Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
jbbb

Log

Recommended Posts

jbbb    0

Logfile of HijackThis v1.99.1

Scan saved at 12:57:13, on 26/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\VM_STI.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Wireless LAN\WlanUtil.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

D:\firefox.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\Bernardo\CONFIG~1\Temp\Rar$EX00.641\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

R3 - URLSearchHook: (no name) - {FD25557B-8FB5-3070-F22C-F9490EC71D99} - SysEntry.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\\nTune.exe" clear

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VGA ZtkCam

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

O4 - Startup: Rainlendar.lnk = C:\Arquivos de programas\Rainlendar\Rainlendar.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Arquivos de programas\Wireless LAN\WlanUtil.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: system32.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003

O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002

O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000

O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Arquivos de programas\Common\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://toolbar.imageshack.us

O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...708/mcfscan.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2035BDEF-50E3-4E36-BEDF-79F38A976980}: NameServer = 85.255.113.205,85.255.112.66

O17 - HKLM\System\CCS\Services\Tcpip\..\{5C72D102-E749-47AB-A656-E3FAEE3243E1}: NameServer = 85.255.113.205,85.255.112.66

O17 - HKLM\System\CCS\Services\Tcpip\..\{B40A782D-63C7-4F69-BF45-9806A861C2F2}: NameServer = 85.255.113.205,85.255.112.66

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Common\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

Grato

Compartilhar este post


Link para o post
Compartilhar em outros sites
Mr. Coruj@    0
C:\DOCUME~1\Bernardo\CONFIG~1\Temp\Rar$EX00.641\HijackThis.exe
Faça a extração do Hijack para uma pasta própria retirando-o da pasta compactada/temporária. Ex: C:\Hijack\HijackThis.exe.

@- Faça o download dos programas relacionados abaixo, mas não execute nenhum ainda.

- Copie as instruções para o bloco de notas ou imprima!

- Execute a Ferramenta Fixwareout para fazer a instalação. Clique em Next, Install, certifique-se que a opção Run fixit está selecionada e clique em Finish. Pressione qualquer tecla para continuar e aguarde. Aceite, quando for solicitado o reboot de seu computador. Se o seu sistema demorar para iniciar, não se preocupe. É normal.

- Reserve o log: ...\fixwareout\report.txt.

- Execute a Ferramenta Silent - Aguarde..., e reserve o log.

@- Copie outro log do Hijack (atualizado), report (...\fixwareout\report.txt), Silent e cole-os na sequência.

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites
jbbb    0
  • Autor do tópico
  • valeu seu coruja!

    Só pra avisar, eu rodei uns anti spy e anti virus e a janela parou de abrir, mas por favor olhe se está realmente limpo.

    Logfile of HijackThis v1.99.1

    Scan saved at 19:15:28, on 26/8/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\VM_STI.EXE

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Arquivos de programas\Wireless LAN\WlanUtil.exe

    C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Documents and Settings\Bernardo\Desktop\virus\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

    R3 - URLSearchHook: (no name) - {FD25557B-8FB5-3070-F22C-F9490EC71D99} - SysEntry.dll (file missing)

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll

    O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\\nTune.exe" clear

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

    O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VGA ZtkCam

    O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

    O4 - Startup: Rainlendar.lnk = C:\Arquivos de programas\Rainlendar\Rainlendar.exe

    O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Arquivos de programas\Wireless LAN\WlanUtil.exe

    O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

    O4 - Global Startup: system32.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003

    O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002

    O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000

    O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Arquivos de programas\Common\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O15 - Trusted Zone: http://toolbar.imageshack.us

    O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab

    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...708/mcfscan.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{2035BDEF-50E3-4E36-BEDF-79F38A976980}: NameServer = 85.255.113.205,85.255.112.66

    O17 - HKLM\System\CCS\Services\Tcpip\..\{5C72D102-E749-47AB-A656-E3FAEE3243E1}: NameServer = 85.255.113.205,85.255.112.66

    O17 - HKLM\System\CCS\Services\Tcpip\..\{B40A782D-63C7-4F69-BF45-9806A861C2F2}: NameServer = 85.255.113.205,85.255.112.66

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Common\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe (file missing)

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

    ----------------------------------------------------------------------------------

    "Silent Runners.vbs", revision 46, http://www.silentrunners.org/

    Operating System: Windows XP SP2

    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:

    ---------------------------------

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    "SpySweeper" = ""C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."]

    "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

    "NVIDIA nTune" = ""C:\Arquivos de programas\NVIDIA Corporation\nTune\\nTune.exe" clear" ["NVIDIA"]

    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

    "NeroCheck" = "C:\WINDOWS\system32\\NeroCheck.exe" ["Ahead Software Gmbh"]

    "BigDogPath" = "C:\WINDOWS\VM_STI.EXE VGA ZtkCam" ["VM."]

    "AVG7_EMC" = "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

    "AVG7_CC" = "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

    "avast!" = "C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

    "HP Software Update" = "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]

    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

    "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

    "iTunesHelper" = ""C:\Arquivos de programas\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]

    "QuickTime Task" = ""C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

    {C41A1C0E-EA6C-11D4-B1B8-444553540000}\(Default) = "G-Buster Browser Defense"

    -> {HKLM...CLSID} = "GbIehObj Class"

    \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"

    -> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo"

    \InProcServer32\(Default) = "deskpan.dll" [file not found]

    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

    -> {HKLM...CLSID} = "Portable Media Devices"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

    -> {HKLM...CLSID} = "Portable Media Devices Menu"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

    -> {HKLM...CLSID} = "AVG7 Find Extension Class"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

    "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"

    -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

    \InProcServer32\(Default) = "C:\ARQUIV~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"

    -> {HKLM...CLSID} = "GbPluginObj Class"

    \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]

    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

    -> {HKLM...CLSID} = "Microsoft Office Outlook"

    \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS]

    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

    -> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook"

    \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS]

    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll" [MS]

    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

    -> {HKLM...CLSID} = "avast"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

    -> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento"

    \InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]

    "{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS]

    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

    -> {HKLM...CLSID} = "DesktopContext Class"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

    -> {HKLM...CLSID} = "NVIDIA CPL Extension"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

    -> {HKLM...CLSID} = "Desktop Explorer"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

    -> {HKLM...CLSID} = "nView Desktop Context Menu"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

    "{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"

    -> {HKLM...CLSID} = "CMenuExtender"

    \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."]

    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

    -> {HKLM...CLSID} = "iTunes"

    \InProcServer32\(Default) = "C:\Arquivos de programas\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

    INFECTION WARNING! "{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"

    -> {HKLM...CLSID} = "GbPluginObj Class"

    \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

    "System" = (value not set)

    HKLM\System\CurrentControlSet\Control\Session Manager\

    INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e SsiEfr.e" [file not found], [MS], [file not found], [file not found], [file not found]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

    INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

    INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]

    HKLM\Software\Classes\PROTOCOLS\Filter\

    INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\Arquivos de programas\Common\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

    -> {HKLM...CLSID} = "PDF Shell Extension"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

    -> {HKLM...CLSID} = "avast"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

    CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"

    -> {HKLM...CLSID} = "CMenuExtender"

    \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

    -> {HKLM...CLSID} = "avast"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

    SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

    -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

    \InProcServer32\(Default) = "C:\ARQUIV~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

    Active Desktop and Wallpaper:

    -----------------------------

    Active Desktop is disabled at this entry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\

    "Wallpaper" = "C:\WINDOWS\BricoPack Wallpaper.bmp"

    Startup items in "Bernardo" & "All Users" startup folders:

    ----------------------------------------------------------

    C:\Documents and Settings\Bernardo\Menu Iniciar\Programas\Inicializar

    "Rainlendar" -> shortcut to: "C:\Arquivos de programas\Rainlendar\Rainlendar.exe" ["Rainy"]

    "Stardock ObjectDock" -> shortcut to: "C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe" ["Stardock"]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

    "Adobe Reader Speed Launch" -> shortcut to: "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

    "HP Digital Imaging Monitor" -> shortcut to: "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]

    "IEEE 802.11g USB Wireless LAN Utility" -> shortcut to: "C:\Arquivos de programas\Wireless LAN\WlanUtil.exe" [empty string]

    "Inicialização rápida do HP Image Zone" -> shortcut to: "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data]

    INFECTION WARNING! "system32.exe" [null data]

    Winsock2 Service Provider DLLs:

    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:

    ------------------------------------

    Toolbars

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\

    "{6932D140-ABC4-4073-A44C-D4A541665E35}" = "ImageShack Toolbar"

    -> {HKLM...CLSID} = "ImageShack Toolbar"

    \InProcServer32\(Default) = "C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll" ["ImageShack Corp."]

    Explorer Bars

    HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

    {FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = (no title provided)

    -> {HKLM...CLSID} = "&Pesquisar"

    \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\

    "ButtonText" = "Pesquisar"

    {B205A35E-1FC4-4CE3-818B-899DBBB3388C}\

    Miscellaneous IE Hijack Points

    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):

    [strings]: SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"

    [strings]: SAFESITE_VALUE="search.msn.com.br"

    Missing lines (compared with English-language version):

    [strings]: 2 lines

    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

    "{FD25557B-8FB5-3070-F22C-F9490EC71D99}" = "KeywordFinder"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "SysEntry.dll" [file not found]

    HOSTS file

    ----------

    C:\WINDOWS\System32\drivers\etc\HOSTS

    maps: 8524 domain names to IP addresses,

    8481 of the IP addresses are *not* localhost!

    Running Services (Display Name, Service Name, Path {Service DLL}):

    ------------------------------------------------------------------

    avast! Antivirus, avast! Antivirus, ""C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe"" [null data]

    avast! iAVS4 Control Service, aswUpdSv, ""C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

    avast! Web Scanner, avast! Web Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

    AVG7 Alert Manager Server, Avg7Alrt, "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]

    AVG7 Update Service, Avg7UpdSvc, "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]

    HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}

    iPodService, iPodService, "C:\Arquivos de programas\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]

    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

    Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]

    Print Monitors:

    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\

    HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]

    hpzlnt12\Driver = "hpzlnt12.dll" ["HP"]

    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

    ----------

    + This report excludes default entries except where indicated.

    + To see *everywhere* the script checks and *everything* it finds,

    launch it from a command prompt or a shortcut with the -all parameter.

    + The search for DESKTOP.INI DLL launch points on all local fixed drives

    took 28 seconds.

    + The search for all Registry CLSIDs containing dormant Explorer Bars

    took 9 seconds.

    ---------- (total run time: 63 seconds)

    ---------------------------------------------------------------------------

    Fixwareout ver 1.003

    Last edited 8/11/2006

    Post this report in the forums please

    Reg Entries that were deleted

    ...

    Random Runs removed from HKLM

    ...

    PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

    »»»»» Searching by size/names...

    »»»»»

    Search five digit cs, dm and jb files.

    This WILL/CAN also list Legit Files, Submit them at Virustotal

    Other suspects.

    Directory of C:\WINDOWS\system32

    {C6B316DB-4D0D-4252-9270-CE71D895918B}.exe

    {063126B8-6F87-4430-8788-B79019D2F143}.exe

    »»»»» Misc files.

    »»»»» Checking for older varients covered by the Rem3 tool.

    Se tiver alguma coisa errada me avise!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Mr. Coruj@    0

    jbbb, além de alguns problemas em seu log o seu DNS também foi alterado pela praga. Ao final da remoção, você precisará reconfigurá-lo para utilizar o DNS correto de seu provedor de acesso. Entre em contato com o suporte (via fone/e-mail) e solicite as instruções para reconfigurar o(s) endereço(s) manualmente. ""Nem sempre esta configuração é necessária.""

    @- Faça o download do(s) programa(s) relacionado(s) abaixo, mas não execute ainda.

    - Copie as instruções para o bloco de notas ou imprima!

    - Faça a descompactação do KillBox e reserve-o numa pasta ou em seu desktop;

    - Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em vermelho, selecionando-a e clicando com o botão direito do mouse -> copiar...

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\system32.exe

    C:\WINDOWS\system32\{C6B316DB-4D0D-4252-9270-CE71D895918B}.exe

    C:\WINDOWS\system32\{063126B8-6F87-4430-8788-B79019D2F143}.exe

    ...No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no X...killbox.png e responda Não à pergunta.

    @- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

    - Execute o HijackThis - Clique em Do a System Scan Only. Marque as caixinhas referentes à(s) entradas relacionadas abaixo em azul. Ao final da seleção, clique em Fix Checked... ht-fix.png

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

    R3 - URLSearchHook: (no name) - {FD25557B-8FB5-3070-F22C-F9490EC71D99} - SysEntry.dll (file missing)

    O4 - Global Startup: system32.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{2035BDEF-50E3-4E36-BEDF-79F38A976980}: NameServer = 85.255.113.205,85.255.112.66

    O17 - HKLM\System\CCS\Services\Tcpip\..\{5C72D102-E749-47AB-A656-E3FAEE3243E1}: NameServer = 85.255.113.205,85.255.112.66

    O17 - HKLM\System\CCS\Services\Tcpip\..\{B40A782D-63C7-4F69-BF45-9806A861C2F2}: NameServer = 85.255.113.205,85.255.112.66

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66

    - Quando você executar o hijack, se mais alguma entrada 017 aparecer com esses endereços, ex: NameServer = 85.255.113.205. Selecione-as e fixe-as também. Feche o hijack...

    - Já de posse dos números (IPs/DNS) dos servidores de seu provedor (que você solicitou ao suporte), faça as mudanças abaixo:

    @- Para reconfigurar o DNS:

    • Clique em Iniciar, Painel de controle, Conexões de rede e de Internet e em Conexões de rede.
    • Clique com o botão direito do mouse na conexão de rede a ser configurada e em Propriedades.
    • Na guia Geral (em uma conexão de rede local) ou na guia Rede (em todas as outras conexões), clique em Protocolo TCP/IP e em Propriedades.
    • Caso queira obter os endereços dos servidores DNS em um servidor DHCP, clique em Obter o endereço dos servidores DNS automaticamente
    • Clique em OK para finalizar esta sessão e vai para a próxima etapa (@-...). Caso contrário, continue com as instruções abaixo...
    • Desejando configurar manualmente os endereços dos servidores DNS, selecione Usar os seguintes endereços de servidor DNS.
    • Em Servidor DNS preferencial > digite: IP(1) (fornecido pelo suporte)
    • Em Servidor DNS alternativo > digite: IP(2) (fornecido pelo suporte)
    • clique em OK

    - Só para completar a informação do DNS... Alguns exemplos:

    Terra: DNS // Primário/Preferencial (IP(1)): 200.176.2.10 - Secundário/Alternativo (IP(2)): 200.176.2.12

    BrasilTelecom: DNS // Primário/Preferencial (IP(1)): 201.10.128.2 - Secundário/Alternativo (IP(2)): 201.10.120.3

    @- Reinicie em modo normal.

    - Execute a Ferramenta Silent - Aguarde..., e reserve o log.

    - Execute a Ferramenta Fixwareout. Localize a pasta de instalação do programa (...\fixwareout\) e execute o FixIt.BAT. Pressione qualquer tecla para continuar e aguarde. Aceite, quando for solicitado o reboot de seu computador. Se o seu sistema demorar para iniciar, não se preocupe. É normal.

    - Reserve o log: ...\fixwareout\report.txt.

    @- Copie outro log do Hijack (atualizado), report (...\fixwareout\report.txt), Silent e cole-os na sequência.

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    jbbb    0
  • Autor do tópico
  • Não tive tempo de reconfigurar o DNS Coruja, mas terça pretendo fazer isso.

    Analise por favor:

    Fixwareout ver 1.003

    Last edited 8/11/2006

    Post this report in the forums please

    Reg Entries that were deleted

    ...

    Random Runs removed from HKLM

    ...

    PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

    »»»»» Searching by size/names...

    »»»»»

    Search five digit cs, dm and jb files.

    This WILL/CAN also list Legit Files, Submit them at Virustotal

    Other suspects.

    Directory of C:\WINDOWS\system32

    »»»»» Misc files.

    »»»»» Checking for older varients covered by the Rem3 tool.

    "Silent Runners.vbs", revision 46, http://www.silentrunners.org/

    Operating System: Windows XP SP2

    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:

    ---------------------------------

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    "SpySweeper" = ""C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."]

    "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

    "NVIDIA nTune" = ""C:\Arquivos de programas\NVIDIA Corporation\nTune\\nTune.exe" clear" ["NVIDIA"]

    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

    "NeroCheck" = "C:\WINDOWS\system32\\NeroCheck.exe" ["Ahead Software Gmbh"]

    "BigDogPath" = "C:\WINDOWS\VM_STI.EXE VGA ZtkCam" ["VM."]

    "AVG7_EMC" = "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

    "AVG7_CC" = "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

    "avast!" = "C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

    "HP Software Update" = "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]

    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

    "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

    "iTunesHelper" = ""C:\Arquivos de programas\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]

    "QuickTime Task" = ""C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

    {C41A1C0E-EA6C-11D4-B1B8-444553540000}\(Default) = "G-Buster Browser Defense"

    -> {HKLM...CLSID} = "GbIehObj Class"

    \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"

    -> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo"

    \InProcServer32\(Default) = "deskpan.dll" [file not found]

    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

    -> {HKLM...CLSID} = "Portable Media Devices"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

    -> {HKLM...CLSID} = "Portable Media Devices Menu"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

    -> {HKLM...CLSID} = "AVG7 Find Extension Class"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

    "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"

    -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

    \InProcServer32\(Default) = "C:\ARQUIV~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"

    -> {HKLM...CLSID} = "GbPluginObj Class"

    \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]

    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

    -> {HKLM...CLSID} = "Microsoft Office Outlook"

    \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS]

    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

    -> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook"

    \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS]

    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll" [MS]

    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

    -> {HKLM...CLSID} = "avast"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

    -> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento"

    \InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]

    "{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS]

    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

    -> {HKLM...CLSID} = "DesktopContext Class"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

    -> {HKLM...CLSID} = "NVIDIA CPL Extension"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

    -> {HKLM...CLSID} = "Desktop Explorer"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

    -> {HKLM...CLSID} = "nView Desktop Context Menu"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

    "{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"

    -> {HKLM...CLSID} = "CMenuExtender"

    \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."]

    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

    -> {HKLM...CLSID} = "iTunes"

    \InProcServer32\(Default) = "C:\Arquivos de programas\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

    INFECTION WARNING! "{E37CB5F0-51F5-4395-A808-5FA49E399F83}" = "GbPlugin ShlObj"

    -> {HKLM...CLSID} = "GbPluginObj Class"

    \InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbieh.dll" ["Banco do Brasil"]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

    "System" = (value not set)

    HKLM\System\CurrentControlSet\Control\Session Manager\

    INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e SsiEfr.e" [file not found], [MS], [file not found], [file not found], [file not found]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

    INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

    INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]

    HKLM\Software\Classes\PROTOCOLS\Filter\

    INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\Arquivos de programas\Common\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

    -> {HKLM...CLSID} = "PDF Shell Extension"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

    -> {HKLM...CLSID} = "avast"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

    CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"

    -> {HKLM...CLSID} = "CMenuExtender"

    \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

    -> {HKLM...CLSID} = "avast"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"

    \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

    SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

    -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

    \InProcServer32\(Default) = "C:\ARQUIV~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

    Active Desktop and Wallpaper:

    -----------------------------

    Active Desktop is disabled at this entry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\

    "Wallpaper" = "C:\WINDOWS\BricoPack Wallpaper.bmp"

    Startup items in "Bernardo" & "All Users" startup folders:

    ----------------------------------------------------------

    C:\Documents and Settings\Bernardo\Menu Iniciar\Programas\Inicializar

    "Rainlendar" -> shortcut to: "C:\Arquivos de programas\Rainlendar\Rainlendar.exe" ["Rainy"]

    "Stardock ObjectDock" -> shortcut to: "C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe" ["Stardock"]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

    "Adobe Reader Speed Launch" -> shortcut to: "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

    "HP Digital Imaging Monitor" -> shortcut to: "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]

    "IEEE 802.11g USB Wireless LAN Utility" -> shortcut to: "C:\Arquivos de programas\Wireless LAN\WlanUtil.exe" [empty string]

    "Inicialização rápida do HP Image Zone" -> shortcut to: "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data]

    Winsock2 Service Provider DLLs:

    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:

    ------------------------------------

    Toolbars

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\

    "{6932D140-ABC4-4073-A44C-D4A541665E35}" = "ImageShack Toolbar"

    -> {HKLM...CLSID} = "ImageShack Toolbar"

    \InProcServer32\(Default) = "C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll" ["ImageShack Corp."]

    Explorer Bars

    HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

    {FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = (no title provided)

    -> {HKLM...CLSID} = "&Pesquisar"

    \InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\

    "ButtonText" = "Pesquisar"

    {B205A35E-1FC4-4CE3-818B-899DBBB3388C}\

    Miscellaneous IE Hijack Points

    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):

    [strings]: SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"

    [strings]: SAFESITE_VALUE="search.msn.com.br"

    Missing lines (compared with English-language version):

    [strings]: 2 lines

    HOSTS file

    ----------

    C:\WINDOWS\System32\drivers\etc\HOSTS

    maps: 8524 domain names to IP addresses,

    8481 of the IP addresses are *not* localhost!

    Running Services (Display Name, Service Name, Path {Service DLL}):

    ------------------------------------------------------------------

    avast! Antivirus, avast! Antivirus, ""C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe"" [null data]

    avast! iAVS4 Control Service, aswUpdSv, ""C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

    avast! Web Scanner, avast! Web Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

    AVG7 Alert Manager Server, Avg7Alrt, "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]

    AVG7 Update Service, Avg7UpdSvc, "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]

    HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}

    iPodService, iPodService, "C:\Arquivos de programas\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]

    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

    Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]

    Print Monitors:

    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\

    HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]

    hpzlnt12\Driver = "hpzlnt12.dll" ["HP"]

    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

    ----------

    + This report excludes default entries except where indicated.

    + To see *everywhere* the script checks and *everything* it finds,

    launch it from a command prompt or a shortcut with the -all parameter.

    + The search for DESKTOP.INI DLL launch points on all local fixed drives

    took 38 seconds.

    + The search for all Registry CLSIDs containing dormant Explorer Bars

    took 13 seconds.

    ---------- (total run time: 78 seconds)

    Logfile of HijackThis v1.99.1

    Scan saved at 17:34:29, on 27/8/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\VM_STI.EXE

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Arquivos de programas\Wireless LAN\WlanUtil.exe

    C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

    D:\firefox.exe

    C:\Documents and Settings\Bernardo\Desktop\virus\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll

    O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\\nTune.exe" clear

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

    O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VGA ZtkCam

    O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

    O4 - Startup: Rainlendar.lnk = C:\Arquivos de programas\Rainlendar\Rainlendar.exe

    O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Arquivos de programas\Wireless LAN\WlanUtil.exe

    O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003

    O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002

    O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000

    O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Arquivos de programas\Common\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O15 - Trusted Zone: http://toolbar.imageshack.us

    O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab

    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...708/mcfscan.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Common\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe (file missing)

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

    PS: Na hora que eu estava dando "check" nos quadrinhos do hijack this eu não encontrei isso aqui:

    O4 - Global Startup: system32.exe

    PS2: Como você aprendeu tanto sobre isso???

    valeu!!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Mr. Coruj@    0

    <div align="center">jbbb,

    Não tive tempo de reconfigurar o DNS Coruja, mas terça pretendo fazer isso.
    Não precisa. Se você conseguiu se conectar normalmente, não tem problema.
    PS: Na hora que eu estava dando "check" nos quadrinhos do hijack this eu não encontrei isso aqui:

    O4 - Global Startup: system32.exe

    Normal... foi removido com sucesso no procedimento anterior.
    PS2: Como você aprendeu tanto sobre isso???
    Um pouquinho aqui, ali... :) Agradeço pelas palavras. Estou aprendendo ainda.

    O seu log está LIMPO! Mais algum problema?

    Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.</div>

    <div align="center">Obrigado pelo retorno e um forte abraço!</div>

    <div align="center">buho8xs.gif</div>

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    jbbb    0
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 13:13:45, on 30/8/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\VM_STI.EXE

    C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Arquivos de programas\Wireless LAN\WlanUtil.exe

    C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    D:\firefox.exe

    C:\Arquivos de programas\Shareaza\Shareaza.exe

    C:\Documents and Settings\Bernardo\Desktop\virus\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll

    O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\\nTune.exe" clear

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

    O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VGA ZtkCam

    O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

    O4 - Startup: Rainlendar.lnk = C:\Arquivos de programas\Rainlendar\Rainlendar.exe

    O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Arquivos de programas\Wireless LAN\WlanUtil.exe

    O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003

    O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002

    O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000

    O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Arquivos de programas\Common\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O15 - Trusted Zone: http://toolbar.imageshack.us

    O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab

    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab

    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...708/mcfscan.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Common\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe (file missing)

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

    valeu!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Mr. Coruj@    0

    jbbb, pode ser que algum programa de proteção (Ativo) esteja lhe impedindo de mudá-la. Experimente desabilitar temporariamente o Spy Sweeper, ou mudar as configurações no programa. Poderá localizar a chave mencionada em:

    @- Clique em Iniciar // Executar // Digite: Regedit // OK

    Localize a chave abaixo:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

    Painel da direita:

    Default_Page_URL

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    jbbb    0
  • Autor do tópico
  • Era isso mesmo Mr Coruja!

    Muito obrigado.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    JoseMelo    64

    CASO RESOLVIDO!

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×