Ir ao conteúdo
  • Cadastre-se
Chegou: livro Montagem de Micros (2019)!
GRÁTIS: minicurso "Como ganhar dinheiro montando computadores"

dagrial

Membros Juniores
 Perfil  Explorar Conteúdo

  • Total de itens

    9

  • Registro em

  • Última visita

  • Qualificações

    0%

Qualificações

0 0 0

Ver qualificações

Reputação

0

Sobre dagrial

  • Data de Nascimento 24-09-1971 (47 anos)

Informações gerais

  • Cidade e Estado
    Porto Alegre, RS
  1. dagrial
    Achei súper bom! Gabriel explica ao detalhe pra qualquer pessoa sem conhecimento nenhum sob hardware possa montar um computador.
  2. dagrial começou a seguir Acento Duplicado e Packed.Win32.Tibs.dc e Ajuda para remoção de amvo.exe
  3. dagrial
    Muito obrigado DigRam !! Valeu pela força !!
  4. dagrial
    Seguem os logs. Obrigado! ComboFix 08-05-15.3 - editor 2008-05-19 18:24:51.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1593 [GMT -3:00] Running from: C:\Documents and Settings\editor\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\editor\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\33DE3tTo.exe C:\WINDOWS\system32\kv3ENcb5.exe C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job J:\jfvkcsy.bat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\ssprs.dll C:\WINDOWS\system32\tmpPrst.dll C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job J:\jfvkcsy.bat . ((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))) . 2008-05-19 17:25 . 2008-05-19 17:25 14 --a------ C:\WINDOWS\system32\tmpPrst.tgz 2008-05-17 13:55 . 2008-05-17 13:55 186,504 --a------ C:\WINDOWS\system32\SnAgOS.TMP 2008-04-29 17:24 . 2008-04-29 17:30 <DIR> d-------- C:\ftproot 2008-04-29 17:22 . 2008-04-29 17:28 <DIR> d-------- C:\Program Files\Cerberus 2008-04-28 15:28 . 2008-04-28 15:29 <DIR> d-------- C:\Program Files\iTunes 2008-04-28 15:28 . 2008-04-28 15:28 <DIR> d-------- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-19 21:24 --------- d-----w C:\Documents and Settings\editor\Application Data\uTorrent 2008-05-19 17:40 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-05-15 21:15 --------- d-----w C:\Documents and Settings\editor\Application Data\Skype 2008-05-13 15:10 --------- d-----w C:\Documents and Settings\editor\Application Data\dvdcss 2008-05-10 18:06 --------- d-----w C:\Program Files\Incomplete 2008-05-10 17:56 --------- d-----w C:\Program Files\LimeWire 2008-05-02 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-04-28 21:22 --------- d-----w C:\Documents and Settings\editor\Application Data\LimeWire 2008-04-28 18:55 --------- d-----w C:\Program Files\Apple Software Update 2008-04-28 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-28 18:27 --------- d-----w C:\Program Files\QuickTime 2008-04-01 16:46 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-01 16:40 --------- d-----w C:\Program Files\Illustrate 2008-04-01 16:40 --------- d-----w C:\Documents and Settings\editor\Application Data\AccurateRip 2008-04-01 16:34 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2008-03-30 21:32 --------- d-----w C:\Program Files\Java 2008-03-30 21:13 --------- d-----w C:\Documents and Settings\editor\Application Data\AVG7 2008-03-30 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-30 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-03-30 20:56 --------- d-----w C:\Program Files\Joost 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-24 14:26 --------- d-----w C:\Program Files\SmartFTP Client 2008-03-24 14:21 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files 2008-03-20 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe" [2003-11-28 06:52 733184] "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 12:37 14477312 C:\WINDOWS\RTHDCPL.EXE] "RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640] "LanguageShortcut"="C:\Program Files\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NexusServer"="C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2007-03-26 17:45 389120] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 06:25 6731312] "Blackmagic CheckVersion PCI"="C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe" [2007-11-16 09:38 4730880] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 22:17 443968] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.CDVC"= cdvccodc.dll "vidc.CDVH"= cdvhcodc.dll "vidc.CUVC"= cuvccodc.dll "vidc.CLLC"= cllccodc.dll "vidc.CDV5"= cdv5codc.dll "vidc.dvsd"= pdvcodec.dll "vidc.mjpg"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~2.DLL "vidc.hdyc"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL "vidc.v210"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL "vidc.r210"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL "vidc.b64a"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\DreMule\\emule.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Cerberus\\Cerberus.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19052:TCP"= 19052:TCP:BitComet 19052 TCP "19052:UDP"= 19052:UDP:BitComet 19052 UDP "62052:TCP"= 62052:TCP:BitComet 62052 TCP "62052:UDP"= 62052:UDP:BitComet 62052 UDP "26980:TCP"= 26980:TCP:BitComet 26980 TCP "26980:UDP"= 26980:UDP:BitComet 26980 UDP R0 ProDscFT;ProDiscFilter;C:\WINDOWS\system32\drivers\ProDscFT.sys [2006-07-24 18:23] R1 BMDPDisk;BMDPDisk;C:\WINDOWS\system32\drivers\BMDPDisk.sys [2007-11-16 09:25] R1 ProDscFS;ProDiscFS;C:\WINDOWS\system32\drivers\ProDscFS.sys [2006-09-07 14:30] R1 SNSID;SNSID;C:\WINDOWS\system32\Drivers\SNSID.sys [2007-05-30 11:23] R1 SNSMS;SNSMS;C:\WINDOWS\system32\Drivers\SNSMS.sys [2007-05-30 11:35] R2 BMDPBox;BMDPBox;C:\WINDOWS\system32\drivers\BMDPBox.sys [2007-11-16 09:25] R2 Ps2KSecureKeyboard;SecureKbd;C:\WINDOWS\system32\DRIVERS\psseckbd.sys [2007-05-30 11:21] R2 SNMgrSvc;SNMgrSvc;"C:\WINDOWS\system32\SnMgrSvc.exe" [2007-05-30 11:34] R3 BMDDeckLinkAudio;BMDDeckLinkAudio;C:\WINDOWS\system32\DRIVERS\deckaud.sys [2007-11-16 09:24] R3 BMDDeckLinkSerial;BMDDeckLinkSerial;C:\WINDOWS\system32\DRIVERS\deckser.sys [2007-11-16 09:24] R3 DeckLink;DeckLink;C:\WINDOWS\system32\DRIVERS\DeckLink.sys [2007-11-16 09:38] R3 DeckLinkDisplay;DeckLinkDisplay;C:\WINDOWS\system32\DRIVERS\deckmp.sys [2007-11-16 09:38] R3 vhidmini;Secure Mouse;C:\WINDOWS\system32\DRIVERS\vhsecmou.sys [2007-05-30 11:21] S3 ProDisc;ProDisc Driver;C:\WINDOWS\system32\DRIVERS\ProDisc.sys [2006-09-05 16:18] . Contents of the 'Scheduled Tasks' folder "2008-05-16 18:58:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-19 18:26:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-05-19 18:29:39 ComboFix-quarantined-files.txt 2008-05-19 21:28:37 Pre-Run: 15,829,032,960 bytes free Post-Run: 15,828,582,400 bytes free 250 --- E O F --- 2008-05-16 18:34:58 Logfile of HijackThis v1.99.1 Scan saved at 18:34:44, on 19/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Cyberlink\Shared Files\RichVideo.exe C:\WINDOWS\system32\SnMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SnAgOS.exe C:\WINDOWS\system32\SnLiveUp.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXKERNL.Exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\editor\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.210:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052408 serial=dr12cnc-4037331-ngv lang=ES O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [blackmagic CheckVersion PCI] C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195591801890 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe
  5. dagrial
    Boa tarde Joram! Obrigado pela ajuda! Seguem os logs: ComboFix 08-05-15.3 - editor 2008-05-16 15:19:16.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1585 [GMT -3:00] Running from: C:\Documents and Settings\editor\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\pfxzmtsmtspm.dll C:\WINDOWS\system32\pfxzmtwbmail.dll C:\WINDOWS\system32\ssprs.dll . ((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))) . 2008-05-07 14:32 . 2008-05-07 14:32 186,504 --a------ C:\WINDOWS\system32\SnAgOS.TMP 2008-04-29 17:24 . 2008-04-29 17:30 <DIR> d-------- C:\ftproot 2008-04-29 17:22 . 2008-04-29 17:28 <DIR> d-------- C:\Program Files\Cerberus 2008-04-28 15:28 . 2008-04-28 15:29 <DIR> d-------- C:\Program Files\iTunes 2008-04-28 15:28 . 2008-04-28 15:28 <DIR> d-------- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-16 17:46 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-05-15 21:15 --------- d-----w C:\Documents and Settings\editor\Application Data\Skype 2008-05-14 20:20 --------- d-----w C:\Documents and Settings\editor\Application Data\uTorrent 2008-05-13 15:10 --------- d-----w C:\Documents and Settings\editor\Application Data\dvdcss 2008-05-10 18:06 --------- d-----w C:\Program Files\Incomplete 2008-05-10 17:56 --------- d-----w C:\Program Files\LimeWire 2008-05-02 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-04-28 21:22 --------- d-----w C:\Documents and Settings\editor\Application Data\LimeWire 2008-04-28 18:55 --------- d-----w C:\Program Files\Apple Software Update 2008-04-28 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-28 18:27 --------- d-----w C:\Program Files\QuickTime 2008-04-01 16:46 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-01 16:40 --------- d-----w C:\Program Files\Illustrate 2008-04-01 16:40 --------- d-----w C:\Documents and Settings\editor\Application Data\AccurateRip 2008-04-01 16:34 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2008-03-30 21:32 --------- d-----w C:\Program Files\Java 2008-03-30 21:13 --------- d-----w C:\Documents and Settings\editor\Application Data\AVG7 2008-03-30 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-30 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-03-30 20:56 --------- d-----w C:\Program Files\Joost 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-24 14:26 --------- d-----w C:\Program Files\SmartFTP Client 2008-03-24 14:21 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files 2008-03-20 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe" [2003-11-28 06:52 733184] "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 12:37 14477312 C:\WINDOWS\RTHDCPL.EXE] "RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640] "LanguageShortcut"="C:\Program Files\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NexusServer"="C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2007-03-26 17:45 389120] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 06:25 6731312] "Blackmagic CheckVersion PCI"="C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe" [2007-11-16 09:38 4730880] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 22:17 443968] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.CDVC"= cdvccodc.dll "vidc.CDVH"= cdvhcodc.dll "vidc.CUVC"= cuvccodc.dll "vidc.CLLC"= cllccodc.dll "vidc.CDV5"= cdv5codc.dll "vidc.dvsd"= pdvcodec.dll "vidc.mjpg"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~2.DLL "vidc.hdyc"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL "vidc.v210"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL "vidc.r210"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL "vidc.b64a"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\DreMule\\emule.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Cerberus\\Cerberus.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19052:TCP"= 19052:TCP:BitComet 19052 TCP "19052:UDP"= 19052:UDP:BitComet 19052 UDP "62052:TCP"= 62052:TCP:BitComet 62052 TCP "62052:UDP"= 62052:UDP:BitComet 62052 UDP "26980:TCP"= 26980:TCP:BitComet 26980 TCP "26980:UDP"= 26980:UDP:BitComet 26980 UDP R0 ProDscFT;ProDiscFilter;C:\WINDOWS\system32\drivers\ProDscFT.sys [2006-07-24 18:23] R1 BMDPDisk;BMDPDisk;C:\WINDOWS\system32\drivers\BMDPDisk.sys [2007-11-16 09:25] R1 ProDscFS;ProDiscFS;C:\WINDOWS\system32\drivers\ProDscFS.sys [2006-09-07 14:30] R1 SNSID;SNSID;C:\WINDOWS\system32\Drivers\SNSID.sys [2007-05-30 11:23] R1 SNSMS;SNSMS;C:\WINDOWS\system32\Drivers\SNSMS.sys [2007-05-30 11:35] R2 BMDPBox;BMDPBox;C:\WINDOWS\system32\drivers\BMDPBox.sys [2007-11-16 09:25] R2 Ps2KSecureKeyboard;SecureKbd;C:\WINDOWS\system32\DRIVERS\psseckbd.sys [2007-05-30 11:21] R2 SNMgrSvc;SNMgrSvc;"C:\WINDOWS\system32\SnMgrSvc.exe" [2007-05-30 11:34] R3 BMDDeckLinkAudio;BMDDeckLinkAudio;C:\WINDOWS\system32\DRIVERS\deckaud.sys [2007-11-16 09:24] R3 BMDDeckLinkSerial;BMDDeckLinkSerial;C:\WINDOWS\system32\DRIVERS\deckser.sys [2007-11-16 09:24] R3 DeckLink;DeckLink;C:\WINDOWS\system32\DRIVERS\DeckLink.sys [2007-11-16 09:38] R3 DeckLinkDisplay;DeckLinkDisplay;C:\WINDOWS\system32\DRIVERS\deckmp.sys [2007-11-16 09:38] R3 vhidmini;Secure Mouse;C:\WINDOWS\system32\DRIVERS\vhsecmou.sys [2007-05-30 11:21] S3 ProDisc;ProDisc Driver;C:\WINDOWS\system32\DRIVERS\ProDisc.sys [2006-09-05 16:18] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d65e904c-064f-11dd-8f7a-001731df9a30}] \Shell\AutoRun\command - J:\jfvkcsy.bat \Shell\explore\Command - J:\jfvkcsy.bat \Shell\open\Command - J:\jfvkcsy.bat . Contents of the 'Scheduled Tasks' folder "2008-05-09 18:58:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-25 03:00:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-03-20 12:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-13 13:00:00 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-14 14:00:00 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-15 15:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-15 16:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-15 17:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-16 18:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-15 19:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-15 20:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-15 21:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-04-25 04:00:00 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-14 22:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-11 23:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-12 00:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-10 01:00:00 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-10 02:00:00 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-04-25 03:00:00 C:\WINDOWS\Tasks\At25.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-04-25 04:00:00 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-04-25 05:00:00 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-06 06:00:00 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-06 07:00:00 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-04-25 05:00:00 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-03-06 08:00:00 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-06 09:00:00 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-06 10:00:00 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-06 11:00:00 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-20 12:00:00 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-13 13:00:00 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-14 14:00:00 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-15 15:00:00 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-15 16:00:00 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-15 17:00:00 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-06 06:00:00 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-16 18:00:00 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-15 19:00:00 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-15 20:00:00 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-15 21:00:00 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-14 22:00:00 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-11 23:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-12 00:00:00 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-10 01:00:00 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-10 02:00:00 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-06 07:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-03-06 08:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-03-06 09:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-03-06 10:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-03-06 11:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\system32\33DE3tTo.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-16 15:21:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-05-16 15:24:32 ComboFix-quarantined-files.txt 2008-05-16 18:23:30 Pre-Run: 16,198,615,040 bytes free Post-Run: 16,375,906,304 bytes free 249 --- E O F --- 2008-05-14 22:05:37 Logfile of HijackThis v1.99.1 Scan saved at 15:25:53, on 16/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Cyberlink\Shared Files\RichVideo.exe C:\WINDOWS\system32\SnMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SnAgOS.exe C:\WINDOWS\system32\SnLiveUp.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\editor\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.210:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052408 serial=dr12cnc-4037331-ngv lang=ES O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [blackmagic CheckVersion PCI] C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195591801890 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe
  6. dagrial
    Alguem pode me ajudar? Faz dias que postei ! Valeu ! Obrigado.
  7. dagrial
    Boa tarde pessoal preciso de ajuda para remover o virus amvo.exe segue o log do HijackThis. Obrigado. Logfile of HijackThis v1.99.1 Scan saved at 17:32:41, on 11/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Cyberlink\Shared Files\RichVideo.exe C:\WINDOWS\system32\SnMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SnAgOS.exe C:\WINDOWS\system32\SnLiveUp.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Adobe After Effects 7.0\Support Files\AfterFX.exe C:\Documents and Settings\editor\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.210:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052408 serial=dr12cnc-4037331-ngv lang=ES O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [blackmagic CheckVersion PCI] C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195591801890 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe
  8. dagrial
    Muito obrigado pela ajuda e pelo seu tempo José !! Vou dar uma lida nos links que me recomendou. Era um virus o que tinha na máquina? Valeu !! Abraço.
  9. dagrial
    SDFix: Version 1.124 Run by editor on ter 08/01/2008 at 11:47 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\system32\ntos.exe - Deleted C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted C:\WINDOWS\system32\wsnpoem\audio.dll.cla - Deleted C:\WINDOWS\system32\wsnpoem\video.dll - Deleted Folder C:\WINDOWS\system32\wsnpoem - Removed Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-08 11:55:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\lightwav.exe"="C:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\lightwav.exe:*:Enabled:lightwav" "C:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\hub.exe"="C:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\hub.exe:*:Enabled:hub" "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" "C:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\modeler.exe"="C:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\modeler.exe:*:Enabled:modeler" "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5" "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes: Wed 24 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe" Wed 15 Aug 2007 0 A..H. --- "C:\WINDOWS\system32\SNRULE.TMP" Mon 26 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 26 Nov 2007 4,348 ...H. --- "C:\Documents and Settings\editor\My Documents\My Music\License Backup\drmv1key.bak" Tue 11 Dec 2007 20 A..H. --- "C:\Documents and Settings\editor\My Documents\My Music\License Backup\drmv1lic.bak" Mon 11 Jun 2007 312 A.SH. --- "C:\Documents and Settings\editor\My Documents\My Music\License Backup\drmv2key.bak" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:04:05, on 8/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Cyberlink\Shared Files\RichVideo.exe C:\WINDOWS\system32\SnMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SnAgOS.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SnEngine.EXE C:\Documents and Settings\editor\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011808 serial=dr12cnc-4037331-ngv lang=ES O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [blackmagic CheckVersion PCI] C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195591801890 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe -- End of file - 7432 bytes
  10. dagrial
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:29:13, on 7/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Cyberlink\Shared Files\RichVideo.exe C:\WINDOWS\system32\SnMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\SnAgOS.exe C:\WINDOWS\system32\SnLiveUp.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXKERNL.Exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\editor\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011808 serial=dr12cnc-4037331-ngv lang=ES O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [blackmagic CheckVersion PCI] C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195591801890 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe -- End of file - 7785 bytes
  11. dagrial
    Tenho problemas com acentos duplicados e o kaspersky online scanner detectou Packed.Win32.Tibs.dc na minha maquina. Alguem poderia me ajudar na remoçao? Muito Obrigado. Log do HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:00:05, on 4/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Cyberlink\Shared Files\RichVideo.exe C:\WINDOWS\system32\SnMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\SnAgOS.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\SnEngine.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Sony\DVD Architect 4.0\dvdarch40.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Documents and Settings\editor\Desktop\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011808 serial=dr12cnc-4037331-ngv lang=ES O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [blackmagic CheckVersion PCI] C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195591801890 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe -- End of file - 7850 bytes

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

GRÁTIS: minicurso “Como ganhar dinheiro montando computadores”

Gabriel TorresGabriel Torres, fundador e editor executivo do Clube do Hardware, acaba de lançar um minicurso totalmente gratuito: "Como ganhar dinheiro montando computadores".

Você aprenderá sobre o quanto pode ganhar, como cobrar, como lidar com a concorrência, como se tornar um profissional altamente qualificado e muito mais!

Inscreva-se agora!