Ir ao conteúdo
  • Cadastre-se

dagrial

Membros Juniores
  • Total de itens

    9
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Sobre dagrial

  • Data de Nascimento 24-09-1971 (47 anos)

Informações gerais

  • Cidade e Estado
    Porto Alegre, RS
  1. Achei súper bom! Gabriel explica ao detalhe pra qualquer pessoa sem conhecimento nenhum sob hardware possa montar um computador.
  2. Muito obrigado DigRam !! Valeu pela força !!
  3. Seguem os logs. Obrigado! ComboFix 08-05-15.3 - editor 2008-05-19 18:24:51.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1593 [GMT -3:00] Running from: C:\Documents and Settings\editor\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\editor\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\33DE3tTo.exe C:\WINDOWS\system32\kv3ENcb5.exe C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job J:\jfvkcsy.bat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\ssprs.dll C:\WINDOWS\system32\tmpPrst.dll C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job J:\jfvkcsy.bat . ((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))) . 2008-05-19 17:25 . 2008-05-19 17:25 14 --a------ C:\WINDOWS\system32\tmpPrst.tgz 2008-05-17 13:55 . 2008-05-17 13:55 186,504 --a------ C:\WINDOWS\system32\SnAgOS.TMP 2008-04-29 17:24 . 2008-04-29 17:30 <DIR> d-------- C:\ftproot 2008-04-29 17:22 . 2008-04-29 17:28 <DIR> d-------- C:\Program Files\Cerberus 2008-04-28 15:28 . 2008-04-28 15:29 <DIR> d-------- C:\Program Files\iTunes 2008-04-28 15:28 . 2008-04-28 15:28 <DIR> d-------- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-19 21:24 --------- d-----w C:\Documents and Settings\editor\Application Data\uTorrent 2008-05-19 17:40 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-05-15 21:15 --------- d-----w C:\Documents and Settings\editor\Application Data\Skype 2008-05-13 15:10 --------- d-----w C:\Documents and Settings\editor\Application Data\dvdcss 2008-05-10 18:06 --------- d-----w C:\Program Files\Incomplete 2008-05-10 17:56 --------- d-----w C:\Program Files\LimeWire 2008-05-02 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-04-28 21:22 --------- d-----w C:\Documents and Settings\editor\Application Data\LimeWire 2008-04-28 18:55 --------- d-----w C:\Program Files\Apple Software Update 2008-04-28 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-28 18:27 --------- d-----w C:\Program Files\QuickTime 2008-04-01 16:46 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-01 16:40 --------- d-----w C:\Program Files\Illustrate 2008-04-01 16:40 --------- d-----w C:\Documents and Settings\editor\Application Data\AccurateRip 2008-04-01 16:34 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2008-03-30 21:32 --------- d-----w C:\Program Files\Java 2008-03-30 21:13 --------- d-----w C:\Documents and Settings\editor\Application Data\AVG7 2008-03-30 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-30 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-03-30 20:56 --------- d-----w C:\Program Files\Joost 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-24 14:26 --------- d-----w C:\Program Files\SmartFTP Client 2008-03-24 14:21 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files 2008-03-20 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe" [2003-11-28 06:52 733184] "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 12:37 14477312 C:\WINDOWS\RTHDCPL.EXE] "RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640] "LanguageShortcut"="C:\Program Files\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NexusServer"="C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2007-03-26 17:45 389120] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 06:25 6731312] "Blackmagic CheckVersion PCI"="C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe" [2007-11-16 09:38 4730880] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 22:17 443968] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.CDVC"= cdvccodc.dll "vidc.CDVH"= cdvhcodc.dll "vidc.CUVC"= cuvccodc.dll "vidc.CLLC"= cllccodc.dll "vidc.CDV5"= cdv5codc.dll "vidc.dvsd"= pdvcodec.dll "vidc.mjpg"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~2.DLL "vidc.hdyc"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL "vidc.v210"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL "vidc.r210"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL "vidc.b64a"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\DreMule\\emule.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Cerberus\\Cerberus.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19052:TCP"= 19052:TCP:BitComet 19052 TCP "19052:UDP"= 19052:UDP:BitComet 19052 UDP "62052:TCP"= 62052:TCP:BitComet 62052 TCP "62052:UDP"= 62052:UDP:BitComet 62052 UDP "26980:TCP"= 26980:TCP:BitComet 26980 TCP "26980:UDP"= 26980:UDP:BitComet 26980 UDP R0 ProDscFT;ProDiscFilter;C:\WINDOWS\system32\drivers\ProDscFT.sys [2006-07-24 18:23] R1 BMDPDisk;BMDPDisk;C:\WINDOWS\system32\drivers\BMDPDisk.sys [2007-11-16 09:25] R1 ProDscFS;ProDiscFS;C:\WINDOWS\system32\drivers\ProDscFS.sys [2006-09-07 14:30] R1 SNSID;SNSID;C:\WINDOWS\system32\Drivers\SNSID.sys [2007-05-30 11:23] R1 SNSMS;SNSMS;C:\WINDOWS\system32\Drivers\SNSMS.sys [2007-05-30 11:35] R2 BMDPBox;BMDPBox;C:\WINDOWS\system32\drivers\BMDPBox.sys [2007-11-16 09:25] R2 Ps2KSecureKeyboard;SecureKbd;C:\WINDOWS\system32\DRIVERS\psseckbd.sys [2007-05-30 11:21] R2 SNMgrSvc;SNMgrSvc;"C:\WINDOWS\system32\SnMgrSvc.exe" [2007-05-30 11:34] R3 BMDDeckLinkAudio;BMDDeckLinkAudio;C:\WINDOWS\system32\DRIVERS\deckaud.sys [2007-11-16 09:24] R3 BMDDeckLinkSerial;BMDDeckLinkSerial;C:\WINDOWS\system32\DRIVERS\deckser.sys [2007-11-16 09:24] R3 DeckLink;DeckLink;C:\WINDOWS\system32\DRIVERS\DeckLink.sys [2007-11-16 09:38] R3 DeckLinkDisplay;DeckLinkDisplay;C:\WINDOWS\system32\DRIVERS\deckmp.sys [2007-11-16 09:38] R3 vhidmini;Secure Mouse;C:\WINDOWS\system32\DRIVERS\vhsecmou.sys [2007-05-30 11:21] S3 ProDisc;ProDisc Driver;C:\WINDOWS\system32\DRIVERS\ProDisc.sys [2006-09-05 16:18] . Contents of the 'Scheduled Tasks' folder "2008-05-16 18:58:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-19 18:26:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-05-19 18:29:39 ComboFix-quarantined-files.txt 2008-05-19 21:28:37 Pre-Run: 15,829,032,960 bytes free Post-Run: 15,828,582,400 bytes free 250 --- E O F --- 2008-05-16 18:34:58 Logfile of HijackThis v1.99.1 Scan saved at 18:34:44, on 19/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Cyberlink\Shared Files\RichVideo.exe C:\WINDOWS\system32\SnMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SnAgOS.exe C:\WINDOWS\system32\SnLiveUp.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXKERNL.Exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\editor\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.210:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052408 serial=dr12cnc-4037331-ngv lang=ES O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [blackmagic CheckVersion PCI] C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195591801890 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe
  4. Boa tarde Joram! Obrigado pela ajuda! Seguem os logs: ComboFix 08-05-15.3 - editor 2008-05-16 15:19:16.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1585 [GMT -3:00] Running from: C:\Documents and Settings\editor\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\pfxzmtsmtspm.dll C:\WINDOWS\system32\pfxzmtwbmail.dll C:\WINDOWS\system32\ssprs.dll . ((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))) . 2008-05-07 14:32 . 2008-05-07 14:32 186,504 --a------ C:\WINDOWS\system32\SnAgOS.TMP 2008-04-29 17:24 . 2008-04-29 17:30 <DIR> d-------- C:\ftproot 2008-04-29 17:22 . 2008-04-29 17:28 <DIR> d-------- C:\Program Files\Cerberus 2008-04-28 15:28 . 2008-04-28 15:29 <DIR> d-------- C:\Program Files\iTunes 2008-04-28 15:28 . 2008-04-28 15:28 <DIR> d-------- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-16 17:46 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-05-15 21:15 --------- d-----w C:\Documents and Settings\editor\Application Data\Skype 2008-05-14 20:20 --------- d-----w C:\Documents and Settings\editor\Application Data\uTorrent 2008-05-13 15:10 --------- d-----w C:\Documents and Settings\editor\Application Data\dvdcss 2008-05-10 18:06 --------- d-----w C:\Program Files\Incomplete 2008-05-10 17:56 --------- d-----w C:\Program Files\LimeWire 2008-05-02 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-04-28 21:22 --------- d-----w C:\Documents and Settings\editor\Application Data\LimeWire 2008-04-28 18:55 --------- d-----w C:\Program Files\Apple Software Update 2008-04-28 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-28 18:27 --------- d-----w C:\Program Files\QuickTime 2008-04-01 16:46 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-01 16:40 --------- d-----w C:\Program Files\Illustrate 2008-04-01 16:40 --------- d-----w C:\Documents and Settings\editor\Application Data\AccurateRip 2008-04-01 16:34 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2008-03-30 21:32 --------- d-----w C:\Program Files\Java 2008-03-30 21:13 --------- d-----w C:\Documents and Settings\editor\Application Data\AVG7 2008-03-30 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-30 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-03-30 20:56 --------- d-----w C:\Program Files\Joost 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-24 14:26 --------- d-----w C:\Program Files\SmartFTP Client 2008-03-24 14:21 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files 2008-03-20 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe" [2003-11-28 06:52 733184] "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 12:37 14477312 C:\WINDOWS\RTHDCPL.EXE] "RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640] "LanguageShortcut"="C:\Program Files\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NexusServer"="C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2007-03-26 17:45 389120] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 06:25 6731312] "Blackmagic CheckVersion PCI"="C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe" [2007-11-16 09:38 4730880] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 22:17 443968] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.CDVC"= cdvccodc.dll "vidc.CDVH"= cdvhcodc.dll "vidc.CUVC"= cuvccodc.dll "vidc.CLLC"= cllccodc.dll "vidc.CDV5"= cdv5codc.dll "vidc.dvsd"= pdvcodec.dll "vidc.mjpg"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~2.DLL "vidc.hdyc"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL "vidc.v210"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL "vidc.r210"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL "vidc.b64a"= C:\PROGRA~1\BLACKM~1\BLACKM~1\BMDCOD~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\DreMule\\emule.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Cerberus\\Cerberus.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19052:TCP"= 19052:TCP:BitComet 19052 TCP "19052:UDP"= 19052:UDP:BitComet 19052 UDP "62052:TCP"= 62052:TCP:BitComet 62052 TCP "62052:UDP"= 62052:UDP:BitComet 62052 UDP "26980:TCP"= 26980:TCP:BitComet 26980 TCP "26980:UDP"= 26980:UDP:BitComet 26980 UDP R0 ProDscFT;ProDiscFilter;C:\WINDOWS\system32\drivers\ProDscFT.sys [2006-07-24 18:23] R1 BMDPDisk;BMDPDisk;C:\WINDOWS\system32\drivers\BMDPDisk.sys [2007-11-16 09:25] R1 ProDscFS;ProDiscFS;C:\WINDOWS\system32\drivers\ProDscFS.sys [2006-09-07 14:30] R1 SNSID;SNSID;C:\WINDOWS\system32\Drivers\SNSID.sys [2007-05-30 11:23] R1 SNSMS;SNSMS;C:\WINDOWS\system32\Drivers\SNSMS.sys [2007-05-30 11:35] R2 BMDPBox;BMDPBox;C:\WINDOWS\system32\drivers\BMDPBox.sys [2007-11-16 09:25] R2 Ps2KSecureKeyboard;SecureKbd;C:\WINDOWS\system32\DRIVERS\psseckbd.sys [2007-05-30 11:21] R2 SNMgrSvc;SNMgrSvc;"C:\WINDOWS\system32\SnMgrSvc.exe" [2007-05-30 11:34] R3 BMDDeckLinkAudio;BMDDeckLinkAudio;C:\WINDOWS\system32\DRIVERS\deckaud.sys [2007-11-16 09:24] R3 BMDDeckLinkSerial;BMDDeckLinkSerial;C:\WINDOWS\system32\DRIVERS\deckser.sys [2007-11-16 09:24] R3 DeckLink;DeckLink;C:\WINDOWS\system32\DRIVERS\DeckLink.sys [2007-11-16 09:38] R3 DeckLinkDisplay;DeckLinkDisplay;C:\WINDOWS\system32\DRIVERS\deckmp.sys [2007-11-16 09:38] R3 vhidmini;Secure Mouse;C:\WINDOWS\system32\DRIVERS\vhsecmou.sys [2007-05-30 11:21] S3 ProDisc;ProDisc Driver;C:\WINDOWS\system32\DRIVERS\ProDisc.sys [2006-09-05 16:18] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d65e904c-064f-11dd-8f7a-001731df9a30}] \Shell\AutoRun\command - J:\jfvkcsy.bat \Shell\explore\Command - J:\jfvkcsy.bat \Shell\open\Command - J:\jfvkcsy.bat . Contents of the 'Scheduled Tasks' folder "2008-05-09 18:58:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-25 03:00:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-03-20 12:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-13 13:00:00 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-14 14:00:00 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-15 15:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-15 16:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-15 17:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-16 18:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-15 19:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-15 20:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-15 21:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-04-25 04:00:00 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-14 22:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-11 23:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-12 00:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-10 01:00:00 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-10 02:00:00 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-04-25 03:00:00 C:\WINDOWS\Tasks\At25.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-04-25 04:00:00 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-04-25 05:00:00 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-06 06:00:00 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-06 07:00:00 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-04-25 05:00:00 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-03-06 08:00:00 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-06 09:00:00 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-06 10:00:00 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-06 11:00:00 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-20 12:00:00 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-13 13:00:00 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-14 14:00:00 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-15 15:00:00 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-15 16:00:00 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-15 17:00:00 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-06 06:00:00 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-05-16 18:00:00 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-15 19:00:00 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-15 20:00:00 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-15 21:00:00 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-14 22:00:00 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-11 23:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-12 00:00:00 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-10 01:00:00 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-05-10 02:00:00 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\system32\kv3ENcb5.exe "2008-03-06 07:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-03-06 08:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-03-06 09:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-03-06 10:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\system32\33DE3tTo.exe "2008-03-06 11:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\system32\33DE3tTo.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-16 15:21:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-05-16 15:24:32 ComboFix-quarantined-files.txt 2008-05-16 18:23:30 Pre-Run: 16,198,615,040 bytes free Post-Run: 16,375,906,304 bytes free 249 --- E O F --- 2008-05-14 22:05:37 Logfile of HijackThis v1.99.1 Scan saved at 15:25:53, on 16/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Cyberlink\Shared Files\RichVideo.exe C:\WINDOWS\system32\SnMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SnAgOS.exe C:\WINDOWS\system32\SnLiveUp.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\editor\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.210:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052408 serial=dr12cnc-4037331-ngv lang=ES O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [blackmagic CheckVersion PCI] C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195591801890 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe
  5. Alguem pode me ajudar? Faz dias que postei ! Valeu ! Obrigado.
  6. Boa tarde pessoal preciso de ajuda para remover o virus amvo.exe segue o log do HijackThis. Obrigado. Logfile of HijackThis v1.99.1 Scan saved at 17:32:41, on 11/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Cyberlink\Shared Files\RichVideo.exe C:\WINDOWS\system32\SnMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SnAgOS.exe C:\WINDOWS\system32\SnLiveUp.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Adobe After Effects 7.0\Support Files\AfterFX.exe C:\Documents and Settings\editor\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.210:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052408 serial=dr12cnc-4037331-ngv lang=ES O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [blackmagic CheckVersion PCI] C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195591801890 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe
  7. Muito obrigado pela ajuda e pelo seu tempo José !! Vou dar uma lida nos links que me recomendou. Era um virus o que tinha na máquina? Valeu !! Abraço.
  8. SDFix: Version 1.124 Run by editor on ter 08/01/2008 at 11:47 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\system32\ntos.exe - Deleted C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted C:\WINDOWS\system32\wsnpoem\audio.dll.cla - Deleted C:\WINDOWS\system32\wsnpoem\video.dll - Deleted Folder C:\WINDOWS\system32\wsnpoem - Removed Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-08 11:55:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\lightwav.exe"="C:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\lightwav.exe:*:Enabled:lightwav" "C:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\hub.exe"="C:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\hub.exe:*:Enabled:hub" "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" "C:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\modeler.exe"="C:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\modeler.exe:*:Enabled:modeler" "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5" "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes: Wed 24 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe" Wed 15 Aug 2007 0 A..H. --- "C:\WINDOWS\system32\SNRULE.TMP" Mon 26 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 26 Nov 2007 4,348 ...H. --- "C:\Documents and Settings\editor\My Documents\My Music\License Backup\drmv1key.bak" Tue 11 Dec 2007 20 A..H. --- "C:\Documents and Settings\editor\My Documents\My Music\License Backup\drmv1lic.bak" Mon 11 Jun 2007 312 A.SH. --- "C:\Documents and Settings\editor\My Documents\My Music\License Backup\drmv2key.bak" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:04:05, on 8/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Cyberlink\Shared Files\RichVideo.exe C:\WINDOWS\system32\SnMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SnAgOS.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SnEngine.EXE C:\Documents and Settings\editor\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011808 serial=dr12cnc-4037331-ngv lang=ES O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [blackmagic CheckVersion PCI] C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195591801890 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe -- End of file - 7432 bytes
  9. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:29:13, on 7/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Cyberlink\Shared Files\RichVideo.exe C:\WINDOWS\system32\SnMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\SnAgOS.exe C:\WINDOWS\system32\SnLiveUp.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXKERNL.Exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\editor\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011808 serial=dr12cnc-4037331-ngv lang=ES O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [blackmagic CheckVersion PCI] C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195591801890 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe -- End of file - 7785 bytes
  10. Tenho problemas com acentos duplicados e o kaspersky online scanner detectou Packed.Win32.Tibs.dc na minha maquina. Alguem poderia me ajudar na remoçao? Muito Obrigado. Log do HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:00:05, on 4/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Cyberlink\Shared Files\RichVideo.exe C:\WINDOWS\system32\SnMgrSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\SnAgOS.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\SnEngine.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Sony\DVD Architect 4.0\dvdarch40.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Documents and Settings\editor\Desktop\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011808 serial=dr12cnc-4037331-ngv lang=ES O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [blackmagic CheckVersion PCI] C:\Program Files\Blackmagic Design\Blackmagic DeckLink\CheckVersionPCI.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O10 - Unknown file in Winsock LSP: rsvp322.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) - https://ww7.banrisul.com.br/bxz/data/securecontrol2k.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195591801890 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe -- End of file - 7850 bytes

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

GRÁTIS: minicurso “Como ganhar dinheiro montando computadores”

Gabriel TorresGabriel Torres, fundador e editor executivo do Clube do Hardware, acaba de lançar um minicurso totalmente gratuito: "Como ganhar dinheiro montando computadores".

Você aprenderá sobre o quanto pode ganhar, como cobrar, como lidar com a concorrência, como se tornar um profissional altamente qualificado e muito mais!

Inscreva-se agora!