Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

ROSALBA ANTONIELA

[Arquivado] PODEM ANALISAR ESSE LOG

Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 18:34:23, on 2/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=61005

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brturbo.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

F3 - REG:win.ini: run=

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\Downloaded Program Files\gbiehCef.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TrojanScanner] C:\Arquivos de programas\Trojan Remover\Trjscan.exe

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://cob.bancovw.com.br/viewer9/activeXV...tivexviewer.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/1d/pla...1/Installer.exe

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1D7D353E-5E12-4AF2-ACFF-3D34FA2AB80A}: NameServer = 201.10.128.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{1D7D353E-5E12-4AF2-ACFF-3D34FA2AB80A}: NameServer = 201.10.128.3,201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Arquivos de programas\WinClamAVShield\sp_clamsrv.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

ATENCIOSAMENTE,

ROSALBA ANTONIELA

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde ROSALBA ANTONIELA!

 

>@< Faça o download da EliStarA.

>@< Na página,clique no botão: Descargar EliStarA v xx.xx,que fica situado ao pé da página.

>@< Salve a ferramenta no Desktop!

>@< Desabilite as proteções residentes de AntiVírus e AntiSpyware.

>@< Reinicie o computador em Modo de Segurança.

>@< Vá ao ícone de EliStarA e execute-a!

>@< Aguarde,com paciência,o término do scan.

>@< Terminando,será gerado um relatório ( infoSat.txt ),no Disco Local-C.

>@< A ferramenta deletará,a sua página inicial,posteriormente voçê à configurará novamente.

>@< Reinicie,normalmente,o computador!

>@< Faça e poste,na sua resposta: infoSat.txt + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

desde ja agradeço sua atenção, tenho tido problemas no meu pc e não faço a minima ideia de como analisar um log, muito obrigada, segue oq você me pediu.

 

 

infosat

Sun Oct 07 11:17:01 2007

EliStartPage v14.78 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\WT\WEBDRIVER.DLL --> Eliminado

Eliminado Servicio, "GbpSv"

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

 

Sun Oct 07 11:19:56 2007

EliStartPage v14.78 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Spyware Terminator\SPTCONTMENU.DLL --> Eliminado, KeyLogger.FL

C:\Arquivos de programas\Total Video Converter\OPTIMIZEGIF.DLL --> Eliminado, KeyLogger.FL

 

Sun Oct 07 12:37:06 2007

EliStartPage v14.78 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 13:15:25, on 7/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\SPYWAR~2\SpywareTerminatorShield.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\Mixer.exe

C:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\CoolSMS\CoolSMS.exe

C:\Arquivos de programas\eMule\emule.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\ARQUIV~1\SPYWAR~2\sp_rsser.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\Notepad.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=61005

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brturbo.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

F3 - REG:win.ini: run=

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\Downloaded Program Files\gbiehCef.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~2\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TrojanScanner] C:\Arquivos de programas\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [MMTray] "C:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [mmtask] "C:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [CoolSMS] C:\Arquivos de programas\CoolSMS\CoolSMS.exe /minimized

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://cob.bancovw.com.br/viewer9/activeXV...tivexviewer.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/1d/pla...1/Installer.exe

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1D7D353E-5E12-4AF2-ACFF-3D34FA2AB80A}: NameServer = 201.10.128.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{1D7D353E-5E12-4AF2-ACFF-3D34FA2AB80A}: NameServer = 201.10.128.3,201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Arquivos de programas\WinClamAVShield\sp_clamsrv.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\ARQUIV~1\SPYWAR~2\sp_rsser.exe

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde ROSALBA ANTONIELA!

 

>@< Desinstale: < Trojan Remover >

_________________

 

>@< Abra o HijackThis!

>@< Clique em Do a system scan only e marque as entradas,logo abaixo:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=61005

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

F3 - REG:win.ini: run=

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O11 - Options group: [iNTERNATIONAL] International*

>@< Finalize-as,clicando em Fix checked!

_________________

 

>@< Faça o download do a-squared Free 3.0

>@< Abra o programa e clique em: Atualizar agora >> Aguarde!

>@< Terminando,clique em: Analisar agora.

>@< Procure fazer,esta análise,em Modo de Segurança!

>@< Escolha a opção: A fundo.

>@< Clique em Analisar!

>@< Terminando,envie os ítens encontrados para a quarentena. Aonde,daí,serão eliminados ou restaurados.

>@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

bOM DIA!!!! É PARAECE QUE ESTOU COM ALGUNS VIRUS, SEGUE OQ você ME PEDIU........

 

*********************************************

a-squared Free - Versão 3.0

Last update: 9/10/2007 21:54:20

 

Configurações da análise:

 

Objetos: Memória, Rastros, Cookies, C:\

Análise de arquivos: Ligado

Heurística: Ligado

Análise de ADS: Ligado

 

Início da análise: 9/10/2007 21:58:53

 

Key: HKEY_CLASSES_ROOT\catalyst.httpclientctrl.1 detectado: Trace.Registry.DLSearchBar

Key: HKEY_CLASSES_ROOT\clsid\{edd6ba26-9ebb-11d2-b89c-00104b30757b} detectado: Trace.Registry.DLSearchBar

Key: HKEY_CLASSES_ROOT\clsid\{edd6ba27-9ebb-11d2-b89c-00104b30757b} detectado: Trace.Registry.DLSearchBar

Key: HKEY_CLASSES_ROOT\interface\{edd6ba24-9ebb-11d2-b89c-00104b30757b} detectado: Trace.Registry.DLSearchBar

Key: HKEY_CLASSES_ROOT\interface\{edd6ba25-9ebb-11d2-b89c-00104b30757b} detectado: Trace.Registry.DLSearchBar

Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls --> c:\windows\system32\cshtp32.ocx detectado: Trace.Registry.DLSearchBar

Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> b detectado: Trace.Registry.KaZaA

Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> time detectado: Trace.Registry.KaZaA

Key: HKEY_LOCAL_MACHINE\software\kazaa detectado: Trace.Registry.KaZaA

Value: HKEY_CLASSES_ROOT\CLSID\{30349568-DAB5-4FA9-B254-4D3BA77C7952}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Radlight

Value: HKEY_CLASSES_ROOT\CLSID\{68D6728A-D715-492A-A57B-8DDA01F4921F}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Radlight

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30349568-DAB5-4FA9-B254-4D3BA77C7952}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Radlight

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68D6728A-D715-492A-A57B-8DDA01F4921F}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Radlight

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15} --> ButtonText detectado: Trace.Registry.ShopperReports

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15} --> CLSID detectado: Trace.Registry.ShopperReports

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15} --> ClsidExtension detectado: Trace.Registry.ShopperReports

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15} --> Default Visible detectado: Trace.Registry.ShopperReports

c:\arquivos de programas\webteh\bsplayer detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\doc detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\lang detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\plugins detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample_subtitles detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\delphi detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\delphi\sample detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\base detectado: Trace.Directory.BSplayer

c:\arquivos de programas\webteh\bsplayer\bplay.exe detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\bspfilters.sam detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\bsplay.exe detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\bsplayer.exe detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\bsplayer.exe.manifest detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\bsrendv2.dll detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\changes.txt detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\doc\cmdline.txt detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\doc\ini_files.html detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\plugins\oldskin.dll detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\bsp.h detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\bsp.pas detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\bspplg.h detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\bspplg.pas detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.def detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsp detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsw detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample\sampleplugin.c detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.c detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.def detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsp detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsw detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\delphi\sample\sample_plugin.dpr detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles\sample_sub.dpr detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\base\prevd.bmp detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\base\rgn.dat detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\base\rgnfs.dat detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\base\skin.ini detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\base\skinfs.ini detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\bat lite.bsz detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\mediabox v-1.bsz detectado: Trace.File.BSplayer

c:\arquivos de programas\webteh\bsplayer\skins\mediabox v-2.bsz detectado: Trace.File.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> DisplayName detectado: Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> UninstallString detectado: Trace.Registry.BSplayer

c:\arquivos de programas\gamespy arcade detectado: Trace.Directory.GameSpy Arcade

c:\arquivos de programas\gamespy arcade\profiles detectado: Trace.Directory.GameSpy Arcade

c:\arquivos de programas\gamespy arcade\services detectado: Trace.Directory.GameSpy Arcade

c:\arquivos de programas\gamespy arcade\services\_common detectado: Trace.Directory.GameSpy Arcade

c:\arquivos de programas\gamespy arcade\banner.html detectado: Trace.File.GameSpy Arcade

C:\Arquivos de programas\eMule\Temp22.part/Bonnie Tyler - It's A Heartache - 16 - Wild Side Of Life.mp3 detectado: Heuristic.ArchiveBomb

 

Analisado

 

Arquivos: 140348

Objetos: 144041

Cookies: 1

Processos: 11

 

Encontrado

 

Arquivos: 1

Objetos: 70

Cookies: 0

Processos: 0

Chaves do registro: 0

 

Fim da análise: 10/10/2007 00:43:47

Duração da análise: 02:44:54

 

C:\Arquivos de programas\eMule\Temp22.part/Bonnie Tyler - It's A Heartache - 16 - Wild Side Of Life.mp3 Em quarentena Heuristic.ArchiveBomb

 

Em quarentena

 

Arquivos: 1

Objetos: 0

Cookies: 0

 

 

*****************************

Logfile of HijackThis v1.99.1

Scan saved at 10:39:59, on 10/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\SPYWAR~2\SpywareTerminatorShield.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\ARQUIV~1\SPYWAR~2\sp_rsser.exe

C:\Arquivos de programas\eMule\emule.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\r2 Studios\HideOE\HideOE.exe

C:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mmjb.exe

C:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\MMDiag.exe

C:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_director.exe

C:\ARQUIV~1\MUSICM~1\MUSICM~1\MM_TDM~1.EXE

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brturbo.com.br/

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\WINDOWS\Downloaded Program Files\gbiehCef.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~2\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [MMTray] "C:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [CoolSMS] C:\Arquivos de programas\CoolSMS\CoolSMS.exe /minimized

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://cob.bancovw.com.br/viewer9/activeXV...tivexviewer.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/1d/pla...1/Installer.exe

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1D7D353E-5E12-4AF2-ACFF-3D34FA2AB80A}: NameServer = 201.10.128.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{1D7D353E-5E12-4AF2-ACFF-3D34FA2AB80A}: NameServer = 201.10.128.3,201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Arquivos de programas\WinClamAVShield\sp_clamsrv.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\ARQUIV~1\SPYWAR~2\sp_rsser.exe

 

 

************************************

oBRIGADA

aBRAÇOS

Compartilhar este post


Link para o post
Compartilhar em outros sites

SEM QUERER ABUSAR DA SUA ATENÇÃO, MAS TODOS OS DIAS QD PASSO O SYWARE TERMINATOR ELE ENCONTRA O SEGUINTE:

 

Logfile of Spyware Terminator v2.0.0.194 (db:1.0.961.721)

Scan Time: 10/10/2007 11:00:38 length: 3922 s

Platform: Windows XP Service Pack 2 (WINNT 5.1.2600)

User: Limited

Boot Mode: Normal

Scan type: Full_Spyware_Scan

Scanned Objects: 105294 (Critical:0)

Filter: No System items, No Safe items, No Invalid items

 

Running Processes

MsMpEng.exe [Microsoft Corporation] : C:\Arquivos de programas\Windows Defender\MsMpEng.exe

a2service.exe [Emsi Software GmbH] : C:\Arquivos de programas\a-squared Free\a2service.exe

Mixer.exe [C-Media Electronic Inc. (www.cmedia.com.tw)] : C:\WINDOWS\Mixer.exe

GoogleToolbarNotifier.exe [Google Inc.] : C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

bgsvcgen.exe [b.H.A Corporation] : C:\WINDOWS\system32\bgsvcgen.exe

LSSrvc.exe [Hewlett-Packard Company] : C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

emule.exe [http://www.emule-project.net] : C:\Arquivos de programas\eMule\emule.exe

HideOE.exe [r2 studios] : C:\Arquivos de programas\r2 Studios\HideOE\HideOE.exe

mmjb.exe [Musicmatch, Inc.] : C:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mmjb.exe

MMDiag.exe [Musicmatch, Inc.] : C:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\MMDiag.exe

mm_director.exe [Musicmatch, Inc.] : C:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_director.exe

mm_TDMEngine.exe [Musicmatch, Inc.] : C:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_TDMEngine.exe

 

Internet Settings

R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = about:blank

R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =

R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

 

BHO

02 - BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - [Caixa Economica Federal] : C:\WINDOWS\Downloaded Program Files\gbiehCef.dll

 

StartUps

04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, swg : [Google Inc.] : C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CoolSMS : [Cool Tecnologia - www.cool.com.br] : C:\Arquivos de programas\COOLSMS\COOLSMS.EXE

04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, eMuleAutoStart : [http://www.emule-project.net] : C:\Arquivos de programas\eMule\emule.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, C-Media Mixer : [C-Media Electronic Inc. (www.cmedia.com.tw)] : C:\WINDOWS\Mixer.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MMTray : [Musicmatch, Inc.] : C:\Arquivos de programas\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE

 

Shell Extensions

- {42042206-2D85-11D3-8CFF-005004838597} - [Microsoft Corporation] : C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll

Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

- {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

Microsoft Office Outlook - {00020D75-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Arquivos de programas\Microsoft Office\OFFICE11\MLSHEXT.DLL

Extensão de ícone de arquivo do Outlook - {0006F045-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Arquivos de programas\Microsoft Office\OFFICE11\OLKFSTUB.DLL

Minhas Pastas de Compartilhamento - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} - [Microsoft Corporation] : C:\Arquivos de programas\MSN Messenger\fsshext.8.1.0178.00.dll

GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - [Caixa Economica Federal] : C:\WINDOWS\Downloaded Program Files\gbiehCef.dll

WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Arquivos de programas\WinRAR\rarext.dll

a-squared Free Shell Extension - {A155339D-CCCD-4714-85EB-3754B804C9DF} - [Emsi Software GmbH] : C:\Arquivos de programas\a-squared Free\a2freecontmenu.dll

 

Protocol Filters

- {807553E5-5146-11D5-A672-00B0D022E945} - [Microsoft Corporation] : C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

 

Protocol Handler

- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll

- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll

Data Page Plugable Protocal mso-offdap11 Handler - {32505114-5902-49B2-880A-1F7738E5A384} - [Microsoft Corporation] : C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL

IEProtocolHandler Class - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - [skype Technologies] : C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll

 

Services

23 - [Emsi Software GmbH] : C:\Arquivos de programas\a-squared Free\a2service.exe

23 - [Adaptec] : C:\WINDOWS\system32\drivers\aspi32.sys

23 - [b.H.A Corporation] : C:\WINDOWS\system32\bgsvcgen.exe

23 - [C-Media Inc] : C:\WINDOWS\system32\drivers\cmaudio.sys

23 - [ENCORE ELECTRONICS, INC.] : C:\WINDOWS\system32\DRIVERS\ipfnd51.sys

23 - [Hewlett-Packard Company] : C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

23 - [Robert Schlabbach] : C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS

23 - : C:\WINDOWS\system32\Drivers\sptd.sys

23 - [Microsoft Corporation] : C:\Arquivos de programas\Windows Defender\MsMpEng.exe

 

Thread Files

<Unreadable Binary Files> : C:\WINDOWS\system32\Drivers\sptd.sys

 

 

Processo de Remoção:

 

A Preparar Estruturas

Remover Affiliate tracking cookie

Ficheiro Apagado: C:\Documents and Settings\Particular\cookies\particular@atdmt[2].txt

Terminado

 

MANDO REMOVER, MAS TODOS OS DIAS ELE ACUSA NOVAMENTE,

 

OBRIGADA

aTENCIOSAMENTE

ROSALBA ANTONIELA

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite ROSALBA ANTONIELA!

 

Remover Affiliate tracking cookie

Ficheiro Apagado: C:\Documents and Settings\Particular\cookies\particular@atdmt[2].txt

Terminado

MANDO REMOVER, MAS TODOS OS DIAS ELE ACUSA NOVAMENTE,

>@< Minha amiga!Os tracking cookies,são adicionados pelos sites que visita.

>@< São pequenos arquivos texto,que lhe identificam à cada visita e,removendo-os,serão adicionados novamente.

______________________

 

>@< Estando tudo Ok,com o computador,vá à quarentena do a-squared.

>@< Selecione todo o conteúdo,e clique em Excluir.

______________________

 

>@< Faça um escaneamento OnLine,em Kaspersky.

>@< Poste o relatório dêste escaneamento + HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.