Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
LD
CaracteresestranhosnoemailCasosResolvidosFrumLinhaDefensiva
Frum
Notcias
Boletim
Equipe
Colunas
Fale Conosco
Downloads
Dicas e Tutoriais
Servios
Remoo de Vrus
Navegao
Fruns
Home
Entrar
Servios
Regras
Cadastre-se
Pesquisar...
Atividades
Calendrio
Equipe de Moderao
Remoo de Malware
Casos Resolvidos
Usurios Online
Todas Atividades
Anncios Google
Emailhotmail
Emailexefiles
Emailwindowslivemail
Caracteres estranhos no email
Seguidores
alfa77
Membro
LogfileofHijackThisv1.99.1
Scansavedat14:12:27,on3/3/2012
Platform:WindowsXPSP3(WinNT5.01.2600)
MSIE:InternetExplorerv8.00(8.00.6001.18702)
Runningprocesses:
Membro
0
165 posts
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivosdeprogramas\Nero\Tools\InCD\InCDSrv.exe
C:\Arquivosdeprogramas\AVASTSoftware\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivosdeprogramas\MicrosoftOffice\Office12\GrooveMonitor.exe
C:\Arquivosdeprogramas\AVASTSoftware\Avast\avastUI.exe
C:\Arquivosdeprogramas\HP\HPSoftwareUpdate\HPWuSchd2.exe
C:\Arquivosdeprogramas\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Arquivosdeprogramas\Nero\Tools\InCD\NBHGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivosdeprogramas\HP\DigitalImaging\bin\hpqtra08.exe
C:\Arquivosdeprogramas\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Arquivosdeprogramas\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Arquivosdeprogramas\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
http://www.linhadefensiva.org/forum/topic/140375caracteresestranhosnoemail/
1/11
15/07/2016
CaracteresestranhosnoemailCasosResolvidosFrumLinhaDefensiva
C:\WINDOWS\system32\svchost.exe
C:\Arquivosdeprogramas\Arquivoscomuns\MicrosoftShared\VS7DEBUG\MDM.EXE
C:\Arquivosdeprogramas\Nero\Update\NASvc.exe
C:\Arquivosdeprogramas\Nero\Tools\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivosdeprogramas\HP\DigitalImaging\bin\hpqSTE08.exe
C:\Arquivosdeprogramas\HP\DigitalImaging\bin\hpqbam08.exe
C:\Arquivosdeprogramas\HP\DigitalImaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivosdeprogramas\MozillaFirefox\firefox.exe
C:\Arquivosdeprogramas\MozillaFirefox\plugincontainer.exe
C:\DocumentsandSettings\Seunomeaqui\Meusdocumentos\Downloads\HijackThis.exe
R1HKCU\Software\Microsoft\InternetExplorer\Main,SearchPage=
&http://home.microsoft.com/intl/br/access/allinone.asp
R0HKCU\Software\Microsoft\InternetExplorer\Main,StartPage=http://br.yahoo.com/
R1HKLM\Software\Microsoft\InternetExplorer\Main,Default_Page_URL=
http://go.microsoft.com/fwlink/?LinkId=69157
R1HKLM\Software\Microsoft\InternetExplorer\Main,Default_Search_URL=
http://go.microsoft.com/fwlink/?LinkId=54896
R1HKLM\Software\Microsoft\InternetExplorer\Main,SearchPage=http://go.microsoft.com/fwlink/?
LinkId=54896
R0HKLM\Software\Microsoft\InternetExplorer\Main,StartPage=http://go.microsoft.com/fwlink/?
LinkId=69157
O2BHO:HPPrintEnhancer{0347C33E87624905BF09768834316C61}C:\Arquivosde
programas\HP\DigitalImaging\SmartWebPrinting\hpswp_printenhancer.dll
O2BHO:AcroIEHelperStub{18DF081CE8AD4283A596FA578C2EBDC3}C:\Arquivosde
programas\Arquivoscomuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2BHO:RealPlayerDownloadandRecordPluginforInternetExplorer{3049C3E9B4614BC58870
4C09146192CA}C:\Arquivosdeprogramas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2BHO:(noname){5C255C8AE60449b49D6490988571CECB}(nofile)
O2BHO:GrooveGFSBrowserHelper{7285316130C54D22B7F90BBC1D38A37E}C:\Arquivosde
programas\MicrosoftOffice\Office12\GrooveShellExtensions.dll
O2BHO:avast!WebRep{8E5E2654AD2D48bfAC2DD17F00898D06}C:\Arquivosde
programas\AVASTSoftware\Avast\aswWebRepIE.dll
O2BHO:AuxiliardeConexodoWindowsLive{9030D4644C024ABF8ECC5164760863C6}
C:\Arquivosdeprogramas\Arquivoscomuns\MicrosoftShared\WindowsLive\WindowsLiveLogin.dll
O2BHO:DAPIELoaderClass{FF6C3CF04B1511D1ABED709549C10000}
C:\ARQUIV~1\DAP\DAPIEL~1.DLL
O2BHO:HPSmartBHOClass{FFFFFFFFCF4E4F2BBDC20E72E116A856}C:\Arquivosde
programas\HP\DigitalImaging\SmartWebPrinting\hpswp_BHO.dll
O3Toolbar:avast!WebRep{8E5E2654AD2D48bfAC2DD17F00898D06}C:\Arquivosde
programas\AVASTSoftware\Avast\aswWebRepIE.dll
O4HKLM\..\Run:[skyTel]SkyTel.EXE
O4HKLM\..\Run:[Alcmtr]ALCMTR.EXE
O4HKLM\..\Run:[GrooveMonitor]"C:\Arquivosdeprogramas\Microsoft
Office\Office12\GrooveMonitor.exe"
O4HKLM\..\Run:[avast]"C:\Arquivosdeprogramas\AVASTSoftware\Avast\avastUI.exe"/nogui
O4HKLM\..\Run:[AdobeARM]"C:\Arquivosdeprogramas\Arquivos
comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4HKLM\..\Run:[HPSoftwareUpdate]C:\Arquivosdeprogramas\HP\HPSoftware
http://www.linhadefensiva.org/forum/topic/140375caracteresestranhosnoemail/
2/11
15/07/2016
CaracteresestranhosnoemailCasosResolvidosFrumLinhaDefensiva
Update\HPWuSchd2.exe
O4HKLM\..\Run:[RemoteControl11]C:\Arquivosde
programas\CyberLink\PowerDVD11\PDVD11Serv.exe
O4HKLM\..\Run:[NvCplDaemon]RUNDLL32.EXEC:\WINDOWS\system32\NvCpl.dll,NvStartup
O4HKLM\..\Run:[NvMediaCenter]RunDLL32.exeNvMCTray.dll,NvTaskbarInitlogin
O4HKLM\..\Run:[nwiz]C:\Arquivosdeprogramas\NVIDIACorporation\nview\nwiz.exe/installquiet
O4HKLM\..\Run:[NBHGui]C:\Arquivosdeprogramas\Nero\Tools\InCD\NBHGui.exe
O4HKLM\..\Run:[NBAgent]"C:\Arquivosdeprogramas\Nero\Nero11\NeroBackItUp\NBAgent.exe"
/WinStart
O4HKLM\..\Run:[MSConfig]C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe/auto
O4HKCU\..\Run:[ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O4HKCU\..\Run:[DownloadAccelerator]"C:\Arquivosdeprogramas\DAP\DAP.EXE"/STARTUP
O4GlobalStartup:HPDigitalImagingMonitor.lnk=C:\Arquivosdeprogramas\HP\Digital
Imaging\bin\hpqtra08.exe
O8Extracontextmenuitem:&CleanTracesC:\Arquivosdeprogramas\DAP\Privacy
Package\dapcleanerie.htm
O8Extracontextmenuitem:&Downloadwith&DAPC:\Arquivosdeprogramas\DAP\dapextie.htm
O8Extracontextmenuitem:Download&allwithDAPC:\Arquivosdeprogramas\DAP\dapextie2.htm
O8Extracontextmenuitem:E&xporttoMicrosoftExcel
res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O8Extracontextmenuitem:E&xportarparaoMicrosoftExcel
res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9Extrabutton:SendtoOneNote{2670000A73504f3c80815663EE0C6C49}
C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9Extra'Tools'menuitem:S&endtoOneNote{2670000A73504f3c80815663EE0C6C49}
C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9Extrabutton:Research{92780B2518CC41C8B9BE3C9C571A8263}
C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9Extrabutton:ExibirouocultarHPSmartWebPrinting{DDE8786583C548c48357
2F5B1AA84522}C:\Arquivosdeprogramas\HP\DigitalImaging\SmartWebPrinting\hpswp_BHO.dll
O9Extrabutton:(noname){e2e2dd38d088413482b7f2ba38496583}%windir%\Network
Diagnostic\xpnetdiag.exe(filemissing)
O9Extra'Tools'menuitem:@xpsp3res.dll,20001{e2e2dd38d088413482b7f2ba38496583}
%windir%\NetworkDiagnostic\xpnetdiag.exe(filemissing)
O9Extrabutton:Messenger{FB5F1910F11011d2BB9E00C04F795683}C:\Arquivosde
programas\Messenger\msmsgs.exe
O9Extra'Tools'menuitem:WindowsMessenger{FB5F1910F11011d2BB9E00C04F795683}
C:\Arquivosdeprogramas\Messenger\msmsgs.exe
O11Optionsgroup:[iNTERNATIONAL]International
O14IERESET.INF:SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17HKLM\System\CCS\Services\Tcpip\..\{46D9BEFD539141398DE9BFEDDB4B79F4}:NameServer
=200.204.0.10,200.204.0.138
O18Protocol:grooveLocalGWS{88FED34CF0CA4636A3753CB6248B04CD}C:\Arquivosde
programas\MicrosoftOffice\Office12\GrooveSystemServices.dll
O18Protocol:livecall{828030A122C14009854F8E305202313F}
C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18Protocol:mshelp{314111C7A50211D2BBCA00C04F8EC294}C:\Arquivosde
programas\Arquivoscomuns\MicrosoftShared\Help\hxds.dll
O18Protocol:msnim{828030A122C14009854F8E305202313F}
C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18Filterhijack:text/xml{807563E5514611D5A67200B0D022E945}
C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20WinlogonNotify:dimsntfy%SystemRoot%\System32\dimsntfy.dll(filemissing)
O21SSODL:WPDShServiceObj{AAA288BA9A4C45B095D794D524869DB5}
C:\WINDOWS\system32\WPDShServiceObj.dll
http://www.linhadefensiva.org/forum/topic/140375caracteresestranhosnoemail/
3/11
15/07/2016
CaracteresestranhosnoemailCasosResolvidosFrumLinhaDefensiva
O23Service:avast!AntivirusAVASTSoftwareC:\Arquivosdeprogramas\AVAST
Software\Avast\AvastSvc.exe
O23Service:CLHNServiceForPowerDVDUnknownownerC:\Arquivosde
programas\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23Service:CyberLinkPowerDVD11.0MonitorServiceCyberLinkC:\Arquivosde
programas\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23Service:CyberLinkPowerDVD11.0ServiceCyberLinkC:\Arquivosde
programas\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23Service:InCDHelper(InCDSrv)NeroAGC:\Arquivosde
programas\Nero\Tools\InCD\InCDSrv.exe
O23Service:@C:\Arquivosdeprogramas\Nero\Update\NASvc.exe,200(NAUpdate)NeroAG
C:\Arquivosdeprogramas\Nero\Update\NASvc.exe
O23Service:NeroRegistryInCDService(NeroRegInCDSrv)NeroAGC:\Arquivosde
programas\Nero\Tools\InCD\NBHRegInCDSrv.exe
O23Service:NVIDIADriverHelperService(NVSvc)NVIDIACorporation
C:\WINDOWS\system32\nvsvc32.exe
O23Service:NVIDIAUpdateServiceDaemon(nvUpdatusService)NVIDIACorporationC:\Arquivos
deprogramas\NVIDIACorporation\NVIDIAUpdateCore\daemonu.exe
FuienviarumemailpeloHotmailetodasasletrascomacentosforamsubstitudasporcaracteres
estranhos.
Oquefazer?
Aguardoresposta,
Alfa77.
PS:Esquecimededizerquemeuprimoveiominhacasaeinadvertidamente,instalouoNero11eum
Crackdele.executouoarquivoeapareceu''successfullypatched'',mascomotenhoavast,oprograma
foiexecutadodentrodaSandbox.
Editado03/03/201217:23poralfa77
Anncios Google
R$2.849,05
JoseMelo
Assistente Profissional
R$2.231,55
R$3.030,50
R$2.564,05
R$2.365,50
R$2.469,05
R$3.989,05
Svchostexevirus
Dlldownloadrundll32exe
Antivirusemail
FaaodownloaddoMalwarebytesAntiMalware
http://www.malwarebytes.org/mbamdownload.php
Desativeoantivrus
Faaainstalaodandoumduplocliqueem"mbamsetup.exe"
Marque"AtualizarMalwarebytesAntiMalware"e"ExecutarMalwarebytesAntiMalware",eclique
emconcluir
Assistente Profissional
Marque"VerificaoCompleta"edepoiscliqueemVerificar
Quandooscanterminar,cliqueemOkeem"MostrarResultados"paraverolog
126
46.620 posts
Sexo:Masculino
Local:Uberaba - MG
Sealgofordetectado,vejasetudoestmarcadoecliqueem"Remover"
Ologautomaticamentegravadoepodeserconsultadoclicandoem"Logs"domenuprincipal
Copieecoleocontedodesselognasuaprximaresposta.
PostenovologdoHijackThis.
alfa77
Membro
JoseMelo,
PasseioBankerFixnoPCeessaanormalidadenosemailsdesapareceu.
DevofazerainstalaodoMBAMeescaneamentocomelemesmoassim?
Grato,
http://www.linhadefensiva.org/forum/topic/140375caracteresestranhosnoemail/
4/11
15/07/2016
CaracteresestranhosnoemailCasosResolvidosFrumLinhaDefensiva
Alfa77.
Membro
0
165 posts
JoseMelo
Assistente Profissional
Aoposua.
Assistente Profissional
126
46.620 posts
Sexo:Masculino
Local:Uberaba - MG
alfa77
Membro
MalwarebytesAntiMalware1.60.1.1000
www.malwarebytes.org
VersodaBasedeDados:v2012.03.05.08
WindowsXPServicePack3x86NTFS
InternetExplorer8.0.6001.18702
Membro
0
165 posts
Seunomeaqui::HMEDJESSE841[administrador]
5/3/201216:18:04
mbamlog20120305(161804).txt
TipodeVerificao:VerificaoCompleta
Opesdeverificaesativadas:Memria|Inicializao|Registro|Sistemadearquivos|
Heurstica/Extra|Heurstica/Shuriken|PUP|PUM
Opesdeverificaodesativadas:P2P
Objetosescaneados:262344
Tempodecorrido:48minuto(s),47segundo(s)
ProcessosdeMemriaDetectados:0
(Noforamdetectadostensmaliciosos)
MdulosdeMemriaDetectados:0
(Noforamdetectadostensmaliciosos)
ChavesdeRegistroDetectadas:1
HKCR\CLSID\{147A976FEEE143778EA74716E4CDD239}(Adware.MyWebSearch)>Enviadoparaa
Quarentenaedeletadocomsucesso.
ValoresdeRegistroDetectadas:0
(Noforamdetectadostensmaliciosos)
ItensdeDadosnoRegistroDetectadas:1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|Checke
dValue(PUM.Hijack.System.Hidden)>Ruim:(0)Bom:(1)>EnviadoparaaQuarentenaereparado
comsucesso.
PastasDetectadas:1
http://www.linhadefensiva.org/forum/topic/140375caracteresestranhosnoemail/
5/11
15/07/2016
CaracteresestranhosnoemailCasosResolvidosFrumLinhaDefensiva
C:\RESTORE\c1364879423853187424929897532(Worm.AutoRun)>EnviadoparaaQuarentenae
deletadocomsucesso.
ArquivosDetectados:1
C:\RESTORE\c1364879423853187424929897532\Desktop.ini(Worm.AutoRun)>Enviadoparaa
Quarentenaedeletadocomsucesso.
(fim)
LogfileofHijackThisv1.99.1
Scansavedat17:12:06,on5/3/2012
Platform:WindowsXPSP3(WinNT5.01.2600)
MSIE:InternetExplorerv8.00(8.00.6001.18702)
Runningprocesses:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivosdeprogramas\Nero\Tools\InCD\InCDSrv.exe
C:\Arquivosdeprogramas\AVASTSoftware\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivosdeprogramas\MicrosoftOffice\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivosdeprogramas\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Arquivosdeprogramas\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Arquivosdeprogramas\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivosdeprogramas\Arquivoscomuns\MicrosoftShared\VS7DEBUG\MDM.EXE
C:\Arquivosdeprogramas\Nero\Update\NASvc.exe
C:\Arquivosdeprogramas\Nero\Tools\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivosdeprogramas\AVASTSoftware\Avast\AvastUI.exe
C:\Arquivosdeprogramas\MozillaFirefox\firefox.exe
C:\Arquivosdeprogramas\Photodex\ProShowProducer\proshow.exe
C:\Arquivosdeprogramas\MozillaFirefox\plugincontainer.exe
C:\Arquivosdeprogramas\MicrosoftOffice\Office12\POWERPNT.EXE
C:\Arquivosdeprogramas\Microsoft\OfficeLive\OfficeLiveSignIn.exe
C:\Arquivosdeprogramas\WindowsLive\Messenger\msnmsgr.exe
C:\Arquivosdeprogramas\WindowsLive\Contacts\wlcomm.exe
C:\Arquivosdeprogramas\WindowsLive\Messenger\wlcsdk.exe
C:\DocumentsandSettings\Seunomeaqui\Meusdocumentos\Downloads\HijackThis.exe
R1HKCU\Software\Microsoft\InternetExplorer\Main,SearchPage=
&http://home.microsoft.com/intl/br/access/allinone.asp
R0HKCU\Software\Microsoft\InternetExplorer\Main,StartPage=http://br.yahoo.com/
R1HKLM\Software\Microsoft\InternetExplorer\Main,Default_Page_URL=
http://www.linhadefensiva.org/forum/topic/140375caracteresestranhosnoemail/
6/11
15/07/2016
CaracteresestranhosnoemailCasosResolvidosFrumLinhaDefensiva
http://go.microsoft.com/fwlink/?LinkId=69157
R1HKLM\Software\Microsoft\InternetExplorer\Main,Default_Search_URL=
http://go.microsoft.com/fwlink/?LinkId=54896
R1HKLM\Software\Microsoft\InternetExplorer\Main,SearchPage=http://go.microsoft.com/fwlink/?
LinkId=54896
R0HKLM\Software\Microsoft\InternetExplorer\Main,StartPage=http://go.microsoft.com/fwlink/?
LinkId=69157
O2BHO:HPPrintEnhancer{0347C33E87624905BF09768834316C61}C:\Arquivosde
programas\HP\DigitalImaging\SmartWebPrinting\hpswp_printenhancer.dll
O2BHO:AcroIEHelperStub{18DF081CE8AD4283A596FA578C2EBDC3}C:\Arquivosde
programas\Arquivoscomuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2BHO:RealPlayerDownloadandRecordPluginforInternetExplorer{3049C3E9B4614BC58870
4C09146192CA}C:\Arquivosdeprogramas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2BHO:(noname){5C255C8AE60449b49D6490988571CECB}(nofile)
O2BHO:GrooveGFSBrowserHelper{7285316130C54D22B7F90BBC1D38A37E}C:\Arquivosde
programas\MicrosoftOffice\Office12\GrooveShellExtensions.dll
O2BHO:avast!WebRep{8E5E2654AD2D48bfAC2DD17F00898D06}C:\Arquivosde
programas\AVASTSoftware\Avast\aswWebRepIE.dll
O2BHO:AuxiliardeConexodoWindowsLive{9030D4644C024ABF8ECC5164760863C6}
C:\Arquivosdeprogramas\Arquivoscomuns\MicrosoftShared\WindowsLive\WindowsLiveLogin.dll
O2BHO:DAPIELoaderClass{FF6C3CF04B1511D1ABED709549C10000}
C:\ARQUIV~1\DAP\DAPIEL~1.DLL
O2BHO:HPSmartBHOClass{FFFFFFFFCF4E4F2BBDC20E72E116A856}C:\Arquivosde
programas\HP\DigitalImaging\SmartWebPrinting\hpswp_BHO.dll
O3Toolbar:avast!WebRep{8E5E2654AD2D48bfAC2DD17F00898D06}C:\Arquivosde
programas\AVASTSoftware\Avast\aswWebRepIE.dll
O4HKLM\..\Run:[skyTel]SkyTel.EXE
O4HKLM\..\Run:[Alcmtr]ALCMTR.EXE
O4HKLM\..\Run:[GrooveMonitor]"C:\Arquivosdeprogramas\Microsoft
Office\Office12\GrooveMonitor.exe"
O4HKLM\..\Run:[avast]"C:\Arquivosdeprogramas\AVASTSoftware\Avast\avastUI.exe"/nogui
O4HKLM\..\Run:[AdobeARM]"C:\Arquivosdeprogramas\Arquivos
comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4HKLM\..\Run:[HPSoftwareUpdate]C:\Arquivosdeprogramas\HP\HPSoftware
Update\HPWuSchd2.exe
O4HKLM\..\Run:[RemoteControl11]C:\Arquivosde
programas\CyberLink\PowerDVD11\PDVD11Serv.exe
O4HKLM\..\Run:[NvCplDaemon]RUNDLL32.EXEC:\WINDOWS\system32\NvCpl.dll,NvStartup
O4HKLM\..\Run:[NvMediaCenter]RunDLL32.exeNvMCTray.dll,NvTaskbarInitlogin
O4HKLM\..\Run:[nwiz]C:\Arquivosdeprogramas\NVIDIACorporation\nview\nwiz.exe/installquiet
O4HKLM\..\Run:[NBHGui]C:\Arquivosdeprogramas\Nero\Tools\InCD\NBHGui.exe
O4HKLM\..\Run:[NBAgent]"C:\Arquivosdeprogramas\Nero\Nero11\NeroBackItUp\NBAgent.exe"
/WinStart
O4HKLM\..\RunOnce:[MalwarebytesAntiMalware]C:\Arquivosdeprogramas\Malwarebytes'Anti
Malware\mbamgui.exe/install/silent
O4HKCU\..\Run:[ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O4HKCU\..\Run:[DownloadAccelerator]"C:\Arquivosdeprogramas\DAP\DAP.EXE"/STARTUP
O4HKCU\..\Run:[msnmsgr]"C:\Arquivosdeprogramas\WindowsLive\Messenger\msnmsgr.exe"
/background
O4GlobalStartup:HPDigitalImagingMonitor.lnk=C:\Arquivosdeprogramas\HP\Digital
Imaging\bin\hpqtra08.exe
O8Extracontextmenuitem:&CleanTracesC:\Arquivosdeprogramas\DAP\Privacy
Package\dapcleanerie.htm
O8Extracontextmenuitem:&Downloadwith&DAPC:\Arquivosdeprogramas\DAP\dapextie.htm
O8Extracontextmenuitem:Download&allwithDAPC:\Arquivosdeprogramas\DAP\dapextie2.htm
http://www.linhadefensiva.org/forum/topic/140375caracteresestranhosnoemail/
7/11
15/07/2016
CaracteresestranhosnoemailCasosResolvidosFrumLinhaDefensiva
O8Extracontextmenuitem:E&xporttoMicrosoftExcel
res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O8Extracontextmenuitem:E&xportarparaoMicrosoftExcel
res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9Extrabutton:SendtoOneNote{2670000A73504f3c80815663EE0C6C49}
C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9Extra'Tools'menuitem:S&endtoOneNote{2670000A73504f3c80815663EE0C6C49}
C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9Extrabutton:Research{92780B2518CC41C8B9BE3C9C571A8263}
C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9Extrabutton:ExibirouocultarHPSmartWebPrinting{DDE8786583C548c48357
2F5B1AA84522}C:\Arquivosdeprogramas\HP\DigitalImaging\SmartWebPrinting\hpswp_BHO.dll
O9Extrabutton:(noname){e2e2dd38d088413482b7f2ba38496583}%windir%\Network
Diagnostic\xpnetdiag.exe(filemissing)
O9Extra'Tools'menuitem:@xpsp3res.dll,20001{e2e2dd38d088413482b7f2ba38496583}
%windir%\NetworkDiagnostic\xpnetdiag.exe(filemissing)
O9Extrabutton:Messenger{FB5F1910F11011d2BB9E00C04F795683}C:\Arquivosde
programas\Messenger\msmsgs.exe
O9Extra'Tools'menuitem:WindowsMessenger{FB5F1910F11011d2BB9E00C04F795683}
C:\Arquivosdeprogramas\Messenger\msmsgs.exe
O11Optionsgroup:[iNTERNATIONAL]International
O14IERESET.INF:SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17HKLM\System\CCS\Services\Tcpip\..\{46D9BEFD539141398DE9BFEDDB4B79F4}:NameServer
=200.204.0.10,200.204.0.138
O18Protocol:grooveLocalGWS{88FED34CF0CA4636A3753CB6248B04CD}C:\Arquivosde
programas\MicrosoftOffice\Office12\GrooveSystemServices.dll
O18Protocol:livecall{828030A122C14009854F8E305202313F}
C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18Protocol:mshelp{314111C7A50211D2BBCA00C04F8EC294}C:\Arquivosde
programas\Arquivoscomuns\MicrosoftShared\Help\hxds.dll
O18Protocol:msnim{828030A122C14009854F8E305202313F}
C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18Filterhijack:text/xml{807563E5514611D5A67200B0D022E945}
C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20WinlogonNotify:dimsntfy%SystemRoot%\System32\dimsntfy.dll(filemissing)
O21SSODL:WPDShServiceObj{AAA288BA9A4C45B095D794D524869DB5}
C:\WINDOWS\system32\WPDShServiceObj.dll
O23Service:avast!AntivirusAVASTSoftwareC:\Arquivosdeprogramas\AVAST
Software\Avast\AvastSvc.exe
O23Service:CLHNServiceForPowerDVDUnknownownerC:\Arquivosde
programas\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23Service:CyberLinkPowerDVD11.0MonitorServiceCyberLinkC:\Arquivosde
programas\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23Service:CyberLinkPowerDVD11.0ServiceCyberLinkC:\Arquivosde
programas\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23Service:InCDHelper(InCDSrv)NeroAGC:\Arquivosde
programas\Nero\Tools\InCD\InCDSrv.exe
O23Service:@C:\Arquivosdeprogramas\Nero\Update\NASvc.exe,200(NAUpdate)NeroAG
C:\Arquivosdeprogramas\Nero\Update\NASvc.exe
O23Service:NeroRegistryInCDService(NeroRegInCDSrv)NeroAGC:\Arquivosde
programas\Nero\Tools\InCD\NBHRegInCDSrv.exe
O23Service:NVIDIADriverHelperService(NVSvc)NVIDIACorporation
C:\WINDOWS\system32\nvsvc32.exe
O23Service:NVIDIAUpdateServiceDaemon(nvUpdatusService)NVIDIACorporationC:\Arquivos
deprogramas\NVIDIACorporation\NVIDIAUpdateCore\daemonu.exe
O23Service:ScsiAccessUnknownownerC:\Arquivosdeprogramas\Photodex\ProShow
Producer\ScsiAccess.exe
http://www.linhadefensiva.org/forum/topic/140375caracteresestranhosnoemail/
8/11
15/07/2016
CaracteresestranhosnoemailCasosResolvidosFrumLinhaDefensiva
JoseMelo
Assistente Profissional
FaaodownloaddoKasperskyVirusRemovalTooldeumdesses2links:
http://devbuilds.kasperskylabs.com/devbuilds/AVPTool/
http://dnlus6.kasperskylabs.com/devbuilds/AVPTool/
Salveoemsuareadetrabalho.
Duplocliquenoarquivo"setup"eaguardeainstalao
Assistente Profissional
NaprximatelamarqueIacceptthelicenceagreementecliqueemStart
Cliquenoboto
126
46.620 posts
Sexo:Masculino
emarque:
Local:Uberaba - MG
Meucomputador
Discolocal(C:)(aletradodiscolocalpodevariar)
CliqueemActionsedesmarqueosdoisquadros:
CliquenaabaAutomaticScaneaguardeotrminodaverificao.
Cliquenoboto
,emDetectedthreatsenoboto"Save".
Copieocontedodoarquivosalvo(sehouveralgodetectado)epostenasuaprximaresposta.
alfa77
Membro
Noforamdetectadasameaas.
Posso/devodesinstalaroMBAMeoKRT????
Grato,
Alfa77.
Membro
0
165 posts
JoseMelo
Assistente Profissional
Citar
Posso/devodesinstalaroMBAMeoKRT????
Nenhumproblema.
Loglimpo
FaaodownloaddoCCleaner:
Assistente Profissional
CliqueemSalvarequandoterminadoodownload,faaainstalao
AbraoprogramaecliqueemExecutarLimpeza
126
Apsisto,cliqueemRegistro>Procurarerros>Corrigirerrosselecionados
46.620 posts
http://www.linhadefensiva.org/forum/topic/140375caracteresestranhosnoemail/
9/11
15/07/2016
CaracteresestranhosnoemailCasosResolvidosFrumLinhaDefensiva
LeiaoartigoProtejaseuPCparamaioresinformaessobrecomoevitarinfeces
Sexo:Masculino
Local:Uberaba - MG
Senotivermaisproblema,cliquenoboto
p_report.gif
edigaqueoseucasofoiresolvido.
Astromech
Moderador
ProblemaResolvido!
Casooautornecessitequeotpicosejareaberto,entreemcontatocomumdosmembrosdaequipede
moderao.
Moderador
7
3.547 posts
Sexo:Masculino
Local:Porto Alegre - RS
Casos Resolvidos
Home
Servios
Remoo de Malware
Casos Resolvidos
Todas Atividades
voc
Seavoc
pode
ter
uma
com
seua anti-virus
de
Mude Mude
para
Kaspersky
paraficar
a companhia
Lab
para
que a Forbes
proteo
mais premiada
do
mercado.
sensao
qualidade
falsa de
inferior... em anticonsidera
como
a "especialista
Proteja-se!
segurana. virus"
Idiomas
Poltica De Privacidade
Contato
Linha Defensiva
Community Software by Invision Power Services, Inc.
Downloads
Dicas e Tutoriais
Notcias
Blogs e Colunas
Servios
Antivrus
Segurana na Web
Alertas
ARIS-LD
BankerFix
Anti-spywares
Remoo de Malware
DRM e Pirataria
Cibercultura
Bate-papo
Firewalls
Windows
Entrevistas
Direito e Tecnologia
Dicionrio
Falhas
Direto do Editor
Tire dvidas
Boletim
Internet
Redes Sociais
Justia
Segurana e Sociedade
Regras de comentrios
Proteo
Podcast
assinar
http://www.linhadefensiva.org/forum/topic/140375caracteresestranhosnoemail/
10/11
15/07/2016
CaracteresestranhosnoemailCasosResolvidosFrumLinhaDefensiva
http://www.linhadefensiva.org/forum/topic/140375caracteresestranhosnoemail/
Parceiro
Site Seguro
English
11/11