Ir ao conteúdo
  • Cadastre-se
kadupolyka

Log Hijackthis

Recommended Posts

Eis o log Hijackthis de meu micro:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:36:55, on 20/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [mmtask] "C:\Arquivos de programas\MusicMatch\MusicMatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\Koelho01\CONFIG~1\Temp\MsgPlusUninstall.exe" /Cleanup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.09\AMVConverter\grab.html

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.09\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209179946484

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1209662778_a40ffedee28bdf97a384a0cdd0085bc2&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553539700} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5BD2DE85-26A0-4153-B831-C133A808498F}: NameServer = 192.168.0.1,200.222.0.34

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 9962 bytes

Desde já agradeço!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste um novo log do Hijackthis por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, aí vai;

Novamente, obrigadão!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:05:12, on 4/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\imapi.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [mmtask] "C:\Arquivos de programas\MusicMatch\MusicMatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.09\AMVConverter\grab.html

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.09\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209179946484

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1209662778_a40ffedee28bdf97a384a0cdd0085bc2&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553539700} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5BD2DE85-26A0-4153-B831-C133A808498F}: NameServer = 192.168.0.1,200.222.0.34

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 9899 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Qual o problema com o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe a demora, tive probs por aqui.

O avast acusou virus no Tibia e em um programa da Motorola, que duvido tenha sido baixado do site oficial. O micro tava mais lento que o de costume, e os arquivos foram excluidos pelo AV. Alguns dvds pararam de ser lidos, achei que poderia ser virus.

Bem, acho que o dvd é que ta com prob meRmu, mas o micro ainda ta lento demais, aí fiquei com medo porque os virus sempre ficam escondidos no micro, embora o avast tenha parado de acusar.

Obrigado novamente!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seus problemas dificilmente tem relação com malwares, mas mesmo assim vou recomendar um scan online.

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e poste na sua próxima resposta.

    [*]Gere e cole também um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi, acho q já reinfectaram isso aqui!

Mas lá vai, ou lá vão...

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Thursday, September 18, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Thursday, September 18, 2008 04:33:15

Records in database: 1247005

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

H:\

I:\

Scan statistics:

Files scanned: 194726

Threat name: 3

Infected objects: 5

Suspicious objects: 0

Duration of the scan: 05:09:18

File name / Threat name / Threats count

C:\Documents and Settings\Koelho01\Dados de aplicativos\Atom four funk\acidaboutwebcreative.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Documents and Settings\Koelho01\Dados de aplicativos\Atom four funk\crcpnchs.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Documents and Settings\Koelho01\Dados de aplicativos\Atom four funk\jflagvuv.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Documents and Settings\Koelho01\Meus documentos\LimeWire\Saved\Dolores Duran - Estranho amor.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

C:\Documents and Settings\Koelho01\Meus documentos\Minhas imagens\foto0129.scr Infected: Trojan.Win32.Agent.acnw 1

The selected area was scanned.

e o hijackthis...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:27:18, on 18/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Koelho01\Configurações locais\Temp\jkos-Koelho01\binaries\ScanningProcess.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [mmtask] "C:\Arquivos de programas\MusicMatch\MusicMatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.09\AMVConverter\grab.html

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.09\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209179946484

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1209662778_a40ffedee28bdf97a384a0cdd0085bc2&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553539700} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5BD2DE85-26A0-4153-B831-C133A808498F}: NameServer = 192.168.0.1,200.222.0.34

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 10160 bytes

Mais uma vez, obrigadão mesmo!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download de Lop_Icone-medium;init:.jpg

  • Temporariamente desative seus programas de proteção (Antivirus, etc.) para não interferirem com a ferramenta.
  • Duplo-Clique no ícone do Lop S&D que estará no desktop.
    Se utiliza o Windows Vista, dê clique direito do mouse no LopSD.exe e escolha 'Executar como administrador'.
  • Irá surgir uma janela (conforme imagem abaixo), tecle P de Português e dê enter.
    Lop_Choix-large.jpg
  • Pressione agora o numero 1 e dê enter.
    Lop_Lang_en-large.jpg
  • A ferramenta irá rodar e a sua tela irá piscar, o que é normal. Por favor, seja paciente e aguarde.
  • No final será gerado um relatório (C:\lopR.txt). Cole o conteúdo desse relatório na sua próxima resposta, juntamente com um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log Lop:

--------------------\\ Lop S&D 4.2.4-3 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Athlon XP 2600+ )

BIOS : Award Modular BIOS v6.0

USER : Koelho01 ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1229 [VPS 080918-0] 4.8.1229 (Not Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total : 78 Go Free : 7 Go

D:\ (Local Disk) - NTFS - Total : 39 Go Free : 13 Go

E:\ (Local Disk) - NTFS - Total : 31 Go Free : 16 Go

F:\ (CD or DVD)

H:\ (CD or DVD)

I:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 14-09-2008|22:40 )

Option : [1] ( qui 18/09/2008|20:07 )

--------------------\\ Lista de pastas em DADOSD~1

[28/04/2008|18:55] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[28/08/2008|04:05] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead

[18/07/2008|22:07] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

[07/06/2008|10:54] C:\DOCUME~1\ALLUSE~1\DADOSD~1\BVRP Software

[17/09/2008|23:49] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink

[19/08/2008|16:07] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Frag great bend logo

[18/09/2008|11:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

[11/06/2008|00:51] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[26/04/2008|02:38] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP

[10/07/2008|01:53] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kodak

[26/04/2008|08:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[25/04/2008|23:42] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NVIDIA

[03/08/2008|17:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Sony Ericsson

[06/05/2008|01:44] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[03/08/2008|17:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Teleca

[11/06/2008|00:52] C:\DOCUME~1\ALLUSE~1\DADOSD~1\VOWSoft

[26/04/2008|00:41] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[26/04/2008|02:57] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

[25/04/2008|04:25] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

[19/05/2008|23:47] C:\DOCUME~1\Koelho01\DADOSD~1\Adobe

[12/06/2008|04:56] C:\DOCUME~1\Koelho01\DADOSD~1\Ahead

[13/08/2008|15:57] C:\DOCUME~1\Koelho01\DADOSD~1\Any Video Converter

[01/08/2008|23:57] C:\DOCUME~1\Koelho01\DADOSD~1\Apple Computer

[20/08/2008|01:09] C:\DOCUME~1\Koelho01\DADOSD~1\Atom four funk

[26/06/2008|01:54] C:\DOCUME~1\Koelho01\DADOSD~1\Corel

[23/05/2008|03:33] C:\DOCUME~1\Koelho01\DADOSD~1\DAEMON Tools

[01/05/2008|23:29] C:\DOCUME~1\Koelho01\DADOSD~1\Google

[27/04/2008|02:44] C:\DOCUME~1\Koelho01\DADOSD~1\Help

[26/04/2008|06:46] C:\DOCUME~1\Koelho01\DADOSD~1\HP

[25/04/2008|04:39] C:\DOCUME~1\Koelho01\DADOSD~1\Identities

[27/04/2008|00:29] C:\DOCUME~1\Koelho01\DADOSD~1\InstallShield

[29/07/2008|20:19] C:\DOCUME~1\Koelho01\DADOSD~1\LimeWire

[29/04/2008|21:23] C:\DOCUME~1\Koelho01\DADOSD~1\Macromedia

[08/05/2008|13:01] C:\DOCUME~1\Koelho01\DADOSD~1\Media Player Classic

[07/08/2008|19:34] C:\DOCUME~1\Koelho01\DADOSD~1\Microsoft

[25/04/2008|23:18] C:\DOCUME~1\Koelho01\DADOSD~1\Microsoft Web Folders

[05/05/2008|01:53] C:\DOCUME~1\Koelho01\DADOSD~1\Musicmatch

[03/07/2008|17:30] C:\DOCUME~1\Koelho01\DADOSD~1\Skinux

[03/08/2008|17:37] C:\DOCUME~1\Koelho01\DADOSD~1\Sony Ericsson

[01/05/2008|14:53] C:\DOCUME~1\Koelho01\DADOSD~1\Sun

[03/08/2008|17:37] C:\DOCUME~1\Koelho01\DADOSD~1\Teleca

[11/05/2008|12:07] C:\DOCUME~1\Koelho01\DADOSD~1\Tibia

[19/07/2008|18:55] C:\DOCUME~1\Koelho01\DADOSD~1\U3

[25/04/2008|23:39] C:\DOCUME~1\Koelho01\DADOSD~1\WinRAR

[16/06/2008|01:59] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

[25/04/2008|04:30] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

[18/09/2008 11:26][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 15:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Lista de pastas em C:\Arquivos de programas

[18/07/2008|03:16] C:\Arquivos de programas\Adobe

[12/06/2008|03:49] C:\Arquivos de programas\Ahead

[25/04/2008|23:34] C:\Arquivos de programas\Alwil Software

[25/04/2008|23:12] C:\Arquivos de programas\Analog Devices

[13/08/2008|15:58] C:\Arquivos de programas\Any Video Converter

[14/08/2008|00:25] C:\Arquivos de programas\Arquivos comuns

[25/06/2008|11:22] C:\Arquivos de programas\Avanquest update

[15/08/2008|01:42] C:\Arquivos de programas\CCleaner

[01/05/2008|13:57] C:\Arquivos de programas\Corel

[23/05/2008|03:34] C:\Arquivos de programas\DAEMON Tools Lite

[15/06/2008|00:20] C:\Arquivos de programas\Disney Interactive

[13/09/2008|01:37] C:\Arquivos de programas\DivX

[05/06/2008|18:18] C:\Arquivos de programas\Dragon Souls

[27/04/2008|00:24] C:\Arquivos de programas\DVD Shrink

[26/04/2008|07:57] C:\Arquivos de programas\EA GAMES

[22/07/2008|02:06] C:\Arquivos de programas\EA SPORTS

[25/04/2008|23:31] C:\Arquivos de programas\Elaborate Bytes

[04/09/2008|17:06] C:\Arquivos de programas\GbPlugin

[11/06/2008|00:51] C:\Arquivos de programas\Google

[27/04/2008|00:55] C:\Arquivos de programas\Gravity

[23/05/2008|03:34] C:\Arquivos de programas\Green Land Studios

[26/04/2008|02:36] C:\Arquivos de programas\Hewlett-Packard

[26/04/2008|02:38] C:\Arquivos de programas\HP

[17/07/2008|14:52] C:\Arquivos de programas\InstallShield Installation Information

[13/08/2008|19:28] C:\Arquivos de programas\Internet Explorer

[01/05/2008|14:48] C:\Arquivos de programas\Java

[13/08/2008|21:29] C:\Arquivos de programas\KAIZEN Games

[03/07/2008|17:16] C:\Arquivos de programas\Kodak

[27/04/2008|00:30] C:\Arquivos de programas\LevelUpGames

[28/06/2008|18:38] C:\Arquivos de programas\LG Link

[04/06/2008|12:41] C:\Arquivos de programas\LimeWire

[13/08/2008|19:30] C:\Arquivos de programas\Messenger

[25/04/2008|23:18] C:\Arquivos de programas\microsoft frontpage

[25/04/2008|23:18] C:\Arquivos de programas\Microsoft Office

[25/04/2008|23:19] C:\Arquivos de programas\Microsoft Visual Studio

[07/06/2008|10:55] C:\Arquivos de programas\mobile PhoneTools

[10/08/2008|17:21] C:\Arquivos de programas\Motorola

[28/06/2008|00:00] C:\Arquivos de programas\Motorola Phone Tools

[14/06/2008|05:40] C:\Arquivos de programas\Movie Maker

[07/08/2008|19:34] C:\Arquivos de programas\MP3 Player Utilities 4.09

[25/04/2008|04:22] C:\Arquivos de programas\MSN Gaming Zone

[26/04/2008|01:49] C:\Arquivos de programas\MSXML 4.0

[05/05/2008|01:53] C:\Arquivos de programas\MusicMatch

[26/04/2008|00:18] C:\Arquivos de programas\Nero

[14/06/2008|05:36] C:\Arquivos de programas\NetMeeting

[14/06/2008|05:36] C:\Arquivos de programas\Outlook Express

[11/05/2008|19:30] C:\Arquivos de programas\PC Camera

[07/06/2008|23:30] C:\Arquivos de programas\Programas SRF

[18/07/2008|22:06] C:\Arquivos de programas\QuickTime

[26/04/2008|14:03] C:\Arquivos de programas\Rockstar Games

[01/09/2008|09:11] C:\Arquivos de programas\Scpad

[25/04/2008|23:22] C:\Arquivos de programas\Servi‡os on-line

[16/06/2008|00:21] C:\Arquivos de programas\SlySoft

[03/08/2008|17:31] C:\Arquivos de programas\Sony Ericsson

[08/08/2008|02:28] C:\Arquivos de programas\Spybot - Search & Destroy

[08/08/2008|04:36] C:\Arquivos de programas\Tibia

[26/05/2008|06:01] C:\Arquivos de programas\Trend Micro

[25/04/2008|04:39] C:\Arquivos de programas\Uninstall Information

[13/08/2008|17:29] C:\Arquivos de programas\WinAVI Video Converter

[26/04/2008|02:58] C:\Arquivos de programas\Windows Live

[14/06/2008|05:36] C:\Arquivos de programas\Windows Media Player

[14/06/2008|05:36] C:\Arquivos de programas\Windows NT

[25/04/2008|04:22] C:\Arquivos de programas\WindowsUpdate

[25/04/2008|23:08] C:\Arquivos de programas\WinRAR

[25/04/2008|04:25] C:\Arquivos de programas\xerox

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

[28/04/2008|18:55] C:\Arquivos de programas\Arquivos comuns\Adobe

[12/06/2008|03:45] C:\Arquivos de programas\Arquivos comuns\Ahead

[25/04/2008|23:19] C:\Arquivos de programas\Arquivos comuns\Designer

[29/04/2008|21:28] C:\Arquivos de programas\Arquivos comuns\DirectX

[26/04/2008|02:35] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

[26/04/2008|02:38] C:\Arquivos de programas\Arquivos comuns\HP

[11/05/2008|19:29] C:\Arquivos de programas\Arquivos comuns\InstallShield

[01/05/2008|14:36] C:\Arquivos de programas\Arquivos comuns\Java

[20/07/2008|16:24] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[27/06/2008|23:59] C:\Arquivos de programas\Arquivos comuns\Motorola Shared

[25/04/2008|04:23] C:\Arquivos de programas\Arquivos comuns\MSSoap

[12/06/2008|03:47] C:\Arquivos de programas\Arquivos comuns\Nero

[25/04/2008|04:13] C:\Arquivos de programas\Arquivos comuns\ODBC

[11/05/2008|19:30] C:\Arquivos de programas\Arquivos comuns\PCCamera

[25/04/2008|04:23] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[25/04/2008|04:13] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[14/06/2008|05:36] C:\Arquivos de programas\Arquivos comuns\System

[03/08/2008|17:32] C:\Arquivos de programas\Arquivos comuns\Teleca Shared

[26/04/2008|02:57] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

--------------------\\ Process

( 45 Processes )

iexplore.exe ~ [PID:2424]

--------------------\\ Procura pelo S_Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

C:\DOCUME~1\ALLUSE~1\DADOSD~1\Frag great bend logo

C:\DOCUME~1\Koelho01\Cookies\koelho01@adopt.euroclick[1].txt

--------------------\\ Procura no Registro

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

Arquivos/Ficheiros Hosts LIMPO

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-18 20:08:27

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 13

--------------------\\ Procurando por outras infecções

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ALLUSE~1\Documentos\instala‡äes\CRAQUEADOR Fifa\KEYGEN.dll

C:\DOCUME~1\ALLUSE~1\Documentos\instala‡äes\imagem\Warcraft III\Razor1911\warcraft3 keygen.exe

[F:2470][D:22]-> C:\DOCUME~1\Koelho01\CONFIG~1\Temp

[F:224][D:0]-> C:\DOCUME~1\Koelho01\Cookies

[F:17976][D:27]-> C:\DOCUME~1\Koelho01\CONFIG~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - qui 18/09/2008|20:21 - Option : [1]

--------------------\\ Verificação completa em 20:21:07

e o novo hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:29:57, on 18/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [mmtask] "C:\Arquivos de programas\MusicMatch\MusicMatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.09\AMVConverter\grab.html

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.09\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209179946484

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1209662778_a40ffedee28bdf97a384a0cdd0085bc2&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553539700} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5BD2DE85-26A0-4153-B831-C133A808498F}: NameServer = 192.168.0.1,200.222.0.34

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 10055 bytes

Obrigadão!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Selecione TODA a área abaixo mencionada a azul negrito, clique direito do mouse e escolha Copiar

C:\Documents and Settings\Koelho01\Dados de aplicativos\Atom four funk
  • Agora dê duplo-Clique no ícone do Lop S&D que estará no desktop.
    Se utiliza o Windows Vista, dê clique direito do mouse no LopSD.exe e escolha 'Executar como administrador'.
  • Irá surgir uma janela (conforme imagem abaixo), tecle P de Português e dê enter.
    Lop_Choix-large.jpg
  • Pressione agora o numero "4 - LopScript" pressionando a tecla "4" e dê ENTER.
  • Uma página branca irá abrir, clique nela com o botão direito do mouse e escolha colar
  • Feche essa página, e na pergunta se a quer salvar, escolha [save]
  • A ferramenta irá rodar para que a infecção possa ser removida.
  • No final será gerado um relatório (C:\lopR.txt). Cole o conteúdo desse relatório na sua próxima resposta, juntamente com um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

--------------------\\ Lop S&D 4.2.4-3 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Athlon XP 2600+ )

BIOS : Award Modular BIOS v6.0

USER : Koelho01 ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1229 [VPS 080919-0] 4.8.1229 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total : 78 Go Free : 8 Go

D:\ (Local Disk) - NTFS - Total : 39 Go Free : 13 Go

E:\ (Local Disk) - NTFS - Total : 31 Go Free : 16 Go

F:\ (CD or DVD)

H:\ (CD or DVD)

I:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 14-09-2008|22:40 )

Option : [4] ( sex 19/09/2008|14:53 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script

C:\Documents and Settings\Koelho01\Dados de aplicativos\Atom four funk

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

Deletado! - C:\Documents and Settings\Koelho01\Dados de aplicativos\Atom four funk

Deletado! - C:\DOCUME~1\Koelho01\Cookies\koelho01@adopt.euroclick[1].txt

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Frag great bend logo

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Lista de pastas em DADOSD~1

[28/04/2008|18:55] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[28/08/2008|04:05] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead

[18/07/2008|22:07] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

[07/06/2008|10:54] C:\DOCUME~1\ALLUSE~1\DADOSD~1\BVRP Software

[17/09/2008|23:49] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink

[19/09/2008|10:31] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

[11/06/2008|00:51] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[26/04/2008|02:38] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP

[10/07/2008|01:53] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kodak

[26/04/2008|08:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[25/04/2008|23:42] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NVIDIA

[03/08/2008|17:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Sony Ericsson

[06/05/2008|01:44] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[03/08/2008|17:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Teleca

[11/06/2008|00:52] C:\DOCUME~1\ALLUSE~1\DADOSD~1\VOWSoft

[26/04/2008|00:41] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[26/04/2008|02:57] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

[25/04/2008|04:25] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

[19/05/2008|23:47] C:\DOCUME~1\Koelho01\DADOSD~1\Adobe

[12/06/2008|04:56] C:\DOCUME~1\Koelho01\DADOSD~1\Ahead

[13/08/2008|15:57] C:\DOCUME~1\Koelho01\DADOSD~1\Any Video Converter

[01/08/2008|23:57] C:\DOCUME~1\Koelho01\DADOSD~1\Apple Computer

[26/06/2008|01:54] C:\DOCUME~1\Koelho01\DADOSD~1\Corel

[23/05/2008|03:33] C:\DOCUME~1\Koelho01\DADOSD~1\DAEMON Tools

[01/05/2008|23:29] C:\DOCUME~1\Koelho01\DADOSD~1\Google

[27/04/2008|02:44] C:\DOCUME~1\Koelho01\DADOSD~1\Help

[26/04/2008|06:46] C:\DOCUME~1\Koelho01\DADOSD~1\HP

[25/04/2008|04:39] C:\DOCUME~1\Koelho01\DADOSD~1\Identities

[27/04/2008|00:29] C:\DOCUME~1\Koelho01\DADOSD~1\InstallShield

[29/07/2008|20:19] C:\DOCUME~1\Koelho01\DADOSD~1\LimeWire

[29/04/2008|21:23] C:\DOCUME~1\Koelho01\DADOSD~1\Macromedia

[08/05/2008|13:01] C:\DOCUME~1\Koelho01\DADOSD~1\Media Player Classic

[07/08/2008|19:34] C:\DOCUME~1\Koelho01\DADOSD~1\Microsoft

[25/04/2008|23:18] C:\DOCUME~1\Koelho01\DADOSD~1\Microsoft Web Folders

[05/05/2008|01:53] C:\DOCUME~1\Koelho01\DADOSD~1\Musicmatch

[03/07/2008|17:30] C:\DOCUME~1\Koelho01\DADOSD~1\Skinux

[03/08/2008|17:37] C:\DOCUME~1\Koelho01\DADOSD~1\Sony Ericsson

[01/05/2008|14:53] C:\DOCUME~1\Koelho01\DADOSD~1\Sun

[03/08/2008|17:37] C:\DOCUME~1\Koelho01\DADOSD~1\Teleca

[11/05/2008|12:07] C:\DOCUME~1\Koelho01\DADOSD~1\Tibia

[19/07/2008|18:55] C:\DOCUME~1\Koelho01\DADOSD~1\U3

[25/04/2008|23:39] C:\DOCUME~1\Koelho01\DADOSD~1\WinRAR

[16/06/2008|01:59] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

[25/04/2008|04:30] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

[19/09/2008 10:31][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 15:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Lista de pastas em C:\Arquivos de programas

[18/07/2008|03:16] C:\Arquivos de programas\Adobe

[12/06/2008|03:49] C:\Arquivos de programas\Ahead

[25/04/2008|23:34] C:\Arquivos de programas\Alwil Software

[25/04/2008|23:12] C:\Arquivos de programas\Analog Devices

[13/08/2008|15:58] C:\Arquivos de programas\Any Video Converter

[14/08/2008|00:25] C:\Arquivos de programas\Arquivos comuns

[25/06/2008|11:22] C:\Arquivos de programas\Avanquest update

[15/08/2008|01:42] C:\Arquivos de programas\CCleaner

[01/05/2008|13:57] C:\Arquivos de programas\Corel

[23/05/2008|03:34] C:\Arquivos de programas\DAEMON Tools Lite

[15/06/2008|00:20] C:\Arquivos de programas\Disney Interactive

[13/09/2008|01:37] C:\Arquivos de programas\DivX

[05/06/2008|18:18] C:\Arquivos de programas\Dragon Souls

[27/04/2008|00:24] C:\Arquivos de programas\DVD Shrink

[26/04/2008|07:57] C:\Arquivos de programas\EA GAMES

[22/07/2008|02:06] C:\Arquivos de programas\EA SPORTS

[25/04/2008|23:31] C:\Arquivos de programas\Elaborate Bytes

[04/09/2008|17:06] C:\Arquivos de programas\GbPlugin

[11/06/2008|00:51] C:\Arquivos de programas\Google

[27/04/2008|00:55] C:\Arquivos de programas\Gravity

[23/05/2008|03:34] C:\Arquivos de programas\Green Land Studios

[26/04/2008|02:36] C:\Arquivos de programas\Hewlett-Packard

[26/04/2008|02:38] C:\Arquivos de programas\HP

[17/07/2008|14:52] C:\Arquivos de programas\InstallShield Installation Information

[13/08/2008|19:28] C:\Arquivos de programas\Internet Explorer

[01/05/2008|14:48] C:\Arquivos de programas\Java

[13/08/2008|21:29] C:\Arquivos de programas\KAIZEN Games

[03/07/2008|17:16] C:\Arquivos de programas\Kodak

[27/04/2008|00:30] C:\Arquivos de programas\LevelUpGames

[28/06/2008|18:38] C:\Arquivos de programas\LG Link

[04/06/2008|12:41] C:\Arquivos de programas\LimeWire

[13/08/2008|19:30] C:\Arquivos de programas\Messenger

[25/04/2008|23:18] C:\Arquivos de programas\microsoft frontpage

[25/04/2008|23:18] C:\Arquivos de programas\Microsoft Office

[25/04/2008|23:19] C:\Arquivos de programas\Microsoft Visual Studio

[07/06/2008|10:55] C:\Arquivos de programas\mobile PhoneTools

[10/08/2008|17:21] C:\Arquivos de programas\Motorola

[28/06/2008|00:00] C:\Arquivos de programas\Motorola Phone Tools

[14/06/2008|05:40] C:\Arquivos de programas\Movie Maker

[07/08/2008|19:34] C:\Arquivos de programas\MP3 Player Utilities 4.09

[25/04/2008|04:22] C:\Arquivos de programas\MSN Gaming Zone

[26/04/2008|01:49] C:\Arquivos de programas\MSXML 4.0

[05/05/2008|01:53] C:\Arquivos de programas\MusicMatch

[26/04/2008|00:18] C:\Arquivos de programas\Nero

[14/06/2008|05:36] C:\Arquivos de programas\NetMeeting

[14/06/2008|05:36] C:\Arquivos de programas\Outlook Express

[11/05/2008|19:30] C:\Arquivos de programas\PC Camera

[07/06/2008|23:30] C:\Arquivos de programas\Programas SRF

[18/07/2008|22:06] C:\Arquivos de programas\QuickTime

[26/04/2008|14:03] C:\Arquivos de programas\Rockstar Games

[01/09/2008|09:11] C:\Arquivos de programas\Scpad

[25/04/2008|23:22] C:\Arquivos de programas\Servi‡os on-line

[16/06/2008|00:21] C:\Arquivos de programas\SlySoft

[03/08/2008|17:31] C:\Arquivos de programas\Sony Ericsson

[08/08/2008|02:28] C:\Arquivos de programas\Spybot - Search & Destroy

[08/08/2008|04:36] C:\Arquivos de programas\Tibia

[26/05/2008|06:01] C:\Arquivos de programas\Trend Micro

[25/04/2008|04:39] C:\Arquivos de programas\Uninstall Information

[13/08/2008|17:29] C:\Arquivos de programas\WinAVI Video Converter

[26/04/2008|02:58] C:\Arquivos de programas\Windows Live

[14/06/2008|05:36] C:\Arquivos de programas\Windows Media Player

[14/06/2008|05:36] C:\Arquivos de programas\Windows NT

[25/04/2008|04:22] C:\Arquivos de programas\WindowsUpdate

[25/04/2008|23:08] C:\Arquivos de programas\WinRAR

[25/04/2008|04:25] C:\Arquivos de programas\xerox

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

[28/04/2008|18:55] C:\Arquivos de programas\Arquivos comuns\Adobe

[12/06/2008|03:45] C:\Arquivos de programas\Arquivos comuns\Ahead

[25/04/2008|23:19] C:\Arquivos de programas\Arquivos comuns\Designer

[29/04/2008|21:28] C:\Arquivos de programas\Arquivos comuns\DirectX

[26/04/2008|02:35] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

[26/04/2008|02:38] C:\Arquivos de programas\Arquivos comuns\HP

[11/05/2008|19:29] C:\Arquivos de programas\Arquivos comuns\InstallShield

[01/05/2008|14:36] C:\Arquivos de programas\Arquivos comuns\Java

[20/07/2008|16:24] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[27/06/2008|23:59] C:\Arquivos de programas\Arquivos comuns\Motorola Shared

[25/04/2008|04:23] C:\Arquivos de programas\Arquivos comuns\MSSoap

[12/06/2008|03:47] C:\Arquivos de programas\Arquivos comuns\Nero

[25/04/2008|04:13] C:\Arquivos de programas\Arquivos comuns\ODBC

[11/05/2008|19:30] C:\Arquivos de programas\Arquivos comuns\PCCamera

[25/04/2008|04:23] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[25/04/2008|04:13] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[14/06/2008|05:36] C:\Arquivos de programas\Arquivos comuns\System

[03/08/2008|17:32] C:\Arquivos de programas\Arquivos comuns\Teleca Shared

[26/04/2008|02:57] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

--------------------\\ Process

( 41 Processes )

... OK !

--------------------\\ Procura pelo S_Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura no Registro

..... OK !

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

Arquivos/Ficheiros Hosts LIMPO

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-19 14:55:37

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 13

--------------------\\ Procurando por outras infecções

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ALLUSE~1\Documentos\instala‡äes\CRAQUEADOR Fifa\KEYGEN.dll

C:\DOCUME~1\ALLUSE~1\Documentos\instala‡äes\imagem\Warcraft III\Razor1911\warcraft3 keygen.exe

[F:2506][D:22]-> C:\DOCUME~1\Koelho01\CONFIG~1\Temp

[F:238][D:0]-> C:\DOCUME~1\Koelho01\Cookies

[F:17525][D:27]-> C:\DOCUME~1\Koelho01\CONFIG~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - qui 18/09/2008|20:21 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - sex 19/09/2008|15:08 - Option : [4]

--------------------\\ Verificação completa em 15:08:09

e o novo Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:40:49, on 19/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [mmtask] "C:\Arquivos de programas\MusicMatch\MusicMatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.09\AMVConverter\grab.html

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.09\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209179946484

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1209662778_a40ffedee28bdf97a384a0cdd0085bc2&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553539700} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5BD2DE85-26A0-4153-B831-C133A808498F}: NameServer = 192.168.0.1,200.222.0.34

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 9933 bytes

Obrigado novamente!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Informe o estado do computador.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×