Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
alvesmarcell

SVCHOST.EXE

Recommended Posts

Amigos,

Meu pc está com problema de lentidão causada pelo processo SVCHOST.EXE, que fica consumindo 90% da CPU.

Já entrei em vários tópicos de ajuda, mas nenhum resolveu. Será q alguém poderia me dar uma força?

Logfile of HijackThis v1.99.1

Scan saved at 14:55:15, on 06/12/2005

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\System32\termsrv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\llssrv.exe

C:\WINNT\System32\tcpsvcs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINNT\system32\nvsvc32.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\MSTask.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINNT\System32\lserver.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\wins.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\Dfssvc.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe

C:\WINNT\system32\NOTEPAD.EXE

C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.0.7/smart

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://minas.bifgv.com.br/viewer9/activeXV...tivexviewer.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{603079B4-2C1B-4228-B66A-29707B1F3EFF}: NameServer = 192.168.0.4

O17 - HKLM\System\CCS\Services\Tcpip\..\{D3AFAA94-CD69-49C2-847F-04CD4C000816}: NameServer = 192.168.0.1

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O20 - Winlogon Notify: msctl32.dll - C:\WINNT\system32\msctl32.dll

O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll

O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do L2mfix

  • Coloque-o na sua área de trabalho para fácil acesso.
    Rode o programa, clique em Accept, depois Install. Você deve ver uma pasta nova na área de trabalho (ou onde você salvou o arquivo). Abra a pasta.
  • Rode o arquivo l2mfix.bat, aperte Enter, então digite 1 e aperte Enter novamente. Espere alguns minutos e o bloco de notas aparecerá com um log. Salve este log em algum lugar de fácil acesso. Depois cole o log na sua resposta.

OBS: Não rode as demais opções ainda!

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • L2MFIX find log 1.04a

    These are the registry keys present

    **********************************************************************************

    Winlogon/notify:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

    "Asynchronous"=dword:00000000

    "Impersonate"=dword:00000000

    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

    6c,00,00,00

    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

    "Asynchronous"=dword:00000000

    "Impersonate"=dword:00000000

    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

    "DLLName"="cscdll.dll"

    "Logon"="WinlogonLogonEvent"

    "Logoff"="WinlogonLogoffEvent"

    "ScreenSaver"="WinlogonScreenSaverEvent"

    "Startup"="WinlogonStartupEvent"

    "Shutdown"="WinlogonShutdownEvent"

    "StartShell"="WinlogonStartShellEvent"

    "Impersonate"=dword:00000000

    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msctl32.dll]

    "DllName"="C:\\WINNT\\system32\\msctl32.dll"

    "Startup"="Startup"

    "Asynchronous"=dword:00000001

    "Impersonate"=dword:00000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

    "Logoff"="WLEventLogoff"

    "Impersonate"=dword:00000000

    "Asynchronous"=dword:00000001

    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

    "DLLName"="WlNotify.dll"

    "Lock"="SensLockEvent"

    "Logon"="SensLogonEvent"

    "Logoff"="SensLogoffEvent"

    "Safe"=dword:00000001

    "MaxWait"=dword:00000258

    "StartScreenSaver"="SensStartScreenSaverEvent"

    "StopScreenSaver"="SensStopScreenSaverEvent"

    "Startup"="SensStartupEvent"

    "Shutdown"="SensShutdownEvent"

    "StartShell"="SensStartShellEvent"

    "Unlock"="SensUnlockEvent"

    "Impersonate"=dword:00000001

    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

    "Asynchronous"=dword:00000000

    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    "Impersonate"=dword:00000000

    "Logoff"="TSEventLogoff"

    "Logon"="TSEventLogon"

    "PostShell"="TSEventPostShell"

    "Shutdown"="TSEventShutdown"

    "StartShell"="TSEventStartShell"

    "Startup"="TSEventStartup"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]

    "Asynchronous"=dword:00000000

    "DllName"="WRLogonNTF.dll"

    "Impersonate"=dword:00000001

    "Lock"="WRLock"

    "StartScreenSaver"="WRStartScreenSaver"

    "StartShell"="WRStartShell"

    "Startup"="WRStartup"

    "StopScreenSaver"="WRStopScreenSaver"

    "Unlock"="WRUnlock"

    "Shutdown"="WRShutdown"

    "Logoff"="WRLogoff"

    "Logon"="WRLogon"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]

    "DLLName"="wzcdlg.dll"

    "Logon"="WZCEventLogon"

    "Logoff"="WZCEventLogoff"

    "Impersonate"=dword:00000000

    "Asynchronous"=dword:00000000

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

    Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:

    (NI) ALLOW Full access NT AUTHORITY\SYSTEM

    (IO) ALLOW Full access NT AUTHORITY\SYSTEM

    (NI) ALLOW Full access NT AUTHORITY\SYSTEM

    (IO) ALLOW Full access NT AUTHORITY\SYSTEM

    (ID-NI) ALLOW Read BUILTIN\Users

    (ID-IO) ALLOW Read BUILTIN\Users

    (ID-NI) ALLOW Read BUILTIN\Power Users

    (ID-IO) ALLOW Read BUILTIN\Power Users

    (ID-NI) ALLOW Full access BUILTIN\Administrators

    (ID-IO) ALLOW Full access BUILTIN\Administrators

    (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

    (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

    (ID-IO) ALLOW Full access CREATOR OWNER

    **********************************************************************************

    useragent:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    **********************************************************************************

    Shell Extension key:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"

    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"

    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"

    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"

    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"

    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"

    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"

    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"

    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"

    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"

    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"

    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"

    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"

    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"

    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"

    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"

    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"

    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"

    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"

    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"

    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"

    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"

    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"

    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"

    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"

    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network and Dial-up Connections"

    "{5a61f7a0-cde1-11cf-9113-00aa00425c62}"="IIS Shell Extention"

    "{692E33B0-AF9D-11D0-B976-00A0C9190447}"="Remote Storage Properties"

    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"

    "{1A9BA3A0-143A-11CF-8350-444553540000}"="Shell Favorite Folder"

    "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="My Computer"

    "{86747AC0-42A0-1069-A2E6-08002B30309D}"="Briefcase Folder"

    "{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Folder Shortcut"

    "{12518493-00B2-11d2-9FA5-9E3420524153}"="Mounted Volume"

    "{21B22460-3AEA-1069-A2DC-08002B30309D}"="File Property Page Extension"

    "{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page"

    "{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook"

    "{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service"

    "{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service"

    "{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service"

    "{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"

    "{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu"

    "{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service"

    "{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service"

    "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Open With Context Menu Handler"

    "{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions"

    "{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"

    "{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension"

    "{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"

    "{4657278A-411B-11d2-839A-00C04FD918D0}"="Shell Drag and Drop helper"

    "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Add encryption item to context menus in explorer"

    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"

    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"

    "{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"

    "{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"

    "{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"

    "{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"

    "{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"

    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"

    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"

    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

    "{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"

    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"

    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"

    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"

    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"

    "{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links"

    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"

    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"

    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"

    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"

    "{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"

    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"

    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"

    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"

    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"

    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"

    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"

    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"

    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"

    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"

    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

    "{FF393560-C2A7-11CF-BFF4-444553540000}"="History"

    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"

    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"

    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"

    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"

    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

    "{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails"

    "{EAB841A0-9550-11CF-8C16-00805F1408F3}"="HTML Thumbnail Extractor"

    "{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Office Graphics Filters Thumbnail Extractor"

    "{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"

    "{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"

    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"

    "{0B124F8C-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"

    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"

    "{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"

    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

    "{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"

    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"

    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

    "{1E2CDF40-419B-11D2-A5A1-002018648BA7}"="AVG Shell Extension"

    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"

    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"

    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"

    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"

    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"

    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"

    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"

    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"

    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"

    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."

    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"

    "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"

    "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"

    "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"

    "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"

    "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"

    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"

    "{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="Pastas da Web"

    "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"

    "{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-3FB6980118CF}"

    "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice Property Sheet Handler"

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"="GbPlugin ShlObj"

    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"

    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"

    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"

    "{1dc5d4e2-06bb-416c-9fd3-c7f19202ad34}"="Compare and Merge context menu extension"

    @="CorelDRAW Shell Extension Component"

    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

    "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

    **********************************************************************************

    HKEY ROOT CLASSIDS:

    **********************************************************************************

    Files Found are not all bad files:

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Rode o arquivo l2mfix.bat, aperte <Enter>, então digite 2 e aperte Enter novamente. Após isso, você deverá apertar qualquer tecla e o computador será reiniciado.

    Após reiniciar, sua área de trabalho deve sumir e reaparecer. A correção ainda não terminou. Quando ela terminar o Bloco de Notas deve abrir com um log. Cole este log na sua resposta como você fez antes, junto com um novo log do HijackThis (que deve ser colado no tópico normalmente como você fez com o primeiro log).

    Vá até a pasta l2mfix que foi criada e copie o arquivo ntrights para o C:\

    Agora clique em Iniciar -> Executar, digite cmd e clique em OK.

    Um prompt de comando vai aparecer.

    Digite o seguinte:

    cd c:\

    Aperte enter. Agora digite o comando:

    ntrights -u Administradores +r SeDebugPrivilege > log.txt

    OBS: Tenha CERTEZA de digitar exatamente este comando.

    Aperte Enter novamente. Agora deve exisitr um arquivo chamado c:\log.txt. Abra-o e cole o conteúdo aqui.

    - Faça o download do SpySweeperVersão trial 14 dias:

    http://www.webroot.com/shoppingcart/tryme....86947f214cf4817

    • Clique em Check For Definition Update.
    • Após a instalação das definições, clique em Sweep.
    • Clique em Start.
    • Após a verificação clique em Next.
    • Clique novamente em Next.
    • Clique em Finish.

    - Reinicie o computador, gere novo log do HijackThis e cole na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ** Log do L2mfix:

    Setting Directory

    C:\

    C:\

    System Rebooted!

    Running From:

    C:\

    killing explorer and rundll32.exe

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

    Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

    Killing PID 1872 'explorer.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

    Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

    Error, Cannot find a process with an image name of rundll32.exe

    Scanning First Pass. Please Wait!

    First Pass Completed

    Second Pass Scanning

    Second pass Completed!

    Zipping up files for submission:

    updating: clear.reg (92 bytes security) (deflated 2%)

    updating: binet.txt (92 bytes security) (stored 0%)

    updating: lo2.txt (92 bytes security) (deflated 50%)

    updating: test.txt (92 bytes security) (stored 0%)

    updating: test2.txt (92 bytes security) (stored 0%)

    updating: test3.txt (92 bytes security) (stored 0%)

    updating: test5.txt (92 bytes security) (stored 0%)

    updating: log.txt (92 bytes security) (deflated 76%)

    updating: smitfiles.txt (92 bytes security) (deflated 60%)

    Restoring Registry Permissions:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

    Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

    This program is Freeware, use it on your own risk!

    Revoking access for predefined group "Administrators"

    Inherited ACE can not be revoked here!

    Inherited ACE can not be revoked here!

    Registry permissions set too:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

    Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:

    (NI) ALLOW Full access NT AUTHORITY\SYSTEM

    (IO) ALLOW Full access NT AUTHORITY\SYSTEM

    (NI) ALLOW Full access NT AUTHORITY\SYSTEM

    (IO) ALLOW Full access NT AUTHORITY\SYSTEM

    (ID-NI) ALLOW Read BUILTIN\Users

    (ID-IO) ALLOW Read BUILTIN\Users

    (ID-NI) ALLOW Read BUILTIN\Power Users

    (ID-IO) ALLOW Read BUILTIN\Power Users

    (ID-NI) ALLOW Full access BUILTIN\Administrators

    (ID-IO) ALLOW Full access BUILTIN\Administrators

    (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

    (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

    (ID-IO) ALLOW Full access CREATOR OWNER

    Restoring Sedebugprivilege:

    Granting SeDebugPrivilege to Administrators ... successful

    Restoring Windows Update Certificates.:

    The following Is the Current Export of the Winlogon notify key:

    ****************************************************************************

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

    "Asynchronous"=dword:00000000

    "Impersonate"=dword:00000000

    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

    6c,00,00,00

    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

    "Asynchronous"=dword:00000000

    "Impersonate"=dword:00000000

    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

    "DLLName"="cscdll.dll"

    "Logon"="WinlogonLogonEvent"

    "Logoff"="WinlogonLogoffEvent"

    "ScreenSaver"="WinlogonScreenSaverEvent"

    "Startup"="WinlogonStartupEvent"

    "Shutdown"="WinlogonShutdownEvent"

    "StartShell"="WinlogonStartShellEvent"

    "Impersonate"=dword:00000000

    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msctl32.dll]

    "DllName"="C:\\WINNT\\system32\\msctl32.dll"

    "Startup"="Startup"

    "Asynchronous"=dword:00000001

    "Impersonate"=dword:00000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

    "Logoff"="WLEventLogoff"

    "Impersonate"=dword:00000000

    "Asynchronous"=dword:00000001

    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

    "DLLName"="WlNotify.dll"

    "Lock"="SensLockEvent"

    "Logon"="SensLogonEvent"

    "Logoff"="SensLogoffEvent"

    "Safe"=dword:00000001

    "MaxWait"=dword:00000258

    "StartScreenSaver"="SensStartScreenSaverEvent"

    "StopScreenSaver"="SensStopScreenSaverEvent"

    "Startup"="SensStartupEvent"

    "Shutdown"="SensShutdownEvent"

    "StartShell"="SensStartShellEvent"

    "Unlock"="SensUnlockEvent"

    "Impersonate"=dword:00000001

    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

    "Asynchronous"=dword:00000000

    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

    6c,00,6c,00,00,00

    "Impersonate"=dword:00000000

    "Logoff"="TSEventLogoff"

    "Logon"="TSEventLogon"

    "PostShell"="TSEventPostShell"

    "Shutdown"="TSEventShutdown"

    "StartShell"="TSEventStartShell"

    "Startup"="TSEventStartup"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]

    "Asynchronous"=dword:00000000

    "DllName"="WRLogonNTF.dll"

    "Impersonate"=dword:00000001

    "Lock"="WRLock"

    "StartScreenSaver"="WRStartScreenSaver"

    "StartShell"="WRStartShell"

    "Startup"="WRStartup"

    "StopScreenSaver"="WRStopScreenSaver"

    "Unlock"="WRUnlock"

    "Shutdown"="WRShutdown"

    "Logoff"="WRLogoff"

    "Logon"="WRLogon"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]

    "DLLName"="wzcdlg.dll"

    "Logon"="WZCEventLogon"

    "Logoff"="WZCEventLogoff"

    "Impersonate"=dword:00000000

    "Asynchronous"=dword:00000000

    The following are the files found:

    ****************************************************************************

    Registry Entries that were Deleted:

    Please verify that the listing looks ok.

    If there was something deleted wrongly there are backups in the backreg folder.

    ****************************************************************************

    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    ****************************************************************************

    Desktop.ini Contents:

    ****************************************************************************

    ****************************************************************************

    ** Novo log do hijackthis:

    Logfile of HijackThis v1.99.1

    Scan saved at 08:18:32, on 12/12/2005

    Platform: Windows 2000 SP4 (WinNT 5.00.2195)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINNT\System32\smss.exe

    C:\WINNT\system32\winlogon.exe

    C:\WINNT\system32\services.exe

    C:\WINNT\system32\lsass.exe

    C:\WINNT\System32\termsrv.exe

    C:\WINNT\system32\svchost.exe

    C:\WINNT\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

    C:\WINNT\System32\svchost.exe

    C:\WINNT\System32\llssrv.exe

    C:\WINNT\System32\tcpsvcs.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINNT\system32\nvsvc32.exe

    C:\WINNT\System32\svchost.exe

    C:\WINNT\system32\MSTask.exe

    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINNT\System32\lserver.exe

    C:\WINNT\System32\WBEM\WinMgmt.exe

    C:\WINNT\System32\wins.exe

    C:\WINNT\system32\mspmspsv.exe

    C:\WINNT\system32\svchost.exe

    C:\WINNT\system32\Dfssvc.exe

    C:\WINNT\System32\inetsrv\inetinfo.exe

    C:\WINNT\System32\svchost.exe

    C:\WINNT\explorer.exe

    C:\WINNT\system32\NOTEPAD.EXE

    C:\WINNT\system32\taskmgr.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.0.7/smart

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128

    R3 - URLSearchHook: (no name) - - (no file)

    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Microsoft Office.lnk = Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

    O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://minas.bifgv.com.br/viewer9/activeXV...tivexviewer.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{603079B4-2C1B-4228-B66A-29707B1F3EFF}: NameServer = 192.168.0.4

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D3AFAA94-CD69-49C2-847F-04CD4C000816}: NameServer = 192.168.0.1

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

    O20 - Winlogon Notify: msctl32.dll - C:\WINNT\system32\msctl32.dll

    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

    O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Não consegui executar o SpySweeper, pois já tinha ele instalado e o período trial já expirou.

    você não teria uma ferramenta freeware pra me indicar?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Faça o download do Killbox e execute-o.

    Marque a opção Delete on Reboot. Agora copie a lista em negrito abaixo para área de transferência (selecione e clique em Editar > Copiar).

    C:\WINNT\system32\msctl32.dll

    • Volte ao KillBox. Clique em File > Paste from clipboard.
    • Clique no X. Responda Sim na primeira pergunta e Não na segunda.

    - Reinicie o computador em modo seguro (pressione F8 durante a inicialização);

    - Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

    O20 - Winlogon Notify: msctl32.dll - C:\WINNT\system32\msctl32.dll

    - Reinicie em modo normal, gere novo log e cole na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Fiz o que você falou, mas o problema persiste... :(

    Aí vai um novo log do HiJackThis:

    Logfile of HijackThis v1.99.1

    Scan saved at 08:17:51, on 13/12/2005

    Platform: Windows 2000 SP4 (WinNT 5.00.2195)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINNT\System32\smss.exe

    C:\WINNT\system32\winlogon.exe

    C:\WINNT\system32\services.exe

    C:\WINNT\system32\lsass.exe

    C:\WINNT\System32\termsrv.exe

    C:\WINNT\system32\svchost.exe

    C:\WINNT\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

    C:\WINNT\System32\svchost.exe

    C:\WINNT\System32\llssrv.exe

    C:\WINNT\System32\tcpsvcs.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINNT\system32\nvsvc32.exe

    C:\WINNT\System32\svchost.exe

    C:\WINNT\system32\MSTask.exe

    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    C:\WINNT\System32\lserver.exe

    C:\WINNT\System32\WBEM\WinMgmt.exe

    C:\WINNT\System32\wins.exe

    C:\WINNT\system32\mspmspsv.exe

    C:\WINNT\system32\svchost.exe

    C:\WINNT\system32\Dfssvc.exe

    C:\WINNT\System32\inetsrv\inetinfo.exe

    C:\WINNT\System32\svchost.exe

    C:\WINNT\Explorer.EXE

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\WINNT\system32\taskmgr.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

    C:\Program Files\HijackThis.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.0.7/smart

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128

    R3 - URLSearchHook: (no name) - - (no file)

    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINNT\Downloaded Program Files\gbieh.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Microsoft Office.lnk = Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

    O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://minas.bifgv.com.br/viewer9/activeXV...tivexviewer.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{603079B4-2C1B-4228-B66A-29707B1F3EFF}: NameServer = 192.168.0.4

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D3AFAA94-CD69-49C2-847F-04CD4C000816}: NameServer = 192.168.0.1

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

    O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll

    O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    O log está limpo.

    Deabilite o Google Desktop Search e o GetRight da inicialização (msconfig) e veja se o problema ainda ocorre.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×