junioeverest
-
Total de itens
6 -
Registro em
-
Última visita
Sobre junioeverest
junioeverest's Achievements
0
Reputação
-
Meu computador esta muito infectado, alguém pode me ajudar
pergunta respondeu ao junioeverest de junioeverest em Remoção De Malwares
-
Meu computador esta muito infectado, alguém pode me ajudar
pergunta respondeu ao junioeverest de junioeverest em Remoção De Malwares
ai vao os logs, obrigado. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:28:17, on 15/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscript.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\OFFICE11\MSPUB.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sudhirmhrj@gmail.com F2 - REG:system.ini: Shell=explorer.exe wproxp.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\boot.vbs O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Donkey Toolbar (&D) - {638886B2-CF33-4EA0-AFF8-DC8E504500CB} - C:\PROGRA~1\donkeytb\donkeytb.dll (file missing) O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [steam] C:\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Startup: Xfire.lnk = E:\asaf\SWEW\Xfire\Xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{3149A8A7-194E-40B8-9B94-A4A58216BB5A}: NameServer = 202.79.32.33 202.79.32.35 O17 - HKLM\System\CS1\Services\Tcpip\..\{3149A8A7-194E-40B8-9B94-A4A58216BB5A}: NameServer = 202.79.32.33 202.79.32.35 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: __GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 7966 bytes ComboFix 08-07-09.4 - Administrator 2008-07-10 11:26:15.1 - NTFSx86 MINIMAL Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS\system32\DXDLG.EXE . ((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))) . 2008-07-10 11:15 . 2008-07-10 11:16 1,364 --a------ C:\WINDOWS\checkip.dat 2008-07-10 11:15 . 2008-07-10 11:15 1,115 --a------ C:\WINDOWS\dhstatus.dat 2008-07-10 11:13 . 2008-07-10 11:13 1,692 --a------ C:\WINDOWS\ipconfig.dat 2008-07-10 10:47 . 2008-07-10 10:49 46 --a------ C:\WINDOWS\TP-LINK ADSL Modem_Router Utility.INI 2008-07-04 16:49 . 2008-07-10 10:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-04 16:49 . 2008-07-04 16:49 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-01 18:00 . 2008-07-01 18:00 <DIR> d-------- C:\GUN 2008-06-30 16:24 . 2008-06-30 16:46 <DIR> d-------- C:\LinhaDefensiva 2008-06-29 08:07 . 2008-06-30 16:38 <DIR> d-------- C:\Program Files\GbPluggin 2008-06-29 08:07 . 2008-06-28 12:46 59,392 -ra------ C:\WINDOWS\system\video_sogra.com 2008-06-29 08:07 . 2008-06-29 08:07 3 --a------ C:\MSDOS.INI 2008-06-25 10:19 . 2008-06-25 10:20 <DIR> d-------- C:\WINDOWS\ERUNT 2008-06-25 10:13 . 2008-06-25 10:42 <DIR> d-------- C:\SDFix 2008-06-20 23:26 . 2008-06-20 23:26 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 16:29 . 2008-06-20 16:29 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys 2008-06-17 20:49 . 2008-06-17 20:49 <DIR> d-------- C:\Program Files\SEGA 2008-06-13 12:41 . 2008-06-13 12:41 812,344 --a------ C:\HijackThis.exe 2008-06-13 12:32 . 2008-06-13 12:32 <DIR> d-------- C:\Program Files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-10 05:22 --------- d-----w C:\Program Files\GbPlugin 2008-07-10 04:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM 2008-07-09 17:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2008-06-25 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\syswin 2008-06-23 09:57 --------- d-----w C:\Program Files\GameSpy Arcade 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-13 07:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss 2008-05-24 17:33 --------- d-----w C:\Program Files\Skype 2008-05-24 17:33 --------- d-----w C:\Program Files\Common Files\Skype 2008-05-24 17:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-05-21 10:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-21 10:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-05-21 04:31 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-05-20 12:10 16,600 --sha-r C:\WINDOWS\system32\boot.vbs 2008-05-20 12:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dxdlls 2008-05-07 12:45 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-02 01:24 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-05-02 01:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2006-08-10 17:58 17,676,960 ----a-w C:\Program Files\avg71free_405a782.exe 2006-03-03 03:14 1,501,184 ----a-w C:\Program Files\ttutor 2.exe 2007-11-08 14:20 155,760 --sha-w C:\WINDOWS\system32\fiber.exe 2007-11-22 13:20 550,400 --sha-w C:\WINDOWS\system32\imapd.exe 2007-11-22 13:20 33,280 --sha-w C:\WINDOWS\system32\imapdb.dll 2007-11-22 14:46 19,456 --sha-w C:\WINDOWS\system32\imapdb.exe 2007-11-22 13:20 199,680 --sha-w C:\WINDOWS\system32\imapdc.dll 2007-11-22 13:20 30,208 --sha-w C:\WINDOWS\system32\imapdd.dll 2007-11-08 14:20 99,840 --sha-w C:\WINDOWS\system32\imapde.dll 2007-11-29 02:49 821,992 --sha-r C:\WINDOWS\system32\isetup.exe 2007-11-29 02:49 821,992 --sha-r C:\WINDOWS\system32\drivers\etc\hints.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:41 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792] "Steam"="C:\Valve\Steam\Steam.exe" [2008-05-07 21:03 1271032] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-16 09:50 949376] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-02 07:09 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-24 03:03 443968] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2006-10-19 20:43:07 225280] PowerReg Scheduler.exe [2006-10-25 17:33:34 256000] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-15 15:04:02 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= "C:\Program Files\GbPlugin\gbieh.dll" [2007-11-06 12:09 342016] [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon] "Shell"="explorer.exe wproxp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb] 2007-11-06 12:09 342016 C:\Program Files\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] -ra------ 2003-10-08 10:25 159744 C:\Program Files\Apoint2K\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2004-03-26 09:45 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] -ra------ 2003-10-30 19:25 88363 C:\WINDOWS\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] --a------ 2004-04-02 14:01 28672 C:\WINDOWS\system32\Ati2mdxx.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Electronic Arts\\halo.exe"= "C:\\Program Files\\Team17\\Worms2\\frontend.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\SEGA\\Iron Man\\IronMan.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12755:TCP"= 12755:TCP:NortonAV "14082:TCP"= 14082:TCP:NortonAV "17695:TCP"= 17695:TCP:NortonAV "17652:TCP"= 17652:TCP:NortonAV "17464:TCP"= 17464:TCP:NortonAV "18319:TCP"= 18319:TCP:NortonAV "17776:TCP"= 17776:TCP:NortonAV "12333:TCP"= 12333:TCP:NortonAV "15779:TCP"= 15779:TCP:NortonAV "16934:TCP"= 16934:TCP:NortonAV "15952:TCP"= 15952:TCP:NortonAV "15726:TCP"= 15726:TCP:NortonAV "12565:TCP"= 12565:TCP:NortonAV S3 naecd;naecd;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\naecd.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e7be6a1-00fb-11dc-aaad-00023f260e0a}] \Shell\Auto\command - G:\bittorrent.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46eec84c-d22d-11dc-ac1d-00023f260e0a}] \Shell\AutoRun\command - E:\isetup.exe \Shell\explore\Command - E:\isetup.exe \Shell\open\Command - E:\isetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3729f06-2c55-11db-9c34-806d6172696f}] \Shell\AutoRun\command - D:\SetupWizard.exe . Contents of the 'Scheduled Tasks' folder "2008-07-10 04:35:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . - - - - ORPHANS REMOVED - - - - HKCU-Run-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe HKU-Default-RunOnce-IETI - C:\Program Files\Skype\Phone\IEPlugin\unins000.exe MSConfigStartUp-Yahoo! Pager - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-10 11:31:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . Completion time: 2008-07-10 11:35:40 ComboFix-quarantined-files.txt 2008-07-10 05:49:36 Pre-Run: 10,847,477,760 bytes free Post-Run: 10,907,230,208 bytes free 169 --- E O F --- 2008-07-09 13:51:17 -
Meu computador esta muito infectado, alguém pode me ajudar
pergunta respondeu ao junioeverest de junioeverest em Remoção De Malwares
cara descupa ai, não prestei atencao. Desculpe tambem pela demora, estou sempre viajando... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:59:10, on 4/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscript.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\dxdlg.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sudhirmhrj@gmail.com F2 - REG:system.ini: Shell=explorer.exe wproxp.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\boot.vbs O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Donkey Toolbar (&D) - {638886B2-CF33-4EA0-AFF8-DC8E504500CB} - C:\PROGRA~1\donkeytb\donkeytb.dll (file missing) O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [steam] C:\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Startup: Xfire.lnk = E:\asaf\SWEW\Xfire\Xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: __GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 7522 bytes -
Meu computador esta muito infectado, alguém pode me ajudar
pergunta respondeu ao junioeverest de junioeverest em Remoção De Malwares
BankerFix 2.5b - Removedor de Bankers Linha Defensiva - http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ Data: 30/6/2008 - 16:46 ------------------------------------------------------- Lista de Definição: 2008-05-10-1 ======================================================= Killando arquivos em Help ----------------------------------- Killing '*' Removendo Arquivos em Help ----------------------------------- ----- Fim ------------------------- -
Meu computador esta muito infectado, alguém pode me ajudar
pergunta respondeu ao junioeverest de junioeverest em Remoção De Malwares
-
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:43:01, on 13/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscript.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dxdlg.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sudhirmhrj@gmail.com F2 - REG:system.ini: Shell=explorer.exe wproxp.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\boot.vbs O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Donkey Toolbar (&D) - {638886B2-CF33-4EA0-AFF8-DC8E504500CB} - C:\PROGRA~1\donkeytb\donkeytb.dll (file missing) O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing) O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsg] C:\WINDOWS\system\msnmsg.exe O4 - HKCU\..\Run: [internet Explorer] C:\windows\IEXPLORER.EXE O4 - HKCU\..\Run: [steam] C:\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe O4 - HKLM\..\Policies\Explorer\Run: [imapd] "C:\WINDOWS\system32\imapd.exe" -at O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Startup: Xfire.lnk = E:\asaf\SWEW\Xfire\Xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: __GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8514 bytes