[Arquivado] após a remoçao do spysheriff

[Hellp 0]

Boa Noite, Após remover o SpySheriff do meu computador surgiram alguns problemas: 1-meu windows nao se inicia normalmente,fica soh na quela tela azul escrito "o windows estah sendo iniciado." 2-meu desktop nao carrega um fundo de tela. 3-o desktop estah com aparencia do win 98. Já re-instalei o win,mas os problemas persistem. Soh consegui iniciar meu pc por milagre...e resolvi procurar como resolver meus problemas neste forum, antes de formatar meu HD....Por favor me ajude Aguardo anciosamente resposta OBRIGADO =)

[jgarcia 1]

Caro Hellp,

 

Baixe:

 

1. activedesktop.reg;

 

2. Desktopfix.reg;

 

3. Fix.reg.

 

Execute, um por vez, e reinicie o PC após cada execução.

 

Para os .reg acima você deve:

 

- Clicar com o botão direito do mouse e escolher Salvar destino como (de preferência no Desktop).

- Dar duplo clique no arquivo e responder "Sim" à pergunta.

 

IMPORTANTE: Você não precisará, necessariamente, executar todas as feramentas. Execute a primeira e verifique se deu certo. Caso não tenha dado certo, passe para a segunda e assim por diante.

 

Retorne com um log do HijackThis.

 

Abraços.

[Hellp 0]

Caro jgarcia,

 

 

 

Segui suas recomendações, mas os problemas antes ciados, percistem.

 

 

Obrigado pela atenção,

Abraços

 

 

 

Segue o log do Hijack:

Logfile of HijackThis v1.99.1

Scan saved at 09:38:38, on 9/12/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\dllhost.exe

C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)

O4 - HKLM\..\Run: [tspuf] C:\Arquivos de programas\Telefonica\Speedy\SATUF.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iG\Discador iG.exe" boot

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [69ao] C:\WINDOWS\system32\69ao.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [incrediMail] C:\Arquivos de programas\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\ARQUIV~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8282F310-816A-4F18-9953-0BB38C804C27}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: bw+0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {AA844ABA-AB7F-49F0-9E2C-0D4EE673DD2A} - C:\Arquivos de programas\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\system32\fhicdlac.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoguard.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

[jgarcia 1]

Caro Hellp,

 

Vamos lá.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

Baixe, mas não execute ainda.

 

Baixe o CWShredder em:

CWShredder

 

Baixe, mas não execute ainda.

 

Baixe o SpySweeper em:

SpySweeper

 

Baixe e atualize, mas não execute ainda.

 

Baixe:

Restorethemes.reg

 

-e-

 

Restore Luna Theme

 

Baixe-os, mas não execute ainda.

 

2ª Etapa

 

Execute o KillBox:

1) Selecione Delete on reboot;

2) Full path of file to delete;

3) Coloque:

C:\WINDOWS\bxproxy.exe - Aperte X. Responda “não” à pergunta.

 

Repita a operação para:

C:\WINDOWS\system32\69ao.exe

C:\WINDOWS\system32\paytime.exe

C:\WINDOWS\system32\fhicdlac.dll

Caso o Killbox acuse a não existência de algum arquivo/pasta, apenas passe para o próximo.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível.

 

3ª Etapa

 

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)

O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe

O4 - HKLM\..\Run: [69ao] C:\WINDOWS\system32\69ao.exe

O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe

O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\system32\fhicdlac.dll (file missing)

Clique em Fix Checked.

 

4ª Etapa

 

Ainda em Modo Seguro faça o seguinte:

 

1) Localize e delete:

 

azentretien.dll

 

2) Execute o CWShredder.

 

3) Execute uma verificação completa com o SpySweeper.

 

4) Para o Restorethemes.reg aja assim:

 

Clique com o botão direito do mouse --> escolha Salvar destino como (melhor salvar no desktop).

 

O arquivo.reg será baixado. Dê duplo clique sobre o arquivo. Responda "sim" quando for perguntado sobre as adições ao registro.

 

Reinicie o PC.

 

-ou-

 

Para o Restore Luna Theme aja assim:

 

Descompacte o arquivo dentro da pasta C:\Windows\Resources.

 

Reinicie o PC.

 

Um destes deve restaurar as configurações de seu desktop.

 

5ª Etapa

 

Reinicie em modo normal.

 

Verifique se os problemas foram resolvidos e poste o novo log.

 

Aguardo retorno.

 

Um abraço.

[Garios 0]

caro Jgarcia.

 

Meu pc foi infectad pelo spy sheriff.

ja baixei todos os programas q você falo nesse post e no post para a remoçao...

consegui removelo (eu acho)...pelo menos nao fica mais aparecendo a msg q tem 1 spy no meu pc.

mais as configuraçoes do win xp foram perdidas e ate o word nao consigo abri.

meu log eh este:

Logfile of HijackThis v1.99.1

Scan saved at 13:03:00, on 30/12/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\ewido anti-malware\ewidoguard.exe

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\Arquivos de programas\Microsoft ActiveSync\WCESCOMM.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\01.02.4000.1001\pt-br\msntb.dll

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\WCESCOMM.EXE"

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.1_03\bin\npjpi141_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.1_03\bin\npjpi141_03.dll

O9 - Extra button: Criar Favorito móvel - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Arquivos de programas\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Arquivos de programas\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Arquivos de programas\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119395849671

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C44CD10B-8A94-40CB-89ED-1A525C91048A}: NameServer = 200.165.132.154 200.149.55.142

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoguard.exe

O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

[jgarcia 1]

Caro Garios,

 

Será um prazer ajudá-lo, mas peço que crie um tópico próprio para o seu problema. ;)

 

Abraços.

[Shine 0]

TÓPICO ARQUIVADO

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.