [Eset ], C:\Arquivos de programas\Eset\pr_imon.dll [Empty], C:\WINDOWS\system32\svchost.exe [Microsoft Corporation] imon.dll, pr_imon.dll, imon.dll, pr_imon.dll, imon.dll, pr_imon.dll, imon.dll, pr_imon.dll, C:\WINDOWS\system32\dsnpstd.dll [Empty], C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe [Nero AG] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\DriveLocker.dll [Ahead Software AG], incdshx.dll [Nero AG], C:\WINDOWS\system32\spoolsv.exe [Microsoft Corporation] C:\WINDOWS\system32\hpzsnt09.dll [HP], C:\Arquivos de programas\Eset\nod32krn.exe [Eset ] nod32krr.dll [Eset ], ps_amon.dll [Eset ], pr_amon.dll [Eset ], ps_dmon.dll [Eset ], C:\Arquivos de programas\Eset\pr_dmon.dll [Empty], ps_emon.dll [Eset ], C:\Arquivos de programas\Eset\pr_emon.dll [Empty], imon.dll, pr_imon.dll, ps_nod32.dll [Eset ], pr_nod32.dll [Eset ], ps_upd.dll [Eset ], C:\Arquivos de programas\Eset\pr_upd.dll [Empty], C:\WINDOWS\system32\nvsvc32.exe [NVIDIA Corporation] C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [Analog Devices, Inc.] C:\WINDOWS\System32\alg.exe [Microsoft Corporation] imon.dll, pr_imon.dll, C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe [Analog Devices, Inc.] SMWDMIF.dll [Analog Devices, Inc.], C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe [Analog Devices, Inc.] C:\Arquivos de programas\Eset\nod32kui.exe [Eset ] C:\Arquivos de programas\Eset\nod32rui.dll [Empty], pu_amon.dll [Eset ], pr_amon.dll, pu_dmon.dll [Eset ], pr_dmon.dll, pu_emon.dll [Eset ], pr_emon.dll, pu_imon.dll [Eset ], pr_imon.dll, pu_nod32.dll [Eset ], pr_nod32.dll, pu_upd.dll [Eset ], pr_upd.dll, C:\Arquivos de programas\Ahead\InCD\InCD.exe [Nero AG] InCdApi.dll [Nero AG], DriveLocker.dll, incdshx.dll, C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [Cyberlink Corp.] C:\Arquivos de programas\CyberLink\Shared Files\CLRCEngine2.dll [CyberLink Corp.], C:\WINDOWS\vsnpstd.exe [Empty] C:\WINDOWS\system32\RUNDLL32.EXE [Microsoft Corporation] C:\WINDOWS\system32\NvMcTray.dll [NVIDIA Corporation], C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe [sun Microsystems, Inc.] C:\Arquivos de programas\Winamp\winampa.exe [Empty] C:\Arquivos de programas\Winamp\NSCRT.dll [Nullsoft, Inc.], C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe [Google Inc.] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe [Hewlett-Packard] C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe [Hewlett-Packard Company] C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [Adobe Systems Incorporated] C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe [Microsoft Corporation] C:\WINDOWS\system32\dsnpstd.ax [Empty], C:\WINDOWS\system32\rsnpstd.dll [Empty], C:\Arquivos de programas\Skype\Phone\Skype.exe [skype Technologies S.A.] imon.dll, pr_imon.dll, C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [Hewlett-Packard Co.] hpqcxm08.dll [Hewlett-Packard Co.], hpquio08.dll [Hewlett-Packard Co.], hpqtra08.rsc [Hewlett-Packard Co.], hpqtao08.dll [Hewlett-Packard Co.], hpotra08.dll [Hewlett-Packard Co.], hpotra08.rsc [Hewlett-Packard Co.], hpodio08.dll [Hewlett-Packard Co.], C:\Arquivos de programas\HP\Digital Imaging\bin\hpodvd08.dll [Hewlett-Packard], hpoSTD08.dll [Hewlett-Packard Co.], hpqtap08.dll [Hewlett-Packard Co.], hpoSTD08.rsc [Hewlett-Packard Co.], C:\WINDOWS\system32\hpzidr12.dll [HP], C:\WINDOWS\system32\hpzipr12.dll [HP], hpocxi08.dll [Hewlett-Packard Co.], hpqcob08.dll [Hewlett-Packard Co.], hpodev08.dll [Hewlett-Packard Co.], hpodeb08.dll [Hewlett-Packard Co.], hposcn08.dll [Hewlett-Packard Co.], hpoSCN08.rsc [Hewlett-Packard Co.], C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe [skype Technologies] C:\Arquivos de programas\Skype\Plugin Manager\ezPMUtils.dll [EasyBits Software Corp.], imon.dll, pr_imon.dll, C:\Arquivos de programas\Internet Explorer\iexplore.exe [Microsoft Corporation] C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated], C:\Arquivos de programas\Skype\Phone\IEPlugin\SkypeIEPlugin.dll [skype Technologies S.A.], C:\Arquivos de programas\Skype\toolbars\Shared\SPhoneParser.dll [skype Technologies], C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll [sun Microsystems, Inc.], imon.dll, pr_imon.dll, C:\Arquivos de programas\Spyware Terminator\SpywareTerminator.exe [Crawler.com] imon.dll, pr_imon.dll, C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe [Crawler.com] C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe [Crawler.com] Startup ScanHKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [ Microsoft Corporation ]"MsnMsgr" = "C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE" [ Microsoft Corporation ]"Skype" = "C:\ARQUIVOS DE PROGRAMAS\SKYPE\PHONE\SKYPE.EXE" [ Skype Technologies S.A. ]"MSMSGS" = "C:\ARQUIVOS DE PROGRAMAS\MESSENGER\MSMSGS.EXE" [ Microsoft Corporation ]"msctrl.exe" = "C:\Arquivos de programas\Microsoft Security Adviser\msctrl.exe" [ file not found ]"msavsc.exe" = "C:\Arquivos de programas\Microsoft Security Adviser\msavsc.exe" [ file not found ]"msscan.exe" = "C:\Arquivos de programas\Microsoft Security Adviser\msscan.exe" [ file not found ]"msiemon.exe" = "C:\Arquivos de programas\Microsoft Security Adviser\msiemon.exe" [ file not found ]"msfw.exe" = "C:\Arquivos de programas\Microsoft Security Adviser\msfw.exe" [ file not found ]"Microsoft security adviser" = "C:\Arquivos de programas\Microsoft Security Adviser\mssadv.exe" [ file not found ]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"GrooveMonitor" = "C:\ARQUIVOS DE PROGRAMAS\MICROSOFT OFFICE\OFFICE12\GROOVEMONITOR.EXE" [ Microsoft Corporation ]"SoundMAXPnP" = "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [ Analog Devices, Inc. ]"SoundMAX" = "C:\ARQUIVOS DE PROGRAMAS\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE" [ Analog Devices, Inc. ]"nod32kui" = "C:\ARQUIVOS DE PROGRAMAS\ESET\NOD32KUI.EXE" [ Eset ]"InCD" = "C:\Arquivos de programas\Ahead\InCD\InCD.exe" [ Nero AG ]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" [ Ahead Software Gmbh ]"RemoteControl" = "C:\ARQUIVOS DE PROGRAMAS\CYBERLINK\POWERDVD\PDVDSERV.EXE" [ Cyberlink Corp. ]"NvCplDaemon" = "C:\WINDOWS\SYSTEM32\NVCPL.DLL" [ NVIDIA Corporation ]"nwiz" = "C:\WINDOWS\system32\NWIZ.EXE" [ NVIDIA Corporation ]"snpstd" = "C:\WINDOWS\vsnpstd.exe" [ Empty ]"NvMediaCenter" = "C:\WINDOWS\SYSTEM32\NVMCTRAY.DLL" [ NVIDIA Corporation ]"SunJavaUpdateSched" = "C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE1.6.0_01\BIN\JUSCHED.EXE" [ Sun Microsystems, Inc. ]"WinampAgent" = "C:\Arquivos de programas\Winamp\winampa.exe" [ Empty ]"Picasa Media Detector" = "C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [ Google Inc. ]"Anti-Trojan-Watch" = "C:\Arquivos de programas\Anti-Trojan-55\ATWatch.exe" [ Anti-Trojan Network ]"SpywareTerminator" = "C:\Arquivos de programas\Spyware Terminator\SPYWARETERMINATORSHIELD.EXE" [ Crawler.com ]"HP Software Update" = "C:\ARQUIVOS DE PROGRAMAS\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE" [ Hewlett-Packard ]"HP Component Manager" = "C:\ARQUIVOS DE PROGRAMAS\HP\HPCORETECH\HPCMPMGR.EXE" [ Hewlett-Packard Company ]"msctrl.exe" = "C:\Arquivos de programas\Microsoft Security Adviser\msctrl.exe" [ file not found ]"msavsc.exe" = "C:\Arquivos de programas\Microsoft Security Adviser\msavsc.exe" [ file not found ]"msscan.exe" = "C:\Arquivos de programas\Microsoft Security Adviser\msscan.exe" [ file not found ]"msiemon.exe" = "C:\Arquivos de programas\Microsoft Security Adviser\msiemon.exe" [ file not found ]"msfw.exe" = "C:\Arquivos de programas\Microsoft Security Adviser\msfw.exe" [ file not found ]"Microsoft security adviser" = "C:\Arquivos de programas\Microsoft Security Adviser\mssadv.exe" [ file not found ]"Adobe Reader Speed Launcher" = "C:\ARQUIVOS DE PROGRAMAS\ADOBE\READER 8.0\READER\READER_SL.EXE" [ Adobe Systems Incorporated ]"Suite de Aplicativos Gráfi2a" = "C:\ARQUIVOS DE PROGRAMAS\COREL\COREL GRAPHICS 11\REGISTER\REGISTRATION.EXE" [ Corel Corporation ]BHO ScanFacilitador de Leitor de Link Adobe PDF {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} []Skype add-on (mastermind) {22BF413B-C6D2-4d91-82A9-A0F997BA588C} C:\Arquivos de programas\Skype\Phone\IEPlugin\SkypeIEPlugin.dll [skype Technologies S.A.]Groove GFS Browser Helper {72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [Microsoft Corporation]SSVHelper Class {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll [sun Microsystems, Inc.] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [] {2670000A-7350-4f3c-8081-5663EE0C6C49} []Skype add-on (button) {77BF5300-1474-4EC7-9980-D32B190E9B07} C:\Arquivos de programas\Skype\Phone\IEPlugin\SkypeIEPlugin.dll [skype Technologies S.A.] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} [] {FB5F1910-F110-11d2-BB9E-00C04F795683} []HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{42071714-76d4-11d1-8b24-00a0c9068ff3} = Extensão do 'Painel de controle' para panorâmica de vídeo (deskpan.dll) []{764BF0E1-F219-11ce-972D-00AA00A14F56} = Extensões do shell para compactação de arquivos () []{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Menu de contexto de criptografia () []{88895560-9AA2-1069-930E-00AA0030EBC8} = Extensão de ícone do HyperTerminal (C:\WINDOWS\system32\hticons.dll) [Hilgraeve, Inc.]{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Barra de tarefas e menu Iniciar () []{30D02401-6A81-11d0-8274-00C04FD5AE38} = IE Search Band (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} = Shell DocObject Viewer (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{FBF23B40-E3F0-101B-8488-00AA003E56F8} = InternetShortcut (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{3C374A40-BAE4-11CF-BF7D-00AA006946EE} = Microsoft Url History Service (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{FF393560-C2A7-11CF-BFF4-444553540000} = History (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{7BD29E00-76C1-11CF-9DD0-00A0C9034933} = Temporary Internet Files (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{7BD29E01-76C1-11CF-9DD0-00A0C9034933} = Temporary Internet Files (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{CFBFAE00-17A6-11D0-99CB-00C04FD64497} = Microsoft Url Search Hook (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} = The Internet (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{871C5380-42A0-1069-A2EA-08002B30309D} = Internet Name Space (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{7A9D77BD-5403-11d2-8785-2E0420524153} = Contas de usuário () []{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper (C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll) [Microsoft Corporation]{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar (C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll) [Microsoft Corporation]{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler (C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll) [Microsoft Corporation]{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook (C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll) [Microsoft Corporation]{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler (C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll) [Microsoft Corporation]{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler (C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll) [Microsoft Corporation]{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) (C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll) [Microsoft Corporation]{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) (C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll) [Microsoft Corporation]{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) (C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll) [Microsoft Corporation]{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) (C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll) [Microsoft Corporation]{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) (C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll) [Microsoft Corporation]{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler (C:\Arquivos de programas\Microsoft Office\Office12\OLKFSTUB.DLL) [Microsoft Corporation]{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler (C:\Arquivos de programas\Microsoft Office\Office12\MLSHEXT.DLL) [Microsoft Corporation]{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search (C:\Arquivos de programas\Microsoft Office\Office12\ONFILTER.DLL) [Microsoft Corporation]{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler (C:\Arquivos de programas\Microsoft Office\Office12\msohevi.dll) [Microsoft Corporation]{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\msoshext.dll) [Microsoft Corporation]{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\msoshext.dll) [Microsoft Corporation]{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} = Messenger Sharing Folders (C:\Arquivos de programas\MSN Messenger\fsshext.8.1.0178.00.dll) [Microsoft Corporation]{640167b4-59b0-47a6-b335-a6b3c0695aea} = Portable Media Devices (C:\WINDOWS\system32\Audiodev.dll) [Microsoft Corporation]{35786D3C-B075-49b9-88DD-029876E11C01} = Portable Devices (C:\WINDOWS\system32\wpdshext.dll) [Microsoft Corporation]{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} = Portable Devices Menu (C:\WINDOWS\system32\wpdshext.dll) [Microsoft Corporation]{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} (C:\Arquivos de programas\Microsoft Office\Visio11\VISSHE.DLL) []{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} (C:\Arquivos de programas\Microsoft Office\Visio11\VISSHE.DLL) []{B089FE88-FB52-11d3-BDF1-0050DA34150D} = NOD32 Context Menu Shell Extension (C:\Arquivos de programas\Eset\nodshex.dll) []{950FF917-7A57-46BC-8017-59D9BF474000} = Shell Extension for CDRW (C:\Arquivos de programas\Ahead\InCD\incdshx.dll) [Nero AG]{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class (C:\WINDOWS\system32\nvcpl.dll) [NVIDIA Corporation]{1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer (C:\WINDOWS\system32\nvshell.dll) [NVIDIA Corporation]{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu (C:\WINDOWS\system32\nvshell.dll) [NVIDIA Corporation]{1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu (C:\WINDOWS\system32\nvshell.dll) [NVIDIA Corporation]{FFB699E0-306A-11d3-8BD1-00104B6F7516} = Play on my TV helper (C:\WINDOWS\system32\nvcpl.dll) [NVIDIA Corporation]{e82a2d71-5b2f-43a0-97b8-81be15854de8} = ShellLink for Application References (C:\WINDOWS\system32\dfshim.dll) [Microsoft Corporation]{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} = Shell Icon Handler for Application References (C:\WINDOWS\system32\dfshim.dll) [Microsoft Corporation]{BD88A479-9623-4897-8546-BC62B9628F44} = SPTHandler (C:\Arquivos de programas\Spyware Terminator\sptcontmenu.dll) [Crawler.com]{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension (C:\Arquivos de programas\7-Zip\7-zip.dll) [igor Pavlov]{21569614-B795-46b1-85F4-E737A8DC09AD} = Shell Search Band (C:\WINDOWS\system32\browseui.dll) [Microsoft Corporation]{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} = Componente da extensão do shell do CorelDRAW (C:\Arquivos de programas\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll) [Corel Corporation]{07C45BB1-4A8C-4642-A1F5-237E7215FF66} = IE Microsoft BrowserBand (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{1C1EDB47-CE22-4bbb-B608-77B48F83C823} = IE Fade Task (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{205D7A97-F16D-4691-86EF-F3075DCCA57D} = IE Menu Desk Bar (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{3028902F-6374-48b2-8DC6-9725E775B926} = IE AutoComplete (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{43886CD5-6529-41c4-A707-7B3C92C05E68} = IE Navigation Bar (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{44C76ECD-F7FA-411c-9929-1B77BA77F524} = IE Menu Site (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{4B78D326-D922-44f9-AF2A-07805C2A3560} = IE Menu Band (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{6038EF75-ABFC-4e59-AB6F-12D397F6568D} = IE Microsoft History AutoComplete List (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} = IE Tracking Shell Menu (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{6CF48EF8-44CD-45d2-8832-A16EA016311B} = IE IShellFolderBand (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{73CFD649-CD48-4fd8-A272-2070EA56526B} = IE BandProxy (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} = IE MRU AutoComplete List (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} = IE RSS Feeder Folder (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} = IE Microsoft Shell Folder AutoComplete List (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{B31C5FAE-961F-415b-BAF0-E697A5178B94} = IE Microsoft Multiple AutoComplete List Container (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} = Microsoft Browser Architecture (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} = IE Shell Rebar BandSite (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{E6EE9AAC-F76B-4947-8260-A9F136138E11} = IE Shell Band Site Menu (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{F2CF5485-4E02-4f68-819C-B92DE9277049} = &Links (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} = IE Registry Tree Options Utility (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} = IE User Assist (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} = IE Custom MRU AutoCompleted List (C:\WINDOWS\system32\ieframe.dll) [Microsoft Corporation]Winlogon Notify ScanWgaLogon = WgaLogon.dll (C:\WINDOWS\system32\WgaLogon.dll) [Microsoft Corporation]Services Scan"aeaudio" = C:\WINDOWS\system32\drivers\aeaudio.sys [Andrea Electronics Corporation]"AMON" = C:\WINDOWS\system32\drivers\amon.sys [Eset ]"aslm75" = C:\WINDOWS\SYSTEM32\DRIVERS\ASLM75.SYS []"CO_Mon" = C:\WINDOWS\SYSTEM32\DRIVERS\CO_MON.SYS []"dmboot" = C:\WINDOWS\System32\drivers\dmboot.sys [Microsoft Corp., Veritas Software]"dmio" = C:\WINDOWS\system32\DRIVERS\dmio.sys [Microsoft Corp., Veritas Software]"EL90XBC" = C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [3Com Corporation]"HPZid412" = C:\WINDOWS\system32\DRIVERS\HPZid412.sys [HP]"HPZipr12" = C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [HP]"HPZius12" = C:\WINDOWS\system32\DRIVERS\HPZius12.sys [HP]"InCDPass" = C:\WINDOWS\System32\DRIVERS\InCDPass.sys [Nero AG]"InCDsrv" = C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe [Nero AG]"MidiSyn" = C:\WINDOWS\system32\drivers\MidiSyn.sys [Analog Devices, Inc.]"nod32drv" = C:\WINDOWS\system32\drivers\nod32drv.sys []"NOD32krn" = C:\Arquivos de programas\Eset\nod32krn.exe [Eset ]"nv" = C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [NVIDIA Corporation]"NVSvc" = C:\WINDOWS\system32\nvsvc32.exe [NVIDIA Corporation]"Pml Driver HPZ12" = C:\WINDOWS\system32\HPZipm12.exe [HP]"Ptilink" = C:\WINDOWS\system32\DRIVERS\ptilink.sys [Parallel Technologies, Inc.]"PxHelp20" = C:\WINDOWS\System32\Drivers\PxHelp20.sys [sonic Solutions]"runtime2" = C:\WINDOWS\System32\drivers\runtime2.sys []"Secdrv" = C:\WINDOWS\system32\DRIVERS\secdrv.sys []"senfilt" = C:\WINDOWS\system32\drivers\senfilt.sys [sensaura]"smwdm" = C:\WINDOWS\system32\drivers\smwdm.sys [Analog Devices, Inc.]"snpstd" = C:\WINDOWS\system32\DRIVERS\snpstd.sys []"SoundMAX Agent Service (default)" = C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [Analog Devices, Inc.]"sp_rsdrv2" = C:\WINDOWS\SYSTEM32\DRIVERS\SP_RSDRV2.SYS [Crawler.com]"sp_rssrv" = C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe [Crawler.com]"windev-7043-183c" = C:\WINDOWS\system32\windev-7043-183c.sys []"yukonwxp" = C:\WINDOWS\system32\DRIVERS\yk51x86.sys [Marvell]Protocol Filters ScanClass Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (C:\WINDOWS\system32\urlmon.dll) [Microsoft Corporation]text/xml = {807553E5-5146-11D5-A672-00B0D022E945} (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL) [Microsoft Corporation]Hosts ScanLOCALHOST mapping = 1IE ScanIERESET.INF missing Signature="$CHICAGO$"IERESET.INF missing AdvancedINF=2.5,"You need a new version of advpack.dll"IERESET.INF missing AddReg=RestoreHomePage.regIERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Start Page",0,%START_PAGE_URL%IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Page_URL",0,%START_PAGE_URL%IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Search_URL",0,%SEARCH_PAGE_URL%IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","1",0,"www.%s.com"IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","2",0,"www.%s.org"IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","3",0,"www.%s.net"IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","4",0,"www.%s.edu"IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\SearchUrl","Provider",0,""IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","SearchAssistant",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"IERESET.INF missing HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"IERESET.INF missing SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"IERESET.INF missing AddReg=RestoreBrowserSettings.regIERESET.INF missing DelReg=DeleteTemplates.reg or DelReg=DeleteTemplates.reg, DeleteAutosearch.regIERESET.INF missing START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=7&ar=msnhome" or START_PAGE_URL="http://www.msn.com"IERESET.INF missing SAFESITE_VALUE="http://home.microsoft.com/" or SAFESITE_VALUE="ie.search.msn.com"IERESET.INF missing MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=7&ar=msnhome" or MS_START_PAGE_URL="http://www.msn.com"System Policies ScanDisableTaskMgr Disabled Task Manger HIJACK WARNING!WinSock2 ScanProtocol Entry 000000000001 = C:\WINDOWS\system32\imon.dll [Eset ]Protocol Entry 000000000002 = C:\WINDOWS\system32\imon.dll [Eset ]Protocol Entry 000000000003 = C:\WINDOWS\system32\imon.dll [Eset ]Protocol Entry 000000000004 = C:\WINDOWS\system32\imon.dll [Eset ]Protocol Entry 000000000005 = C:\WINDOWS\system32\imon.dll [Eset ]Protocol Entry 000000000011 = C:\WINDOWS\system32\imon.dll [Eset ] Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 26, 2007 Bom Dia Júniorsc! >@< Abra o KillBox e marque a função: Replace on reboot. >@< Insira ou digite na caixa Full path of file to delete,o seguinte ficheiro: E:\WINDOWS\htmlcode.dat >@< Marque a opção: < Use Dummy > >@< Clique no botão X >> Yes ( Sim ). >@< E,na pergunta sobre o reboot,diga No ( Não ). >@< Faça o mesmo procedimento para todos os ficheiros,relacionados abaixo.Menos para o último! E:\Documents and Settings\A\Configurações locais\Temp\v4x3.ga2me E:\Documents and Settings\Adilio\Configurações locais\Temp\v4x3.ga2me E:\fixwareout\FindT\nircmd.exe >@< Já nêste ficheiro,logo abaixo,na pergunta,confirme! >@< O computador vai reiniciar! C:\Documents and Settings\Usuario\Configurações locais\Temporary Internet Files\Content.IE5\YK7TQFVC\if_z[1].htm >@< Volte ao KillBox e abra a pasta: < C:\!Killbox.log > Copie o conteúdo de backups,e poste na sua resposta. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Júniorsc 0 Denunciar post Postado Junho 28, 2007 Caro DigRam,Aí vai o log do Killbox:Pocket Killbox version 2.0.0.648Running on Windows XP as Usuario(Administrator)was started @ sábado, junho 16, 2007, 5:48 PM Killbox Closed(Exit) @ 5:50:38 PM__________________________________________________ Pocket Killbox version 2.0.0.648Running on Windows XP as Usuario(Administrator)was started @ sábado, junho 16, 2007, 5:50 PM # 1 [Delete on Reboot]Path = C:\Muestras\SVCHOST.EXE # 2 [Delete on Reboot]Path = C:\Arquivos de programas\Arquivos comuns\winctl.dll Killbox Closed(Exit) @ 5:54:44 PM__________________________________________________ Pocket Killbox version 2.0.0.648Running on Windows XP as Usuario(Administrator)was started @ quinta-feira, junho 28, 2007, 12:04 AM # 1 [Replace on Delete]Path = E:\WINDOWS\htmlcode.dat*Replaced with C:\Documents and Settings\Usuario\Configurações locais\Temp\kbdummy.0 I Rebooted @ 12:06:29 AMKillbox Closed(Exit) @ 12:06:33 AM__________________________________________________ Pocket Killbox version 2.0.0.648Running on Windows XP as Usuario(Administrator)was started @ quinta-feira, junho 28, 2007, 12:10 AM Um abraço,Júniorsc/Florianópolis/SC. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 28, 2007 Bom Dia Júniorsc! >@< Faça um escaneamento OnLine,com opções de deletar arquivos malwares,em BitDefender. >@< Clique em BitDefender OnLine Scanner. >@< Clique em: I Agree >> Aguarde! >@< Siga as recomendações do programa e quando terminar,poste o relatório. >@< Poste,também,um nôvo Log do HijackThis,na sua resposta. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Agosto 9, 2007 Tópico Arquivado Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites