Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
sadao

Ajudem aqui por favor

Recommended Posts

Caramba... estou tentando tudo aqui, mas não consigo resolver os problemas do pc... ele inicia normal, mas depois de um tempo conectado aparece uma mensagem de q o computador possui 9 keyloggin e outra mensagem dizendo q o windows encontrou 9spywares modules no sistema... aparecem também dois icones no system tray com sinal de exclamação "!"...

ah, não para de abrir paginas também...

gostaria q alguem me ajudasse por favor...

Logfile of HijackThis v1.99.1

Scan saved at 23:21:30, on 7/3/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\Logitech\Video\LogiTray.exe

C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\LVComsX.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\WINDOWS\NCLAUNCH.EXe

C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe

C:\WINDOWS\wupdmgr.exe

C:\WINDOWS\osaupd.exe

C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearchIndexer.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\Documents and Settings\Yuri\Meus documentos\fabio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe

O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Yuri\CONFIG~1\Temp\68.tmp

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe

O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?e69c7925906c48f58ef7a6921454eea7

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?e69c7925906c48f58ef7a6921454eea7

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: C:\WINDOWS\System32\win_x.dll

O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\lv8m09l1e.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Serviço de proteção automática do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe

post-59931-13884906419669_thumb.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o l2mfix.exe

Reinicie em modo normal e dê um duplo-clique em cima do l2mfix.exe.

Clique em Accept e depois em Install. Abra a pasta L2Mfix, que foi criada. Não execute os outros, e dê um duplo-clique em l2mfix.bat, aperte Enter, vai aparecer um prompt verde com alguns números, então marque #1 for Run Find Log e aperte Enter novamente. Espere um pouco, que o Bloco de notas abrirá com o log. Salve este log.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Cara, fiz o q você falou e saiu o seguinte log

    L2MFIX find log 010406

    These are the registry keys present

    **********************************************************************************

    Winlogon/notify:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

    "Asynchronous"=dword:00000000

    "Impersonate"=dword:00000000

    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

    6c,00,00,00

    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

    "Asynchronous"=dword:00000000

    "Impersonate"=dword:00000000

    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

    "DLLName"="cscdll.dll"

    "Logon"="WinlogonLogonEvent"

    "Logoff"="WinlogonLogoffEvent"

    "ScreenSaver"="WinlogonScreenSaverEvent"

    "Startup"="WinlogonStartupEvent"

    "Shutdown"="WinlogonShutdownEvent"

    "StartShell"="WinlogonStartShellEvent"

    "Impersonate"=dword:00000000

    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

    @=""

    "DLLName"="igfxsrvc.dll"

    "Asynchronous"=dword:00000001

    "Impersonate"=dword:00000001

    "Unlock"="WinlogonUnlockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce]

    "Asynchronous"=dword:00000000

    "DllName"="C:\\WINDOWS\\system32\\p4p60e7seh.dll"

    "Impersonate"=dword:00000000

    "Logon"="WinLogon"

    "Logoff"="WinLogoff"

    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

    "DLLName"="wlnotify.dll"

    "Logon"="SCardStartCertProp"

    "Logoff"="SCardStopCertProp"

    "Lock"="SCardSuspendCertProp"

    "Unlock"="SCardResumeCertProp"

    "Enabled"=dword:00000001

    "Impersonate"=dword:00000001

    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

    "Asynchronous"=dword:00000000

    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    "Impersonate"=dword:00000000

    "StartShell"="SchedStartShell"

    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

    "Logoff"="WLEventLogoff"

    "Impersonate"=dword:00000000

    "Asynchronous"=dword:00000001

    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

    "DLLName"="WlNotify.dll"

    "Lock"="SensLockEvent"

    "Logon"="SensLogonEvent"

    "Logoff"="SensLogoffEvent"

    "Safe"=dword:00000001

    "MaxWait"=dword:00000258

    "StartScreenSaver"="SensStartScreenSaverEvent"

    "StopScreenSaver"="SensStopScreenSaverEvent"

    "Startup"="SensStartupEvent"

    "Shutdown"="SensShutdownEvent"

    "StartShell"="SensStartShellEvent"

    "PostShell"="SensPostShellEvent"

    "Disconnect"="SensDisconnectEvent"

    "Reconnect"="SensReconnectEvent"

    "Unlock"="SensUnlockEvent"

    "Impersonate"=dword:00000001

    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

    "Asynchronous"=dword:00000000

    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    "Impersonate"=dword:00000000

    "Logoff"="TSEventLogoff"

    "Logon"="TSEventLogon"

    "PostShell"="TSEventPostShell"

    "Shutdown"="TSEventShutdown"

    "StartShell"="TSEventStartShell"

    "Startup"="TSEventStartup"

    "MaxWait"=dword:00000258

    "Reconnect"="TSEventReconnect"

    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

    "DLLName"="wlnotify.dll"

    "Logon"="RegisterTicketExpiredNotificationEvent"

    "Logoff"="UnregisterTicketExpiredNotificationEvent"

    "Impersonate"=dword:00000001

    "Asynchronous"=dword:00000001

    **********************************************************************************

    useragent:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    "{CD9F29B8-0F00-9630-15E0-EF653B212C8A}"=""

    **********************************************************************************

    Shell Extension key:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    "{00022613-0000-0000-C000-000000000046}"="Folha de propriedades de arquivo de multim¡dia"

    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gerenciamento de scanner ICM"

    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="P gina de seguran‡a NTFS"

    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="P gina de propriedades do arquivo de documento OLE"

    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensäes do Shell para compartilhamento"

    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="ExtensÆo do 'Painel de controle' para adaptador de v¡deo"

    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="ExtensÆo do 'Painel de controle' para monitor de v¡deo"

    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="ExtensÆo do 'Painel de controle' para panorƒmica de v¡deo"

    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="P gina de seguran‡a DS"

    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="P gina de compatibilidade"

    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Manipulador de dados de recorte do shell"

    "{59099400-57FF-11CE-BD94-0020AF85B590}"="ExtensÆo de c¢pia de disco"

    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensäes do shell para objetos Microsoft Windows Network"

    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gerenciamento de monitor ICM"

    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gerenciamento de impressora ICM"

    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensäes do shell para compacta‡Æo de arquivos"

    "{77597368-7b15-11d0-a0c2-080036af3f03}"="ExtensÆo do shell de impressora na Web"

    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu de contexto de criptografia"

    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porta-arquivos"

    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="ExtensÆo de ¡cone do HyperTerminal"

    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Perfil ICC"

    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="P gina de seguran‡a de impressoras"

    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensäes do Shell para compartilhamento"

    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="ExtensÆo PKO de criptografia"

    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="ExtensÆo do sinal de criptografia"

    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Conexäes de rede"

    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Conexäes de rede"

    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & cƒmeras"

    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & cƒmeras"

    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & cƒmeras"

    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & cƒmeras"

    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & cƒmeras"

    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensäes shell para host de scripts do Windows"

    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Vincula‡Æo de dados Microsoft"

    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tarefas agendadas"

    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra de tarefas e menu Iniciar"

    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Pesquisar"

    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ajuda e suporte"

    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ajuda e suporte"

    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Executar..."

    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Email"

    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontes"

    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Ferramentas administrativas"

    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra de ferramentas do Microsoft Internet Explorer"

    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Status do download"

    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Pasta do shell aumentada"

    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Pasta do shell aumentada 2"

    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"

    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Faixa de pesquisa"

    "{32683183-48a0-441b-a342-7c2a440a9478}"="Faixa de m¡dia"

    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Pesquisa no painel"

    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Pesquisa na Web"

    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilit rio de op‡äes de  rvore do Registro"

    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="E&ndere‡o"

    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Caixa de edi‡Æo de endere‡o"

    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Preenchimento autom tico da Microsoft"

    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"

    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista de preenchimento autom tico MRU"

    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Lista personalizada MRU preenchida automaticamente"

    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Acess¡vel"

    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barra Popup de controle"

    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analisador da barra de endere‡os"

    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista de preenchimento autom tico de hist¢rico da Microsoft"

    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista de preenchimento autom tico de pastas do Shell da Microsoft"

    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Recipiente de lista de preenchimento autom tico m£ltiplo da Microsoft"

    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu de site de faixa do Shell"

    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"

    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistˆncia ao usu rio"

    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Configura‡äes de pasta globais"

    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Servi‡o de hist¢rico de URLs da Microsoft"

    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Hist¢rico"

    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"

    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"

    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Faixa do Explorer"

    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

    "{88C6C381-2E85-11D0-94DE-444553540000}"="Pasta cache de ActiveX"

    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Pasta de inscri‡äes"

    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gerenciador de aplicativos do shell"

    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerador de aplicativos instalado"

    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Editor de aplicativo Darwin"

    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extrator de miniaturas de arquivo GDI+"

    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Identificador de informa‡äes de resumo de miniaturas (DOCFILES)"

    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extrator de miniaturas HTML"

    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistente para publica‡Æo na Web"

    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Pedido de impressÆo via Web"

    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objeto do assistente para publica‡Æo do shell"

    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Obter um Assistente do Passport"

    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Contas de usu rio"

    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Arquivo de canal"

    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Atalho para o canal"

    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objeto manipulador de canais"

    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Pasta de arquivos off-line"

    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"

    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"

    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Pessoas..."

    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

    "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"

    "{5E44E225-A408-11CF-B581-008029601108}"="Roxio DragToDisc Shell Extension"

    "{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC}"="My Media"

    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"

    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"

    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"

    "{13E7F612-F261-4391-BEA2-39DF4F3FA311}"="Windows Desktop Search"

    "{97090E2F-3062-4459-855B-014F0D3CDBB1}"="MSN Deskbar"

    "{9F5EFB7E-571E-4F1A-B06F-2C7304ACC1A6}"=""

    "{F9ED0BCC-9B00-4BD1-B575-82AD4A158491}"=""

    "{35AE67FF-53A6-42B1-8C53-3058FAA13476}"=""

    "{283B7CD4-01CF-4D0D-9588-D46451BD761A}"=""

    "{C92A44FE-2F4A-4935-9DE1-B820EA96C0EB}"=""

    "{FEF068FD-0E39-4AA0-B234-A36F1C7D01FE}"=""

    "{1AB94871-4D02-49BA-AFE1-0D14BBB807CB}"=""

    "{2246BBC2-DEF6-4B86-A33F-3FFEDEAB3542}"=""

    "{020A6876-7E71-4968-953C-130FE4E124DD}"=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D426CFD0-87FC-4906-98D9-A23F5D515D61}]

    @="MSN Desktop Search Outlook Express ISearchFolder Class"

    **********************************************************************************

    HKEY ROOT CLASSIDS:

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{9F5EFB7E-571E-4F1A-B06F-2C7304ACC1A6}]

    @=""

    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\CLSID\{9F5EFB7E-571E-4F1A-B06F-2C7304ACC1A6}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9F5EFB7E-571E-4F1A-B06F-2C7304ACC1A6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9F5EFB7E-571E-4F1A-B06F-2C7304ACC1A6}\InprocServer32]

    @="C:\\WINDOWS\\system32\\neevent.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F9ED0BCC-9B00-4BD1-B575-82AD4A158491}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F9ED0BCC-9B00-4BD1-B575-82AD4A158491}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F9ED0BCC-9B00-4BD1-B575-82AD4A158491}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F9ED0BCC-9B00-4BD1-B575-82AD4A158491}\InprocServer32]

    @="C:\\WINDOWS\\system32\\asmeter.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{35AE67FF-53A6-42B1-8C53-3058FAA13476}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{35AE67FF-53A6-42B1-8C53-3058FAA13476}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{35AE67FF-53A6-42B1-8C53-3058FAA13476}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{35AE67FF-53A6-42B1-8C53-3058FAA13476}\InprocServer32]

    @="C:\\WINDOWS\\system32\\itfxdgps.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{283B7CD4-01CF-4D0D-9588-D46451BD761A}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{283B7CD4-01CF-4D0D-9588-D46451BD761A}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{283B7CD4-01CF-4D0D-9588-D46451BD761A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{283B7CD4-01CF-4D0D-9588-D46451BD761A}\InprocServer32]

    @="C:\\WINDOWS\\system32\\fHultrep.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C92A44FE-2F4A-4935-9DE1-B820EA96C0EB}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C92A44FE-2F4A-4935-9DE1-B820EA96C0EB}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C92A44FE-2F4A-4935-9DE1-B820EA96C0EB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C92A44FE-2F4A-4935-9DE1-B820EA96C0EB}\InprocServer32]

    @="C:\\WINDOWS\\system32\\mwsystem.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{FEF068FD-0E39-4AA0-B234-A36F1C7D01FE}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FEF068FD-0E39-4AA0-B234-A36F1C7D01FE}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FEF068FD-0E39-4AA0-B234-A36F1C7D01FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FEF068FD-0E39-4AA0-B234-A36F1C7D01FE}\InprocServer32]

    @="C:\\WINDOWS\\system32\\nbxpnt.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{1AB94871-4D02-49BA-AFE1-0D14BBB807CB}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1AB94871-4D02-49BA-AFE1-0D14BBB807CB}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1AB94871-4D02-49BA-AFE1-0D14BBB807CB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1AB94871-4D02-49BA-AFE1-0D14BBB807CB}\InprocServer32]

    @="C:\\WINDOWS\\system32\\Ievu9_32.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2246BBC2-DEF6-4B86-A33F-3FFEDEAB3542}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2246BBC2-DEF6-4B86-A33F-3FFEDEAB3542}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2246BBC2-DEF6-4B86-A33F-3FFEDEAB3542}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2246BBC2-DEF6-4B86-A33F-3FFEDEAB3542}\InprocServer32]

    @="C:\\WINDOWS\\system32\\dqom_14.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{020A6876-7E71-4968-953C-130FE4E124DD}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{020A6876-7E71-4968-953C-130FE4E124DD}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{020A6876-7E71-4968-953C-130FE4E124DD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{020A6876-7E71-4968-953C-130FE4E124DD}\InprocServer32]

    @="C:\\WINDOWS\\system32\\bndispl.dll"

    "ThreadingModel"="Apartment"

    **********************************************************************************

    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\

    bndispl.dll Wed 8 Mar 2006 14:58:16 ..S.R 236.757 231,21 K

    dcom_14.dll Tue 7 Mar 2006 15:43:50 A.... 123.904 121,00 K

    dqom_14.dll Wed 8 Mar 2006 14:52:20 ..S.R 236.424 230,88 K

    ievu9_32.dll Tue 7 Mar 2006 23:15:26 ..S.R 236.460 230,92 K

    msupda~1.dll Tue 7 Mar 2006 15:43:38 ..... 488.960 477,50 K

    nbxpnt.dll Tue 7 Mar 2006 21:52:48 ..S.R 236.271 230,73 K

    neevent.dll Tue 7 Mar 2006 15:46:52 ..S.R 234.272 228,78 K

    p4p60e~1.dll Tue 7 Mar 2006 23:15:30 ..S.R 236.757 231,21 K

    rfmps.dll Tue 7 Mar 2006 22:44:28 ..S.R 233.835 228,35 K

    s0pula~1.dll Wed 8 Mar 2006 14:57:20 ..S.R 236.424 230,88 K

    s32evnt1.dll Tue 3 Jan 2006 15:31:44 A.... 91.904 89,75 K

    sirenacm.dll Wed 14 Dec 2005 17:24:42 A.... 118.784 116,00 K

    sndmixex.dll Tue 7 Mar 2006 15:43:54 A.... 48.128 47,00 K

    winmgm~1.dll Tue 7 Mar 2006 15:43:46 A.... 6.656 6,50 K

    win_x.dll Tue 7 Mar 2006 15:43:52 A..HR 4.096 4,00 K

    15 items found: 15 files (9 H/S), 0 directories.

    Total of file sizes: 2.769.632 bytes 2,64 M

    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\

    guard.tmp Wed 8 Mar 2006 14:58:20 A.... 233.849 228,37 K

    wupdmgr.tmp Tue 7 Mar 2006 21:58:42 A.SH. 0 0,00 K

    2 items found: 2 files (1 H/S), 0 directories.

    Total of file sizes: 233.849 bytes 228,37 K

    **********************************************************************************

    Directory Listing of system files:

    O volume na unidade C nÆo tem nome.

    O n£mero de s‚rie do volume ‚ 8CD3-4D8B

    Pasta de C:\WINDOWS\System32

    08/03/2006 14:58 236.757 bndispl.dll

    08/03/2006 14:57 236.424 s0pula791d.dll

    08/03/2006 14:52 236.424 dqom_14.dll

    07/03/2006 23:15 236.757 p4p60e7seh.dll

    07/03/2006 23:15 236.460 Ievu9_32.dll

    07/03/2006 22:44 233.835 rfmps.dll

    07/03/2006 21:58 0 wupdmgr.tmp

    07/03/2006 21:52 236.271 nbxpnt.dll

    07/03/2006 15:46 234.272 neevent.dll

    08/02/2006 12:53 <DIR> dllcache

    05/03/2005 15:28 <DIR> Microsoft

    9 arquivo(s) 1.887.200 bytes

    2 pasta(s) 67.966.251.008 bytes dispon¡veis

    o q eu faço agora?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Talvez você queira imprimir essas instruções ou salvá-las em um arquivo texto para fácil acesso.

    1ª Etapa

    1. Faça o download do smitRem http://noahdfear.geekstogo.com/click%20cou.../click.php?id=1

    e salve o file em alguma pasta conviniente.

    2. Faça o download do KillBox:

    http://linhadefensiva.uol.com.br/dl/killbox

    Unzip

    Habilite o Windows para mostrar todos os arquivos (até ocultos). -> veja

    Execute o KillBox: Selecione Delete on reboot; No box Full path of file to delete; Coloque:

    Clique no botão All Files.

    C:\WINDOWS\wupdmgr.exe

    - > Aperte X. Responda "no" à primeira pergunta

    próximos

    C:\WINDOWS\osaupd.exe

    C:\WINDOWS\security.html

    C:\WINDOWS\SYSTEM32\msupdate32.dll

    C:\WINDOWS\System32\kernels8.exe

    C:\WINDOWS\System32\paytime.exe

    C:\\gimmysmileys1.exe

    C:\WINDOWS\System32\vxh8jkdq2.exe

    C:\WINDOWS\System32\dcom_14.dll

    C:\WINDOWS\WXVyaQ\command.exe

    C:\Arquivos de programas\Network Monitor\netmon.exe

    C:\DOCUME~1\Yuri\CONFIG~1\Temp\68.tmp

    C:\WINDOWS\System32\win_x.dll

    - No Painel de Controle, abra a opção Vídeo >> Selecione a aba Área de Trabalho >> clique no botão Personalizar Área de Trabalho >> Web >> verifique se existe um item chamado Security Info. Existindo, desmarque-o. Poderá selecioná-lo e removê-lo. Confirme...

    Reinicie em Modo Seguro (aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

    1) Abra o smitRem folder, dê um duplo click no RunThis.bat file para starter na ferramenta. Vai abrir o prompt, e você vai aguardar com paciência até que a ferramenta cumpra a limpeza e rastreamento no disco. Localize e post o smitfiles.txt que geralmente fica em -> C:/ ou partição de onde voce executou a ferramenta.

    2) Iniciar -> Executar. Digite services.msc e clique em OK. Procure o service cavalo de tróia abaixo. Dê um clique direito neles e clique em Propriedades. Clique em Parar e troque o Tipo de Inicialização para Desativado.

    Network Monitor

    cmdService

    3) Iniciar -> executar -> escreve cmd -> enter

    cole

    sc delete Network Monitor

    Enter

    cole

    sc delete cmdService

    Enter

    cole

    exit

    Enter

    Reiniciar o computador

    2ª Etapa

    Abra a pasta L2Mfix e dê um duplo-clique em l2mfix.bat, depois dê Enter

    Digite: 2 > marque #2 for Run Fix > clique em Enter.

    No teclado, aperte qualquer tecla para reiniciar o PC.

    Quando reiniciar, a área de trabalho e os ícones podem ficar aparecendo e desaparecendo, mas não se preocupe que é assim mesmo.

    Espere um pouco, que o Bloco de notas abrirá com o log. Salve este log.

    3ª Etapa

    Faça o download do ATF Cleaner by Atribune

    http://www.atribune.org/ccount/click.php?id=1

    -> em seu desktop

    Reinicie em Modo Seguro (aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

    1) Execute o HijackThis, clique em Do a System Scan Only, marque somente as entradas abaixo e dê Fix Checked.

    O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe

    O4 - HKLM\..\Run: [mousepad] C:\\mousepad1.exe

    O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Yuri\CONFIG~1\Temp\68.tmp

    O20 - AppInit_DLLs: C:\WINDOWS\System32\win_x.dll

    O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\lv8m09l1e.dll

    2) Dois cliques no ATF-Cleaner.exe para rodar a ferramenta.

    Check (assinale) os seguintes boxes:

    Windows Temp

    Current User Temp

    All Users Temp

    Temporary Internet Files

    Prefetch

    Java Cache

    clica Empty Selected. Aparece uma janela "Done Cleaning" clique OK e exit.

    Reinicie novamente

    4ª Etapa

    Execute o Panda ActiveScan

    Cola o Log smitfiles.txt

    L2Mfix

    Panda

    E depois do Scan Panda faça o log hijackthis e anexe juntamente

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Fiz tudo q você pediu e o panda acusou 60 spywares...

    vou mandar os logs q você pediu abaixo

    smitRem © log file

    version 2.8

    by noahdfear

    Microsoft Windows XP [versÆo 5.1.2600]

    Running from

    C:\Documents and Settings\Yuri\Meus documentos\fabio\smitRem

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Pre-run SharedTask Export

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)

    Copyright© 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui"

    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon de cache de categorias de componente"

    "{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}"="DCOM Server"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]

    @="%SystemRoot%\System32\browseui.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]

    @="%SystemRoot%\System32\browseui.dll"

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key

    PSGuard.com key not present!

    checking for WinHound.com key

    WinHound.com key not present!

    spyaxe uninstaller NOT present

    Winhound uninstaller NOT present

    SpywareStrike uninstaller NOT present

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files

    ~~~ Program Files ~~~

    ~~~ Shortcuts ~~~

    ~~~ Favorites ~~~

    ~~~ system32 folder ~~~

    ~~~ Icons in System32 ~~~

    ~~~ Windows directory ~~~

    ~~~ Drive root ~~~

    ~~~ Miscellaneous Files/folders ~~~

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

    Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

    Killing PID 812 'explorer.exe'

    Killing PID 812 'explorer.exe'

    Starting registry repairs

    Registry repairs complete

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SharedTask Export after registry fix

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)

    Copyright© 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui"

    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon de cache de categorias de componente"

    "{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}"="DCOM Server"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]

    @="%SystemRoot%\System32\browseui.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]

    @="%SystemRoot%\System32\browseui.dll"

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Deleting files

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Remaining Post-run Files

    ~~~ Program Files ~~~

    ~~~ Shortcuts ~~~

    ~~~ Favorites ~~~

    ~~~ system32 folder ~~~

    ~~~ Icons in System32 ~~~

    ~~~ Windows directory ~~~

    ~~~ Drive root ~~~

    ~~~ Miscellaneous Files/folders ~~~

    ~~~ Wininet.dll ~~~

    CLEAN! :)

    ----------------------------------

    L2mfix 010406

    Creating Account.

    Comando conclu¡do com ˆxito.

    Adding Administrative privleges.

    Checking for L2MFix account(0=no 1=yes):

    1

    Granting SeDebugPrivilege to L2MFIX ... successful

    Running From:

    C:\WINDOWS\system32

    Killing Processes!

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

    Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

    Killing PID 496 'smss.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

    Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

    Killing PID 576 'winlogon.exe'

    Killing PID 576 'winlogon.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

    Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

    Killing PID 1772 'explorer.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

    Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

    Killing PID 1420 'rundll32.exe'

    Restoring Sedebugprivilege:

    Scanning First Pass. Please Wait!

    First Pass Completed

    Second Pass Scanning

    Second pass Completed!

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    1 arquivo(s) copiado(s).

    Deleting: C:\WINDOWS\system32\agledit.dll

    Successfully Deleted: C:\WINDOWS\system32\agledit.dll

    Deleting: C:\WINDOWS\system32\bndispl.dll

    Successfully Deleted: C:\WINDOWS\system32\bndispl.dll

    Deleting: C:\WINDOWS\system32\cnlbact.dll

    Successfully Deleted: C:\WINDOWS\system32\cnlbact.dll

    Deleting: C:\WINDOWS\system32\dnwsock.dll

    Successfully Deleted: C:\WINDOWS\system32\dnwsock.dll

    Deleting: C:\WINDOWS\system32\dqom_14.dll

    Successfully Deleted: C:\WINDOWS\system32\dqom_14.dll

    Deleting: C:\WINDOWS\system32\Ievu9_32.dll

    Successfully Deleted: C:\WINDOWS\system32\Ievu9_32.dll

    Deleting: C:\WINDOWS\system32\irp6l57s1.dll

    Successfully Deleted: C:\WINDOWS\system32\irp6l57s1.dll

    Deleting: C:\WINDOWS\system32\ktdgkl.dll

    Successfully Deleted: C:\WINDOWS\system32\ktdgkl.dll

    Deleting: C:\WINDOWS\system32\mdc42.dll

    Successfully Deleted: C:\WINDOWS\system32\mdc42.dll

    Deleting: C:\WINDOWS\system32\mol_qic.dll

    Successfully Deleted: C:\WINDOWS\system32\mol_qic.dll

    Deleting: C:\WINDOWS\system32\mv02l9do1.dll

    Successfully Deleted: C:\WINDOWS\system32\mv02l9do1.dll

    Deleting: C:\WINDOWS\system32\mxjetoledb40.dll

    Successfully Deleted: C:\WINDOWS\system32\mxjetoledb40.dll

    Deleting: C:\WINDOWS\system32\nbxpnt.dll

    Successfully Deleted: C:\WINDOWS\system32\nbxpnt.dll

    Deleting: C:\WINDOWS\system32\neevent.dll

    Successfully Deleted: C:\WINDOWS\system32\neevent.dll

    Deleting: C:\WINDOWS\system32\nltrap.dll

    Successfully Deleted: C:\WINDOWS\system32\nltrap.dll

    Deleting: C:\WINDOWS\system32\p6r40g9qe6.dll

    Successfully Deleted: C:\WINDOWS\system32\p6r40g9qe6.dll

    Deleting: C:\WINDOWS\system32\rfmps.dll

    Successfully Deleted: C:\WINDOWS\system32\rfmps.dll

    Deleting: C:\WINDOWS\system32\sbsvc.dll

    Successfully Deleted: C:\WINDOWS\system32\sbsvc.dll

    Deleting: C:\WINDOWS\system32\SHLSRV32.dll

    Successfully Deleted: C:\WINDOWS\system32\SHLSRV32.dll

    Deleting: C:\WINDOWS\system32\soprv.dll

    Successfully Deleted: C:\WINDOWS\system32\soprv.dll

    Deleting: C:\WINDOWS\system32\WWVADVE.DLL

    Successfully Deleted: C:\WINDOWS\system32\WWVADVE.DLL

    Deleting: C:\WINDOWS\system32\guard.tmp

    Successfully Deleted: C:\WINDOWS\system32\guard.tmp

    msg11?.dll

    0 arquivo(s) copiado(s).

    Restoring Windows Update Certificates.:

    The following Is the Current Export of the Winlogon notify key:

    ****************************************************************************

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

    "Asynchronous"=dword:00000000

    "Impersonate"=dword:00000000

    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

    6c,00,00,00

    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

    "Asynchronous"=dword:00000000

    "Impersonate"=dword:00000000

    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

    "DLLName"="cscdll.dll"

    "Logon"="WinlogonLogonEvent"

    "Logoff"="WinlogonLogoffEvent"

    "ScreenSaver"="WinlogonScreenSaverEvent"

    "Startup"="WinlogonStartupEvent"

    "Shutdown"="WinlogonShutdownEvent"

    "StartShell"="WinlogonStartShellEvent"

    "Impersonate"=dword:00000000

    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DateTime]

    "Asynchronous"=dword:00000000

    "DllName"="C:\\WINDOWS\\system32\\mv02l9do1.dll"

    "Impersonate"=dword:00000000

    "Logon"="WinLogon"

    "Logoff"="WinLogoff"

    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

    @=""

    "DLLName"="igfxsrvc.dll"

    "Asynchronous"=dword:00000001

    "Impersonate"=dword:00000001

    "Unlock"="WinlogonUnlockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

    "DLLName"="wlnotify.dll"

    "Logon"="SCardStartCertProp"

    "Logoff"="SCardStopCertProp"

    "Lock"="SCardSuspendCertProp"

    "Unlock"="SCardResumeCertProp"

    "Enabled"=dword:00000001

    "Impersonate"=dword:00000001

    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

    "Asynchronous"=dword:00000000

    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    "Impersonate"=dword:00000000

    "StartShell"="SchedStartShell"

    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

    "Logoff"="WLEventLogoff"

    "Impersonate"=dword:00000000

    "Asynchronous"=dword:00000001

    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

    "DLLName"="WlNotify.dll"

    "Lock"="SensLockEvent"

    "Logon"="SensLogonEvent"

    "Logoff"="SensLogoffEvent"

    "Safe"=dword:00000001

    "MaxWait"=dword:00000258

    "StartScreenSaver"="SensStartScreenSaverEvent"

    "StopScreenSaver"="SensStopScreenSaverEvent"

    "Startup"="SensStartupEvent"

    "Shutdown"="SensShutdownEvent"

    "StartShell"="SensStartShellEvent"

    "PostShell"="SensPostShellEvent"

    "Disconnect"="SensDisconnectEvent"

    "Reconnect"="SensReconnectEvent"

    "Unlock"="SensUnlockEvent"

    "Impersonate"=dword:00000001

    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

    "Asynchronous"=dword:00000000

    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    "Impersonate"=dword:00000000

    "Logoff"="TSEventLogoff"

    "Logon"="TSEventLogon"

    "PostShell"="TSEventPostShell"

    "Shutdown"="TSEventShutdown"

    "StartShell"="TSEventStartShell"

    "Startup"="TSEventStartup"

    "MaxWait"=dword:00000258

    "Reconnect"="TSEventReconnect"

    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

    "DLLName"="wlnotify.dll"

    "Logon"="RegisterTicketExpiredNotificationEvent"

    "Logoff"="UnregisterTicketExpiredNotificationEvent"

    "Impersonate"=dword:00000001

    "Asynchronous"=dword:00000001

    The following are the files found:

    ****************************************************************************

    C:\WINDOWS\system32\agledit.dll

    C:\WINDOWS\system32\bndispl.dll

    C:\WINDOWS\system32\cnlbact.dll

    C:\WINDOWS\system32\dnwsock.dll

    C:\WINDOWS\system32\dqom_14.dll

    C:\WINDOWS\system32\Ievu9_32.dll

    C:\WINDOWS\system32\irp6l57s1.dll

    C:\WINDOWS\system32\ktdgkl.dll

    C:\WINDOWS\system32\mdc42.dll

    C:\WINDOWS\system32\mol_qic.dll

    C:\WINDOWS\system32\mv02l9do1.dll

    C:\WINDOWS\system32\mxjetoledb40.dll

    C:\WINDOWS\system32\nbxpnt.dll

    C:\WINDOWS\system32\neevent.dll

    C:\WINDOWS\system32\nltrap.dll

    C:\WINDOWS\system32\p6r40g9qe6.dll

    C:\WINDOWS\system32\rfmps.dll

    C:\WINDOWS\system32\sbsvc.dll

    C:\WINDOWS\system32\SHLSRV32.dll

    C:\WINDOWS\system32\soprv.dll

    C:\WINDOWS\system32\WWVADVE.DLL

    C:\WINDOWS\system32\guard.tmp

    Registry Entries that were Deleted:

    Please verify that the listing looks ok.

    If there was something deleted wrongly there are backups in the backreg folder.

    ****************************************************************************

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{9F5EFB7E-571E-4F1A-B06F-2C7304ACC1A6}]

    @=""

    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\CLSID\{9F5EFB7E-571E-4F1A-B06F-2C7304ACC1A6}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9F5EFB7E-571E-4F1A-B06F-2C7304ACC1A6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9F5EFB7E-571E-4F1A-B06F-2C7304ACC1A6}\InprocServer32]

    @="C:\\WINDOWS\\system32\\neevent.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F9ED0BCC-9B00-4BD1-B575-82AD4A158491}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F9ED0BCC-9B00-4BD1-B575-82AD4A158491}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F9ED0BCC-9B00-4BD1-B575-82AD4A158491}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F9ED0BCC-9B00-4BD1-B575-82AD4A158491}\InprocServer32]

    @="C:\\WINDOWS\\system32\\asmeter.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{35AE67FF-53A6-42B1-8C53-3058FAA13476}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{35AE67FF-53A6-42B1-8C53-3058FAA13476}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{35AE67FF-53A6-42B1-8C53-3058FAA13476}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{35AE67FF-53A6-42B1-8C53-3058FAA13476}\InprocServer32]

    @="C:\\WINDOWS\\system32\\itfxdgps.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{283B7CD4-01CF-4D0D-9588-D46451BD761A}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{283B7CD4-01CF-4D0D-9588-D46451BD761A}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{283B7CD4-01CF-4D0D-9588-D46451BD761A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{283B7CD4-01CF-4D0D-9588-D46451BD761A}\InprocServer32]

    @="C:\\WINDOWS\\system32\\fHultrep.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C92A44FE-2F4A-4935-9DE1-B820EA96C0EB}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C92A44FE-2F4A-4935-9DE1-B820EA96C0EB}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C92A44FE-2F4A-4935-9DE1-B820EA96C0EB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C92A44FE-2F4A-4935-9DE1-B820EA96C0EB}\InprocServer32]

    @="C:\\WINDOWS\\system32\\mwsystem.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{FEF068FD-0E39-4AA0-B234-A36F1C7D01FE}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FEF068FD-0E39-4AA0-B234-A36F1C7D01FE}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FEF068FD-0E39-4AA0-B234-A36F1C7D01FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FEF068FD-0E39-4AA0-B234-A36F1C7D01FE}\InprocServer32]

    @="C:\\WINDOWS\\system32\\nbxpnt.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{1AB94871-4D02-49BA-AFE1-0D14BBB807CB}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1AB94871-4D02-49BA-AFE1-0D14BBB807CB}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1AB94871-4D02-49BA-AFE1-0D14BBB807CB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1AB94871-4D02-49BA-AFE1-0D14BBB807CB}\InprocServer32]

    @="C:\\WINDOWS\\system32\\Ievu9_32.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2246BBC2-DEF6-4B86-A33F-3FFEDEAB3542}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2246BBC2-DEF6-4B86-A33F-3FFEDEAB3542}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2246BBC2-DEF6-4B86-A33F-3FFEDEAB3542}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2246BBC2-DEF6-4B86-A33F-3FFEDEAB3542}\InprocServer32]

    @="C:\\WINDOWS\\system32\\dqom_14.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{020A6876-7E71-4968-953C-130FE4E124DD}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{020A6876-7E71-4968-953C-130FE4E124DD}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{020A6876-7E71-4968-953C-130FE4E124DD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{020A6876-7E71-4968-953C-130FE4E124DD}\InprocServer32]

    @="C:\\WINDOWS\\system32\\bndispl.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{6B20C796-E51A-4765-9638-0EF7D8E252A6}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6B20C796-E51A-4765-9638-0EF7D8E252A6}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6B20C796-E51A-4765-9638-0EF7D8E252A6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6B20C796-E51A-4765-9638-0EF7D8E252A6}\InprocServer32]

    @="C:\\WINDOWS\\system32\\mol_qic.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{E1A88784-2DB3-40A7-B6DA-F1FD8BC602E2}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E1A88784-2DB3-40A7-B6DA-F1FD8BC602E2}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E1A88784-2DB3-40A7-B6DA-F1FD8BC602E2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E1A88784-2DB3-40A7-B6DA-F1FD8BC602E2}\InprocServer32]

    @="C:\\WINDOWS\\system32\\mxjetoledb40.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C67F3B2E-46A2-47D1-A47F-EF5D72EBE691}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C67F3B2E-46A2-47D1-A47F-EF5D72EBE691}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C67F3B2E-46A2-47D1-A47F-EF5D72EBE691}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C67F3B2E-46A2-47D1-A47F-EF5D72EBE691}\InprocServer32]

    @="C:\\WINDOWS\\system32\\SHLSRV32.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{1FA24BF0-611B-4B78-BBA3-21F16D848E26}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1FA24BF0-611B-4B78-BBA3-21F16D848E26}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1FA24BF0-611B-4B78-BBA3-21F16D848E26}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1FA24BF0-611B-4B78-BBA3-21F16D848E26}\InprocServer32]

    @="C:\\WINDOWS\\system32\\WWVADVE.DLL"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3CD74F6D-D33C-44AA-B9ED-EA484282229A}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3CD74F6D-D33C-44AA-B9ED-EA484282229A}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3CD74F6D-D33C-44AA-B9ED-EA484282229A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3CD74F6D-D33C-44AA-B9ED-EA484282229A}\InprocServer32]

    @="C:\\WINDOWS\\system32\\agledit.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{D6D9084E-3EE4-432C-A5B2-67BD39A7154C}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D6D9084E-3EE4-432C-A5B2-67BD39A7154C}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D6D9084E-3EE4-432C-A5B2-67BD39A7154C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D6D9084E-3EE4-432C-A5B2-67BD39A7154C}\InprocServer32]

    @="C:\\WINDOWS\\system32\\dnwsock.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{B733B76C-E4CA-45E8-B4F3-3B0E8CB523E9}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B733B76C-E4CA-45E8-B4F3-3B0E8CB523E9}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B733B76C-E4CA-45E8-B4F3-3B0E8CB523E9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B733B76C-E4CA-45E8-B4F3-3B0E8CB523E9}\InprocServer32]

    @="C:\\WINDOWS\\system32\\ktdgkl.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{864BEA86-4026-4111-A468-333FE2C823C0}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{864BEA86-4026-4111-A468-333FE2C823C0}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{864BEA86-4026-4111-A468-333FE2C823C0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{864BEA86-4026-4111-A468-333FE2C823C0}\InprocServer32]

    @="C:\\WINDOWS\\system32\\cnlbact.dll"

    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2CEEE64F-3342-4DB5-BF51-BD639978FEB9}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2CEEE64F-3342-4DB5-BF51-BD639978FEB9}\Implemented Categories]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2CEEE64F-3342-4DB5-BF51-BD639978FEB9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2CEEE64F-3342-4DB5-BF51-BD639978FEB9}\InprocServer32]

    @="C:\\WINDOWS\\system32\\nltrap.dll"

    "ThreadingModel"="Apartment"

    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    "{9F5EFB7E-571E-4F1A-B06F-2C7304ACC1A6}"=-

    "{F9ED0BCC-9B00-4BD1-B575-82AD4A158491}"=-

    "{35AE67FF-53A6-42B1-8C53-3058FAA13476}"=-

    "{283B7CD4-01CF-4D0D-9588-D46451BD761A}"=-

    "{C92A44FE-2F4A-4935-9DE1-B820EA96C0EB}"=-

    "{FEF068FD-0E39-4AA0-B234-A36F1C7D01FE}"=-

    "{1AB94871-4D02-49BA-AFE1-0D14BBB807CB}"=-

    "{2246BBC2-DEF6-4B86-A33F-3FFEDEAB3542}"=-

    "{020A6876-7E71-4968-953C-130FE4E124DD}"=-

    "{6B20C796-E51A-4765-9638-0EF7D8E252A6}"=-

    "{E1A88784-2DB3-40A7-B6DA-F1FD8BC602E2}"=-

    "{C67F3B2E-46A2-47D1-A47F-EF5D72EBE691}"=-

    "{1FA24BF0-611B-4B78-BBA3-21F16D848E26}"=-

    "{3CD74F6D-D33C-44AA-B9ED-EA484282229A}"=-

    "{D6D9084E-3EE4-432C-A5B2-67BD39A7154C}"=-

    "{B733B76C-E4CA-45E8-B4F3-3B0E8CB523E9}"=-

    "{864BEA86-4026-4111-A468-333FE2C823C0}"=-

    "{2CEEE64F-3342-4DB5-BF51-BD639978FEB9}"=-

    [-HKEY_CLASSES_ROOT\CLSID\{9F5EFB7E-571E-4F1A-B06F-2C7304ACC1A6}]

    [-HKEY_CLASSES_ROOT\CLSID\{F9ED0BCC-9B00-4BD1-B575-82AD4A158491}]

    [-HKEY_CLASSES_ROOT\CLSID\{35AE67FF-53A6-42B1-8C53-3058FAA13476}]

    [-HKEY_CLASSES_ROOT\CLSID\{283B7CD4-01CF-4D0D-9588-D46451BD761A}]

    [-HKEY_CLASSES_ROOT\CLSID\{C92A44FE-2F4A-4935-9DE1-B820EA96C0EB}]

    [-HKEY_CLASSES_ROOT\CLSID\{FEF068FD-0E39-4AA0-B234-A36F1C7D01FE}]

    [-HKEY_CLASSES_ROOT\CLSID\{1AB94871-4D02-49BA-AFE1-0D14BBB807CB}]

    [-HKEY_CLASSES_ROOT\CLSID\{2246BBC2-DEF6-4B86-A33F-3FFEDEAB3542}]

    [-HKEY_CLASSES_ROOT\CLSID\{020A6876-7E71-4968-953C-130FE4E124DD}]

    [-HKEY_CLASSES_ROOT\CLSID\{6B20C796-E51A-4765-9638-0EF7D8E252A6}]

    [-HKEY_CLASSES_ROOT\CLSID\{E1A88784-2DB3-40A7-B6DA-F1FD8BC602E2}]

    [-HKEY_CLASSES_ROOT\CLSID\{C67F3B2E-46A2-47D1-A47F-EF5D72EBE691}]

    [-HKEY_CLASSES_ROOT\CLSID\{1FA24BF0-611B-4B78-BBA3-21F16D848E26}]

    [-HKEY_CLASSES_ROOT\CLSID\{3CD74F6D-D33C-44AA-B9ED-EA484282229A}]

    [-HKEY_CLASSES_ROOT\CLSID\{D6D9084E-3EE4-432C-A5B2-67BD39A7154C}]

    [-HKEY_CLASSES_ROOT\CLSID\{B733B76C-E4CA-45E8-B4F3-3B0E8CB523E9}]

    [-HKEY_CLASSES_ROOT\CLSID\{864BEA86-4026-4111-A468-333FE2C823C0}]

    [-HKEY_CLASSES_ROOT\CLSID\{2CEEE64F-3342-4DB5-BF51-BD639978FEB9}]

    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    ****************************************************************************

    Desktop.ini Contents:

    ****************************************************************************

    ****************************************************************************

    Checking for L2MFix account(0=no 1=yes):

    0

    Zipping up files for submission:

    adding: dlls/agledit.dll (164 bytes security) (deflated 4%)

    adding: dlls/bndispl.dll (164 bytes security) (deflated 5%)

    adding: dlls/cnlbact.dll (164 bytes security) (deflated 5%)

    adding: dlls/dnwsock.dll (164 bytes security) (deflated 5%)

    adding: dlls/dqom_14.dll (164 bytes security) (deflated 5%)

    adding: dlls/guard.tmp (164 bytes security) (deflated 6%)

    adding: dlls/Ievu9_32.dll (164 bytes security) (deflated 5%)

    adding: dlls/irp6l57s1.dll (164 bytes security) (deflated 5%)

    adding: dlls/ktdgkl.dll (164 bytes security) (deflated 5%)

    adding: dlls/mdc42.dll (164 bytes security) (deflated 5%)

    adding: dlls/mol_qic.dll (164 bytes security) (deflated 5%)

    adding: dlls/mv02l9do1.dll (164 bytes security) (deflated 5%)

    adding: dlls/mxjetoledb40.dll (164 bytes security) (deflated 4%)

    adding: dlls/nbxpnt.dll (164 bytes security) (deflated 5%)

    adding: dlls/neevent.dll (164 bytes security) (deflated 4%)

    adding: dlls/nltrap.dll (164 bytes security) (deflated 5%)

    adding: dlls/p6r40g9qe6.dll (164 bytes security) (deflated 5%)

    adding: dlls/rfmps.dll (164 bytes security) (deflated 4%)

    adding: dlls/sbsvc.dll (164 bytes security) (deflated 5%)

    adding: dlls/SHLSRV32.dll (164 bytes security) (deflated 4%)

    adding: dlls/soprv.dll (164 bytes security) (deflated 5%)

    adding: dlls/WWVADVE.DLL (164 bytes security) (deflated 5%)

    adding: backregs/020A6876-7E71-4968-953C-130FE4E124DD.reg (212 bytes security) (deflated 70%)

    adding: backregs/1AB94871-4D02-49BA-AFE1-0D14BBB807CB.reg (212 bytes security) (deflated 70%)

    adding: backregs/1FA24BF0-611B-4B78-BBA3-21F16D848E26.reg (212 bytes security) (deflated 70%)

    adding: backregs/2246BBC2-DEF6-4B86-A33F-3FFEDEAB3542.reg (212 bytes security) (deflated 70%)

    adding: backregs/283B7CD4-01CF-4D0D-9588-D46451BD761A.reg (212 bytes security) (deflated 70%)

    adding: backregs/2CEEE64F-3342-4DB5-BF51-BD639978FEB9.reg (212 bytes security) (deflated 70%)

    adding: backregs/35AE67FF-53A6-42B1-8C53-3058FAA13476.reg (212 bytes security) (deflated 70%)

    adding: backregs/3CD74F6D-D33C-44AA-B9ED-EA484282229A.reg (212 bytes security) (deflated 70%)

    adding: backregs/6B20C796-E51A-4765-9638-0EF7D8E252A6.reg (212 bytes security) (deflated 70%)

    adding: backregs/864BEA86-4026-4111-A468-333FE2C823C0.reg (212 bytes security) (deflated 70%)

    adding: backregs/9F5EFB7E-571E-4F1A-B06F-2C7304ACC1A6.reg (212 bytes security) (deflated 69%)

    adding: backregs/B733B76C-E4CA-45E8-B4F3-3B0E8CB523E9.reg (212 bytes security) (deflated 70%)

    adding: backregs/C67F3B2E-46A2-47D1-A47F-EF5D72EBE691.reg (212 bytes security) (deflated 70%)

    adding: backregs/C92A44FE-2F4A-4935-9DE1-B820EA96C0EB.reg (212 bytes security) (deflated 70%)

    adding: backregs/D6D9084E-3EE4-432C-A5B2-67BD39A7154C.reg (212 bytes security) (deflated 70%)

    adding: backregs/E1A88784-2DB3-40A7-B6DA-F1FD8BC602E2.reg (212 bytes security) (deflated 70%)

    adding: backregs/F9ED0BCC-9B00-4BD1-B575-82AD4A158491.reg (212 bytes security) (deflated 70%)

    adding: backregs/FEF068FD-0E39-4AA0-B234-A36F1C7D01FE.reg (212 bytes security) (deflated 70%)

    adding: backregs/notibac.reg (164 bytes security) (deflated 87%)

    adding: backregs/shell.reg (164 bytes security) (deflated 73%)

    ---------------------------------------------------------------

    Incident Status Location

    Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\osaupd.exe

    Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\wupdmgr.exe

    Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\SYSTEM32\sndmixex.dll

    Potentially unwanted tool:application/adwaresheriff Not disinfected C:\Documents and Settings\Yuri\Desktop\Adware Reviews.url

    Adware:adware/adwaresheriff Not disinfected C:\WINDOWS\osaupd.exe

    Adware:adware/cws Not disinfected C:\Documents and Settings\Yuri\Favoritos\Going Places

    Adware:adware/dyfuca Not disinfected C:\Documents and Settings\Yuri\Internet Optimizer

    Dialer:dialer.asl Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/INTERNAZIONALE_VER15.OCX

    Adware:adware/wupd Not disinfected Windows Registry

    Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}

    Adware:adware/azesearch Not disinfected Windows Registry

    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Yuri\Cookies\yuri@ad.yieldmanager[1].txt

    Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Yuri\Cookies\yuri@rn11[2].txt

    Virus:Trj/Banking.G Disinfected C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00003.dll

    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Yuri\Cookies\yuri@ad.yieldmanager[1].txt

    Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Yuri\Cookies\yuri@rn11[2].txt

    Adware:Adware/Dyfuca Not disinfected C:\Documents and Settings\Yuri\Internet Optimizer\optimize.exe

    Virus:Trj/Spammer.B Disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\d\avalon_4.txt

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[agledit.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[bndispl.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[cnlbact.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[dnwsock.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[dqom_14.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[guard.tmp]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[ievu9_32.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[irp6l57s1.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[ktdgkl.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[mdc42.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[mol_qic.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[mv02l9do1.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[mxjetoledb40.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[nbxpnt.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[neevent.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[nltrap.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[p6r40g9qe6.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[rfmps.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[sbsvc.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[sHLSRV32.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[soprv.dll]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip[WWVADVE.DLL]

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\agledit.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\bndispl.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\cnlbact.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\dnwsock.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\dqom_14.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\guard.tmp

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\Ievu9_32.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\irp6l57s1.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\ktdgkl.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\mdc42.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\mol_qic.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\mv02l9do1.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\mxjetoledb40.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\nbxpnt.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\neevent.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\nltrap.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\p6r40g9qe6.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\rfmps.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\sbsvc.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\SHLSRV32.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\soprv.dll

    Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\WWVADVE.DLL

    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\Process.exe

    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix.exe[Process.exe]

    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\smitRem\Process.exe

    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Yuri\Meus documentos\fabio\smitRem.exe[Process.exe]

    Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\osaupd.exe

    Virus:Trj/Spammer.B Disinfected C:\WINDOWS\system32\sndmixex.dll

    Possible Virus. Not disinfected C:\WINDOWS\systi41.exe

    Adware:Adware/SpyS

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Reboot (desliga e liga computador) => Entra no modo de segurança apertando a tecla F8 onde você pode selecionar a opção "Modo Seguro" ou "Modo de Segurança"

    Dois cliques no ATF-Cleaner.exe para rodar a ferramenta novamente.

    Faça o windows exibir todos os arquivos: Veja

    CLICA AQUI

    Agora via Windows Explorer -> apagar

    C:\WINDOWS\systi41.exe

    C:\WINDOWS\osaupd.exe

    C:\WINDOWS\wupdmgr.exe

    C:\Documents and Settings\Yuri\Desktop\Adware Reviews.url

    C:\Documents and Settings\Yuri\Favoritos\Going Places

    C:\Documents and Settings\Yuri\Internet Optimizer

    Reinicie

    Postar o log hijackthis por favor

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Mandando o novo log do hijack... cara, a tela com aquela imagem ainda aparece...

    abraço

    Logfile of HijackThis v1.99.1

    Scan saved at 08:49:06, on 9/3/2006

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    C:\Arquivos de programas\Logitech\Video\LogiTray.exe

    C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

    C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

    C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\SAVScan.exe

    C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

    C:\WINDOWS\System32\MsPMSPSv.exe

    C:\WINDOWS\wupdmgr.exe

    C:\WINDOWS\osaupd.exe

    C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearchIndexer.exe

    C:\WINDOWS\System32\LVComsX.exe

    C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\Documents and Settings\Yuri\Meus documentos\fabio\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe"

    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [LDM] C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe

    O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll/search.htm

    O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?e69c7925906c48f58ef7a6921454eea7

    O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?e69c7925906c48f58ef7a6921454eea7

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\mv02l9do1.dll (file missing)

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: Serviço de proteção automática do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\navapsvc.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • tem um programa q eu to tentando remover pelo "adicionar ou remover programas" mas não estou conseguindo... na janela do "adicionar ou remover programas" aparece como "uinstall Aze Bar"

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    1ª Etapa

    1. Iniciar -> executar -> escrever regedit -> com todo cuidado va de encontro nestas chaves

    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/INTERNAZIONALE_VER15.OCX

    HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}

    ....e delete-as com o mouse do lado direito Feche o editor do registro.

    2.Faça um log do Silent Runners:

    http://www.silentrunners.org

    Faça o download do Silent Runners.vbs

    Rode-o. Ele vai gerar um log, anexe-o na resposta.

    Nota Importante: Você precisa do WMI para rodar o Silent Runners. Se o seu computador não tiver o WMI instalado, o Silent Runners vai te direcionar até o site da Microsoft, onde você deverá fazer o download do WMI, reiniciar o computador e depois fazer o log.

    Obs: Libere a execução do script se o seu antivírus reclamar. O Silent Runners não é um script malicioso.

    2ª Etapa

    Vá ao Painel de Controle. Utilize Adicionar / Remover programas.

    Desinstale: --> uinstall Aze Bar

    Execute o KillBox: Selecione Delete on reboot; No box Full path of file to delete; Coloque:

    C:\WINDOWS\wupdmgr.exe

    Clique no botão All Files.

    - > Aperte X. Responda "no" à primeira pergunta

    próximo

    C:\WINDOWS\osaupd.exe

    Reinicie em Modo Seguro (aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

    Execute o HijackThis, clique em Do a System Scan Only, marque somente as entradas abaixo e dê Fix Checked.

    O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\mv02l9do1.dll (file missing)

    Reinicie

    Postar o log hijackthis juntamente com log Silent

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ai vão os logs q você pediu, mas o aze bar eu não consegui desinstalar pelo "adicionar ou remover programas"

    "Silent Runners.vbs", revision 43, http://www.silentrunners.org/

    Operating System: Windows XP

    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:

    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

    "MsnMsgr" = ""C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background" [MS]

    "LDM" = "C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [null data]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    "ccApp" = ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

    "SSC_UserPrompt" = "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]

    "LogitechVideoRepair" = "C:\Arquivos de programas\Logitech\Video\ISStart.exe" ["Logitech Inc."]

    "LogitechVideoTray" = "C:\Arquivos de programas\Logitech\Video\LogiTray.exe" ["Logitech Inc."]

    "RoxioEngineUtility" = ""C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe"" ["Roxio"]

    "RoxioDragToDisc" = ""C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"" ["Roxio"]

    "RoxioAudioCentral" = ""C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"" ["Roxio, Inc."]

    "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

    "iTunesHelper" = ""C:\Arquivos de programas\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]

    "QuickTime Task" = ""C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

    HKLM\Software\Microsoft\Active Setup\Installed Components\

    {5945c046-1e7d-11d1-bc44-00c04fd912be}\(Default) = "Windows Messenger 4.7"

    \StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Remove.PerUser" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"

    -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" = "WebCheck"

    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\xp79983.dll" [file not found]

    "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"

    -> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Logitech\Video\Namespc2.dll" ["Logitech Inc."]

    "{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension"

    -> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll" ["Roxio"]

    "{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC}" = "My Media"

    -> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll" ["Roxio, Inc."]

    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

    -> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

    "{13E7F612-F261-4391-BEA2-39DF4F3FA311}" = "Windows Desktop Search"

    -> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\MSN Toolbar Suite\EXT\02.05.0001.1119\pt-br\msnlExt.dll" [MS]

    "{97090E2F-3062-4459-855B-014F0D3CDBB1}" = "MSN Deskbar"

    -> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\MSN Toolbar Suite\DB\02.05.0000.1082\pt-br\deskbar.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

    "WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\xp79983.dll" [file not found]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

    INFECTION WARNING! DateTime\DLLName = "C:\WINDOWS\system32\mv02l9do1.dll" [file not found]

    INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

    -> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\NavShExt.dll" ["Symantec Corporation"]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

    -> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\NavShExt.dll" ["Symantec Corporation"]

    Active Desktop and Wallpaper:

    -----------------------------

    Active Desktop is enabled at this entry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

    "Wallpaper" = "C:\WINDOWS\security.html"

    Enabled Screen Saver:

    ---------------------

    HKCU\Control Panel\Desktop\

    HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

    "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

    Startup items in "Yuri" & "All Users" startup folders:

    ------------------------------------------------------

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

    "Adobe Gamma Loader" -> shortcut to: "C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

    "Logitech Desktop Messenger" -> shortcut to: "C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]

    "Windows Desktop Search" -> shortcut to: "C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe /startup" [MS]

    Enabled Scheduled Tasks:

    ------------------------

    "Norton AntiVirus - Verificar o meu computador - Yuri" -> launches: "C:\ARQUIV~1\NORTON~1\NORTON~1\NAVW32.EXE /task:"C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]

    "One Button Checkup do Norton SystemWorks" -> launches: "C:\Arquivos de programas\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]

    "Symantec Drmc" -> launches: "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE" [null data]

    "Symantec NetDetect" -> launches: "C:\Arquivos de programas\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

    Winsock2 Service Provider DLLs:

    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:

    ------------------------------------

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

    "MenuText" = "Sun Java Console"

    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"

    -> {CLSID}\InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]

    Miscellaneous IE Hijack Points

    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):

    [strings]: SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"

    [strings]: SAFESITE_VALUE="search.msn.com.br"

    Missing lines (compared with English-language version):

    [strings]: 2 lines

    Running Services (Display Name, Service Name, Path {Service DLL}):

    ------------------------------------------------------------------

    iPodService, iPodService, "C:\Arquivos de programas\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]

    SAVScan, SAVScan, "C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\SAVScan.exe" ["Symantec Corporation"]

    Serviço de proteção automática do Norton AntiVirus, navapsvc, "C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\navapsvc.exe" ["Symantec Corporation"]

    Symantec Event Manager, ccEvtMgr, ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

    Symantec Settings Manager, ccSetMgr, ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]

    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

    WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]

    ----------

    + This report excludes default entries except where indicated.

    + To see *everywhere* the script checks and *everything* it finds,

    launch it from a command prompt or a shortcut with the -all parameter.

    + To search all directories of local fixed drives for DESKTOP.INI

    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

    use the -supp parameter or answer "No" at the first message box.

    ---------- (total run time: 47 seconds, including 9 seconds for message boxes)

    ------------------------------------------

    Logfile of HijackThis v1.99.1

    Scan saved at 10:10:04, on 9/3/2006

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    C:\Arquivos de programas\Logitech\Video\LogiTray.exe

    C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

    C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

    C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe

    C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

    C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearchIndexer.exe

    C:\WINDOWS\System32\LVComsX.exe

    C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\SAVScan.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\MsPMSPSv.exe

    C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\Documents and Settings\Yuri\Meus documentos\fabio\HijackThis.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\WINDOWS\System32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe"

    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [LDM] C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0001.1119\pt-br\bin\WindowsSearch.exe

    O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\também\02.05.0000.1082\pt-br\msntb.dll/search.htm

    O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?e69c7925906c48f58ef7a6921454eea7

    O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?e69c7925906c48f58ef7a6921454eea7

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: Serviço de proteção automática do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\navapsvc.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe

    mais uma vez obrigado pela ajuda q você tá dando cara!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    No Painel de Controle, abra a opção Vídeo >> Selecione a aba Área de Trabalho >> clique no botão Personalizar Área de Trabalho >> Web >> verifique se existe um item chamado Security Info. Existindo, desmarque-o. Poderá selecioná-lo e removê-lo.

    Faça o download do Desktop Fix:

    http://linhadefensiva.uol.com.br/forum/ind...ype=post&id=698

    Reinicie em Modo Seguro (aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

    1) De um duplo-clique no Desktop Fix:

    2) Iniciar -> executar -> escrever regedit -> chegar nas seguintes chaves e verifique se ainda existe:

    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

    "Wallpaper" =

    -> delete com o mouse do lado direito -> "C:\WINDOWS\security.html"

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

    "WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

    {CLSID}\InProcServer32\

    -> delete com o mouse do lado direito (Default) = "C:\WINDOWS\System32\xp79983.dll" ... <_<

    apagar se existir os arquivos

    "C:\WINDOWS\security.html"

    "C:\WINDOWS\System32\xp79983.dll…

    Reinicie o computador

    Tente reconfigurar suas configs de vídeo

    fazer scan on line

    Colar o resultado do scan on line (o log hijackthis não apresenta + entrada ruim)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Bom, reiniciei o pc em mode de segurança, dei um duplo cique no Desktop fix, mas apareceu uma janela dizendo não ser possivel excluir o HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

    No regedit, na chave HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ não encontrei nada

    E no HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

    "WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

    {CLSID}\InProcServer32\, encontrei o "WebCheck", mas não encontrei a sequencia {CLSID}\InProcServer32\

    Estou fazendo o scan online e sem querer encontrei o arquivo "wupdmgr" no system32, mas esta dizendo que é um aplicativo com descrição "Windows Update Manager para NT" com direitos autorais da Microsoft Corporation

    estou enviando os resultados do scan abaixo

    *vou tentar enviar o resultado em outro post... tá muito grande e não quer postar..

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • -------------------------------------------------------------------------------

    KASPERSKY ON-LINE SCANNER REPORT

    Thursday, March 09, 2006 12:48:17

    Operating System: Microsoft Windows XP Professional, (Build 2600)

    Kaspersky On-line Scanner version: 5.0.67.0

    Kaspersky Anti-Virus database last update: 9/03/2006

    Kaspersky Anti-Virus database records: 180889

    -------------------------------------------------------------------------------

    Scan Settings:

    Scan using the following antivirus database: extended

    Scan Archives: true

    Scan Mail Bases: true

    Scan Target - My Computer:

    C:\

    D:\

    E:\

    F:\

    G:\

    H:\

    Scan Statistics:

    Total number of scanned objects: 43223

    Number of viruses found: 70

    Number of infected objects: 5708

    Number of suspicious objects: 6

    Duration of the scan process: 2327 sec

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • cara, o arquivo é muito grande... e acho q não tá postando tudo...

    tem como você falar pra mim o q eu posso procurar... tipo, tem o arquivo em txt com 1 mega e meio, bota fé?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    1) Rode o killbox. Marque a opção Delete on Reboot. Agora copie a lista em negrito abaixo para área de transferência (selecione e clique em Editar > Copiar).

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00003.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00004.dll

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00005.exe

    Volte ao KillBox. Clique em File > Paste from clipboard.

    Clique no botão All Files.

    - > Aperte X. Responda "no" à primeira pergunta

    Feche o KillBox.

    Faça o download do ewido

    http://www.ewido.net/en/download/

    • Selecione "English" como idioma para a instalação

    • Clique em Next, I Agree, Next. Next. Desmarque a caixa Install background guard e clique em Install e depois Finish.

    • Na janela principal do ewido clique em Actualizar no menu esquerdo e então clique em Iniciar actualização.

    • Quando a atualização terminar, você verá a mensagem Actualizado com sucesso no canto inferior esquerdo

    • Saia do ewido e não rode um scan completo ainda

    Reinicie o computador no Modo de Segurança apertando F8 logo que iniciar até aparecer um menu onde você pode selecionar a opção "Modo Seguro" ou "Modo de Segurança".

    • Abra o ewido e clique em Verificar e então em Verificação Completa do Sistema

    • O ewido detecta alguns programas legítimos como discadores dial up. Portanto, não marque a caixa que diz Executar a acção em todas as infecções. Se o ewido encontrar um arquivo que você acredita ser legítimo, escolha a opção "Nenhuma" e clique em OK. Caso contrário, deixe em Remover e clique em OK.

    Ao término da varredura, localize o screen com nome de -> Save report

    • Quando o ewido terminar, feche-o.

    Reinicie e post o log ewido

    tem como você falar pra mim o q eu posso procurar... tipo, tem o arquivo em txt com 1 mega e meio

    Limpa a quarentena do Norton, cookies, arquivos temporarios. Eles não estão ativos. Alivie a carga. Fazer outro log KAV depois do ewido. Não copie o log inteiro aqui no fórum. Ou melhor, hospede este arquivo -> veja e cola o link para analise

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ai vai os logs do ewido e do kav... acho q vou colar tudo porque ficou bem menor...

    o pc não apresentou mais problemas, mas não consegui desinstalar o Aze Bar...

    valeu pela força

    ---------------------------------------------------------

    ewido anti-malware - Relatório de verificação

    ---------------------------------------------------------

    + Criado em: 11:52:01, 11/3/2006

    + Relatório-Checksum: 6896D2E0

    + Resultado da verificação:

    C:\!KillBox\ibm00004.dll -> Logger.Small.dg : Ignorado

    HKLM\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE083} -> Logger.Agent.io : Limpo com backup

    C:\Documents and Settings\Yuri\Cookies\yuri@2o7[1].txt -> TrackingCookie.2o7 : Limpo com backup

    C:\Documents and Settings\Yuri\Cookies\yuri@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Limpo com backup

    C:\Documents and Settings\Yuri\Cookies\yuri@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Limpo com backup

    C:\Documents and Settings\Yuri\Cookies\yuri@burstnet[2].txt -> TrackingCookie.Burstnet : Limpo com backup

    C:\Documents and Settings\Yuri\Cookies\yuri@perf.overture[1].txt -> TrackingCookie.Overture : Limpo com backup

    C:\Documents and Settings\Yuri\Cookies\yuri@questionmarket[1].txt -> TrackingCookie.Questionmarket : Limpo com backup

    C:\Documents and Settings\Yuri\Cookies\yuri@serving-sys[2].txt -> TrackingCookie.Serving-sys : Limpo com backup

    C:\Documents and Settings\Yuri\Cookies\yuri@tacoda[1].txt -> TrackingCookie.Tacoda : Limpo com backup

    C:\Documents and Settings\Yuri\Cookies\yuri@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\backups\backup-20060309-093023-118-wupdmgr.exe -> Downloader.Small.ckc : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/agledit.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/bndispl.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/cnlbact.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/dnwsock.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/dqom_14.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/guard.tmp -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/Ievu9_32.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/irp6l57s1.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/ktdgkl.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/mdc42.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/mol_qic.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/mv02l9do1.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/mxjetoledb40.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/nbxpnt.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/neevent.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/nltrap.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/p6r40g9qe6.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/rfmps.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/sbsvc.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/SHLSRV32.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/soprv.dll -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\backup.zip/dlls/WWVADVE.DLL -> Adware.Look2Me : Erro durante a limpeza

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\agledit.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\bndispl.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\cnlbact.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\dnwsock.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\dqom_14.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\guard.tmp -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\Ievu9_32.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\irp6l57s1.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\ktdgkl.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\mdc42.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\mol_qic.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\mv02l9do1.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\mxjetoledb40.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\nbxpnt.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\neevent.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\nltrap.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\p6r40g9qe6.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\rfmps.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\sbsvc.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\SHLSRV32.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\soprv.dll -> Adware.Look2Me : Limpo com backup

    C:\Documents and Settings\Yuri\Meus documentos\fabio\l2mfix\dlls\WWVADVE.DLL -> Adware.Look2Me : Limpo com backup

    C:\WINDOWS\Downloaded Program Files\HbInstIE.dll -> Adware.HotBar : Limpo com backup

    C:\WINDOWS\system\ctldlg32.dll -> Logger.Agent.kc : Limpo com backup

    C:\WINDOWS\system32\winmgmt32.dll -> Logger.Gepost.m : Limpo com backup

    C:\WINDOWS\WXVyaQ\asappsrv.dll -> Adware.CommAd : Limpo com backup

    ::Fim do Relatório

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    o pc não apresentou mais problemas,

    No kav.txt.html ... no final apresentou uma infecção -> Infected: Backdoor.

    C:\System Volume Information\_restore < - isto vai sair de quando desativar/reativar o sistema de restauração. Espera um pouco

    C:\!KillBox\ < - limpa esta pasta e limpa a lixeira

    1. Faça o download de osaupd.reg

    http://linhadefensiva.uol.com.br/files/reg/osaupd.reg

    execute-o e responda sim para adicionar as informações ao registro.

    2. Execute o KillBox: Selecione Delete on reboot; No box Full path of file to delete; Coloque:

    C:\WINDOWS\system32\msupdate32.dll_tobedeleted

    Clique no botão All Files.

    - > Aperte X. Responda "yes" à primeira pergunta

    mas não consegui desinstalar o Aze Bar...

    Você está com a barra (toolbar) no browser ? ...., pois no log hijackthis não anotou nada do Azebar...

    ou somente consta do adicionar/remover no Painel de Controle ? ...

    Tanto o ewido como KAV não monstraram nada sobre a praga. Caso queira, podemos tentar algo manualmente.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Fiz o q você pediu, só não entendi essa parte

    "C:\System Volume Information\_restore < - isto vai sair de quando desativar/reativar o sistema de restauração. Espera um pouco"

    O Aze bar não aparece na barra, só não desinstalo pelo adicionar/remover programas...

    valeu!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Rode a HJT e clica em Open the Misc Tools section.

    procure Open Uninstall Manager... em Misc Tools

    Abra , clica no botao Save list... e salve a lista na sua area de trabalho.

    Copia e postar a : uninstall_list.txt.

    Vamos ver se aparece o programa -> Aze bar

    "C:\System Volume Information\_restore < - isto vai sair de quando desativar/reativar o sistema de restauração. Espera um pouco"

    Desabilite e reabilite a Restauração do Sistema:

    http://linhadefensiva.uol.com.br/docs/rest...cao-do-sistema/

    -> veja

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ai vai a unistall list!

    desabilitei a restauração do sistema e logo em seguida ativei novamente! precisava reiniciar antes de ativar novamente?

    valeu!

    Adobe Acrobat 5.0

    Adobe Photoshop CS

    Barra do MSN Busca

    CC_ccStart

    ccCommon

    CleanUp!

    Driver da Logitech® Camera

    Easy CD & DVD Creator 6

    ewido anti-malware

    Google Talk (remove only)

    HijackThis 1.99.1

    Hotfix do Windows Media Player [consulte Q828026 para obter mais informações]

    ImageMixer VCD2

    Intel® Extreme Graphics Driver

    iPod for Windows 2005-09-23

    iTunes

    J2SE Runtime Environment 5.0 Update 4

    Kaspersky On-line Scanner

    LimeWire 4.10.9

    LiveReg (Symantec Corporation)

    LiveUpdate 2.6 (Symantec Corporation)

    Logitech Desktop Messenger

    Logitech QuickCam

    Macromedia Flash Player

    Macromedia Flash Player 8

    Macromedia Shockwave Player

    MSN Messenger 7.5

    MSRedist

    Norton AntiVirus

    Norton AntiVirus Parent MSI

    Norton SystemWorks 2004 Professional

    Norton SystemWorks 2004 Professional (Symantec Corporation)

    Norton WMI Update

    Outlook Express Q823353

    Panda ActiveScan

    Photo Loader 2.1E

    Photohands 1.0E

    Picture Package

    QuickTime

    Realtek AC'97 Audio

    Skype 1.2

    Smart Link 56K Voice Modem

    Sony USB Driver

    Spybot - Search & Destroy 1.4

    Symantec Script Blocking Installer

    SymNet

    The O.C. Screen Saver

    Uinstall Aze Bar

    USB CASIO Digital Camera Device Driver

    Windows Media Format Runtime

    Windows Media Player 10

    Windows XP Hotfix - KB823559

    Windows XP Hotfix - KB823980

    Windows XP Hotfix - KB828741

    Windows XP Hotfix - KB834707

    Windows XP Hotfix - KB835732

    Windows XP Hotfix - KB842773

    Windows XP Hotfix - KB873376

    Windows XP Hotfix - KB885626

    Windows XP Hotfix - KB887822

    Windows XP Hotfix (SP1) [see Q309521 for more information]

    Windows XP Hotfix (SP1) [see Q311889 for more information]

    Windows XP Hotfix (SP1) [see Q311967 for more information]

    Windows XP Hotfix (SP1) [see Q313450 for more information]

    Windows XP Hotfix (SP1) [see Q315000 for more information]

    Windows XP Hotfix (SP1) [see Q315403 for more information]

    Windows XP Hotfix (SP1) [see Q317277 for more information]

    Windows XP Hotfix (SP1) [see Q318138 for more information]

    Windows XP Hotfix (SP1) [see Q323172 for more information]

    Windows XP Hotfix (SP1) [see Q324096 for more information]

    Windows XP Hotfix (SP1) [see Q324380 for more information]

    Windows XP Hotfix (SP1) [see Q326830 for more information]

    Windows XP Hotfix (SP1) [see Q328940 for more information]

    Windows XP Hotfix (SP1) [see Q329048 for more information]

    Windows XP Hotfix (SP1) [see Q329390 for more information]

    Windows XP Hotfix (SP1) [see Q329441 for more information]

    Windows XP Hotfix (SP1) [see Q329834 for more information]

    Windows XP Hotfix (SP1) Q329170

    Windows XP Hotfix (SP1) Q810577

    Windows XP Hotfix (SP1) Q810833

    Windows XP Hotfix (SP1) Q817606

    Windows XP Hotfix Package [see Q329115 for more information]

    ZoneAlarm

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×