Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
m4theus

Online Security Guide/SecurityTroubleshooting|Como remover?

Recommended Posts

Olá,

Tenho em meu computador um malware(ou vírus num sei) que tem como nome "Online Security Guide" e "Security Troubleshooting", a todo momento abre um alerta que to infectado com vírus e uma propaganda de pornografia.

SS no Iniciar:

http://img143.imageshack.us/my.php?image=iniciarlv8.jpg

SS ao lado do Relógio:

http://img102.imageshack.us/my.php?image=a...dorelgiokl1.jpg

AVG Antispyware tirou o "Internet Security Add-on" e o "Internet Explorer Security Plugin 2006" do "Adicionar ou Remover Programas" mas mesmo assim continua uma barra no IE com o nome de "Protection Bar", não consegui remove-la.

LOG no HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 16:49:26, on 8/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\Video ActiveX Object\isamonitor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Print Screen Replacement\PrintScreenReplacement.exe

C:\Arquivos de programas\Video ActiveX Object\pmsngr.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\j2re1.4.2_03\bin\jusched.exe

C:\Arquivos de programas\Video ActiveX Object\pmmon.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Documents and Settings\Usuario\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)

O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Arquivos de programas\Video ActiveX Object\isaddon.dll

O2 - BHO: (no name) - {2810fba5-55ec-4bee-8263-0e2fa5883768} - C:\Arquivos de programas\QualityCodec\isaddon.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O2 - BHO: Password Organizer - {C3DEA25E-A515-4B65-8760-AEE03089F1CD} - C:\Arquivos de programas\Omniquad Total Security\PasswordOrganizer\SIPPwdOrg.dll (file missing)

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Arquivos de programas\UOL\Barra UOL\ubp.dll

O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Arquivos de programas\Video ActiveX Object\iesplugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [PasswordOrganizer] C:\Arquivos de programas\Omniquad Total Security\RunTimePwdOrg.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?df73629badc46a58e56fcd416abe4a

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?df73629badc46a58e56fcd416abe4a

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: Download with Go!Zilla - file://C:\Arquivos de programas\Go!Zilla\download-with-gozilla.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\newdotnet\newdotnet7_22.dll' missing

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab

O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{50B7E9C1-629B-4F62-9C1E-D72897E3B071}: NameServer = 200.149.55.142 200.165.132.155

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\msgrapp.8.0.0812.00.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\msgrapp.8.0.0812.00.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file)

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Print Screen Replacement (PrintScrnRepl) - Architronic Software - C:\Arquivos de programas\Print Screen Replacement\PrintScreenReplacement.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

Alguem sabe como remover??

MUITO OBRIGADO PELA ATENÇÃO!

:joia:

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do SmitFraudFix

  • Descompacte o arquivo em uma pasta própria, mas não o execute ainda.

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Entre na pasta do SmitFraudFix e execute o SmitfraudFix.cmd. Aperte a opção 2 e Enter.

  • Quando aparecer a mensagem "Do you want to clean the registry?" pressione y e Enter.

- Reinicie em modo normal, gere novo log e cole na sua resposta.

- Na sua resposta, cole também o log do SmitFraudFix, que estará no arquivo rapport.txt em C:\.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Quando reinicio em modo de segurança abre a tela inicial do Windows com as opções de Administrador e Matheus (EU), mas quando aperto em qualquer uma o Windows reinicia em modo normal.

    Tem como resolver isso ou outro modo pra fazer o log do SmitFraudFix?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Atualizei e fiz um full scan, já tinha ele no meu computador mas não uso faz muuuuito tempo.

    Ele achou 76 spywares acho, 1 ele perguntou se eu queria remover quando abrisse o Windows, eu marquei que sim, se referiu a um Video Activex, reiniciei o Windows e escaniei onde esta o tal Video Activex, ele removeu 3 coisas eu acho, quando abriu o Windows a pasta do Video Activex não existia mais, os botões que estavam no Iniciar continuaram mas sem os logotipos, consegui remove-los, a barra no IE também não existia mais.

    Até agora não recebi mais aquelas tão chatas propagandas de pornografia.

    Acho que finalmente me livrei desse vírus!!!

    Mesmo assim postarei o log do Adware abaixo.

    José Melo, MUITO OBRIGADO!! :D

    LOG do Ad-ware SE

    Ad-Aware SE Build 1.06r1

    Logfile Created on:domingo, 10 de dezembro de 2006 14:22:30

    Created with Ad-Aware SE Personal, free for private use.

    Using definitions file:SE1R137 06.12.2006

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    MRU List(TAC index:0):21 total references

    Tracking Cookie(TAC index:3):42 total references

    Win32.Trojandownloader.Zlob(TAC index:10):8 total references

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings

    ===========================

    Set : Search for negligible risk entries

    Set : Safe mode (always request confirmation)

    Set : Scan active processes

    Set : Scan registry

    Set : Deep-scan registry

    Set : Scan my IE Favorites for banned URLs

    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings

    ===========================

    Set : Unload recognized processes & modules during scan

    Set : Scan registry for all users instead of current user only

    Set : Always try to unload modules before deletion

    Set : During removal, unload Explorer and IE if necessary

    Set : Let Windows remove files in use at next reboot

    Set : Delete quarantined objects after restoring

    Set : Include basic Ad-Aware settings in log file

    Set : Include additional Ad-Aware settings in log file

    Set : Include reference summary in log file

    Set : Include alternate data stream details in log file

    Set : Play sound at scan completion if scan locates critical objects

    10-12-2006 14:22:30 - Scan started. (Full System Scan)

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\direct3d\mostrecentapplication

    Description : most recent application to use microsoft direct3d

    MRU List Object Recognized!

    Location: : software\microsoft\direct3d\mostrecentapplication

    Description : most recent application to use microsoft direct3d

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\direct3d\mostrecentapplication

    Description : most recent application to use microsoft direct X

    MRU List Object Recognized!

    Location: : software\microsoft\direct3d\mostrecentapplication

    Description : most recent application to use microsoft direct X

    MRU List Object Recognized!

    Location: : software\microsoft\directdraw\mostrecentapplication

    Description : most recent application to use microsoft directdraw

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\directinput\mostrecentapplication

    Description : most recent application to use microsoft directinput

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\directinput\mostrecentapplication

    Description : most recent application to use microsoft directinput

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\internet explorer

    Description : last download directory used in microsoft internet explorer

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\internet explorer\typedurls

    Description : list of recently entered addresses in microsoft internet explorer

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\mediaplayer\preferences

    Description : last playlist index loaded in microsoft windows media player

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\mediaplayer\preferences

    Description : last playlist loaded in microsoft windows media player

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\search assistant\acmru

    Description : list of recent search terms used with the search assistant

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\windows\currentversion\applets\paint\recent file list

    Description : list of files recently opened using microsoft paint

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\windows\currentversion\applets\regedit

    Description : last key accessed using the microsoft registry editor

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list

    Description : list of recent files opened using wordpad

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

    Description : list of recent programs opened

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

    Description : list of recently saved files, stored according to file extension

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\windows\currentversion\explorer\runmru

    Description : mru list for items opened in start | run

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\nico mak computing\winzip\filemenu

    Description : winzip recently used archives

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\microsoft\windows media\wmsdk\general

    Description : windows media sdk

    MRU List Object Recognized!

    Location: : S-1-5-21-602162358-2139871995-839522115-1003\software\winrar\dialogedithistory\extrpath

    Description : winrar "extract-to" history

    Listing running processes

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]

    FilePath : \SystemRoot\System32\

    ProcessID : 608

    ThreadCreationTime : 10-12-2006 16:02:59

    BasePriority : Normal

    #:2 [csrss.exe]

    FilePath : \??\C:\WINDOWS\system32\

    ProcessID : 780

    ThreadCreationTime : 10-12-2006 16:03:06

    BasePriority : Normal

    #:3 [winlogon.exe]

    FilePath : \??\C:\WINDOWS\system32\

    ProcessID : 836

    ThreadCreationTime : 10-12-2006 16:03:08

    BasePriority : High

    #:4 [services.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 956

    ThreadCreationTime : 10-12-2006 16:03:12

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Sistema operacional Microsoft® Windows®

    CompanyName : Microsoft Corporation

    FileDescription : Aplicativo de serviços e controle

    InternalName : services.exe

    LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

    OriginalFilename : services.exe

    #:5 [lsass.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 968

    ThreadCreationTime : 10-12-2006 16:03:12

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : LSA Shell (Export Version)

    InternalName : lsass.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : lsass.exe

    #:6 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1200

    ThreadCreationTime : 10-12-2006 16:03:17

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

    #:7 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1336

    ThreadCreationTime : 10-12-2006 16:03:21

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

    #:8 [svchost.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 1452

    ThreadCreationTime : 10-12-2006 16:03:22

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

    #:9 [incdsrv.exe]

    FilePath : C:\Arquivos de programas\Ahead\InCD\

    ProcessID : 1480

    ThreadCreationTime : 10-12-2006 16:03:22

    BasePriority : Normal

    FileVersion : 4, 3, 16, 1

    ProductVersion : 4, 3, 16, 1

    ProductName : Nero AG incdsrv

    CompanyName : Nero AG

    FileDescription : incdsrv

    InternalName : incdsrv

    LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.

    LegalTrademarks : InCD is a trademark of Nero AG

    OriginalFilename : incdsrv.exe

    #:10 [svchost.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 1716

    ThreadCreationTime : 10-12-2006 16:03:29

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

    #:11 [svchost.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 1832

    ThreadCreationTime : 10-12-2006 16:03:30

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

    #:12 [spoolsv.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1916

    ThreadCreationTime : 10-12-2006 16:03:31

    BasePriority : Normal

    FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

    ProductVersion : 5.1.2600.2696

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Spooler SubSystem App

    InternalName : spoolsv.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : spoolsv.exe

    #:13 [explorer.exe]

    FilePath : C:\WINDOWS\

    ProcessID : 2016

    ThreadCreationTime : 10-12-2006 16:03:31

    BasePriority : Normal

    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 6.00.2900.2180

    ProductName : Sistema operacional Microsoft® Windows®

    CompanyName : Microsoft Corporation

    FileDescription : Windows Explorer

    InternalName : explorer

    LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

    OriginalFilename : EXPLORER.EXE

    #:14 [guard.exe]

    FilePath : C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\

    ProcessID : 332

    ThreadCreationTime : 10-12-2006 16:03:33

    BasePriority : Normal

    FileVersion : 7, 5, 0, 47

    ProductVersion : 7, 5, 0, 47

    ProductName : AVG Anti-Spyware

    CompanyName : Anti-Malware Development a.s.

    FileDescription : AVG Anti-Spyware guard

    InternalName : AVG Anti-Spyware guard

    LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.

    OriginalFilename : guard.exe

    #:15 [avp.exe]

    FilePath : C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\

    ProcessID : 456

    ThreadCreationTime : 10-12-2006 16:03:35

    BasePriority : Normal

    FileVersion : 6.0.0.299

    ProductVersion : 6.0.0.299

    ProductName : Kaspersky Anti-Virus

    CompanyName : Kaspersky Lab

    FileDescription : Kaspersky Anti-Virus

    InternalName : AVP

    LegalCopyright : Copyright © Kaspersky Lab 1996-2006.

    LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.

    OriginalFilename : AVP.EXE

    #:16 [nvsvc32.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 592

    ThreadCreationTime : 10-12-2006 16:03:37

    BasePriority : Normal

    FileVersion : 6.14.10.6085

    ProductVersion : 6.14.10.6085

    ProductName : NVIDIA Driver Helper Service, Version 60.85

    CompanyName : NVIDIA Corporation

    FileDescription : NVIDIA Driver Helper Service, Version 60.85

    InternalName : NVSVC

    LegalCopyright : © NVIDIA Corporation. All rights reserved.

    OriginalFilename : nvsvc32.exe

    #:17 [printscreenreplacement.exe]

    FilePath : C:\Arquivos de programas\Print Screen Replacement\

    ProcessID : 644

    ThreadCreationTime : 10-12-2006 16:03:38

    BasePriority : Normal

    FileVersion : 1.0.0.3

    ProductVersion : 1.0.0.3

    ProductName : Print Screen Replacement

    CompanyName : Architronic Software

    FileDescription : Add extra features to Print Screen button

    InternalName : Print Screen Replacement

    LegalCopyright : Architronic Software © 2005 (asdev.dk)

    OriginalFilename : PrintScreenReplacement.exe

    #:18 [svchost.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 728

    ThreadCreationTime : 10-12-2006 16:03:40

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

    #:19 [wdfmgr.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 748

    ThreadCreationTime : 10-12-2006 16:03:40

    BasePriority : Normal

    FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

    ProductVersion : 5.2.3790.1230

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Windows User Mode Driver Manager

    InternalName : WdfMgr

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : WdfMgr.exe

    #:20 [tsvncache.exe]

    FilePath : C:\Arquivos de programas\TortoiseSVN\bin\

    ProcessID : 340

    ThreadCreationTime : 10-12-2006 16:04:03

    BasePriority : Normal

    FileVersion : 1, 4, 0, 7501

    ProductVersion : 1, 4, 0, 7501

    ProductName : TortoiseSVN

    CompanyName : www.tortoisesvn.org

    FileDescription : TortoiseSVN status cache

    InternalName : TSVNCache.exe

    LegalCopyright : Copyright © 2003

    OriginalFilename : TSVNCache.exe

    #:21 [isamonitor.exe]

    FilePath : C:\Arquivos de programas\Video ActiveX Object\

    ProcessID : 416

    ThreadCreationTime : 10-12-2006 16:04:09

    BasePriority : Normal

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : Process

    Data : isamonitor.exe

    TAC Rating : 10

    Category : Malware

    Comment : isamonitor.exe.dmp

    Object : C:\Arquivos de programas\Video ActiveX Object\

    Warning! Win32.Trojandownloader.Zlob Object found in memory(C:\Arquivos de programas\Video ActiveX Object\isamonitor.exe)

    "C:\Arquivos de programas\Video ActiveX Object\isamonitor.exe"Process terminated successfully

    "C:\Arquivos de programas\Video ActiveX Object\isamonitor.exe"Process terminated successfully

    #:22 [pmsngr.exe]

    FilePath : C:\Arquivos de programas\Video ActiveX Object\

    ProcessID : 868

    ThreadCreationTime : 10-12-2006 16:04:11

    BasePriority : Normal

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : Process

    Data : pmsngr.exe

    TAC Rating : 10

    Category : Malware

    Comment : pmsngr.exe.dmp

    Object : C:\Arquivos de programas\Video ActiveX Object\

    Warning! Win32.Trojandownloader.Zlob Object found in memory(C:\Arquivos de programas\Video ActiveX Object\pmsngr.exe)

    "C:\Arquivos de programas\Video ActiveX Object\pmsngr.exe"Process terminated successfully

    "C:\Arquivos de programas\Video ActiveX Object\pmsngr.exe"Process terminated successfully

    #:23 [jusched.exe]

    FilePath : C:\Arquivos de programas\Java\j2re1.4.2_03\bin\

    ProcessID : 1072

    ThreadCreationTime : 10-12-2006 16:04:12

    BasePriority : Normal

    #:24 [avp.exe]

    FilePath : C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\

    ProcessID : 1372

    ThreadCreationTime : 10-12-2006 16:04:15

    BasePriority : Normal

    FileVersion : 6.0.0.299

    ProductVersion : 6.0.0.299

    ProductName : Kaspersky Anti-Virus

    CompanyName : Kaspersky Lab

    FileDescription : Kaspersky Anti-Virus

    InternalName : AVP

    LegalCopyright : Copyright © Kaspersky Lab 1996-2006.

    LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.

    OriginalFilename : AVP.EXE

    #:25 [pmmon.exe]

    FilePath : C:\Arquivos de programas\Video ActiveX Object\

    ProcessID : 1540

    ThreadCreationTime : 10-12-2006 16:04:16

    BasePriority : Normal

    #:26 [ctfmon.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1300

    ThreadCreationTime : 10-12-2006 16:04:16

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : CTF Loader

    InternalName : CTFMON

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : CTFMON.EXE

    #:27 [isamini.exe]

    FilePath : C:\Arquivos de programas\Video ActiveX Object\

    ProcessID : 1588

    ThreadCreationTime : 10-12-2006 16:04:17

    BasePriority : Normal

    #:28 [alg.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 2432

    ThreadCreationTime : 10-12-2006 16:04:48

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Application Layer Gateway Service

    InternalName : ALG.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : ALG.exe

    #:29 [firefox.exe]

    FilePath : C:\Arquivos de programas\Mozilla Firefox\

    ProcessID : 2832

    ThreadCreationTime : 10-12-2006 16:09:23

    BasePriority : Normal

    #:30 [ad-aware.exe]

    FilePath : C:\Arquivos de programas\Lavasoft\Ad-Aware SE Personal\

    ProcessID : 3300

    ThreadCreationTime : 10-12-2006 16:21:04

    BasePriority : Normal

    FileVersion : 6.2.0.236

    ProductVersion : SE 106

    ProductName : Lavasoft Ad-Aware SE

    CompanyName : Lavasoft Sweden

    FileDescription : Ad-Aware SE Core application

    InternalName : Ad-Aware.exe

    LegalCopyright : Copyright © Lavasoft AB Sweden

    OriginalFilename : Ad-Aware.exe

    Comments : All Rights Reserved

    Memory scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 2

    Objects found so far: 23

    Started registry scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_CLASSES_ROOT

    Object : clsid\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}

    Registry Scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 1

    Objects found so far: 24

    Started deep registry scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}

    Deep registry scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 1

    Objects found so far: 25

    Started Tracking Cookie scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@counter9.sextracker[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:1

    Value : Cookie:usuario@counter9.sextracker.com/

    Expires : 20-10-2006 11:28:36

    LastSync : Hits:1

    UseCount : 0

    Hits : 1

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@qksrv[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:2

    Value : Cookie:usuario@qksrv.net/

    Expires : 18-10-2011 17:41:16

    LastSync : Hits:2

    UseCount : 0

    Hits : 2

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@revsci[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:29

    Value : Cookie:usuario@revsci.net/

    Expires : 17-10-2026 20:18:06

    LastSync : Hits:29

    UseCount : 0

    Hits : 29

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@msnportal.112.2o7[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:5

    Value : Cookie:usuario@msnportal.112.2o7.net/

    Expires : 5-9-2011 16:45:18

    LastSync : Hits:5

    UseCount : 0

    Hits : 5

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@tribalfusion[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:1

    Value : Cookie:usuario@tribalfusion.com/

    Expires : 31-12-2037 22:00:00

    LastSync : Hits:1

    UseCount : 0

    Hits : 1

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@casalemedia[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:6

    Value : Cookie:usuario@casalemedia.com/

    Expires : 13-10-2007 14:00:56

    LastSync : Hits:6

    UseCount : 0

    Hits : 6

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@adserver.filefront[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:20

    Value : Cookie:usuario@adserver.filefront.com/

    Expires : 24-11-2007 11:10:48

    LastSync : Hits:20

    UseCount : 0

    Hits : 20

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@bravenet[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:2

    Value : Cookie:usuario@bravenet.com/

    Expires : 21-11-2006 01:22:06

    LastSync : Hits:2

    UseCount : 0

    Hits : 2

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@trafficmp[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:13

    Value : Cookie:usuario@trafficmp.com/

    Expires : 22-10-2007 18:46:34

    LastSync : Hits:13

    UseCount : 0

    Hits : 13

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@hitbox[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:13

    Value : Cookie:usuario@hitbox.com/

    Expires : 27-11-2007 12:18:56

    LastSync : Hits:13

    UseCount : 0

    Hits : 13

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@bigpond.122.2o7[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:1

    Value : Cookie:usuario@bigpond.122.2o7.net/

    Expires : 28-4-2011 20:48:16

    LastSync : Hits:1

    UseCount : 0

    Hits : 1

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@gmlabr.112.2o7[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:1

    Value : Cookie:usuario@gmlabr.112.2o7.net/

    Expires : 13-5-2011 01:27:58

    LastSync : Hits:1

    UseCount : 0

    Hits : 1

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@landing.domainsponsor[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:5

    Value : Cookie:usuario@landing.domainsponsor.com/

    Expires : 21-10-2008 18:00:48

    LastSync : Hits:5

    UseCount : 0

    Hits : 5

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@microsoftwga.112.2o7[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:5

    Value : Cookie:usuario@microsoftwga.112.2o7.net/

    Expires : 19-5-2011 19:27:22

    LastSync : Hits:5

    UseCount : 0

    Hits : 5

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@sextracker[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:1

    Value : Cookie:usuario@sextracker.com/

    Expires : 20-10-2006 18:28:36

    LastSync : Hits:1

    UseCount : 0

    Hits : 1

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@stat.onestat[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:2

    Value : Cookie:usuario@stat.onestat.com/

    Expires : 21-10-2016 22:00:00

    LastSync : Hits:2

    UseCount : 0

    Hits : 2

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@doubleclick[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:3

    Value : Cookie:usuario@doubleclick.net/

    Expires : 23-11-2009 11:09:30

    LastSync : Hits:3

    UseCount : 0

    Hits : 3

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@atdmt[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:34

    Value : Cookie:usuario@atdmt.com/

    Expires : 10-11-2011 22:00:00

    LastSync : Hits:34

    UseCount : 0

    Hits : 34

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@serving-sys[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:62

    Value : Cookie:usuario@serving-sys.com/

    Expires : 31-12-2037 20:00:00

    LastSync : Hits:62

    UseCount : 0

    Hits : 62

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@ads.pointroll[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:13

    Value : Cookie:usuario@ads.pointroll.com/

    Expires : 31-12-2009 22:00:00

    LastSync : Hits:13

    UseCount : 0

    Hits : 13

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@msninvite.112.2o7[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:2

    Value : Cookie:usuario@msninvite.112.2o7.net/

    Expires : 17-5-2011 20:08:34

    LastSync : Hits:2

    UseCount : 0

    Hits : 2

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@statse.webtrendslive[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:2

    Value : Cookie:usuario@statse.webtrendslive.com/

    Expires : 16-10-2016 19:11:32

    LastSync : Hits:2

    UseCount : 0

    Hits : 2

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@statcounter[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:7

    Value : Cookie:usuario@statcounter.com/

    Expires : 1-11-2011 15:10:40

    LastSync : Hits:7

    UseCount : 0

    Hits : 7

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@list[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:3

    Value : Cookie:usuario@list.ru/

    Expires : 17-1-2007 17:41:52

    LastSync : Hits:3

    UseCount : 0

    Hits : 3

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@realmedia[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:6

    Value : Cookie:usuario@realmedia.com/

    Expires : 31-12-2020 22:00:00

    LastSync : Hits:6

    UseCount : 0

    Hits : 6

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@rambler[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:1

    Value : Cookie:usuario@rambler.ru/

    Expires : 16-10-2016 17:41:42

    LastSync : Hits:1

    UseCount : 0

    Hits : 1

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@fl01.ct2.comclick[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:9

    Value : Cookie:usuario@fl01.ct2.comclick.com/

    Expires : 9-1-2029 22:00:00

    LastSync : Hits:9

    UseCount : 0

    Hits : 9

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@mediaplex[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:3

    Value : Cookie:usuario@mediaplex.com/

    Expires : 21-6-2009 22:00:00

    LastSync : Hits:3

    UseCount : 0

    Hits : 3

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@overture[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:3

    Value : Cookie:usuario@overture.com/

    Expires : 19-10-2016 15:51:48

    LastSync : Hits:3

    UseCount : 0

    Hits : 3

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@apmebf[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:2

    Value : Cookie:usuario@apmebf.com/

    Expires : 18-10-2011 17:41:14

    LastSync : Hits:2

    UseCount : 0

    Hits : 2

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@ehg-youtube.hitbox[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:10

    Value : Cookie:usuario@ehg-youtube.hitbox.com/

    Expires : 19-10-2007 22:54:08

    LastSync : Hits:10

    UseCount : 0

    Hits : 10

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@cs.sexcounter[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:2

    Value : Cookie:usuario@cs.sexcounter.com/

    Expires : 12-5-2024 16:07:28

    LastSync : Hits:2

    UseCount : 0

    Hits : 2

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@media.fastclick[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:1

    Value : Cookie:usuario@media.fastclick.net/

    Expires : 24-11-2006 12:13:00

    LastSync : Hits:1

    UseCount : 0

    Hits : 1

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@bs.serving-sys[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:3

    Value : Cookie:usuario@bs.serving-sys.com/

    Expires : 31-12-2037 20:00:00

    LastSync : Hits:3

    UseCount : 0

    Hits : 3

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@as-eu.falkag[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:6

    Value : Cookie:usuario@as-eu.falkag.net/

    Expires : 21-11-2006 12:53:52

    LastSync : Hits:6

    UseCount : 0

    Hits : 6

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@2o7[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:4

    Value : Cookie:usuario@2o7.net/

    Expires : 23-11-2011 11:10:46

    LastSync : Hits:4

    UseCount : 0

    Hits : 4

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@revenue[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:10

    Value : Cookie:usuario@revenue.net/

    Expires : 10-6-2022 03:05:42

    LastSync : Hits:10

    UseCount : 0

    Hits : 10

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@fastclick[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:2

    Value : Cookie:usuario@fastclick.net/

    Expires : 23-11-2008 11:09:26

    LastSync : Hits:2

    UseCount : 0

    Hits : 2

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@ehg-nokiafin.hitbox[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:6

    Value : Cookie:usuario@ehg-nokiafin.hitbox.com/

    Expires : 27-11-2007 12:18:56

    LastSync : Hits:6

    UseCount : 0

    Hits : 6

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@paycounter[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:5

    Value : Cookie:usuario@paycounter.com/

    Expires : 24-11-2006 20:06:32

    LastSync : Hits:5

    UseCount : 0

    Hits : 5

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@edge.ru4[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:8

    Value : Cookie:usuario@edge.ru4.com/

    Expires : 5-11-2036 16:21:42

    LastSync : Hits:8

    UseCount : 0

    Hits : 8

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : usuario@ehg-nikoninc.hitbox[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:2

    Value : Cookie:usuario@ehg-nikoninc.hitbox.com/

    Expires : 18-10-2007 17:04:58

    LastSync : Hits:2

    UseCount : 0

    Hits : 2

    Tracking cookie scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 42

    Objects found so far: 67

    Deep scanning and examining files (C:)

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 67

    Scanning Hosts file......

    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    1 entries scanned.

    New critical objects:0

    Objects found so far: 67

    Performing conditional scans...

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : Regkey

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_CURRENT_USER

    Object : software\internet security

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : RegValue

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_CURRENT_USER

    Object : software\internet security

    Value : 65007

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : RegValue

    Data :

    TAC Rating : 10

    Category : Malware

    Comment :

    Rootkey : HKEY_LOCAL_MACHINE

    Object : system\currentcontrolset\services\tcpip\parameters

    Value : NameServer

    Win32.Trojandownloader.Zlob Object Recognized!

    Type : Folder

    TAC Rating : 10

    Category : Malware

    Comment : Win32.Trojandownloader.Zlob

    Object : C:\Arquivos de programas\Video ActiveX Object

    Conditional scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 4

    Objects found so far: 71

    15:02:03 Scan Complete

    Summary Of This Scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Total scanning time:00:39:33.78

    Objects scanned:274619

    Objects identified:50

    Objects ignored:0

    New critical objects:50

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 20:23:48, on 10/12/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

    C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

    C:\Arquivos de programas\Java\j2re1.4.2_03\bin\jusched.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Arquivos de programas\Print Screen Replacement\PrintScreenReplacement.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Arquivos de programas\DAP\DAP.EXE

    C:\Documents and Settings\Usuario\Meus documentos\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)

    O2 - BHO: (no name) - {2810fba5-55ec-4bee-8263-0e2fa5883768} - C:\Arquivos de programas\QualityCodec\isaddon.dll (file missing)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

    O2 - BHO: Password Organizer - {C3DEA25E-A515-4B65-8760-AEE03089F1CD} - C:\Arquivos de programas\Omniquad Total Security\PasswordOrganizer\SIPPwdOrg.dll (file missing)

    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll

    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

    O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Arquivos de programas\UOL\Barra UOL\ubp.dll

    O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Arquivos de programas\Video ActiveX Object\iesplugin.dll (file missing)

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\j2re1.4.2_03\bin\jusched.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

    O4 - HKLM\..\Run: [PasswordOrganizer] C:\Arquivos de programas\Omniquad Total Security\RunTimePwdOrg.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

    O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm

    O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?df73629badc46a58e56fcd416abe4a

    O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?df73629badc46a58e56fcd416abe4a

    O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

    O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

    O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Arquivos de programas\Go!Zilla\download-with-gozilla.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

    O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\newdotnet\newdotnet7_22.dll' missing

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab

    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{50B7E9C1-629B-4F62-9C1E-D72897E3B071}: NameServer = 200.149.55.142 200.165.132.155

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\msgrapp.8.0.0812.00.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\msgrapp.8.0.0812.00.dll

    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

    O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

    O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file)

    O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Print Screen Replacement (PrintScrnRepl) - Architronic Software - C:\Arquivos de programas\Print Screen Replacement\PrintScreenReplacement.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

    B)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Abra o HijackThis, clique em Do a system scan only e marque a entrada abaixo:

    O2 - BHO: (no name) - {2810fba5-55ec-4bee-8263-0e2fa5883768} - C:\Arquivos de programas\QualityCodec\isaddon.dll (file missing)

    - Feche todas as janelas, clique em ht-fix.png e em Sim;

    - No mais o log está limpo :)

    - Apague a pasta backups que está em C:\Documents and Settings\Usuario\Meus documentos\HijackThis;

    - Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

    • Abra o programa e clique em Executar Cleaner;
    • Após isto, clique em Erros > Procurar erros > Corrigir Erros

    - Desative e ative novamente a Restauração do Sistema

    - Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções;

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 21:21:25, on 10/12/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

    C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

    C:\Arquivos de programas\Java\j2re1.4.2_03\bin\jusched.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Arquivos de programas\Print Screen Replacement\PrintScreenReplacement.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\Usuario\Meus documentos\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

    O2 - BHO: Password Organizer - {C3DEA25E-A515-4B65-8760-AEE03089F1CD} - C:\Arquivos de programas\Omniquad Total Security\PasswordOrganizer\SIPPwdOrg.dll (file missing)

    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll

    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

    O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Arquivos de programas\UOL\Barra UOL\ubp.dll

    O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Arquivos de programas\Video ActiveX Object\iesplugin.dll (file missing)

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\j2re1.4.2_03\bin\jusched.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

    O4 - HKLM\..\Run: [PasswordOrganizer] C:\Arquivos de programas\Omniquad Total Security\RunTimePwdOrg.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

    O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm

    O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?df73629badc46a58e56fcd416abe4a

    O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?df73629badc46a58e56fcd416abe4a

    O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

    O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

    O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Arquivos de programas\Go!Zilla\download-with-gozilla.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

    O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\newdotnet\newdotnet7_22.dll' missing

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab

    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{50B7E9C1-629B-4F62-9C1E-D72897E3B071}: NameServer = 200.149.55.142 200.165.132.155

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\msgrapp.8.0.0812.00.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\msgrapp.8.0.0812.00.dll

    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

    O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

    O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file)

    O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Print Screen Replacement (PrintScrnRepl) - Architronic Software - C:\Arquivos de programas\Print Screen Replacement\PrintScreenReplacement.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

    OK

    Agora, é para Desativar e em seguida Ativar a Restauração do sistema

    ou

    Desativar, limpar os Arquivos Temporários e Ativar a Restauração do Sistema?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Limpe os arquivos temporários, desative e ative novamente a restauração do sistema.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 01:52:09, on 11/12/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

    C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Arquivos de programas\Eset\nod32krn.exe

    C:\Arquivos de programas\Java\j2re1.4.2_03\bin\jusched.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Arquivos de programas\Print Screen Replacement\PrintScreenReplacement.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Eset\nod32kui.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Documents and Settings\Usuario\Meus documentos\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

    O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

    O2 - BHO: (no name) - {C3DEA25E-A515-4B65-8760-AEE03089F1CD} - (no file)

    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll

    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

    O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Arquivos de programas\UOL\Barra UOL\ubp.dll

    O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

    O3 - Toolbar: (no name) - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - (no file)

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\j2re1.4.2_03\bin\jusched.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

    O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm

    O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?df73629badc46a58e56fcd416abe4a

    O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?df73629badc46a58e56fcd416abe4a

    O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

    O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

    O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Arquivos de programas\Go!Zilla\download-with-gozilla.html

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\newdotnet\newdotnet7_22.dll' missing

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab

    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{50B7E9C1-629B-4F62-9C1E-D72897E3B071}: NameServer = 200.149.55.142 200.165.132.155

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\msgrapp.8.0.0812.00.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\msgrapp.8.0.0812.00.dll

    O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

    O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - (no file)

    O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Print Screen Replacement (PrintScrnRepl) - Architronic Software - C:\Arquivos de programas\Print Screen Replacement\PrintScreenReplacement.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

    OK, fiz tudo.

    OBS: Troquei meu Anti-Vírus para NOD32 (Kaspersky é muito pesado, apesar de ser o melhor), está tudo ok no log?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    CASO RESOLVIDO!

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×