Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
guto14

kavo.exe/trojan.onlinegames.thx HJTHIS

Recommended Posts

avast acho um kavo

e avg antispyware acho esse trojan na memória

Logfile of HijackThis v1.99.1

Scan saved at 12:51:55, on 6/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

C:\WINDOWS\system32\drivers\WinControl\csrss.exe

C:\WINDOWS\system32\sistray.EXE

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\cFosSpeed\spd.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=61005

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O1 - Hosts: 75.125.177.50 l2authd.lineage2.com

O1 - Hosts: 75.125.177.50 l2testauthd.lineage2.com

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [csrss.exe] C:\WINDOWS\system32\drivers\WinControl\csrss.exe

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - (no file)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by140fd.bay140.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0F08ECCB-9CCC-478D-A0A1-7493AC2F9F3F}: NameServer = 192.168.1.1,201.10.2.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{0F08ECCB-9CCC-478D-A0A1-7493AC2F9F3F}: NameServer = 192.168.1.1,201.10.2.1

O17 - HKLM\System\CS3\Services\Tcpip\..\{0F08ECCB-9CCC-478D-A0A1-7493AC2F9F3F}: NameServer = 192.168.1.1,201.10.2.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Arquivos de programas\cFosSpeed\spd.exe" -service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OneStep Search Service - Unknown owner - C:\Arquivos de programas\OneStepSearch\onestep.exe" "C:\Arquivos de programas\OneStepSearch\onestep.dll" Service (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • pow ngm me ajuda

    é urgente isso

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Vejo que você tem uma infecção por backdoor. Este programa tem a capacidade de roubar senhas e outras informações do seu computador. Recomendo que tome essas seguintes providências o quanto antes:

    • Informe seu banco do ocorrido, caso use banco pela internet, tomando as devidas precauções para que não haja fraudes.
    • Após eu dar o log como limpo troque suas senhas de e-mails e demais serviços que usa pela internet.
    • Considere informações que possam ter sido roubadas de seu computador e tome as providências necessárias.

    Agora vamos a remoção.

    Faça o download do ComboFix

    É importante que o salve no seu desktop (ambiente de trabalho)

    • Feche todas as janelas e programas.
    • Dê um duplo-clique no combofix.exe, marque 1 e dê o enter.
    • É um pouco demorado, por favor seja paciente.
    • Quando a ferramenta terminar de rodar, gerará um log. Poste o arquivo C:\ComboFix.txt.
    • Faça também um novo log do HijackThis para colocar na sua resposta.

    Atenção: Não clique com o mouse enquanto a ferramenta estiver rodando, isso pode fazer com que o PC pare.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Prezados,

    fiz o download do combofix.exe e quando mando rodar ele diz que a versão que eu tenho está expirada e é deletado automaticamente.

    Estou postando meu log do Highjackthis, peço que analisem e me digam o que fazer.

    Agradeço muito.

    Logfile of HijackThis v1.99.1

    Scan saved at 22:13:07, on 7/7/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe

    C:\Arquivos de programas\FreePDF_XP\fpassist.exe

    C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

    C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

    C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

    C:\Arquivos de programas\Eset\nod32krn.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\;\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe"

    O4 - HKLM\..\Run: [FreePDF Assistant] C:\Arquivos de programas\FreePDF_XP\fpassist.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071508 serial=DR12WEX-1504397-kty lang=BP

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

    O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Arquivos de programas\Arquivos comuns\SolidWorks Shared\Service\SolidWorksLicensing.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Acabei de testar o link, o programa está normal, tenha certeza de estar usando o link que passei acima.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Oi Renato,

    obrigado pela pronta resposta. Fiz o download pelo link que você mandou e consegui rodar o programa.

    Estou enviando o log que ele gerou.

    Mas uma vez peço sua ajuda.

    ComboFix 08-07-05.1 - Fred 2008-07-07 22:30:05.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.282 [GMT -3:00]

    Executando de: C:\Documents and Settings\Fred\Desktop\ComboFix.exe

    * Criado um novo ponto de restauro

    * Resident AV is active

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    _______________________________________________________________

    Novo Highjackthis

    Logfile of HijackThis v1.99.1

    Scan saved at 22:38, on 2008-07-07

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

    C:\Arquivos de programas\Eset\nod32krn.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe

    C:\Arquivos de programas\FreePDF_XP\fpassist.exe

    C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

    C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\;\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe"

    O4 - HKLM\..\Run: [FreePDF Assistant] C:\Arquivos de programas\FreePDF_XP\fpassist.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071508 serial=DR12WEX-1504397-kty lang=BP

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

    O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Arquivos de programas\Arquivos comuns\SolidWorks Shared\Service\SolidWorksLicensing.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    * Resident AV is active

    Desabilite seus programas de segurança antes de rodar o ComboFix.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 08-07-05.1 - nanci 2008-07-07 23:31:46.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1349 [GMT -3:00]

    Executando de: C:\Documents and Settings\nanci\Desktop\ComboFix.exe

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    Logfile of HijackThis v1.99.1

    Scan saved at 23:37, on 2008-07-07

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

    C:\WINDOWS\VM_STI.EXE

    C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

    C:\WINDOWS\system32\sistray.EXE

    C:\WINDOWS\system32\keyhook.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Arquivos de programas\cFosSpeed\spd.exe

    C:\WINDOWS\system32\PnkBstrA.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Arquivos de programas\Hijackthis\HijackThis.exe

    C:\WINDOWS\explorer.exe

    C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=61005

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

    O1 - Hosts: 75.125.177.50 l2authd.lineage2.com

    O1 - Hosts: 75.125.177.50 l2testauthd.lineage2.com

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

    O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

    O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE

    O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by140fd.bay140.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{0F08ECCB-9CCC-478D-A0A1-7493AC2F9F3F}: NameServer = 192.168.1.1,201.10.2.1

    O17 - HKLM\System\CS2\Services\Tcpip\..\{0F08ECCB-9CCC-478D-A0A1-7493AC2F9F3F}: NameServer = 192.168.1.1,201.10.2.1

    O17 - HKLM\System\CS3\Services\Tcpip\..\{0F08ECCB-9CCC-478D-A0A1-7493AC2F9F3F}: NameServer = 192.168.1.1,201.10.2.1

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Arquivos de programas\cFosSpeed\spd.exe" -service (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Faça o download do Deckard's System Scanner - DSS e salve no seu desktop.

    Atenção: Para rodar a ferramenta terá de usar uma conta com privilégios de Adminstrador.

    • Dê um duplo clique sobre o DSS.exe e siga as instruções.
    • Quando terminar, será gerado um log.
    • Cole o resultado deste log na sua próxima resposta.
    • Através do Windows Explorer (clique direito no botão iniciar e escolha "Explorar"), procure a pasta C:\Deckard\System Scanner. Nessa pasta estarão dois logs: main.txt e extra.txt
    • Abra o main.txt no bloco de notas, copie e cole esse log na sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • .

    Deckard's System Scanner v20071014.68

    Run by nanci on 2008-07-07 23:47:59

    Computer is in Normal Mode.

    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.

    -- Last 1 Restore Point(s) --

    1: 2008-07-08 02:48:26 UTC - RP277 - Deckard's System Scanner Restore Point

    Backed up registry hives.

    Performed disk cleanup.

    System Drive C: has 2.73 GiB (less than 15%) free.

    -- HijackThis (run as nanci.exe) -----------------------------------------------

    Logfile of HijackThis v1.99.1

    Scan saved at 23:50, on 2008-07-07

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

    C:\WINDOWS\VM_STI.EXE

    C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

    C:\WINDOWS\system32\sistray.EXE

    C:\WINDOWS\system32\keyhook.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Arquivos de programas\cFosSpeed\spd.exe

    C:\WINDOWS\system32\PnkBstrA.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Documents and Settings\nanci\Desktop\dss.exe

    C:\ARQUIV~1\HIJACK~1\nanci.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=61005

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

    O1 - Hosts: 75.125.177.50 l2authd.lineage2.com

    O1 - Hosts: 75.125.177.50 l2testauthd.lineage2.com

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

    O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

    O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE

    O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by140fd.bay140.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{0F08ECCB-9CCC-478D-A0A1-7493AC2F9F3F}: NameServer = 192.168.1.1,201.10.2.1

    O17 - HKLM\System\CS2\Services\Tcpip\..\{0F08ECCB-9CCC-478D-A0A1-7493AC2F9F3F}: NameServer = 192.168.1.1,201.10.2.1

    O17 - HKLM\System\CS3\Services\Tcpip\..\{0F08ECCB-9CCC-478D-A0A1-7493AC2F9F3F}: NameServer = 192.168.1.1,201.10.2.1

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Arquivos de programas\cFosSpeed\spd.exe" -service (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    -- HijackThis Fixed Entries (C:\ARQUIV~1\HIJACK~1\backups\) --------------------

    backup-20080706-130805-136 O4 - HKLM\..\Run: [csrss.exe] C:\WINDOWS\system32\drivers\WinControl\csrss.exe

    backup-20080706-130805-273 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    backup-20080706-130805-293 O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

    backup-20080706-130805-835 O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - (no file)

    backup-20080706-130805-866 O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)

    backup-20080706-130805-951 O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

    backup-20080706-130807-378 O23 - Service: OneStep Search Service - Unknown owner - C:\Arquivos de programas\OneStepSearch\onestep.exe" "C:\Arquivos de programas\OneStepSearch\onestep.dll" Service (file missing)

    backup-20080707-204432-876 O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

    -- File Associations -----------------------------------------------------------

    .bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71

    .inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69

    .ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69

    .txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys

    R1 SiSEsc (SISLIB_ESC) - c:\windows\system32\sisesc.sys

    R1 SiSkp - c:\windows\system32\drivers\srvkp.sys <Not Verified; Silicon Integrated Systems Corporation; SiS ® WindowsXP Display Manager>

    R1 VClone - c:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>

    R3 RMSPPPOE (WAN Miniport (PPP over Ethernet Protocol)) - c:\windows\system32\drivers\rmspppoe.sys <Not Verified; Robert Schlabbach; PPP over Ethernet Protocol>

    R3 ZSMC301b (VIMICRO USB PC Camera) - c:\windows\system32\drivers\usbvm31b.sys <Not Verified; VM; >

    S3 npkcrypt - c:\arquivos de programas\lineage ii\system\npkcrypt.sys (file missing)

    S3 NPPTNT2 - c:\windows\system32\npptnt2.sys (file missing)

    S3 XDva016 - c:\windows\system32\xdva016.sys (file missing)

    S3 XDva019 - c:\windows\system32\xdva019.sys (file missing)

    S3 XDva021 - c:\windows\system32\xdva021.sys (file missing)

    S3 XDva030 - c:\windows\system32\xdva030.sys (file missing)

    S3 XDva063 - c:\windows\system32\xdva063.sys (file missing)

    S3 XDva068 - c:\windows\system32\xdva068.sys (file missing)

    S3 XDva165 - c:\windows\system32\xdva165.sys (file missing)

    S3 XDva172 - c:\windows\system32\xdva172.sys (file missing)

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Apple Mobile Device - "c:\arquivos de programas\arquivos comuns\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

    S3 NBService - c:\arquivos de programas\nero\nero 7\nero backitup\nbservice.exe

    S4 OneStep Search Service - "c:\arquivos de programas\onestepsearch\onestep.exe" "c:\arquivos de programas\onestepsearch\onestep.dll" service (file missing)

    0

    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.

    -- Scheduled Tasks -------------------------------------------------------------

    2008-04-14 12:12:13 300 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

    -- Files created between 2008-06-07 and 2008-07-07 -----------------------------

    2008-07-07 23:37:24 130278 -r-hs---- C:\WINDOWS\system32\kavo.exe

    2008-07-07 23:30:43 68096 --a------ C:\WINDOWS\zip.exe

    2008-07-07 23:30:43 49152 --a------ C:\WINDOWS\VFind.exe

    2008-07-07 23:30:43 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>

    2008-07-07 23:30:43 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>

    2008-07-07 23:30:43 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>

    2008-07-07 23:30:43 98816 --a------ C:\WINDOWS\sed.exe

    2008-07-07 23:30:43 80412 --a------ C:\WINDOWS\grep.exe

    2008-07-07 23:30:43 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >

    2008-07-07 16:49:40 137216 -r-hs---- C:\WINDOWS\system32\kavo1.dll

    2008-07-07 16:48:54 137216 -r-hs---- C:\WINDOWS\system32\kavo0.dll

    2008-07-05 20:19:33 130278 -r-hs---- C:\ipy.cmd

    2008-07-05 20:14:19 0 dr-h----- C:\Documents and Settings\nanci\Recent

    2008-06-24 21:48:43 118784 -----n--- C:\WINDOWS\system32\SiSlib.dll <Not Verified; SiS; SiS SiSLib>

    2008-06-24 21:48:43 29451 -----n--- C:\WINDOWS\system32\sisesc.sys

    2008-06-24 21:48:43 172032 -----n--- C:\WINDOWS\system32\SiSApCom.dll <Not Verified; Silicon Integrated Systems Corporation; SiSApCom Dynamic Link Library>

    2008-06-24 21:48:18 405504 --a------ C:\WINDOWS\system32\sistray.exe <Not Verified; Silicon Integrated Systems Corporation; SiS ® Compatible Super VGA SiSTray application>

    2008-06-24 21:48:15 0 d-------- C:\WINDOWS\SiS

    2008-06-24 21:48:12 11008 -----n--- C:\WINDOWS\system32\drivers\srvkp.sys <Not Verified; Silicon Integrated Systems Corporation; SiS ® WindowsXP Display Manager>

    2008-06-24 21:48:00 0 d-------- C:\Arquivos de programas\SiS Compatible VGA V3.51a

    2008-06-24 19:57:03 0 d-------- C:\Arquivos de programas\Microsoft Games

    2008-06-24 18:52:15 0 d-------- C:\Documents and Settings\nanci\.receitanet

    2008-06-24 18:51:32 69632 -ra------ C:\WINDOWS\system32\MSJCE.dll

    2008-06-17 19:21:54 0 d-------- C:\Arquivos de programas\Apperson

    2008-06-14 01:22:00 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

    2008-06-14 01:07:11 65536 --a------ C:\WINDOWS\system32\sis315.bin

    2008-06-14 01:06:58 0 d-------- C:\WINDOWS\system32\trayres

    2008-06-09 00:45:41 0 d-------- C:\Arquivos de programas\cFosSpeed

    2008-06-08 23:31:43 0 d-------- C:\WINDOWS\system32\drivers\WinControl

    -- Find3M Report ---------------------------------------------------------------

    2008-07-07 21:51:34 0 d-------- C:\Arquivos de programas\Teamspeak2_RC2

    2008-07-05 20:19:33 0 d-------- C:\Arquivos de programas\Windows Live

    2008-07-05 20:19:31 425072 --a------ C:\WINDOWS\system32\perfh016.dat

    2008-07-05 20:19:31 67232 --a------ C:\WINDOWS\system32\perfc016.dat

    2008-07-05 20:15:17 0 d-------- C:\Arquivos de programas\MessengerDiscovery

    2008-06-27 16:29:28 0 d--hs--c- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

    2008-06-25 22:32:09 0 d--h----- C:\Arquivos de programas\InstallShield Installation Information

    2008-06-24 18:51:27 0 d-------- C:\Arquivos de programas\Programas RFB

    2008-06-24 00:35:48 0 d-------- C:\Documents and Settings\nanci\Dados de aplicativos\uTorrent

    2008-06-23 14:39:36 90112 --a------ C:\WINDOWS\Cuninst.exe

    2008-06-22 20:33:09 0 d-------- C:\Arquivos de programas\CABAL Online (BRAZIL)

    2008-06-14 02:10:34 0 d-------- C:\Documents and Settings\nanci\Dados de aplicativos\teamspeak2

    2008-06-04 13:13:50 0 d-------- C:\Documents and Settings\nanci\Dados de aplicativos\.purple

    2008-06-04 13:10:21 0 d-------- C:\Arquivos de programas\UOL

    2008-05-25 23:27:51 0 d-------- C:\Arquivos de programas\Yamp 2.3

    2008-05-18 11:23:33 0 d-------- C:\Arquivos de programas\Paint.NET

    2008-05-15 14:38:34 0 d-------- C:\Arquivos de programas\OneStepSearch

    2008-05-14 20:56:38 0 d-------- C:\Arquivos de programas\SopCast

    2008-05-14 20:55:31 0 d-------- C:\Arquivos de programas\Megacubo

    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 20:19]

    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]

    "!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-07 21:26]

    "VirtualCloneDrive"="C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 10:21]

    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]

    "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 04:37]

    "cFosSpeed"="C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe" [2007-07-09 17:10]

    "SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-07-04 11:27]

    "SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2003-07-04 11:26]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

    "MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34]

    "kava"="C:\WINDOWS\system32\kavo.exe" [2008-07-07 16:49]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "disableregistrytools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

    "LinkResolveIgnoreLinkInfo"=0 (0x0)

    "NoResolveSearch"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "LinkResolveIgnoreLinkInfo"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-03-11 08:18 354600]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    C:\ARQUIV~1\GBPLUGIN\gbieh.dll 2008-03-11 08:18 354600 C:\ARQUIV~1\GbPlugin\gbieh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

    C:\Arquivos de programas\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Arquivos de programas\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

    C:\Arquivos de programas\GbPlugin\gbieh.dll 2008-03-11 08:18 354600 C:\Arquivos de programas\GbPlugin\gbieh.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

    C:\Arquivos de programas\Ahead\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]

    C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{192c0636-1aef-11dc-8aa2-0011d87ede6a}]

    AutoRun\command- RavMon.exe

    explore\Command- RavMon.exe -e

    open\Command- RavMon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27eba956-7cd5-11dc-8c4f-0011d87ede6a}]

    AutoRun\command- D:\ipy.cmd

    explore\Command- D:\ipy.cmd

    open\Command- D:\ipy.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27eba958-7cd5-11dc-8c4f-0011d87ede6a}]

    AutoRun\command- G:\ipy.cmd

    explore\Command- G:\ipy.cmd

    open\Command- G:\ipy.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4872c4b8-e0ac-11dc-8d9a-0011d87ede6a}]

    AutoRun\command- E:\ipy.cmd

    explore\Command- E:\ipy.cmd

    open\Command- E:\ipy.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4872c4ba-e0ac-11dc-8d9a-0011d87ede6a}]

    AutoRun\command- J:\ipy.cmd

    explore\Command- J:\ipy.cmd

    open\Command- J:\ipy.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{806cfdba-19ec-11dc-a410-806d6172696f}]

    AutoRun\command- C:\ipy.cmd

    explore\Command- C:\ipy.cmd

    open\Command- C:\ipy.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c31a973-7a8d-11dc-8c44-0011d87ede6a}]

    Auto\command- E:\adp.exe

    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL adp.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad76316b-1a0c-11dc-8a9a-0011d87ede6a}]

    AutoRun\command- K:\RavMon.exe

    explore\Command- K:\RavMon.exe -e

    open\Command- K:\RavMon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecbb11f6-a1d4-11dc-8ca0-0011d87ede6a}]

    AutoRun\command- K:\ipy.cmd

    explore\Command- K:\ipy.cmd

    open\Command- K:\ipy.cmd

    -- Hosts -----------------------------------------------------------------------

    75.125.177.50 l2authd.lineage2.com

    75.125.177.50 l2testauthd.lineage2.com

    -- End of Deckard's System Scanner: finished at 2008-07-07 23:51:11 ------------

    Editado por guto14

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Não havia notado que havia 2 pessoas no mesmo tópico.

    Por gentileza, 1 pessoa por post.

    Estou analisando o caso do guto14, quem quiser uma análise deve abrir um NOVO TÓPICO.

    @Guto14

    Continuando:

    • Baixe o PenClean e salve no seu desktop.
      link alternativo
    • Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).
    • Conecte seus pendrive, MP3, MP4, qualquer mídia removível
    • Execute o programa.
    • Selecione a opção Verificar o computador e clique no botão Verificar.
      <<Aguarde alguns instantes, o exame é bem rápido>>
    • Será informa se algo foi encontrado, se for encontrado será pedido para reiniciar, clique em Sim. O computador será reiniciado.
    • Faça um novo log do Hijackthis e poste junto o relatório do PenClean que estará em C:\PenClean\PenClean.txt

    Editado por RenatoMejias

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Iniciando relatório do PenClean 2.0.3

    Por Renato Victor Mejias

    renatomejias@yahoo.com.br

    10/7/2008 21:55:43

    -----------------------------------------------------------

    Arquivos e chaves excluídos do computador:

    Arquivos excluídos do computador (Troj/Lineag-GLG):

    C:\WINDOWS\System32\kavo0.dll não pôde ser deletado!

    C:\WINDOWS\System32\kavo1.dll foi deletado com sucesso!

    C:\WINDOWS\System32\kavo.exe foi deletado com sucesso!

    Arquivos excluídos do computador (Troj/Lineag-GLG):

    C:\WINDOWS\System32\kavo0.dll foi deletado com sucesso!

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\kava foi deletado com sucesso!

    -----------------------------------------------------------

    Arquivos excluídos da unidade escolhida:

    C:\autorun.inf foi deletado com sucesso!

    D:\autorun.inf foi deletado com sucesso!

    E:\autorun.inf foi deletado com sucesso!

    G:\autorun.inf foi deletado com sucesso!

    J:\autorun.inf foi deletado com sucesso!

    K:\autorun.inf foi deletado com sucesso!

    -----------------------------------------------------------

    Fim da análise no computador.

    -----------------------------------------------------------

    Logfile of HijackThis v1.99.1

    Scan saved at 22:02, on 2008-07-10

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\Arquivos de programas\GbPlugin\GbpSv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Arquivos de programas\cFosSpeed\spd.exe

    C:\WINDOWS\system32\PnkBstrA.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

    C:\WINDOWS\VM_STI.EXE

    C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

    C:\WINDOWS\system32\sistray.EXE

    C:\WINDOWS\system32\keyhook.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=61005

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

    O1 - Hosts: 75.125.177.50 l2authd.lineage2.com

    O1 - Hosts: 75.125.177.50 l2testauthd.lineage2.com

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

    O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

    O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE

    O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by140fd.bay140.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{0F08ECCB-9CCC-478D-A0A1-7493AC2F9F3F}: NameServer = 192.168.1.1,201.10.2.1

    O17 - HKLM\System\CS2\Services\Tcpip\..\{0F08ECCB-9CCC-478D-A0A1-7493AC2F9F3F}: NameServer = 192.168.1.1,201.10.2.1

    O17 - HKLM\System\CS3\Services\Tcpip\..\{0F08ECCB-9CCC-478D-A0A1-7493AC2F9F3F}: NameServer = 192.168.1.1,201.10.2.1

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Arquivos de programas\cFosSpeed\spd.exe" -service (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Apague a versão do PenClean que está usando e faça novo download usando o seguinte link:

    http://renatomejias.nwmogi.com.br/PenClean/PenClean.exe

    • Execute o programa.
    • Selecione a opção Verificar unidade, coloque na caixa de seleção coloque em Todas as unidades e clique no botão Verificar.
      <<Aguarde alguns instantes, o exame é bem rápido>>
    • Será informa se algo foi encontrado, se for encontrado será pedido para reiniciar, clique em Sim. O computador será reiniciado.
    • Faça um novo log do Hijackthis e poste junto o relatório do PenClean que estará em C:\PenClean\PenClean.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Iniciando relatório do PenClean 2.0.3

    Por Renato Victor Mejias

    renatomejias@yahoo.com.br

    10/7/2008 23:14:23

    -----------------------------------------------------------

    Arquivos e chaves excluídos do computador:

    Malware não detectado no computador!

    -----------------------------------------------------------

    Fim da análise no computador.

    -----------------------------------------------------------

    Arquivos e chaves excluídos do computador:

    Malware não detectado no computador!

    -----------------------------------------------------------

    Fim da análise no computador.

    -----------------------------------------------------------

    Logfile of HijackThis v1.99.1

    Scan saved at 23:22, on 2008-07-10

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\Arquivos de programas\GbPlugin\GbpSv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

    C:\WINDOWS\VM_STI.EXE

    C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

    C:\WINDOWS\system32\sistray.EXE

    C:\WINDOWS\system32\keyhook.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Arquivos de programas\cFosSpeed\spd.exe

    C:\WINDOWS\system32\PnkBstrA.exe

    C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Arquivos de programas\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=61005

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

    O1 - Hosts: 75.125.177.50 l2authd.lineage2.com

    O1 - Hosts: 75.125.177.50 l2testauthd.lineage2.com

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

    O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

    O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE

    O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by140fd.bay140.hotmail.msn.com/resources/MsnPUpld.cab

    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{0F08ECCB-9CCC-478D-A0A1-7493AC2F9F3F}: NameServer = 192.168.1.1,201.10.2.1

    O17 - HKLM\System\CS2\Services\Tcpip\..\{0F08ECCB-9CCC-478D-A0A1-7493AC2F9F3F}: NameServer = 192.168.1.1,201.10.2.1

    O17 - HKLM\System\CS3\Services\Tcpip\..\{0F08ECCB-9CCC-478D-A0A1-7493AC2F9F3F}: NameServer = 192.168.1.1,201.10.2.1

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Arquivos de programas\cFosSpeed\spd.exe" -service (file missing)

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

    O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Os pendrives e mídias removíveis estavam conectados? Se não, conecte-os e repita os procedimentos. Porém mande varrer o computador.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×