Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
guspinho

Analise. Log do HijackThis

Recommended Posts

to disconfiando de algum virus, os icones da tray nao aparecem, o firefox trava muito e o pc fica dano tela azul. (se quiserem tambem posso fazer um scan com o antivirus)

o log:

Logfile of HijackThis v1.99.1

Scan saved at 14:10:23, on 08/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\Arquivos de programas\M-Audio\Black Box\BlackBoxHelper.exe

C:\Arquivos de programas\SyncroSoft\Pos\H2O\cledx.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Arquivos de programas\Digidesign\Drivers\MMERefresh.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Arquivos de programas\M-Audio\Black Box\MAUSBBBInst.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\@\Meus documentos\HijackThis.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [black Box Helper] C:\Arquivos de programas\M-Audio\Black Box\BlackBoxHelper.exe

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

O4 - HKLM\..\Run: [H2O] C:\Arquivos de programas\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Arquivos de programas\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Arquivos de programas\Digidesign\Drivers\MMERefresh.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: MagicDisc.lnk = C:\Arquivos de programas\MagicDisc\MagicDisc.exe

O4 - Startup: mudinho.exe

O4 - Startup: Sumário do OneNote.onetoc2

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: @C:\Arquivos de programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Arquivos de programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.trafficredlight.net/11679-23.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Arquivos de programas\Digidesign\Drivers\MMERefresh.exe

O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Arquivos de programas\Digidesign\Pro Tools\digiSPTIService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

O23 - Service: M-Audio BlackBox Installer (MAudioBlackBoxService) - Avid Technology, Inc. - C:\Arquivos de programas\M-Audio\Black Box\MAUSBBBInst.exe

O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NILM License Manager - Macrovision Corporation - C:\Arquivos de programas\National Instruments\Shared\License Manager\Bin\lmgrd.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - (no file)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Desculpe a demora.

Por favor faça e cole um novo log atualizado do HijackThis.

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui:

Logfile of HijackThis v1.99.1

Scan saved at 11:48:59, on 14/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\Arquivos de programas\M-Audio\Black Box\BlackBoxHelper.exe

C:\Arquivos de programas\SyncroSoft\Pos\H2O\cledx.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Arquivos de programas\Digidesign\Drivers\MMERefresh.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Arquivos de programas\M-Audio\Black Box\MAUSBBBInst.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\@\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [black Box Helper] C:\Arquivos de programas\M-Audio\Black Box\BlackBoxHelper.exe

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

O4 - HKLM\..\Run: [H2O] C:\Arquivos de programas\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Arquivos de programas\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Arquivos de programas\Digidesign\Drivers\MMERefresh.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: MagicDisc.lnk = C:\Arquivos de programas\MagicDisc\MagicDisc.exe

O4 - Startup: Sumário do OneNote.onetoc2

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: @C:\Arquivos de programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Arquivos de programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.trafficredlight.net/11679-23.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Arquivos de programas\Digidesign\Drivers\MMERefresh.exe

O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Arquivos de programas\Digidesign\Pro Tools\digiSPTIService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

O23 - Service: M-Audio BlackBox Installer (MAudioBlackBoxService) - Avid Technology, Inc. - C:\Arquivos de programas\M-Audio\Black Box\MAUSBBBInst.exe

O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NILM License Manager - Macrovision Corporation - C:\Arquivos de programas\National Instruments\Shared\License Manager\Bin\lmgrd.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - (no file)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, nada nesse log!

Faça o download de DDS e salve no desktop.

  • Temporariamente desative os seus programas de proteção.
  • Duplo clique em dds.scr.
  • Quando terminar, o DDS.txt irá abrir.
  • Salve os resultados e cole-os na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pronto, aqui esta:

DDS (Version 1.0) - NTFSx86

Run by @ at 17:35:29,54 on 14/11/2008

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1022.664 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\Arquivos de programas\M-Audio\Black Box\BlackBoxHelper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\SyncroSoft\Pos\H2O\cledx.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Arquivos de programas\Digidesign\Drivers\MMERefresh.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Arquivos de programas\M-Audio\Black Box\MAUSBBBInst.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Documents and Settings\@\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.terra.com.br/capa

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uInternet Settings,ProxyOverride = local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\arquivos de programas\avg\avg8\avgssie.dll

BHO: {6EF05952-B48D-4944-AA91-57A6A1A48EF8} -

BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - c:\arquiv~1\gbplugin\gbieh.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iSUSPM Startup] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\issch.exe" -start

mRun: [black Box Helper] c:\arquivos de programas\m-audio\black box\BlackBoxHelper.exe

mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe

mRun: [H2O] c:\arquivos de programas\syncrosoft\pos\h2o\cledx.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre1.6.0_07\bin\jusched.exe"

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [CTSysVol] c:\arquivos de programas\creative\sbaudigy\surround mixer\CTSysVol.exe /r

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\qttask.exe" -atboottime

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [DigidesignMMERefresh] c:\arquivos de programas\digidesign\drivers\MMERefresh.exe

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\nero\lib\NeroCheck.exe

mRun: [NBKeyScan] "c:\arquivos de programas\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [sony Ericsson PC Suite] "c:\arquivos de programas\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\@\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\@\menuin~1\progra~1\inicia~1\magicd~1.lnk - c:\arquivos de programas\magicdisc\MagicDisc.exe

StartupFolder: c:\documents and settings\@\menu iniciar\programas\inicializar\Sumário do OneNote.onetoc2

IE: &Highlight

IE: &Links List

IE: &Web Search

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: I&mages List

IE: Open Frame in &New Window

IE: Zoom &In

IE: Zoom O&ut

IE: {87680762-4A83-11B4-885B-0000E8ECA40F}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {87680762-4A83-11B4-885B-0000E8ECA40F} -

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: GbPluginBb - c:\arquiv~1\gbplugin\gbieh.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - c:\windows\system32\upnpui.dll

SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - c:\arquiv~1\gbplugin\gbieh.dll

============= SERVICES / DRIVERS ===============

? GbpSv;GbpSv;

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys

R1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys

R2 cvintdrv;cvintdrv;c:\windows\system32\drivers\cvintdrv.sys

R2 MAudioBlackBoxService;M-Audio BlackBox Installer;c:\arquivos de programas\m-audio\black box\MAUSBBBInst.exe

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys

S2 Apache2.2;Apache2.2;

S3 EverestDriver;Lavalys EVEREST Kernel Driver;

S3 ma763011;M-Audio BlackBox;c:\windows\system32\drivers\MA763011.sys

S3 MAUSBBB;Service for M-Audio Black Box (WDM);c:\windows\system32\drivers\mausbbb.sys

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys

S3 se59bus;Sony Ericsson Device 089 driver (WDM);c:\windows\system32\drivers\se59bus.sys

S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;c:\windows\system32\drivers\se59mdfl.sys

S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;c:\windows\system32\drivers\se59mdm.sys

S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se59mgmt.sys

S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);c:\windows\system32\drivers\se59nd5.sys

S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;c:\windows\system32\drivers\se59obex.sys

S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);c:\windows\system32\drivers\se59unic.sys

S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys

S3 XDva009;XDva009;

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2008-11-14 10:02 <DIR> --d-h--- c:\documents and settings\@\Recent

2008-11-10 08:45 <DIR> -cd----- c:\arquivos de programas\gMapMaker

2008-11-09 18:22 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\pI3_lic_file

2008-11-07 17:41 893 a------- c:\windows\system32\apexconverter.exe.stackdump

2008-11-07 17:38 <DIR> -cd----- c:\arquivos de programas\XviD

2008-11-01 19:37 97,056 a----r-- c:\windows\system32\drivers\w200mdm.sys

2008-11-01 19:37 9,328 a----r-- c:\windows\system32\drivers\w200mdfl.sys

2008-11-01 19:37 6,208 a----r-- c:\windows\system32\drivers\w200cmnt.sys

2008-11-01 19:37 6,208 a----r-- c:\windows\system32\drivers\w200cm.sys

2008-11-01 19:37 61,504 a----r-- c:\windows\system32\drivers\w200bus.sys

2008-11-01 19:37 5,840 a----r-- c:\windows\system32\drivers\w200whnt.sys

2008-11-01 19:37 5,840 a----r-- c:\windows\system32\drivers\w200wh.sys

2008-10-31 09:56 <DIR> -cd----- c:\arquivos de programas\Mudinho

2008-10-27 15:01 <DIR> --d----- c:\docume~1\@\dadosd~1\MyPhoneExplorer

2008-10-27 15:01 <DIR> -cd----- c:\arquivos de programas\MyPhoneExplorer

2008-10-22 01:11 <DIR> --d----- c:\windows\system32\CatRoot_bak

2008-10-21 15:34 11,648 a------- c:\windows\system32\drivers\ggsemc.sys

2008-10-19 00:32 18,704 a----r-- c:\windows\system32\drivers\se59nd5.sys

2008-10-19 00:31 90,800 a----r-- c:\windows\system32\drivers\se59unic.sys

2008-10-19 00:31 4,128 a----r-- c:\windows\system32\drivers\se59cr.sys

2008-10-19 00:31 88,624 a----r-- c:\windows\system32\drivers\se59mgmt.sys

2008-10-19 00:31 86,432 a----r-- c:\windows\system32\drivers\se59obex.sys

2008-10-19 00:28 97,088 a----r-- c:\windows\system32\drivers\se59mdm.sys

2008-10-19 00:28 9,360 a----r-- c:\windows\system32\drivers\se59mdfl.sys

2008-10-19 00:28 6,240 a----r-- c:\windows\system32\drivers\se59cmnt.sys

2008-10-19 00:28 6,240 a----r-- c:\windows\system32\drivers\se59cm.sys

2008-10-19 00:28 61,536 a----r-- c:\windows\system32\drivers\se59bus.sys

2008-10-19 00:28 5,872 a----r-- c:\windows\system32\drivers\se59whnt.sys

2008-10-19 00:28 5,872 a----r-- c:\windows\system32\drivers\se59wh.sys

2008-10-19 00:28 <DIR> --d----- c:\docume~1\@\dadosd~1\Teleca

2008-10-19 00:13 <DIR> -cd----- c:\arquivos de programas\Sony Ericsson

2008-10-18 23:53 <DIR> --d----- c:\docume~1\@\dadosd~1\Sony Ericsson

2008-10-18 23:45 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Sony Ericsson

2008-10-18 23:45 <DIR> -cd----- c:\arquivos de programas\arquivos comuns\Sony Ericsson Shared

2008-10-18 23:44 <DIR> -cd----- c:\arquivos de programas\arquivos comuns\Teleca Shared

2008-10-18 23:44 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Teleca

==================== Find3M ====================

2008-11-12 22:34 <DIR> --d----- c:\docume~1\@\dadosd~1\Digidesign

2008-11-11 16:48 <DIR> --d----- c:\docume~1\@\dadosd~1\Smart Recorder

2008-11-09 22:19 <DIR> --d----- c:\docume~1\@\dadosd~1\uTorrent

2008-11-09 19:24 <DIR> --d----- c:\docume~1\@\dadosd~1\Any Video Converter

2008-11-09 18:22 <DIR> --d----- c:\arquivos de programas\Particle Illusion 3

2008-11-05 13:50 514,026 a------- c:\windows\system32\perfh016.dat

2008-11-05 13:50 97,100 a------- c:\windows\system32\perfc016.dat

2008-11-03 22:29 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab

2008-10-27 14:28 <DIR> --d----- c:\arquivos de programas\Image-Line

2008-10-13 22:38 <DIR> --d----- c:\docume~1\@\dadosd~1\Vso

2008-10-04 22:19 <DIR> -cd----- c:\arquivos de programas\Realtek

2008-09-21 14:07 <DIR> --d----- c:\arquivos de programas\Messenger Plus! Live

2008-09-18 04:24 <DIR> --d----- c:\arquivos de programas\uTorrent

2008-09-15 13:40 1,846,144 a------- c:\windows\system32\win32k.sys

2008-09-08 20:49 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Age of Empires 3

2008-09-04 18:05 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\vsosdk

2008-09-01 19:59 <DIR> --d----- c:\docume~1\@\dadosd~1\NeroDigital™

2008-08-30 13:21 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Sony

2008-08-26 06:11 826,368 a------- c:\windows\system32\wininet.dll

2008-08-25 20:36 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Sibelius Software

2008-08-25 20:35 <DIR> --d----- c:\docume~1\@\dadosd~1\Sibelius Software

2008-08-08 23:22 <DIR> --d----- c:\docume~1\@\dadosd~1\Sony

2008-07-21 19:10 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2008-07-02 16:04 <DIR> --d----- c:\docume~1\@\dadosd~1\Sonic Foundry

2008-06-30 20:31 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\eboostr

2008-06-25 17:44 <DIR> --d----- c:\docume~1\@\dadosd~1\LimeWire

2008-06-11 18:10 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\BVRP Software

2008-06-03 14:08 <DIR> --d----- c:\docume~1\@\dadosd~1\MegauploadToolbar

2008-05-26 21:11 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Nero

2008-05-08 23:38 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

2008-04-28 23:30 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PACE Anti-Piracy

2008-04-28 23:30 <DIR> --d----- c:\docume~1\@\dadosd~1\PACE Anti-Piracy

2008-02-24 21:12 <DIR> --d----- c:\docume~1\@\dadosd~1\GetRightToGo

2008-02-15 02:08 <DIR> --d----- c:\docume~1\@\dadosd~1\Propellerhead Software

2008-02-15 01:58 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Propellerhead Software

2008-02-15 00:02 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2008-01-26 11:43 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PC Drivers HeadQuarters

2008-01-19 15:11 <DIR> --d----- c:\docume~1\@\dadosd~1\Styler

2008-01-02 14:25 <DIR> --d----- c:\docume~1\@\dadosd~1\RapidGet

2007-12-30 21:10 <DIR> --d----- c:\docume~1\@\dadosd~1\Likno

2007-12-18 15:38 <DIR> --d----- c:\docume~1\@\dadosd~1\NetMedia Providers

2007-12-04 21:23 <DIR> --d----- c:\docume~1\@\dadosd~1\SecondLife

2007-11-14 18:12 <DIR> --d----- c:\docume~1\@\dadosd~1\Hamachi

2007-11-10 21:00 <DIR> --d----- c:\docume~1\@\dadosd~1\Publish Providers

2007-11-02 13:38 <DIR> --d----- c:\docume~1\@\dadosd~1\Dev-Cpp

2007-10-28 15:39 <DIR> --d----- c:\docume~1\@\dadosd~1\GibbHill Properties Ltd

2007-10-18 18:43 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Laconic Software

2007-10-13 22:40 <DIR> --d----- c:\docume~1\@\dadosd~1\Steinberg

2007-10-10 10:10 <DIR> --d----- c:\docume~1\@\dadosd~1\National Instruments

2007-10-10 09:51 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\National Instruments

2007-09-25 10:58 <DIR> --d----- c:\docume~1\@\dadosd~1\Fraunhofer

2007-08-26 16:36 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PC Suite

2007-08-16 14:59 <DIR> --d----- c:\docume~1\@\dadosd~1\BSplayer Pro

2007-08-16 14:51 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\part dead amok eggs

2007-08-15 03:35 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Messenger Plus!

2007-08-11 01:30 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Installations

2007-08-09 22:24 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Nokia

2007-07-31 17:21 <DIR> --d----- c:\docume~1\@\dadosd~1\BonkEnc

2007-07-10 16:25 <DIR> --d----- c:\docume~1\@\dadosd~1\WebCompiler3

2007-06-27 11:11 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\River Past G5

2007-06-27 10:59 <DIR> --d----- c:\docume~1\@\dadosd~1\River Past G5

2007-06-14 20:53 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Cakewalk

2007-06-03 05:54 <DIR> --d----- c:\docume~1\@\dadosd~1\foobar2000

2007-06-01 11:17 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\WindowsLiveInstaller

2007-05-24 20:24 <DIR> --d----- c:\docume~1\@\dadosd~1\Ableton

2007-05-19 06:16 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Ableton

2006-01-23 10:52 <DIR> --d----- c:\docume~1\@\dadosd~1\Mc & RENOX

============= FINISH: 17:36:03,79 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui está o log do Malwarebytes Anti-Malware:

Malwarebytes' Anti-Malware 1.30

Versão do banco de dados: 1402

Windows 5.1.2600 Service Pack 2

16/11/2008 13:58:58

mbam-log-2008-11-16 (13-58-58).txt

Tipo de Verificação: Rápida

Objetos verificados: 61808

Tempo decorrido: 4 minute(s), 23 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 7

Valores do Registro infectados: 0

Ítens do Registro infectados: 1

Pastas infectadas: 0

Arquivos infectados: 1

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{db893839-10f0-4af9-92fa-b23528f530af} (Dialer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE (Adware.OneStepSearch) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\Documents and Settings\@\Dados de aplicativos\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.

Agora aqui o novo log do HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 14:32:01, on 16/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\Arquivos de programas\M-Audio\Black Box\BlackBoxHelper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Arquivos de programas\Digidesign\Drivers\MMERefresh.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Arquivos de programas\M-Audio\Black Box\MAUSBBBInst.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\@\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/capa

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [black Box Helper] C:\Arquivos de programas\M-Audio\Black Box\BlackBoxHelper.exe

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

O4 - HKLM\..\Run: [H2O] C:\Arquivos de programas\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Arquivos de programas\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Arquivos de programas\Digidesign\Drivers\MMERefresh.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: MagicDisc.lnk = C:\Arquivos de programas\MagicDisc\MagicDisc.exe

O4 - Startup: Sumário do OneNote.onetoc2

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: @C:\Arquivos de programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Arquivos de programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Arquivos de programas\Digidesign\Drivers\MMERefresh.exe

O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Arquivos de programas\Digidesign\Pro Tools\digiSPTIService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

O23 - Service: M-Audio BlackBox Installer (MAudioBlackBoxService) - Avid Technology, Inc. - C:\Arquivos de programas\M-Audio\Black Box\MAUSBBBInst.exe

O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Arquivos de programas\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NILM License Manager - Macrovision Corporation - C:\Arquivos de programas\National Instruments\Shared\License Manager\Bin\lmgrd.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - (no file)

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu log está limpo

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Desative e ative novamente a Restauração do Sistema
  • Utilize um navegador alternativo e mais seguro: firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • IE/Spyad <=
    IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×