2rui2 0 Denunciar post Postado Julho 20, 2010 Bom dia. O meu pc começou a desligar o som wave sozinho, bem como tarefas do tipo "iexplorer.exe" começaram a aparecer do nada (até porque só uso o Mozilla Firefox). Aparecem também adds no pc vindos do nada. Fica aqui o log do hijack para que me possam ajudar :) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:59:37, on 20-07-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programas\CheckPoint\SecuRemote\bin\SR_Watchdog.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programas\Synaptics\SynTP\SynTPStart.exe C:\WINDOWS\BisonCam\BisonHK.exe C:\WINDOWS\BisonCam\DeLay.exe C:\Programas\Notebook Hardware Control\nhc.exe C:\Programas\Synaptics\SynTP\SynTPEnh.exe C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programas\Windows Live\Messenger\msnmsgr.exe C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Programas\HotKey_Driver\HotKeyDriver.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programas\Ficheiros comuns\Java\Java Update\jucheck.exe C:\Programas\Internet Explorer\IEXPLORE.EXE C:\Programas\Internet Explorer\IEXPLORE.EXE C:\Hijack\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programas\AskSearch\bin\DefaultSearch.dll O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programas\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programas\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [synTPStart] C:\Programas\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [bisonHK] C:\WINDOWS\BisonCam\BisonHK.exe O4 - HKLM\..\Run: [DeLay] C:\WINDOWS\BisonCam\DeLay.exe O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programas\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HotKeyDriver.lnk = ? O4 - Global Startup: Philips GoGear VIBE Device Manager.lnk = ? O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Verificação de U&RLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231882927096 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Programas\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Programas\CheckPoint\SecuRemote\bin\SR_Watchdog.exe O23 - Service: TwonkyMedia - PacketVideo - C:\Programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -- End of file - 9447 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 21, 2010 1. *A questão do iexplorer.exe aparecer é normal, mesmo usando outro navegador. 2. *Faça um scan online com o NOD32 *Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log Compartilhar este post Link para o post Compartilhar em outros sites
2rui2 0 Denunciar post Postado Julho 22, 2010 ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=51deed90fb962e468d64ddb496332f50 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-07-21 11:13:28 # local_time=2010-07-22 12:13:28 (+0000, Hora de Verão de GMT) # country="Portugal" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1280 16777175 100 0 441450 441450 0 0 # compatibility_mode=8192 67108863 100 0 237 237 0 0 # scanned=132480 # found=2 # cleaned=2 # scan_time=7543 C:\Programas\Everest Poker\CStart.exe a variant of Win32/Casino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Programas\Everest Poker\Everest Poker.exe a variant of Win32/Casino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 22, 2010 *Desative temporariamente seu antivírus Clique com o botão direito do mouse no ícone do Kaspersky no canto inferior da tela > Selecione "Disable monitoring" *Baixe o ComboFix e salve-o no desktop *Execute o Combofix e aceite o contrato *Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação. *Clique em [sIM] para continuar. *Aguarde a conclusão de todas as etapas *Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER. *O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
2rui2 0 Denunciar post Postado Julho 22, 2010 ComboFix 10-07-21.02 - Rui Costa 22-07-2010 13:00:28.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.3069.2638 [GMT 1:00] Executando de: c:\documents and settings\Rui Costa\Ambiente de trabalho\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Rui Costa\Application Data\inst.exe C:\install.exe c:\programas\AskSearch\bin\DefaultSearch.dll C:\restore c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\windows\system\BisonC07.dll . (((((((((((((((( Arquivos/Ficheiros criados de 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))) . 2010-07-21 21:04 . 2010-07-21 21:04 -------- d-----w- c:\programas\ESET 2010-07-20 12:58 . 2010-07-20 12:59 -------- d-----w- C:\Hijack 2010-07-16 18:51 . 2010-07-16 18:51 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll 2010-07-16 18:51 . 2010-07-16 18:51 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll 2010-07-16 18:51 . 2010-07-16 18:51 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll 2010-07-16 18:51 . 2010-07-16 18:51 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll 2010-07-16 18:51 . 2010-07-16 18:51 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll 2010-07-16 18:49 . 2010-07-16 18:49 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll 2010-07-16 18:30 . 2010-07-22 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2010-07-16 18:30 . 2010-07-16 18:30 -------- d-----w- c:\programas\Kaspersky Lab 2010-07-16 18:29 . 2010-07-16 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2010-07-15 19:32 . 2010-07-15 19:32 -------- d-----r- c:\documents and settings\NetworkService\Favoritos 2010-07-15 18:11 . 2010-07-15 18:11 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-07-15 18:10 . 2010-07-15 18:10 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2010-07-15 18:09 . 2010-07-15 18:09 -------- d-----r- c:\documents and settings\LocalService\Favoritos 2010-07-14 10:46 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-06-30 21:21 . 2010-07-15 14:41 -------- d-----w- c:\programas\BTNext Evolution 2010-06-24 11:02 . 2010-06-24 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-22 11:15 . 2009-06-28 21:39 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys 2010-07-21 21:56 . 2009-08-20 19:43 -------- d-----w- c:\programas\Everest Poker 2010-07-16 18:35 . 2010-07-16 18:35 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat 2010-07-15 11:00 . 2009-01-13 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-22 23:16 . 2001-11-20 11:00 83268 ----a-w- c:\windows\system32\perfc016.dat 2010-06-22 23:16 . 2001-11-20 11:00 487188 ----a-w- c:\windows\system32\perfh016.dat 2010-06-19 21:50 . 2010-04-17 15:44 -------- d-----w- c:\documents and settings\Rui Costa\Application Data\CmapTools 2010-06-16 07:40 . 2009-02-17 22:59 -------- d-----w- c:\programas\Messenger Plus! Live 2010-06-14 14:31 . 2009-01-13 20:55 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-06 10:54 . 2010-02-11 23:01 -------- d-----w- c:\programas\Microsoft Silverlight 2010-06-05 16:30 . 2010-06-05 16:30 -------- d-----w- c:\documents and settings\Rui Costa\Application Data\CoffeeCup Software 2010-06-05 14:19 . 2009-01-13 21:05 -------- d--h--w- c:\programas\InstallShield Installation Information 2010-06-05 13:42 . 2010-06-05 13:42 -------- d-----w- c:\programas\NetObjects 2010-06-01 17:37 . 2010-02-16 14:06 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-26 15:35 . 2009-01-15 16:27 -------- d-----w- c:\documents and settings\Rui Costa\Application Data\uTorrent 2010-05-20 18:48 . 2010-05-20 18:48 50354 ----a-w- c:\documents and settings\Rui Costa\Application Data\Facebook\uninstall.exe 2010-05-19 19:55 . 2010-05-19 19:55 520192 ----a-w- c:\windows\system32\Side 9 Screensaver.scr 2010-05-06 10:33 . 2004-08-03 23:56 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 08:07 . 2004-08-03 23:46 1851392 ----a-w- c:\windows\system32\win32k.sys 2010-02-07 15:06 . 2010-02-07 15:06 623030 ----a-w- c:\programas\Farm Helper.rar . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-28 13529088] "nwiz"="nwiz.exe" [2008-03-28 1626112] "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184] "SynTPStart"="c:\programas\Synaptics\SynTP\SynTPStart.exe" [2007-08-16 102400] "BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824] "DeLay"="c:\windows\BisonCam\DeLay.exe" [2008-03-11 53248] "NotebookHardwareControl"="c:\programas\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632] "SunJavaUpdateSched"="c:\programas\Ficheiros comuns\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "ArcSoft Connection Service"="c:\programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] "QuickTime Task"="c:\programas\QuickTime\qttask.exe" [2009-11-10 417792] "AVP"="c:\programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-05-25 303376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\ HotKeyDriver.lnk - c:\programas\HotKey_Driver\HotKeyDriver.exe [2009-1-13 3641344] Philips GoGear VIBE Device Manager.lnk - c:\programas\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-4-27 1611152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify] 2007-05-24 10:13 24665 ----a-w- c:\windows\system32\ckpNotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Rui Costa^Menu Iniciar^Programas^Arranque^Adobe Gamma.lnk] path=c:\documents and settings\Rui Costa\Menu Iniciar\Programas\Arranque\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\programas\Ficheiros comuns\Nokia\MPlatform\NokiaMServer [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\programas\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 11:44 31072 ----a-w- c:\programas\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 16:09 1695232 ------w- c:\programas\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2004-02-13 10:41 155648 ----a-r- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2009-06-25 15:12 1414144 ----a-w- c:\programas\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 23:08 417792 ----a-w- c:\programas\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programas\\uTorrent\\uTorrent.exe"= "c:\\Programas\\emule0.49b-Xtreme7.1\\emule.exe"= "c:\\Programas\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"= "c:\\Programas\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"= "c:\\Programas\\Ficheiros comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Programas\\Java\\jre6\\launch4j-tmp\\frd.exe"= "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programas\\Mozilla Firefox\\firefox.exe"= "c:\\Programas\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"= "c:\\Programas\\CheckPoint\\SecuRemote\\bin\\SR_SERVICE.EXE"= "c:\\Programas\\CheckPoint\\SecuRemote\\bin\\SR_GUI.EXE"= "c:\\Programas\\CheckPoint\\SecuRemote\\bin\\SCC.EXE"= "c:\\Programas\\CheckPoint\\SecuRemote\\bin\\SR_SDS.EXE"= "c:\\Programas\\CheckPoint\\SecuRemote\\bin\\SR_DIAGNOSTICS.EXE"= "c:\\Programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Programas\\Sports Interactive\\Football Manager 2010\\fm.exe"= "c:\\Programas\\Java\\jre6\\bin\\java.exe"= "c:\\Programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\FarmHelper\\FVBot.exe"= "c:\\Programas\\Skype\\Phone\\Skype.exe"= "c:\\Programas\\BT Next Evolution\\btnext.exe"= "c:\\Programas\\BTNext Evolution\\BTNext.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15-12-2008 20:41 33808] R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [24-05-2007 11:13 2234800] R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [24-05-2007 11:13 36368] R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [24-05-2007 11:13 110032] R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [24-05-2007 11:13 673456] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13-05-2009 17:46 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16-05-2009 20:59 19472] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [13-01-2009 22:11 288000] S2 TwonkyMedia;TwonkyMedia;c:\programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [11-08-2009 0:20 18176] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [11-08-2009 0:20 7680] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [11-08-2009 0:20 42112] S3 zlportio;zlportio;\??\f:\os meus documentos\UltraStar\zlportio.sys --> f:\os meus documentos\UltraStar\zlportio.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14-01-2009 23:03 717296] . Conteúdo da pasta 'Tarefas Agendadas' 2010-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.pt/ IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Rui Costa\Application Data\Mozilla\Firefox\Profiles\apgj8vtn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF2DF&PC=DCF2&q= FF - prefs.js: browser.search.selectedEngine - Wikipedia (pt) FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF2DF&PC=DCF2&q= FF - component: c:\programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\Rui Costa\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\programas\Veetle\Player\npvlc.dll FF - plugin: c:\programas\Veetle\plugins\npVeetle.dll FF - plugin: c:\programas\Veetle\VLCBroadcast\npvbp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORFÃOS REMOVIDOS - - - - ActiveSetup-{28ABC5C0-4FCB-33CF-AAX5-35GX1C642122} - c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe AddRemove-Everest Poker - c:\programas\Everest Poker\cstart.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-22 13:09 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,ca,33,03,2e,ea,ca,49,9d,8a,5c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,ca,33,03,2e,ea,ca,49,9d,8a,5c,\ [HKEY_USERS\S-1-5-21-448539723-1383384898-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 10] "GameDir"="c:\\Documents and Settings\\Rui Costa\\Os meus documentos\\Sports Interactive\\Football Manager 2010\\games" "ShortlistDir"="" "ScreenshotsDir"="c:\\Documents and Settings\\Rui Costa\\Os meus documentos\\Sports Interactive\\Football Manager 2010" "SaveDir"="c:\\Documents and Settings\\Rui Costa\\Os meus documentos\\Sports Interactive\\Football Manager 2010\\" "HistoryDir"="c:\\Documents and Settings\\Rui Costa\\Ambiente de trabalho\\FM Genie Scout 10\\History Points" "LangDB"="c:\\Programas\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat" "LastSaveGame"="" "Language"="English" "LoadLangDB"=dword:00000001 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "GraphStep"=dword:00000000 "SkinName"="Steklo Black" "LastUpdateCheck"=dword:00009dbc "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000074 "UniqueID"="74-8D00-E37F" "Currency"=dword:00000056 "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" [HKEY_USERS\S-1-5-21-448539723-1383384898-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE] "GameDir"="c:\\Documents and Settings\\Rui Costa\\Os meus documentos\\Sports Interactive\\Football Manager 2009\\games" "ShortlistDir"="" "ScreenshotsDir"="c:\\Documents and Settings\\Rui Costa\\Os meus documentos\\Sports Interactive\\Football Manager 2009" "SaveDir"="c:\\Documents and Settings\\Rui Costa\\Os meus documentos\\Sports Interactive\\Football Manager 2009\\" "HistoryDir"="f:\\Os meus documentos\\Rui Filipe\\FM Genie Scout 2009 XE\\History Points" "LangDB"="c:\\Programas\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat" "LastSaveGame"="f:\\Os meus documentos\\Sports Interactive\\Football Manager 2009\\games\\Moreirense.fm" "Language"="English" "LoadLangDB"=dword:00000001 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "SkinName"="Champions League" "LastUpdateCheck"=dword:00000000 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000066 "UniqueID"="74-8D00-E37F" "Currency"=dword:00000056 "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" [HKEY_USERS\S-1-5-21-448539723-1383384898-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:de,8b,ed,01,37,2e,e3,75,28,d3,4d,97,0d,61,23,c5,b4,e6,ad,3b,ca, 56,23,ae,e6,d3,c7,22,37,47,f1,91,75,a3,c9,0f,4e,02,f3,be,07,95,42,0b,f0,9f,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . Tempo para conclusão: 2010-07-22 13:12:08 ComboFix-quarantined-files.txt 2010-07-22 12:12 Pré-execução: 70.049.312.768 bytes livres Pós execução: 72.150.982.656 bytes livres WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - AEF3FA8304ECEFFEE3449308F0E0BD51 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 22, 2010 *Baixe o AD-Remover e salve-o no desktop *Duplo clique em AD-R.exe *Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa. *Cole o relatório criado em C:\Ad-Report-CLEAN.log Compartilhar este post Link para o post Compartilhar em outros sites
2rui2 0 Denunciar post Postado Julho 22, 2010 ======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 ======= Updated by C_XX on 21/07/10 at 14:00 Contact: AdRemover.contact[AT]gmail.com website: http://pagesperso-orange.fr/NosTools/ad_remover.html C:\Programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 20:55:05 on 22/07/2010, Normal boot Microsoft Windows XP Professional Service Pack 3 (X86) Rui Costa@PORT-RUICOSTA ( ) ============== ACTION(S) ============== 0,File deleted: C:\Programas\Mozilla FireFox\Components\AskSearch.js 0,Folder deleted: C:\Programas\AskSearch 0,Folder deleted: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Everest Poker 0,Folder deleted: C:\Programas\Everest Poker 0,File deleted: C:\Documents and Settings\All Users\Ambiente de trabalho\Everest Poker.lnk (!) -- Temporary files deleted. 1,Key deleted: HKLM\Software\Classes\Interface\{73FCC7EA-1B6F-4427-9564-8835ED04C4B9} 1,Key deleted: HKLM\Software\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} 1,Key deleted: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B} 0,Key deleted: HKLM\Software\AskBarDis 0,Key deleted: HKCU\Software\Grand Virtual 3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} 0,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} ============== ADDITIONNAL SCAN ============== ** Mozilla Firefox Version [3.6.7 (pt-PT)] ** -- C:\Documents and Settings\Rui Costa\Application Data\Mozilla\FireFox\Profiles\apgj8vtn.default\Prefs.js -- browser.download.dir, C:\\Documents and Settings\\Rui Costa\\Ambiente de trabalho browser.download.lastDir, C:\\Documents and Settings\\Rui Costa\\Ambiente de trabalho\\projecto GE\\e-book browser.search.defaultenginename, Bing browser.search.defaulturl, hxxp://www.bing.com/search?FORM=DCF2DF&PC=DCF2&q= browser.search.selectedEngine, Wikipedia (pt) browser.startup.homepage, chrome://speeddial/content/speeddial.xul browser.startup.homepage_override.mstone, rv:1.9.2.7 keyword.URL, hxxp://www.bing.com/search?FORM=DCF2DF&PC=DCF2&q= ======================================== ** Internet Explorer Version [8.0.6001.18702] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Programas\Ad-Remover\Quarantine: 0 File(s) C:\Programas\Ad-Remover\Backup: 0 File(s) C:\Ad-Report-CLEAN[1].txt - 22/07/2010 (817 Byte(s)) End at: 21:04:50, 22/07/2010 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 22, 2010 1. *Execute novamente o AD-Remover *Clique em [uninstall] 2. *Clique em [iniciar] > [Executar] > digite: Combofix /uninstall *Clique [OK] *Clique em [Executar] *Aguarde até surgir a mensagem: "ComboFix está desinstalado" *Clique [OK] 3. *Clique em [iniciar] > [Executar] > digite: msconfig *Clique OK *Clique na aba "BOOT.INI" *Selecione a linha C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons *Clique em [Verificar caminhos de inicialização] *Clique em [sIM] > [OK] *Reinicie o PC *Ao iniciar o Windows, o utilitário de configuração informará que foi alterado. *Clique em "Não mostrar esta mensagem ou iniciar o utilitário de configuração do sistema ao iniciar o Windows" 4. *Acesse o link abaixo, clique com o botão direito do mouse na página e selecione "Salvar Como..." http://www.silentrunners.org/Silent%20Runners.vbs *Salve-o no desktop *Desative temporariamente seu antivírus *Duplo clique em SilentRunners.vbs *Se receber uma mensagem "Do you want to skip supplementary searches?"...clique em [No] *Se receber alguma mensagem de erro, clique [OK] e execute novamente o SilentRunners.vbs *Ao término do processo surgirá a mensagem "All Done!" *Cole o relatório Startup Programs(Nome do PC)ano-mês-dia.txt criado no desktop Compartilhar este post Link para o post Compartilhar em outros sites
2rui2 0 Denunciar post Postado Julho 22, 2010 "Silent Runners.vbs", revision 61, http://www.silentrunners.org/ Operating System: Windows XP SP3 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "msnmsgr" = ""C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background" [MS] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "SynTPStart" = "C:\Programas\Synaptics\SynTP\SynTPStart.exe" ["Synaptics, Inc."] "BisonHK" = "C:\WINDOWS\BisonCam\BisonHK.exe" ["mychat"] "DeLay" = "C:\WINDOWS\BisonCam\DeLay.exe" ["Bison Inc."] "NotebookHardwareControl" = ""C:\Programas\Notebook Hardware Control\nhc.exe" -quiet" [null data] "SunJavaUpdateSched" = ""C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."] "Adobe Reader Speed Launcher" = ""C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "Adobe ARM" = ""C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"] "ArcSoft Connection Service" = "C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe" ["ArcSoft Inc."] "QuickTime Task" = ""C:\Programas\QuickTime\qttask.exe" -atboottime" ["Apple Inc."] "AVP" = ""C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"" ["Kaspersky Lab"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {11222041-111B-46E3-BD29-EFB2449479B1}\(Default) = (no title provided) -> {HKLM...CLSID} = "IEPlugin Class" \InProcServer32\(Default) = "C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL" ["ArcSoft, Inc."] {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub" -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"] {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO" -> {HKLM...CLSID} = "IEVkbdBHO Class" \InProcServer32\(Default) = "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll" ["Kaspersky Lab"] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live ID Sign-in Helper" \InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {bf00e119-21a3-4fd1-b178-3b8537e75c92}\(Default) = "MegaIEMn" -> {HKLM...CLSID} = "IeMonitorBho Class" \InProcServer32\(Default) = "C:\Programas\Megaupload\Mega Manager\MegaIEMn.dll" ["Megaupload Limited"] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Programas\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] {E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = "link filter bho" -> {HKLM...CLSID} = "FilterBHO Class" \InProcServer32\(Default) = "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll" ["Kaspersky Lab"] {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided) -> {HKLM...CLSID} = "EpsonToolBandKicker Class" \InProcServer32\(Default) = "C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = "{16F3DD56-1AF5-4347-846D-7C10C4192619}" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Apresentar extensão de panorâmica CPL" -> {HKLM...CLSID} = "Apresentar extensão de panorâmica CPL" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programas\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Programas\7-Zip\7-zip.dll" ["Igor Pavlov"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" ["Alexander Roshal"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Programas\rpshell.dll" ["RealNetworks, Inc."] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Programas\Nokia\Nokia PC Suite 7\PhoneBrowser.dll" ["Nokia"] "{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02}" = "TIShelEx Shell Extension" -> {HKLM...CLSID} = "FileTimeShlExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\FICHEI~1\TISHAR~1\TICONN~1\TIShlExt.dll" ["Texas Instruments Incorporated"] "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" -> {HKLM...CLSID} = "ImageExtractorShellExt Class" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\VISSHE.DLL" [MS] "{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}" -> {HKLM...CLSID} = "CInfoTipShellExt Class" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\VISSHE.DLL" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> ckpNotify\DLLName = "ckpNotify.dll" ["Check Point Software Technologies"] <<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> grooveLocalGWS\CLSID = "{88FED34C-F0CA-4636-A375-3CB6248B04CD}" -> {HKLM...CLSID} = "Local Groove Web Services Protocol" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll" [MS] <<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL" [MS] <<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}" -> {HKLM...CLSID} = "HxProtocol Class" \InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll" [MS] <<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL" [MS] <<!>> skype4com\CLSID = "{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}" -> {HKLM...CLSID} = "IEProtocolHandler Class" \InProcServer32\(Default) = "C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL" ["Skype Technologies"] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Programas\7-Zip\7-zip.dll" ["Igor Pavlov"] EPPShellEx\(Default) = "{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programas\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll" ["SEIKO EPSON CORPORATION"] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2010\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" ["Alexander Roshal"] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Programas\7-Zip\7-zip.dll" ["Igor Pavlov"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" ["Alexander Roshal"] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ Nokia\(Default) = "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Programas\Nokia\Nokia PC Suite 7\PhoneBrowser.dll" ["Nokia"] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Programas\7-Zip\7-zip.dll" ["Igor Pavlov"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" ["Alexander Roshal"] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ 00nView\(Default) = "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] NvCplDesktopContext\(Default) = "{A70C977A-BF00-412C-90B7-034C51DA2439}" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2010\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" ["Alexander Roshal"] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" ["Alexander Roshal"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "AllowLegacyWebView" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "AllowUnhashedWebView" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "disableregistrytools" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Windows\System\ "disablecmd" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Disable the command prompt} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\SIDE9S~1.SCR" (Side 9 Screensaver.scr) ["ScreenTime Media"] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ EpsonCreativitySuite\ "Provider" = "FileManager" "InvokeProgID" = "EpsonCreativitySuite" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\EpsonCreativitySuite\shell\Play\DropTarget\CLSID = "{7720BCC1-4F11-4f17-A80F-0BB69EF9788F}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Programas\EPSON\Creativity Suite\File Manager\eppqcom.exe" [null data] MPCPlayCDAudioOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayCDAudio" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Programas\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["mpc-hc@Sourceforge"] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayDVDMovie" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Programas\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["mpc-hc@Sourceforge"] MPCPlayMusicFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayMusicFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Programas\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["mpc-hc@Sourceforge"] MPCPlayVideoFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayVideoFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Programas\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["mpc-hc@Sourceforge"] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] RPCDBurningOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.CDBurn.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = "C:\Programas\\RealPlay.exe /burn "%1"" ["RealNetworks, Inc."] RPDeviceOnArrival\ "Provider" = "RealPlayer" "ProgID" = "RealPlayer.HWEventHandler" HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}" -> {HKLM...CLSID} = "RealNetworks Scheduler" \LocalServer32\(Default) = ""C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."] RPPlayCDAudioOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AudioCD.6" "InvokeVerb" = "play" HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = "C:\Programas\\RealPlay.exe /play %1 " ["RealNetworks, Inc."] RPPlayDVDMovieOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.DVD.6" "InvokeVerb" = "play" HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = "C:\Programas\\RealPlay.exe /dvd %1 " ["RealNetworks, Inc."] RPPlayMediaOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AutoPlay.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = "C:\Programas\\RealPlay.exe /autoplay "%1"" ["RealNetworks, Inc."] Startup items in "Rui Costa" & "All Users" startup folders: ----------------------------------------------------------- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque "HotKeyDriver" -> shortcut to: "C:\Programas\HotKey_Driver\HotKeyDriver.exe" [null data] "Philips GoGear VIBE Device Manager" -> shortcut to: "C:\Programas\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe -silent" ["Philips"] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Programas\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 25 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{32099AAC-C132-4136-9E9A-4E364A424E17}" -> {HKLM...CLSID} = "DAEMON Tools Toolbar" \InProcServer32\(Default) = "C:\Programas\DAEMON Tools Toolbar\DTToolbar.dll" [null data] "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" -> {HKLM...CLSID} = "EPSON Web-To-Page" \InProcServer32\(Default) = "C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{32099AAC-C132-4136-9E9A-4E364A424E17}" = (no title provided) -> {HKLM...CLSID} = "DAEMON Tools Toolbar" \InProcServer32\(Default) = "C:\Programas\DAEMON Tools Toolbar\DTToolbar.dll" [null data] "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided) -> {HKLM...CLSID} = "EPSON Web-To-Page" \InProcServer32\(Default) = "C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Pesquisa" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Enviar para o OneNote" "MenuText" = "&Enviar para o OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS] {4248FE82-7FCB-46AC-B270-339F08212110}\ "ButtonText" = "&Teclado virtual" "CLSIDExtension" = "{4248FE82-7FCB-46AC-B270-339F08212110}" -> {HKLM...CLSID} = "VirtualKeyboardButtonHandler Class" \InProcServer32\(Default) = "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll" ["Kaspersky Lab"] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {CCF151D8-D089-449F-A5A4-D9909053F20F}\ "ButtonText" = "Verificação de U&RLs" "CLSIDExtension" = "{CCF151D8-D089-449F-A5A4-D9909053F20F}" -> {HKLM...CLSID} = "FilterButtonHandler Class" \InProcServer32\(Default) = "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll" ["Kaspersky Lab"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programas\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ .NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [MS] ArcSoft Connect Daemon, ACDaemon, "C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACService.exe" ["ArcSoft Inc."] Check Point VPN-1 Securemote watchdog, SR_Watchdog, "C:\Programas\CheckPoint\SecuRemote\bin\SR_Watchdog.exe" ["Check Point Software Technologies"] Kaspersky Internet Security, AVP, ""C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" -r" ["Kaspersky Lab"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Windows Live ID Sign-in Assistant, wlidsvc, ""C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE"" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ EPSON Stylus DX4000 Series 32MonitorBE\Driver = "E_FLBBEE.DLL" ["SEIKO EPSON CORPORATION"] PDFCreator\Driver = "pdfcmnnt.dll" [null data] Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- (launch time: 2010-07-22 21:40:17) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 83 seconds, including 23 seconds for message boxes) Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 22, 2010 OK....o PC está limpo. Delete o Silent Runners e seu relatório. Ative novamente seu antivírus. *Baixe o ATF Cleaner e salve-o no desktop *Duplo clique em ATF-Cleaner *Selecione: [] Select All *Clique em [Empty Selected] =>Caso use Firefox ou Opera: *Clique na aba "Firefox" ou em "Opera" *Selecione: [] Select All *Clique em [sim] > [Empty Selected] > [sim] *Clique em [Exit] ou no [X] para sair do programa Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
2rui2 0 Denunciar post Postado Julho 22, 2010 O problema mantém-se. O som continua inda abaixo e a publicidade aparecendo a toda a hora =/ Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 22, 2010 1. *Desative seu antivírus temporariamente *Faça o download do LopUninstall e salve-o no desktop *Execute-o. Digite os números e clique em [uninstall] 2. *Em relação ao som, procure outra causa. Contaminação não é. Compartilhar este post Link para o post Compartilhar em outros sites
2rui2 0 Denunciar post Postado Julho 22, 2010 Não resultou...e desconfigurou meu Firefox =/ Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 22, 2010 Não resultou...e desconfigurou meu Firefox =/ Desconfigurou o que amigo? Esta ferramenta não afeta configurações no Firefox. Ela é justamente para a remoção de propagandas (CID). Compartilhar este post Link para o post Compartilhar em outros sites
2rui2 0 Denunciar post Postado Julho 22, 2010 Não sei se consigo explicar bem... Os sites não aparecem como dantes. Parecem desformatados, apenas aparece o texto simples e pouco mais. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 22, 2010 você usou cracks ou keygens em algum programa? Em relação ao Firefox pode ser problema de perfil. Reinicie o PC. Compartilhar este post Link para o post Compartilhar em outros sites
2rui2 0 Denunciar post Postado Julho 23, 2010 1. Sim, usei cracks e keygens. 2. já reiniciei e continua igual. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 23, 2010 Evite o uso destes tipos de programas...eles contaminam a máquina trazendo transtornos. É possível que muitos destes problemas tenham sido causados pelo seu uso. você tem sites armazenados como favoritos?...caso não tenha, faça o seguinte. Desinstale o Firefox e baixe-o novamente. Durante a instalação, mude a pasta de destino. Normalmente ele é instalado em C:\Arquivos de programas\Mozilla Firefox. Mude o destino para C:\Arquivos de programas\Firefox. Caso tenha sites favoritos, clique em Favoritos > Organizar Favoritos > Importar e backup > Exportar HTML e salve numa pasta quaquer. Depois baixe uma novamente, desinstale a atual e instale a que você baixou. Compartilhar este post Link para o post Compartilhar em outros sites
2rui2 0 Denunciar post Postado Julho 23, 2010 Eu entendo...vou ter mais cuidado a partir de agora... mas para resolver este problema não encontro outra solução que não seja formatar o pc =/ O firefox já está funcionando normalmente ;) Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 23, 2010 *Desative temporariamente seu antivírus *Baixe o USBFix e salve-o no desktop *Conecte o Pendrive no PC *Duplo clique em UsbFix *Clique em [Pesquisa] e aguarde o término *Remova o Pendrive *Cole o relatório criado em C:\UsbFix.txt Compartilhar este post Link para o post Compartilhar em outros sites
