Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
lucasafr

Malware?! Analisem meu log...

Recommended Posts

Acho que estou com algum "Dialer"...

Meu log do HiJackThis:

Logfile of HijackThis v1.99.1

Scan saved at 10:15:08, on 02/07/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\PowerS.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\User\Meus documentos\Pessoal\Virus\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tj.sc.gov.br/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132047

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://buenasnoches.flogbrasil.terra.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SWL IE Plugin - {1E1B2879-88FA-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\SWPR\web.dll (file missing)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll (file missing)

O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [aaosvyiycj] C:\WINDOWS\System32\odjoikdx.exe

O4 - HKLM\..\Run: [bullsEye Network] C:\Arquivos de programas\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [nvsvca32] C:\WINDOWS\nvsvca32.exe

O4 - HKLM\..\Run: [clfmon] C:\WINDOWS\clfmon.exe

O4 - HKLM\..\Run: [sbbBRnvsvca32.exe] C:\WINDOWS\SbbBRnvsvca32.exe

O4 - HKLM\..\Run: [VAYJanvsvca32.exe] C:\WINDOWS\VAYJanvsvca32.exe

O4 - HKLM\..\Run: [wLlYMnvsvca32.exe] C:\WINDOWS\wLlYMnvsvca32.exe

O4 - HKLM\..\Run: [DVlIhclfmon.exe] C:\WINDOWS\DVlIhclfmon.exe

O4 - HKLM\..\Run: [MSgbKclfmon.exe] C:\WINDOWS\MSgbKclfmon.exe

O4 - HKLM\..\Run: [eIDacclfmon.exe] C:\WINDOWS\eIDacclfmon.exe

O4 - HKLM\..\Run: [GgnqQclfmon.exe] C:\WINDOWS\GgnqQclfmon.exe

O4 - HKLM\..\Run: [dSVFhnvsvca32.exe] C:\WINDOWS\dSVFhnvsvca32.exe

O4 - HKLM\..\Run: [vjyHwclfmon.exe] C:\WINDOWS\vjyHwclfmon.exe

O4 - HKLM\..\Run: [svcH0st] C:\WINDOWS\svchst.exe /i

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sGL] C:\Arquivos de programas\Fábrica de Bits\mysql\bin\mysqld.exe --skip-grant-tables --skip-innodb

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O8 - Extra context menu item: Abrir com o GetRight Browser - C:\ARQUIV~1\GetRight\GRbrowse.htm

O8 - Extra context menu item: Download com o GetRight - C:\ARQUIV~1\GetRight\GRdownload.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do SDFix:

http://linhadefensiva.uol.com.br/dl/sdfix

Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix)

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

  1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
  2. Tecle Y para que a ferramenta inicie o processo de remoção
  3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
  4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
  5. Uma janela com o relatório do SDFix irá aparecer.
  6. Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Opa, acho que deu certo...

    Segue o relatório do SDFix:

    SDFix: Version 1.89

    Run by User on 03/07/2007 at 10:06

    Microsoft Windows XP [versÆo 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:

    Checking Services:

    Restoring Windows Registry Values

    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:

    Checking Files:

    Below files will be copied to Backups folder then removed:

    C:\WINDOWS\ubenyr.exe.tmp - Deleted

    C:\WINDOWS\Temp\win11D3.tmp.exe - Deleted

    C:\WINDOWS\Temp\win18E8.tmp.exe - Deleted

    C:\WINDOWS\Temp\win18E9.tmp.exe - Deleted

    C:\WINDOWS\Temp\win18EA.tmp.exe - Deleted

    C:\WINDOWS\Temp\win18EB.tmp.exe - Deleted

    C:\WINDOWS\Temp\win1900.tmp.exe - Deleted

    C:\WINDOWS\Temp\win510.tmp.exe - Deleted

    C:\WINDOWS\Temp\win77C.tmp.exe - Deleted

    C:\WINDOWS\Temp\win11D3.tmp.exe - Deleted

    C:\WINDOWS\Temp\win18E8.tmp.exe - Deleted

    C:\WINDOWS\Temp\win18E9.tmp.exe - Deleted

    C:\WINDOWS\Temp\win18EA.tmp.exe - Deleted

    C:\WINDOWS\Temp\win18EB.tmp.exe - Deleted

    C:\WINDOWS\Temp\win1900.tmp.exe - Deleted

    C:\WINDOWS\Temp\win510.tmp.exe - Deleted

    C:\WINDOWS\Temp\win77C.tmp.exe - Deleted

    C:\Documents and Settings\User\Dados de aplicativos\Install.dat - Deleted

    C:\WINDOWS\system32\svcp.csv - Deleted

    C:\WINDOWS\system32\winsub.xml - Deleted

    C:\WINDOWS\Temp\$_2341234.TMP - Deleted

    Removing Temp Files...

    ADS Check:

    Checking C:\WINDOWS

    C:\WINDOWS

    No streams found.

    Checking C:\WINDOWS\system32

    C:\WINDOWS\system32

    No streams found.

    Checking C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    No streams found.

    Checking C:\WINDOWS\system32\ntoskrnl.exe

    C:\WINDOWS\system32\ntoskrnl.exe

    No streams found.

    Final Check:

    Remaining Services:

    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:

    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Documents and Settings\User\Ambiente de rede\amorim em www.professoramorim.com.br\Desktop.ini

    C:\Documents and Settings\User\Ambiente de rede\modelos em www.exner.com.br\Desktop.ini

    C:\Arquivos de programas\180Solutions\FLEOK\ncmyb.dll.tmp

    C:\Arquivos de programas\180Solutions\FLEOK\ncmyb.dll.tmp

    C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL0003.tmp

    C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL0004.tmp

    C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL0005.tmp

    C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL1911.tmp

    C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL1963.tmp

    C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL2033.tmp

    C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL2079.tmp

    C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL2584.tmp

    C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL3616.tmp

    C:\Documents and Settings\User\Dados de aplicativos\Microsoft\Word\~WRL3856.tmp

    C:\Documents and Settings\User\Desktop\Fortuna Rodrigues Advocacia\C¡vel\Doutrina\Manual de Procedimento - TJSC\~WRL2364.tmp

    C:\Documents and Settings\User\Meus documentos\Pessoal\Monografia\Leis\~WRL0036.tmp

    C:\Documents and Settings\User\Meus documentos\Pessoal\Monografia\Leis\~WRL2446.tmp

    C:\WINDOWS\LastGood.Tmp\INF\oem3.inf

    C:\WINDOWS\LastGood.Tmp\INF\oem3.PNF

    C:\Arquivos de programas\eMule\Incoming\32bit Convert It v9.76.01 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\3D Webmaker v2.0 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Aare AVI to VCD DVD SVCD MPEG Converter v6.1 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\ABC 4' KIDS Workshop v1.0 by ViRiLiTY serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\AbsoluteFTP v2.2.3 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\AceFTP 3 Pro v3.61.0 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Advanced GIF Animator v2.2 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Ahead Nero Burning Rom Enterprise Edition v5.5.10.42 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Air and Space Scenic Reflections Screen Saver v1.0 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Alcohol 120% v1.9.2.1705 by YAG serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Apple QuickTime Pro v6.5.2 German by CORE serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Ashampoo AudioCD Mp3 studio serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Avast Professional Edition v4.0.202 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\AVG6 Professional v6.0.732 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\AVI-MPEG-ASF-WMV Splitter v3.22 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Avs video converter serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\BeFaster v2.73 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Bookworm serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\CacheSaver v1.0.1 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\CAKEWALK MUSIC CRETOR PRO 2004 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Cantax T1Plus with EFILE v2.1.303.106a serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\City Select MapSource European serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Codename Panzers Phase One German serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Cold Fusion MX Enterprise v6.0 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Command & Conquer Generƒýle - Die Stunde Null v1.0 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Corel Draw 9 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Criando Home Sites serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Cruciver v4.24 French serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\CSS Quick Backup v2.0.1201 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Cumberland Family Tree 32bit v2.23 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Cyclone Screensaver Maker v2.02 Standard serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\DFX for Windows Media Player v6.1 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\DFX v5.10 for Winamp serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Doom3 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\DVD-Lab v1.3 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\EZ IE Backup Pro v2.0 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\FlashCapture v1.53 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\fMSX Plus v1.5.x serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Font Reserve serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\FullShot v8.2 Enterprise Edition serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Gear 4 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\GraphicConverter v5.4 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Home Plan Professional v4.3.10 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Image Wrangler v1.0 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\ImTOO MPEG Encoder v2.1.x serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Incredimail LetterCreator serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Macromedia Flash MX v6.0 Unlimited License serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Mah Jong Adventures GameHouse serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Matlab Complete (Addons) v6 0 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Mgs Karting v1.90 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Microsoft Office OneNote 2003 Beta2 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Mortgage Matrix Calculator v3.0 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Mozzle Pro v3.01 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\MS Exchange Server 2003 Enterprise serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\NetDL v1 0 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Office XP Proffessional serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Picasa v1.5.1 build v4.41 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Pinnacle Studio v9.0.0 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\PKZip Server v8.10.0037 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Power DVD Pro 6 v2.55 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Quest Spotlight on Active Directory v4 0 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Quickoffice Premier v2 0 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\QuickTime Pro v7.0.2.120 for Windows - Final serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Readbook v1.51 by Astek serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\REALbasic v5.5.3 Professional serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Secure Communicator v4.0 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Senha PowerBuilder v7 0 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\SereneEscreen Marine Aquarium v2.0 BY FELIPOLLO serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\SilverStream Single Developer Pack v2.53 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Slots of Trivia serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Smart Video Converter v1.59 by iPA serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Soldiers Heroes of World War II serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Sonic Foundry Acid Pro v4.0d Build 392 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\SpeederXP v1.60 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\SPSS serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Super Jigsaw Great Art serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\swishpix serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Tavrida WebSite Editor v3.0.r4066 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Unreal Tournament 2004 deviance serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Visiosonic PCDJ Red serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Vulcan FinanceCalc 97 v1.10 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Warcraft III regin of chaos original cd key for batlle net serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Windows XP Professional 5 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Windows XP SP2 Professional Edition Corporate serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\WindowsLonghorn 4074 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\WinDVD Tweaker Pro v4.35 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\WinDVD v5.1 serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\Winproxy v5.0 R1a serial keygen.zip

    C:\Arquivos de programas\eMule\Incoming\WinXP Pro SP1 serial keygen.zip

    Finished

    E o Log do HiJackThis:

    Logfile of HijackThis v1.99.1

    Scan saved at 10:22:25, on 03/07/2007

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\WINDOWS\system32\notepad.exe

    C:\WINDOWS\PowerS.exe

    C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Documents and Settings\User\Meus documentos\Pessoal\Virus\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tj.sc.gov.br/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132047

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://buenasnoches.flogbrasil.terra.com.br/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SWL IE Plugin - {1E1B2879-88FA-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\SWPR\web.dll (file missing)

    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)

    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)

    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)

    O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll (file missing)

    O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

    O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

    O4 - HKLM\..\Run: [aaosvyiycj] C:\WINDOWS\System32\odjoikdx.exe

    O4 - HKLM\..\Run: [bullsEye Network] C:\Arquivos de programas\BullsEye Network\bin\bargains.exe

    O4 - HKLM\..\Run: [sbbBRnvsvca32.exe] C:\WINDOWS\SbbBRnvsvca32.exe

    O4 - HKLM\..\Run: [VAYJanvsvca32.exe] C:\WINDOWS\VAYJanvsvca32.exe

    O4 - HKLM\..\Run: [wLlYMnvsvca32.exe] C:\WINDOWS\wLlYMnvsvca32.exe

    O4 - HKLM\..\Run: [DVlIhclfmon.exe] C:\WINDOWS\DVlIhclfmon.exe

    O4 - HKLM\..\Run: [MSgbKclfmon.exe] C:\WINDOWS\MSgbKclfmon.exe

    O4 - HKLM\..\Run: [eIDacclfmon.exe] C:\WINDOWS\eIDacclfmon.exe

    O4 - HKLM\..\Run: [GgnqQclfmon.exe] C:\WINDOWS\GgnqQclfmon.exe

    O4 - HKLM\..\Run: [dSVFhnvsvca32.exe] C:\WINDOWS\dSVFhnvsvca32.exe

    O4 - HKLM\..\Run: [vjyHwclfmon.exe] C:\WINDOWS\vjyHwclfmon.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [sGL] C:\Arquivos de programas\Fábrica de Bits\mysql\bin\mysqld.exe --skip-grant-tables --skip-innodb

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O8 - Extra context menu item: Abrir com o GetRight Browser - C:\ARQUIV~1\GetRight\GRbrowse.htm

    O8 - Extra context menu item: Download com o GetRight - C:\ARQUIV~1\GetRight\GRdownload.htm

    O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

    O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

    O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe (file missing)

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    Espero que esteja tudo certo,

    Abraço!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Bom, acabei de postar a resposta e o "Dialer" tentou ligar novamente... Ainda bem que meu computador não é ligado a nenhum telefone. Já aconteceu isso comigo anteriormente, com um notebook, e foi resolvido com o Killbox.

    O que posso fazer agora?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Limpe a pasta Incoming do Emule :P

    - Faça o download do ComboFix

    • Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir o Fix. Vai durar uma média de 10 minutos.
    • O ComboFix reiniciará o PC automaticamente para completar o processo de remoção.
    • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
    • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.
    • Para parar ou sair do ComboFix, tecle "N".
    • Cole o ComboFix.txt na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ok, obrigado novamente pela força. Acho que agora tudo correu bem...

    Segue o ComboFix.txt:

    "User" - 2007-07-04 10:02:46 - ComboFix 07-07-04.1 - Service Pack 1

    /wow section - STAGE #3

    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\winjvd32.dll

    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\secure32.html

    C:\WINDOWS\secure32.html

    ((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))

    2007-07-04 10:02 51,200 --a------ C:\WINDOWS\nircmd.exe

    2007-07-03 19:12 <DIR> d-------- C:\Arquivos de programas\XP Codec Pack

    2007-07-03 19:11 45,056 --a------ C:\WINDOWS\system\csrss.exe

    2007-07-03 19:06 <DIR> d-------- C:\Arquivos de programas\DivXLand

    2007-07-03 19:05 32,768 --a------ C:\WINDOWS\system\lsass.exe

    2007-07-03 19:05 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll

    2007-07-03 19:05 <DIR> d-------- C:\Arquivos de programas\Busca Legendas

    2007-07-03 18:51 <DIR> d-------- C:\Arquivos de programas\URUSoft

    2007-07-03 18:46 <DIR> d-------- C:\DOCUME~1\User\DADOSD~1\Media Player Classic

    2007-07-03 18:39 <DIR> d-------- C:\Arquivos de programas\DivX Subtitle Displayer

    2007-07-03 18:34 <DIR> d-------- C:\Arquivos de programas\Gabest

    2007-07-03 18:31 1,188 --a------ C:\WINDOWS\mozver.dat

    2007-07-03 18:27 <DIR> d-------- C:\DOCUME~1\User\DADOSD~1\RadLight Company

    2007-07-03 18:27 <DIR> d-------- C:\Arquivos de programas\RadLight Company

    2007-07-03 16:58 <DIR> d-------- C:\Downloads

    2007-07-03 16:53 <DIR> d-------- C:\Arquivos de programas\FlashGet

    2007-07-03 16:45 0 --a------ C:\WINDOWS\nsreg.dat

    2007-07-03 16:34 <DIR> d-------- C:\Arquivos de programas\Free Download Manager

    2007-07-03 10:05 <DIR> d-------- C:\WINDOWS\ERUNT

    2007-07-02 10:15 <DIR> d-------- C:\!KillBox

    2007-06-11 11:11 <DIR> d-------- C:\Arquivos de programas\Sony Setup

    2007-06-07 16:10 20,480 --a------ C:\WINDOWS\system32\ac3config.exe

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-04 13:01:12 -------- d-----w C:\Arquivos de programas\eMule

    2007-07-04 10:54:52 -------- d-----w C:\Arquivos de programas\Google

    2007-06-18 16:46:07 -------- d-----w C:\Arquivos de programas\NCH Swift Sound

    2007-05-24 19:10:06 21,120 ----a-w C:\WINDOWS\system32\drivers\nchssvad.sys

    2007-05-24 19:10:06 -------- d-----w C:\DOCUME~1\User\DADOSD~1\NCH Swift Sound

    2007-05-23 18:31:10 1 ----a-w C:\AUTOEXEC.BAT

    2007-05-17 18:44:51 -------- d-----w C:\DOCUME~1\User\DADOSD~1\Sammsoft

    2007-05-12 19:24:23 -------- d-----w C:\Arquivos de programas\Freecorder

    2007-05-12 18:56:24 737,280 ----a-w C:\WINDOWS\iun6002.exe

    2007-05-12 17:05:57 -------- d-----w C:\Arquivos de programas\GbPlugin

    2007-05-11 19:57:25 -------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

    2007-05-11 19:54:24 -------- d-----w C:\Arquivos de programas\Digital Camera

    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe

    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

    2001-03-02 12:02 37808 --------- C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E1B2879-88FA-11D3-8D96-D7ACAC95951A}]

    C:\PROGRA~1\SWPR\web.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

    2007-06-29 08:44 94308 --a------ C:\Arquivos de programas\FlashGet\jccatch.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]

    2006-10-31 03:55 1803720 --a------ C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

    2007-03-14 03:43 501400 --a------ C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}]

    C:\WINDOWS\System32\nvms.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]

    2006-12-11 16:46 110592 --a------ C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

    2007-02-22 15:00 228392 --a------ C:\WINDOWS\Downloaded Program Files\gbieh.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

    2006-12-14 13:28 214528 --a------ C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE188402-6EE7-4022-8868-AB25173A3E14}]

    C:\WINDOWS\System32\mscb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1}]

    C:\WINDOWS\System32\apuc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]

    2007-05-16 02:05 163840 --a------ C:\Arquivos de programas\FlashGet\getflash.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2004-06-07 00:46]

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

    "Internet Optimizer"="C:\Program Files\Internet Optimizer\optimize.exe" []

    "BullsEye Network"="C:\Arquivos de programas\BullsEye Network\bin\bargains.exe" []

    "nwiz"="nwiz.exe" [2002-09-27 04:38 C:\WINDOWS\system32\nwiz.exe]

    "SGL"="C:\Arquivos de programas\Fábrica de Bits\mysql\bin\mysqld.exe" []

    "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

    "lsass"="C:\Windows\System\lsass.exe" [2007-07-03 19:05]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "lsass"="C:\Windows\System\lsass.exe" [2007-07-03 19:05]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"="C:\WINDOWS\Downloaded Program Files\gbieh.dll" [2007-02-22 15:00]

    "{E37CB5F0-51F5-4395-A808-5FA49E399007}"="C:\WINDOWS\Downloaded Program Files\gbiehabn.dll" [2006-12-14 13:28]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "appinit_dlls"=NVDESK32.DLL

    Contents of the 'Scheduled Tasks' folder

    2007-07-04 13:07:47 C:\WINDOWS\tasks\Symantec NetDetect.job

    **************************************************************************

    catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-07-04 10:08:05

    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-04 10:10:03 - machine was rebooted

    C:\ComboFix-quarantined-files.txt ... 2007-07-04 10:09

    --- E O F ---

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Lá vai:

    Logfile of HijackThis v1.99.1

    Scan saved at 09:20:23, on 05/07/2007

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\MSN Messenger\usnsvc.exe

    C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

    C:\Arquivos de programas\internet explorer\iexplore.exe

    c:\windows\system\csrss.exe

    C:\Documents and Settings\User\Meus documentos\Pessoal\Virus\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tj.sc.gov.br/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132047

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://buenasnoches.flogbrasil.terra.com.br/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: SWL IE Plugin - {1E1B2879-88FA-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\SWPR\web.dll (file missing)

    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)

    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)

    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)

    O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll (file missing)

    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

    O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

    O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

    O4 - HKLM\..\Run: [bullsEye Network] C:\Arquivos de programas\BullsEye Network\bin\bargains.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [sGL] C:\Arquivos de programas\Fábrica de Bits\mysql\bin\mysqld.exe --skip-grant-tables --skip-innodb

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [lsass] C:\Windows\System\lsass.exe

    O4 - HKCU\..\Run: [lsass] C:\Windows\System\lsass.exe

    O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

    O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

    O8 - Extra context menu item: Abrir com o GetRight Browser - C:\ARQUIV~1\GetRight\GRbrowse.htm

    O8 - Extra context menu item: Download com o GetRight - C:\ARQUIV~1\GetRight\GRdownload.htm

    O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

    O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

    O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe (file missing)

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Abra o Painel de Controle > Adicionar ou Remover Programas e desinstale:

    Internet Optimizer

    BullsEye Network

    - Faça o download do Killbox e execute-o:

    • Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

    c:\windows\system\csrss.exe
    C:\Windows\System\lsass.exe
    • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;
    • Clique no killbox.png e responda Não à pergunta.

    - Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

    - Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

    O2 - BHO: SWL IE Plugin - {1E1B2879-88FA-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\SWPR\web.dll (file missing)

    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)

    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)

    O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll (file missing)

    O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

    O4 - HKLM\..\Run: [bullsEye Network] C:\Arquivos de programas\BullsEye Network\bin\bargains.exe

    O4 - HKLM\..\Run: [lsass] C:\Windows\System\lsass.exe

    O4 - HKCU\..\Run: [lsass] C:\Windows\System\lsass.exe

    - Feche todas as janelas, clique em ht-fix.png e em Sim;

    - Apague as pastas em destaque:

    C:\Program Files\Internet Optimizer

    C:\Arquivos de programas\BullsEye Network

    - Reinicie em modo normal, gere novo log e cole na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 10:11:15, on 09/07/2007

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\internet explorer\iexplore.exe

    C:\Documents and Settings\User\Meus documentos\Pessoal\Virus\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tj.sc.gov.br/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132047

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://buenasnoches.flogbrasil.terra.com.br/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)

    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

    O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [sGL] C:\Arquivos de programas\Fábrica de Bits\mysql\bin\mysqld.exe --skip-grant-tables --skip-innodb

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

    O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

    O8 - Extra context menu item: Abrir com o GetRight Browser - C:\ARQUIV~1\GetRight\GRbrowse.htm

    O8 - Extra context menu item: Download com o GetRight - C:\ARQUIV~1\GetRight\GRdownload.htm

    O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

    O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

    O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia LTDA - C:\Arquivos de programas\GbPlugin\GbpSv.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe (file missing)

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Ok, o log está limpo :)

    - Apague o arquivo backups que está em C:\Documents and Settings\User\Meus documentos\Pessoal\Virus\Hijackthis e C:\!Killbox;

    - Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

    • Abra o programa e clique em Executar Limpeza;
    • Após isto, clique em Erros > Procurar erros > Corrigir Erros

    - Desative e ative novamente a Restauração do Sistema

    - Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×