Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
kuklinski

Spyware

Recommended Posts

Pessoal, estou com um problema bem ingrato :help: tem firewall na empresa onde trabalho e quando novego saindo pelo firewall tudo tranqüilo, mas se eu libero a minha estação para sair por fora do firewall começa a abrir sites, já passei o Spybot, o AdWare, e tenho instalado o Antivir, e nenhum deles detecta o problema, já li os problemas antigos mas não achei nada parecido com este caso, segue moacir@hoepers.como log do HJthis para sua análise.

Valeu!

PS.: Se estiver fazendo alguma coisa errada ao postar meu problema, me avisem. FAz tempo que utilizo o site do Clube mas nunca havia entrado no fórum.

Logfile of HijackThis v1.99.1

Scan saved at 19:53:28, on 27/12/2005

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\ARQUIVOS DE PROGRAMAS\AVPERSONAL\AVGUARD.EXE

C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\hidserv.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Arquivos de programas\TridiaVNC\win32\WinVNC.exe

C:\WINNT\system32\svchost.exe

C:\Arquivos de programas\Citrix\ICA Client\ssonsvr.exe

C:\WINNT\system32\rundll32.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\Arquivos de programas\AVPersonal\AVGNT.EXE

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Documents and Settings\moacir\Desktop\Meu\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camera2.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.4.64:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://adsserver; http://172.16.4.6:8082/intranet/login/veri...m;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\TridiaVNC\win32\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [AVGCtrl] C:\Arquivos de programas\AVPersonal\AVGNT.EXE /min

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {548F34E4-8B63-4E3D-80EF-ABC03882A4F6} (Upload.CtlUpload) - https://ws7.investshop.com.br/sistemas/cmp/...ivos/Upload.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121953369617

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121953354039

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ebook.cybermartkorea.com:8080/Component/msxml4.cab

O16 - DPF: {9B935470-AD4A-11D5-B63E-00C04FAEDB18} (Oracle JInitiator 1.1.8.16) - http://200.185.240.7/jinitiator/jinit11816.exe

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = capital.hoepers

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = capital.hoepers

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = capital.hoepers

O20 - Winlogon Notify: Nls - C:\WINNT\system32\en20l1fm1.dll

O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\ARQUIVOS DE PROGRAMAS\AVPERSONAL\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Arquivos de programas\Symantec\pcAnywhere\awhost32.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: TridiaVNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\TridiaVNC\win32\WinVNC.exe" -service (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o L2mfix

e salve-o no seu desktop e em seguida instale-o. Entre na pasta que foi

criada no seu desktop e execute o arquivo l2mfix.bat. No menu que

surgir aperte 1 e dê ENTER. Aguarde até que um log surja, então cole-o aqui.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Amigo,

    abaixo o log do l2mfix.bat

    L2MFIX find log 122705

    These are the registry keys present

    **********************************************************************************

    Winlogon/notify:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

    "Asynchronous"=dword:00000000

    "Impersonate"=dword:00000000

    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

    6c,00,00,00

    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

    "Asynchronous"=dword:00000000

    "Impersonate"=dword:00000000

    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

    "DLLName"="cscdll.dll"

    "Logon"="WinlogonLogonEvent"

    "Logoff"="WinlogonLogoffEvent"

    "ScreenSaver"="WinlogonScreenSaverEvent"

    "Startup"="WinlogonStartupEvent"

    "Shutdown"="WinlogonShutdownEvent"

    "StartShell"="WinlogonStartShellEvent"

    "Impersonate"=dword:00000000

    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]

    "Asynchronous"=dword:00000000

    "Impersonate"=dword:00000000

    "Unlock"="WLEventUnlock"

    "Lock"="WLEventLock"

    "Startup"="WLEventStartup"

    "DllName"="PCANotify.dll"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

    "Logoff"="WLEventLogoff"

    "Impersonate"=dword:00000000

    "Asynchronous"=dword:00000001

    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

    "DLLName"="WlNotify.dll"

    "Lock"="SensLockEvent"

    "Logon"="SensLogonEvent"

    "Logoff"="SensLogoffEvent"

    "Safe"=dword:00000001

    "MaxWait"=dword:00000258

    "StartScreenSaver"="SensStartScreenSaverEvent"

    "StopScreenSaver"="SensStopScreenSaverEvent"

    "Startup"="SensStartupEvent"

    "Shutdown"="SensShutdownEvent"

    "StartShell"="SensStartShellEvent"

    "Unlock"="SensUnlockEvent"

    "Impersonate"=dword:00000001

    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDLLs]

    "Asynchronous"=dword:00000000

    "DllName"="C:\\WINNT\\system32\\p64u0gh9e64.dll"

    "Impersonate"=dword:00000000

    "Logon"="WinLogon"

    "Logoff"="WinLogoff"

    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]

    "DLLName"="wzcdlg.dll"

    "Logon"="WZCEventLogon"

    "Logoff"="WZCEventLogoff"

    "Impersonate"=dword:00000000

    "Asynchronous"=dword:00000000

    **********************************************************************************

    useragent:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    "{BFB6C45F-2302-C907-4127-5492CEB342EE}"=""

    **********************************************************************************

    Shell Extension key:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    "{00022613-0000-0000-C000-000000000046}"="Folha de propriedades de arquivo de multim¡dia"

    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gerenciamento de scanner ICM"

    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="P gina de seguran‡a NTFS"

    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="P gina de propriedades do arquivo de documento OLE"

    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensäes para compartilhamento"

    "{41E300E0-78B6-11ce-849B-444553540000}"="ExtensÆo do 'Painel de controle' PlusPack"

    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="ExtensÆo do 'Painel de controle' para adaptador de v¡deo"

    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="ExtensÆo do 'Painel de controle' para monitor de v¡deo"

    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="ExtensÆo do 'Painel de controle' para panorƒmica de v¡deo"

    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="P gina de seguran‡a DS"

    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Manipulador de dados de recorte do shell"

    "{59099400-57FF-11CE-BD94-0020AF85B590}"="ExtensÆo de c¢pia de disco"

    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensäes do shell para objetos Microsoft Windows Network"

    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gerenciamento de monitor ICM"

    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gerenciamento de impressora ICM"

    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensäes do shell para compacta‡Æo de arquivos"

    "{77597368-7b15-11d0-a0c2-080036af3f03}"="ExtensÆo do shell de impressora na Web"

    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu de contexto de criptografia"

    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porta-arquivos"

    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="ExtensÆo de ¡cone do HyperTerminal"

    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Perfil ICC"

    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="P gina de seguran‡a de impressoras"

    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensäes para compartilhamento"

    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensäes de interpretador de comando para o Windows Script Host"

    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="ExtensÆo PKO de criptografia"

    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="ExtensÆo do sinal de criptografia"

    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Conexäes dial-up e de rede"

    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tarefas agendadas"

    "{1A9BA3A0-143A-11CF-8350-444553540000}"="Pasta 'Favoritos' do shell"

    "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="Meu computador"

    "{86747AC0-42A0-1069-A2E6-08002B30309D}"="Pasta 'Porta-arquivos'"

    "{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Atalho de pasta"

    "{12518493-00B2-11d2-9FA5-9E3420524153}"="Volume montado"

    "{21B22460-3AEA-1069-A2DC-08002B30309D}"="ExtensÆo de p gina de propriedade do arquivo"

    "{B091E540-83E3-11CF-A713-0020AFD79762}"="P gina de tipos de arquivo"

    "{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="Captura de tipos de arquivo MIME"

    "{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Servi‡o 'Copiar para' da Microsoft"

    "{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Servi‡o 'Mover para' da Microsoft"

    "{13709620-C279-11CE-A49E-444553540000}"="Servi‡o de automatiza‡Æo do shell"

    "{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Exibi‡Æo da pasta de automatiza‡Æo do shell"

    "{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Menu 'Iniciar'"

    "{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Servi‡o 'Enviar para' da Microsoft"

    "{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Servi‡o 'Novo objeto' da Microsoft"

    "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Manipulador do menu de contexto 'Abrir como'"

    "{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Extensäes HTML do painel de controle 'V¡deo'"

    "{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"

    "{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="ExtensÆo da p gina de propriedade de op‡äes de pasta"

    "{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"

    "{4657278A-411B-11d2-839A-00C04FD918D0}"="Auxiliador de arrastar e largar do Shell"

    "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Adicionar item de criptografia aos menus de contexto no Explorer"

    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra de ferramentas do Microsoft Internet Explorer"

    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Status do download"

    "{568804CA-CBD7-11d0-9816-00C04FD91972}"="Pasta 'Menu do Shell'"

    "{5b4dae26-b807-11d0-9815-00c04fd91972}"="Faixa de menu"

    "{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Menu do shell de rastreamento"

    "{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Local do menu"

    "{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Barra da  rea de menus"

    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Pasta do shell aumentada"

    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Pasta do shell aumentada 2"

    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

    "{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"

    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"

    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Faixa de pesquisa"

    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Pesquisa no painel"

    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Pesquisa na Web"

    "{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links"

    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilit rio de op‡äes de  rvore do Registro"

    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="E&ndere‡o"

    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Caixa de edi‡Æo de endere‡o"

    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Preenchimento autom tico da Microsoft"

    "{7487cd30-f71a-11d0-9ea7-00805f714772}"="Imagem em miniatura"

    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"

    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista de preenchimento autom tico MRU"

    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista de preenchimento autom tico de hist¢rico da Microsoft"

    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista de preenchimento autom tico de pastas do Shell da Microsoft"

    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Recipiente de lista de preenchimento autom tico m£ltiplo da Microsoft"

    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu de site de faixa do Shell"

    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"

    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistˆncia ao usu rio"

    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Configura‡äes de pasta globais"

    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Servi‡o de hist¢rico de URLs da Microsoft"

    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Hist¢rico"

    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"

    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"

    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

    "{88C6C381-2E85-11D0-94DE-444553540000}"="Pasta cache de ActiveX"

    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Pasta de inscri‡äes"

    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

    "{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Miniaturas"

    "{EAB841A0-9550-11CF-8C16-00805F1408F3}"="Extrator de miniaturas HTML"

    "{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Extrator de miniaturas de filtros gr ficos do Office"

    "{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Identificador de informa‡äes de resumo de miniaturas (DOCFILES)"

    "{500202A0-731E-11D0-B829-00C04FD706EC}"="Delegante de interface de miniaturas de arquivos LNK"

    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gerenciador de aplicativos do shell"

    "{0B124F8C-91F0-11D1-B8B5-006008059382}"="Enumerador de aplicativos instalado"

    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"

    "{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"

    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

    "{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"

    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Menu de arquivos off-line"

    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Op‡äes de pastas de arquivos off-line"

    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Pasta de arquivos off-line"

    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

    "{32683183-48a0-441b-a342-7c2a440a9478}"="Faixa de m¡dia"

    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Lista personalizada MRU preenchida automaticamente"

    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Acess¡vel"

    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barra Popup de controle"

    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analisador da barra de endere‡os"

    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Faixa do Explorer"

    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Arquivo de canal"

    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Atalho para o canal"

    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objeto manipulador de canais"

    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Pessoas..."

    "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"

    "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"

    "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"

    "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"

    "{2F25CF20-C569-11D1-B94C-00608CB45480}"="TextPad"

    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Pastas da Web"

    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"="GbPlugin ShlObj"

    "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"

    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"

    "{6705500A-D8BA-49D5-9D9A-17FD67F2DF8F}"=""

    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

    "{E4829CF5-FB54-4139-A98B-CC786F4D2C53}"=""

    **********************************************************************************

    HKEY ROOT CLASSIDS:

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{6705500A-D8BA-49D5-9D9A-17FD67F2DF8F}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6705500A-D8BA-49D5-9D9A-17FD67F2DF8F}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6705500A-D8BA-49D5-9D9A-17FD67F2DF8F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6705500A-D8BA-49D5-9D9A-17FD67F2DF8F}\InprocServer32]

    @="C:\\WINNT\\system32\\BDOWSEUI.DLL"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{E4829CF5-FB54-4139-A98B-CC786F4D2C53}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E4829CF5-FB54-4139-A98B-CC786F4D2C53}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E4829CF5-FB54-4139-A98B-CC786F4D2C53}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E4829CF5-FB54-4139-A98B-CC786F4D2C53}\InprocServer32]

    @="C:\\WINNT\\system32\\lxpct12n.dll"

    "ThreadingModel"="Apartment"

    **********************************************************************************

    Files Found are not all bad files:

    C:\WINNT\SYSTEM32\

    abicap32.dll Fri 9 Dec 2005 9:54:16 ..S.R 234.422 228,93 K

    abledit.dll Fri 23 Dec 2005 17:57:22 ..S.R 233.717 228,24 K

    all71.dll Fri 18 Nov 2005 9:39:22 ..S.R 235.219 229,70 K

    assldpc.dll Tue 6 Dec 2005 4:03:50 ..S.R 236.050 230,52 K

    bdowseui.dll Wed 28 Dec 2005 10:31:10 ..S.R 235.162 229,65 K

    beowseui.dll Sat 5 Nov 2005 8:21:00 ..S.R 236.989 231,43 K

    cmrtmmc.dll Thu 3 Nov 2005 9:45:34 ..S.R 235.382 229,86 K

    cvgmgr32.dll Sat 5 Nov 2005 15:38:18 ..S.R 236.989 231,43 K

    d2j0lc~1.dll Thu 17 Nov 2005 20:27:18 ..S.R 237.234 231,67 K

    d4j00e~1.dll Fri 4 Nov 2005 20:38:32 ..S.R 237.003 231,45 K

    danim.dll Thu 20 Oct 2005 19:10:04 A.... 987.648 964,50 K

    dbdskmgr.dll Wed 16 Nov 2005 9:46:20 ..S.R 235.219 229,70 K

    dkmstor.dll Tue 13 Dec 2005 9:38:38 ..S.R 234.422 228,93 K

    dn0m01~1.dll Sat 26 Nov 2005 18:26:30 ..S.R 236.066 230,53 K

    dodiagn.dll Tue 8 Nov 2005 9:50:50 ..S.R 236.989 231,43 K

    drloader.dll Fri 4 Nov 2005 14:08:34 ..S.R 236.989 231,43 K

    dsmv2clt.dll Mon 14 Nov 2005 12:09:48 ..S.R 234.144 228,66 K

    dveml.dll Sat 3 Dec 2005 8:01:40 ..S.R 236.024 230,49 K

    dvloader.dll Sat 26 Nov 2005 15:43:06 ..S.R 236.066 230,53 K

    dxtrans.dll Fri 21 Oct 2005 12:49:58 A.... 192.512 188,00 K

    fk20.dll Thu 8 Dec 2005 8:56:42 ..S.R 234.008 228,52 K

    g6lm0g~1.dll Fri 23 Dec 2005 8:01:02 ..S.R 233.853 228,37 K

    gdi32.dll Fri 7 Oct 2005 4:19:16 A.... 233.744 228,27 K

    gp2ql3~1.dll Tue 27 Dec 2005 20:29:10 ..S.R 236.183 230,64 K

    ifclass.dll Mon 12 Dec 2005 16:37:04 ..S.R 234.980 229,47 K

    ihss.dll Tue 20 Dec 2005 7:57:24 ..S.R 236.433 230,89 K

    iisuserr.dll Thu 15 Dec 2005 19:27:00 ..S.R 236.433 230,89 K

    ir08l5~1.dll Mon 26 Dec 2005 13:12:24 ..S.R 235.558 230,04 K

    j86m0i~1.dll Fri 4 Nov 2005 20:23:38 ..S.R 237.157 231,60 K

    keddv.dll Tue 13 Dec 2005 11:36:40 ..S.R 236.876 231,32 K

    kjrml7~1.dll Wed 14 Dec 2005 10:26:00 ..S.R 234.554 229,05 K

    kldir.dll Mon 12 Dec 2005 9:47:02 ..S.R 234.422 228,93 K

    kpdca.dll Fri 11 Nov 2005 10:02:08 ..S.R 234.144 228,66 K

    kt0ul7~1.dll Fri 4 Nov 2005 13:25:36 ..S.R 235.382 229,86 K

    ktrml7~1.dll Tue 22 Nov 2005 22:42:00 ..S.R 234.184 228,70 K

    kvdca.dll Sat 26 Nov 2005 18:25:30 ..S.R 236.066 230,53 K

    l2r0lc~1.dll Fri 4 Nov 2005 19:58:28 ..S.R 233.794 228,31 K

    l6j80g~1.dll Wed 21 Dec 2005 20:30:00 ..S.R 234.261 228,77 K

    ldrt.dll Tue 13 Dec 2005 11:24:20 ..S.R 236.744 231,20 K

    legitc~1.dll Fri 4 Nov 2005 16:27:24 A.... 534.280 521,76 K

    lmimg12n.dll Tue 13 Dec 2005 11:11:44 ..S.R 234.989 229,48 K

    lncalui.dll Thu 24 Nov 2005 9:37:32 ..S.R 236.066 230,53 K

    lodis12n.dll Sat 5 Nov 2005 14:16:02 ..S.R 233.895 228,41 K

    luimg12n.dll Tue 15 Nov 2005 9:49:30 ..S.R 234.987 229,48 K

    lwpnm12n.dll Thu 17 Nov 2005 9:52:16 ..S.R 237.234 231,67 K

    lxpct12n.dll Mon 26 Dec 2005 12:07:42 ..S.R 233.717 228,24 K

    m0jula~1.dll Fri 23 Dec 2005 17:50:02 ..S.R 235.627 230,10 K

    mcv1_0.dll Wed 16 Nov 2005 22:38:12 ..S.R 235.219 229,70 K

    mecomput.dll Wed 9 Nov 2005 9:45:54 ..S.R 237.261 231,70 K

    mqident.dll Tue 1 Nov 2005 9:49:18 ..S.R 235.382 229,86 K

    mshtml.dll Tue 22 Nov 2005 17:38:44 A.... 2.700.288 2,57 M

    mstime.dll Fri 21 Oct 2005 16:49:04 A.... 496.640 485,00 K

    mwbsync.dll Fri 4 Nov 2005 20:38:34 ..S.R 236.989 231,43 K

    mxxml3r.dll Mon 19 Dec 2005 9:47:26 ..S.R 234.197 228,71 K

    ngrrhook.dll Thu 15 Dec 2005 9:45:16 ..S.R 236.025 230,49 K

    nrdenb32.dll Wed 9 Nov 2005 18:31:54 ..S.R 234.144 228,66 K

    nrvdmd.dll Wed 2 Nov 2005 3:57:14 ..S.R 235.474 229,95 K

    nzdsetup.dll Mon 5 Dec 2005 8:11:56 ..S.R 236.024 230,49 K

    odengl32.dll Fri 4 Nov 2005 19:58:30 ..S.R 236.989 231,43 K

    oobctrac.dll Mon 14 Nov 2005 9:43:44 ..S.R 235.467 229,95 K

    otbc16gt.dll Fri 2 Dec 2005 9:40:50 ..S.R 236.024 230,49 K

    oteaut32.dll Sat 10 Dec 2005 9:35:28 ..S.R 234.422 228,93 K

    oypdx32.dll Mon 7 Nov 2005 9:52:58 ..S.R 233.813 228,33 K

    p64u0g~1.dll Tue 27 Dec 2005 13:26:54 ..S.R 235.162 229,65 K

    pplagent.dll Wed 16 Nov 2005 22:33:00 ..S.R 237.234 231,67 K

    prxdll.dll Mon 26 Dec 2005 18:10:14 ..S.R 235.162 229,65 K

    qnartz.dll Fri 9 Dec 2005 19:58:30 ..S.R 234.008 228,52 K

    rlocurs.dll Sat 19 Nov 2005 8:26:36 ..S.R 235.515 229,99 K

    rosman.dll Wed 23 Nov 2005 9:41:38 ..S.R 236.024 230,49 K

    rtpdr.dll Wed 21 Dec 2005 19:49:00 ..S.R 234.261 228,77 K

    rvsctrs.dll Tue 27 Dec 2005 13:28:06 ..S.R 236.183 230,64 K

    shdocvw.dll Fri 21 Oct 2005 15:35:16 A.... 1.339.392 1,28 M

    soi.dll Wed 21 Dec 2005 9:50:20 ..S.R 237.024 231,47 K

    svmsg.dll Fri 4 Nov 2005 20:23:38 ..S.R 236.989 231,43 K

    t0r80a~1.dll Mon 26 Dec 2005 18:01:40 ..S.R 233.753 228,27 K

    typisnap.dll Fri 16 Dec 2005 9:46:02 ..S.R 234.197 228,71 K

    urlmon.dll Fri 21 Oct 2005 16:49:04 A.... 460.800 450,00 K

    vmipxspx.dll Tue 27 Dec 2005 9:37:54 ..S.R 235.764 230,24 K

    wdnrnr.dll Sat 26 Nov 2005 18:22:38 ..S.R 236.024 230,49 K

    wininet.dll Fri 21 Oct 2005 16:49:04 A.... 579.072 565,50 K

    wkhirda.dll Sat 17 Dec 2005 8:17:22 ..S.R 236.433 230,89 K

    xcnroll.dll Tue 29 Nov 2005 9:45:56 ..S.R 236.024 230,49 K

    xklehlp.dll Thu 22 Dec 2005 9:46:42 ..S.R 237.024 231,47 K

    83 items found: 83 files (74 H/S), 0 directories.

    Total of file sizes: 24.954.220 bytes 23,80 M

    Locate .tmp files:

    No matches found.

    **********************************************************************************

    Directory Listing of system files:

    O volume na unidade C ‚ Diskc

    O n£mero de s‚rie do volume ‚ 38BA-F348

    Pasta de C:\WINNT\System32

    28/12/2005 10:31 235.162 BDOWSEUI.DLL

    27/12/2005 20:29 236.183 gp2ql3f51.dll

    27/12/2005 13:28 236.183 rVsctrs.dll

    27/12/2005 13:26 235.162 p64u0gh9e64.dll

    27/12/2005 09:37 235.764 VMIPXSPX.DLL

    26/12/2005 18:10 235.162 prxdll.dll

    26/12/2005 18:02 <DIR> dllcache

    26/12/2005 18:01 233.753 t0r80a9ued.dll

    26/12/2005 13:12 235.558 ir08l5du1.dll

    26/12/2005 12:07 233.717 lxpct12n.dll

    23/12/2005 17:57 233.717 abledit.dll

    23/12/2005 17:50 235.627 m0jula191d.dll

    23/12/2005 08:01 233.853 g6lm0g31e6.dll

    22/12/2005 09:46 237.024 xklehlp.dll

    21/12/2005 20:29 234.261 l6j80g1ue6.dll

    21/12/2005 19:48 234.261 rtpdr.dll

    21/12/2005 09:50 237.024 soi.dll

    20/12/2005 07:57 236.433 ihss.dll

    19/12/2005 09:47 234.197 mxxml3r.dll

    17/12/2005 08:17 236.433 wkhirda.dll

    16/12/2005 09:46 234.197 tYpisnap.dll

    15/12/2005 19:26 236.433 iIsuserr.dll

    15/12/2005 09:45 236.025 nGrrhook.dll

    14/12/2005 10:25 234.554 kjrml7911.dll

    13/12/2005 11:36 236.876 keddv.dll

    13/12/2005 11:24 236.744 ldrt.dll

    13/12/2005 11:11 234.989 Lmimg12n.dll

    13/12/2005 09:38 234.422 dkmstor.dll

    12/12/2005 16:37 234.980 ifclass.dll

    12/12/2005 09:47 234.422 kldir.dll

    10/12/2005 09:35 234.422 OTEAUT32.DLL

    09/12/2005 19:58 234.008 qnartz.dll

    09/12/2005 09:54 234.422 abicap32.dll

    08/12/2005 08:56 234.008 FK20.DLL

    06/12/2005 04:03 236.050 assldpc.dll

    05/12/2005 08:11 236.024 nzdsetup.dll

    03/12/2005 08:01 236.024 dveml.dll

    02/12/2005 09:40 236.024 otbc16gt.dll

    29/11/2005 09:45 236.024 XCNROLL.DLL

    26/11/2005 18:26 236.066 dn0m01d1e.dll

    26/11/2005 18:25 236.066 KVDCA.DLL

    26/11/2005 18:22 236.024 wdnrnr.dll

    26/11/2005 15:43 236.066 dvloader.dll

    24/11/2005 09:37 236.066 lncalui.dll

    23/11/2005 09:41 236.024 ROSMAN.DLL

    22/11/2005 22:41 234.184 ktrml7911.dll

    19/11/2005 08:26 235.515 RLOCURS.DLL

    18/11/2005 09:39 235.219 all71.dll

    17/11/2005 20:27 237.234 d2j0lc1m1f.dll

    17/11/2005 09:52 237.234 LWPNM12n.dll

    16/11/2005 22:38 235.219 MCV1_0.DLL

    16/11/2005 22:32 237.234 pplagent.dll

    16/11/2005 09:46 235.219 dbdskmgr.dll

    15/11/2005 09:49 234.987 luimg12n.dll

    14/11/2005 12:09 234.144 dsmv2clt.dll

    14/11/2005 09:43 235.467 oobctrac.dll

    11/11/2005 10:02 234.144 KPDCA.DLL

    09/11/2005 18:31 234.144 NRDENB32.DLL

    09/11/2005 09:45 237.261 mecomput.dll

    08/11/2005 09:50 236.989 dodiagn.dll

    07/11/2005 09:52 233.813 oypdx32.dll

    05/11/2005 15:38 236.989 cvgmgr32.dll

    05/11/2005 14:16 233.895 Lodis12n.dll

    05/11/2005 08:20 236.989 BEOWSEUI.DLL

    04/11/2005 20:38 236.989 mwbsync.dll

    04/11/2005 20:38 237.003 d4j00e1meh.dll

    04/11/2005 20:23 236.989 svmsg.dll

    04/11/2005 20:23 237.157 j86m0ij1e8o.dll

    04/11/2005 19:58 236.989 ODENGL32.DLL

    04/11/2005 19:58 233.794 l2r0lc9m1f.dll

    04/11/2005 14:08 236.989 drloader.dll

    04/11/2005 13:25 235.382 kt0ul7d91.dll

    03/11/2005 09:45 235.382 cmrtmmc.dll

    02/11/2005 03:57 235.474 nrvdmd.dll

    01/11/2005 09:49 235.382 mqident.dll

    74 arquivo(s) 17.429.844 bytes

    1 pasta(s) 13.934.796.800 bytes dispon¡veis

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    quando é assim que de paginas ou de barras no internet explorer eu uso o microsoft anti spyware ele é bom para isso remove isso e é fácil de mexer xP

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Autor do tópico
  • Amigo,

    segue o log do HijackThis:

    Logfile of HijackThis v1.99.1

    Scan saved at 17:28:49, on 30/12/2005

    Platform: Windows 2000 SP4 (WinNT 5.00.2195)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINNT\System32\smss.exe

    C:\WINNT\system32\winlogon.exe

    C:\WINNT\system32\services.exe

    C:\WINNT\system32\lsass.exe

    C:\WINNT\system32\svchost.exe

    C:\WINNT\system32\spoolsv.exe

    C:\ARQUIVOS DE PROGRAMAS\AVPERSONAL\AVGUARD.EXE

    C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

    C:\WINNT\System32\svchost.exe

    C:\WINNT\system32\hidserv.exe

    C:\WINNT\system32\regsvc.exe

    C:\WINNT\system32\MSTask.exe

    C:\WINNT\System32\WBEM\WinMgmt.exe

    C:\Arquivos de programas\TridiaVNC\win32\WinVNC.exe

    C:\WINNT\system32\svchost.exe

    C:\Arquivos de programas\Citrix\ICA Client\ssonsvr.exe

    C:\WINNT\system32\rundll32.exe

    C:\WINNT\Explorer.EXE

    C:\WINNT\system32\VTTimer.exe

    C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

    C:\Arquivos de programas\AVPersonal\AVGNT.EXE

    C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe

    C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE

    C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Documents and Settings\moacir\Desktop\Meu\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camera2.com.br/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camera2.com.br/

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.4.64:3128

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://adsserver; http://172.16.4.6:8082/intranet/login/veri...m;<local>

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

    O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\TridiaVNC\win32\WinVNC.exe" -servicehelper

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

    O4 - HKLM\..\Run: [AVGCtrl] C:\Arquivos de programas\AVPersonal\AVGNT.EXE /min

    O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

    O16 - DPF: {548F34E4-8B63-4E3D-80EF-ABC03882A4F6} (Upload.CtlUpload) - https://ws7.investshop.com.br/sistemas/cmp/...ivos/Upload.CAB

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121953369617

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121953354039

    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ebook.cybermartkorea.com:8080/Component/msxml4.cab

    O16 - DPF: {9B935470-AD4A-11D5-B63E-00C04FAEDB18} (Oracle JInitiator 1.1.8.16) - http://200.185.240.7/jinitiator/jinit11816.exe

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = capital.hoepers

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = capital.hoepers

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = capital.hoepers

    O20 - Winlogon Notify: AdminDebug - C:\WINNT\system32\m246lchs1f46.dll

    O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll

    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\ARQUIVOS DE PROGRAMAS\AVPERSONAL\AVGUARD.EXE

    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Arquivos de programas\Symantec\pcAnywhere\awhost32.exe

    O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: TridiaVNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\TridiaVNC\win32\WinVNC.exe" -service (file missing)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Baixe o SpySweeper. Instale e atualize-o.

    Rode o l2mfix.bat e execute a opção 2 e dê ENTER.

    Entre em modo de segurança.

    Rode o HijackThis e marque a seguinte entrada:

    O20 - Winlogon Notify: AdminDebug - C:\WINNT\system32\m246lchs1f46.dll

    Clique em Fix Checked.

    Rode o SpySweeper e salve o resultado do scan.

    Reinicie o computador.

    Cole um novo log de HijackThis e o resultado do scan do SpySweeper.

    OBS.: Você utiliza proxy?

    Conhece desta configuração de DNS:

    Domain = capital.hoepers

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Sim amigo, utilizo proxy. Este DNS é da empresa onde trabalho.

    Segue os log do HijackThis e as telas do SpySweeper.

    Logfile of HijackThis v1.99.1

    Scan saved at 13:36:15, on 2/1/2006

    Platform: Windows 2000 SP4 (WinNT 5.00.2195)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINNT\System32\smss.exe

    C:\WINNT\system32\winlogon.exe

    C:\WINNT\system32\services.exe

    C:\WINNT\system32\lsass.exe

    C:\WINNT\system32\svchost.exe

    C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

    C:\WINNT\System32\WBEM\WinMgmt.exe

    C:\Arquivos de programas\Citrix\ICA Client\ssonsvr.exe

    C:\WINNT\system32\rundll32.exe

    C:\WINNT\Explorer.EXE

    C:\Documents and Settings\moacir\Desktop\Meu\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camera2.com.br/

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

    O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\TridiaVNC\win32\WinVNC.exe" -servicehelper

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

    O4 - HKLM\..\Run: [AVGCtrl] C:\Arquivos de programas\AVPersonal\AVGNT.EXE /min

    O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"

    O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

    O4 - HKCU\..\Run: [internat.exe] internat.exe

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

    O16 - DPF: {548F34E4-8B63-4E3D-80EF-ABC03882A4F6} (Upload.CtlUpload) - https://ws7.investshop.com.br/sistemas/cmp/...ivos/Upload.CAB

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121953369617

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121953354039

    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ebook.cybermartkorea.com:8080/Component/msxml4.cab

    O16 - DPF: {9B935470-AD4A-11D5-B63E-00C04FAEDB18} (Oracle JInitiator 1.1.8.16) - http://200.185.240.7/jinitiator/jinit11816.exe

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = capital.hoepers

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = capital.hoepers

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = capital.hoepers

    O20 - Winlogon Notify: OfficeUpdate - C:\WINNT\system32\irl0l53m1.dll

    O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll

    O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll

    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\ARQUIVOS DE PROGRAMAS\AVPERSONAL\AVGUARD.EXE

    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Arquivos de programas\Symantec\pcAnywhere\awhost32.exe

    O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

    O23 - Service: TridiaVNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\TridiaVNC\win32\WinVNC.exe" -service (file missing)

    localizou o icannnews e o look2me.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Fça um novo scan com o Spy Sweeper em modo de segurança e salve o resultado do scan.

    Rode novamente o l2mfix.bat, na opção 2.

    Cole o resultado do scan do Spy Sweeper e um novo log de HijackThis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue o log do Spy Weeper: Abaixo do Spy Weeper está o log do HijackThis

    ********

    13:02: | Start of Session, terça-feira, 3 de janeiro de 2006 |

    13:02: Spy Sweeper started

    13:02: Sweep initiated using definitions version 594

    13:02: Starting Memory Sweep

    13:02: Found Adware: icannnews

    13:02: Detected running threat: C:\WINNT\system32\hrn0055me.dll (ID = 83)

    13:02: Detected running threat: C:\WINNT\system32\wtps.dll (ID = 83)

    13:03: Memory Sweep Complete, Elapsed Time: 00:00:43

    13:03: Starting Registry Sweep

    13:03: Registry Sweep Complete, Elapsed Time:00:00:07

    13:03: Starting Cookie Sweep

    13:03: Cookie Sweep Complete, Elapsed Time: 00:00:00

    13:03: Starting File Sweep

    13:03: Found Adware: look2me

    13:03: wtps.dll (ID = 159)

    13:03: o2pqlc751f.dll (ID = 159)

    13:07: hrn0055me.dll (ID = 159)

    13:08: File Sweep Complete, Elapsed Time: 00:05:00

    13:08: Full Sweep has completed. Elapsed time 00:05:55

    13:08: Traces Found: 5

    ********

    11:38: | Start of Session, terça-feira, 3 de janeiro de 2006 |

    11:38: Spy Sweeper started

    11:38: Sweep initiated using definitions version 594

    11:38: Starting Memory Sweep

    11:39: Found Adware: icannnews

    11:39: Detected running threat: C:\WINNT\system32\hrn0055me.dll (ID = 83)

    11:39: Detected running threat: C:\WINNT\system32\wtps.dll (ID = 83)

    11:39: Memory Sweep Complete, Elapsed Time: 00:00:47

    11:39: Starting Registry Sweep

    11:39: Registry Sweep Complete, Elapsed Time:00:00:07

    11:39: Starting Cookie Sweep

    11:39: Cookie Sweep Complete, Elapsed Time: 00:00:00

    11:39: Starting File Sweep

    11:40: Found Adware: look2me

    11:40: midsrv32.dll (ID = 159)

    11:40: wtps.dll (ID = 159)

    11:40: o2pqlc751f.dll (ID = 159)

    11:40: smcpack1.dll (ID = 159)

    11:40: cmrtmmc.dll (ID = 159)

    11:44: hrn0055me.dll (ID = 159)

    11:44: kydsw.dll (ID = 159)

    11:45: wdwfax.dll (ID = 159)

    11:50: File Sweep Complete, Elapsed Time: 00:10:24

    11:50: Full Sweep has completed. Elapsed time 00:11:22

    11:50: Traces Found: 10

    13:01: Program Version 4.5.7 (Build 642) Using Spyware Definitions 594

    13:02: | End of Session, terça-feira, 3 de janeiro de 2006 |

    ********

    11:38: | Start of Session, terça-feira, 3 de janeiro de 2006 |

    11:38: Spy Sweeper started

    11:38: Program Version 4.5.7 (Build 642) Using Spyware Definitions 594

    11:38: | End of Session, terça-feira, 3 de janeiro de 2006 |

    Eu tentei apagar estas .dll no braço mas o sistema não permite, nem mesmo em modo de segurança.

    Segue o log do HijackThis

    Logfile of HijackThis v1.99.1

    Scan saved at 13:35:18, on 03/01/2006

    Platform: Windows 2000 SP4 (WinNT 5.00.2195)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINNT\System32\smss.exe

    C:\WINNT\system32\winlogon.exe

    C:\WINNT\system32\services.exe

    C:\WINNT\system32\lsass.exe

    C:\WINNT\system32\svchost.exe

    C:\WINNT\system32\spoolsv.exe

    C:\ARQUIVOS DE PROGRAMAS\AVPERSONAL\AVGUARD.EXE

    C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

    C:\WINNT\System32\svchost.exe

    C:\WINNT\system32\hidserv.exe

    C:\WINNT\system32\regsvc.exe

    C:\WINNT\system32\MSTask.exe

    C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

    C:\WINNT\System32\WBEM\WinMgmt.exe

    C:\Arquivos de programas\TridiaVNC\win32\WinVNC.exe

    C:\WINNT\system32\svchost.exe

    C:\Arquivos de programas\Citrix\ICA Client\ssonsvr.exe

    C:\WINNT\system32\rundll32.exe

    C:\WINNT\Explorer.EXE

    C:\WINNT\system32\VTTimer.exe

    C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

    C:\Arquivos de programas\AVPersonal\AVGNT.EXE

    C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE

    C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Documents and Settings\moacir\Desktop\Meu\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camera2.com.br/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camera2.com.br/

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.4.64:3128

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://adsserver; http://172.16.4.6:8082/intranet/login/veri...m;<local>

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

    O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\TridiaVNC\win32\WinVNC.exe" -servicehelper

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

    O4 - HKLM\..\Run: [AVGCtrl] C:\Arquivos de programas\AVPersonal\AVGNT.EXE /min

    O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

    O16 - DPF: {548F34E4-8B63-4E3D-80EF-ABC03882A4F6} (Upload.CtlUpload) - https://ws7.investshop.com.br/sistemas/cmp/...ivos/Upload.CAB

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121953369617

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121953354039

    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ebook.cybermartkorea.com:8080/Component/msxml4.cab

    O16 - DPF: {9B935470-AD4A-11D5-B63E-00C04FAEDB18} (Oracle JInitiator 1.1.8.16) - http://200.185.240.7/jinitiator/jinit11816.exe

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = capital.hoepers

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = capital.hoepers

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = capital.hoepers

    O20 - Winlogon Notify: Control Panel - C:\WINNT\system32\hrn0055me.dll

    O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll

    O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll

    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\ARQUIVOS DE PROGRAMAS\AVPERSONAL\AVGUARD.EXE

    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Arquivos de programas\Symantec\pcAnywhere\awhost32.exe

    O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

    O23 - Service: TridiaVNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\TridiaVNC\win32\WinVNC.exe" -service (file missing)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Amigo Bucketheadkrz, finalmente estou começando a ficar aliviado! Começou a diminuir os registros no Spy Sweeper! Já estava pensando que teria que formatar o HD! :sne: .

    Tua ajuda esta sendo muito bom, valeu mesmo :-BEER .

    O Spy Sweeper ainda localiza 6 entradas do look2me: doscript.dll, guard.tmp, ifsext.dll, mvl2l93o1.dll, o2pqlc751f.dll e wtps.dll.

    Segue o log do HijackThis após ter executado o L2MRemover:

    Logfile of HijackThis v1.99.1

    Scan saved at 11:14:18, on 04/01/2006

    Platform: Windows 2000 SP4 (WinNT 5.00.2195)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINNT\System32\smss.exe

    C:\WINNT\system32\winlogon.exe

    C:\WINNT\system32\services.exe

    C:\WINNT\system32\lsass.exe

    C:\WINNT\system32\svchost.exe

    C:\WINNT\system32\spoolsv.exe

    C:\ARQUIVOS DE PROGRAMAS\AVPERSONAL\AVGUARD.EXE

    C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

    C:\WINNT\System32\svchost.exe

    C:\WINNT\system32\hidserv.exe

    C:\WINNT\system32\regsvc.exe

    C:\WINNT\system32\MSTask.exe

    C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

    C:\Arquivos de programas\Citrix\ICA Client\ssonsvr.exe

    C:\WINNT\Explorer.EXE

    C:\WINNT\System32\WBEM\WinMgmt.exe

    C:\Arquivos de programas\TridiaVNC\win32\WinVNC.exe

    C:\WINNT\system32\svchost.exe

    C:\WINNT\system32\VTTimer.exe

    C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

    C:\Arquivos de programas\AVPersonal\AVGNT.EXE

    C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Documents and Settings\moacir\Desktop\Meu\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camera2.com.br/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.camera2.com.br/

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.4.64:3128

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://adsserver; http://172.16.4.6:8082/intranet/login/veri...m;<local>

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

    O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\TridiaVNC\win32\WinVNC.exe" -servicehelper

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

    O4 - HKLM\..\Run: [AVGCtrl] C:\Arquivos de programas\AVPersonal\AVGNT.EXE /min

    O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

    O16 - DPF: {548F34E4-8B63-4E3D-80EF-ABC03882A4F6} (Upload.CtlUpload) - https://ws7.investshop.com.br/sistemas/cmp/...ivos/Upload.CAB

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121953369617

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121953354039

    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ebook.cybermartkorea.com:8080/Component/msxml4.cab

    O16 - DPF: {9B935470-AD4A-11D5-B63E-00C04FAEDB18} (Oracle JInitiator 1.1.8.16) - http://200.185.240.7/jinitiator/jinit11816.exe

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = capital.hoepers

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = capital.hoepers

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = capital.hoepers

    O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll

    O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll

    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\ARQUIVOS DE PROGRAMAS\AVPERSONAL\AVGUARD.EXE

    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Arquivos de programas\Symantec\pcAnywhere\awhost32.exe

    O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

    O23 - Service: TridiaVNC Server (winvnc) - Unknown owner - C:\Arquivos de programas\TridiaVNC\win32\WinVNC.exe" -service (file missing)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Amigo Bucketheadkrz!!!!!!

    Valeu MESMO!!! Deletei as .dll: doscript.dll, guard.tmp, ifsext.dll, mvl2l93o1.dll, o2pqlc751f.dll e wtps.dll "no braço" e reiniciei a estação, passei o Spy Sweeper e não localizou mais nada. :palmas:

    Liberei a estação do firewall, acessei a internet e não tentou abrir nenhum site e nem apareceu mensagem que estava tentando abrir sites, antes de limpar sempre que navegava aparecia alerta no Spy Sweeper que tentava abrir site do A-d-w-a-r-e.

    Cara, muito Obrigado mesmo!!!! :D:-BEER

    Grande abraço!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Legal o artigo do uol. Eu peguei este cara quando fiz uma pesquisa na internet, mas beleza, agora esta tudo legal, estou com a estação liberada no firewall e sem problema nenhum. Valeu mesmo.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×