Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Kesley Campi Grellet

[Resolvido!]Socket Error...Meu Pc Nao ker desligar

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Kesley Campi Grellet    0

Kesley Campi Grellet
Postado

Aeww estou com o msm problema dos Otros kras ai... Ja Baixei o Hijack this e colokei Em C:\HTJ

Ai esto o Meu Log....

 

Logfile of HijackThis v1.99.1

Scan saved at 22:33:09, on 30/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe

C:\WINDOWS\system32\cmd32.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\system32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\NCLAUNCH.EXe

C:\WINDOWS\system32\ctfmon.exe

c:\arquiv~1\intern~1\iexplore.exe

C:\Arquivos de programas\Akiller\Advertising Killer\akiller.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\HTJ\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hzqgacduakeaiflvpcblz.com/WjrfQ7R_P...hSndGRteHBU.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll

O2 - BHO: (no name) - {37B295C7-C366-9EC7-FC84-AD41F8670D55} - C:\DOCUME~1\ADMINI~1\DADOSD~1\COPYSH~1\Amencast.exe

O2 - BHO: (no name) - {6C716061-5EB8-9A9F-AABD-B6A73CB29599} - C:\DOCUME~1\ADMINI~1\DADOSD~1\COPYSH~1\PureDefault.exe

O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Defy User Dvd Media] C:\Documents and Settings\All Users\Dados de aplicativos\Bleh Play Defy User\NurbHelp.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [cmd32.exe] C:\WINDOWS\system32\cmd32.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [Obj2loadgrim] C:\Documents and Settings\All Users\Dados de aplicativos\FLAG SIZE OBJ 2\meow glue.exe

O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Mail mix] C:\DOCUME~1\ADMINI~1\DADOSD~1\MEMOTH~1\eq bits bend.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AKiller] "C:\Arquivos de programas\Akiller\Advertising Killer\akiller.exe"

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0000.1082\pt-br\bin\WindowsSearch.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Portbuster XP - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &Portbuster 2002 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.br

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {24311111-1111-1121-1111-111191113457} -

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

O16 - DPF: {33331111-1111-1111-1111-611111193458} -

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://200.189.188.245/g_bin/eng/boards_2_0_0_18.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B1557D1-ED25-4752-929C-C08F5B0260AB}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B1557D1-ED25-4752-929C-C08F5B0260AB}: NameServer = 200.204.0.10 200.204.0.10

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Cara Kesley Campi Grellet,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

Desinstale:

--> MessengerPlus! 3

 

Utilize Adicionar / Remover programas.

 

Desinstale e reinicie após tê-lo feito.

 

Você poderá reinstalar o MessengerPlus! 3, mas sem o patrocinador.

 

1ª Etapa

 

Baixe o Uninstall Lop em (talvez precise desabilitar o AV para executá-lo):

Uninstall Lop

 

Execute-o.

 

Baixe o Killbox em:

Killbox

 

Baixe, mas não execute ainda.

 

Baixe o SpySweeper em:

SpySweeper

 

Baixe e atualize, mas não execute ainda.

 

2ª Etapa

 

1) Execute o Killbox, clique em Delete on Reboot.

 

2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar.

C:\DOCUME~1\ADMINI~1\DADOSD~1\COPYSH~1

C:\Documents and Settings\All Users\Dados de aplicativos\Bleh Play Defy User

C:\Documents and Settings\All Users\Dados de aplicativos\FLAG SIZE OBJ 2

C:\DOCUME~1\ADMINI~1\DADOSD~1\MEMOTH~1

C:\WINDOWS\system32\cmd32.exe

C:\WINDOWS\system32\system32.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

3ª Etapa

 

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hzqgacduakeaiflvpcblz.com/WjrfQ7R_P...hSndGRteHBU.htm

O2 - BHO: (no name) - {37B295C7-C366-9EC7-FC84-AD41F8670D55} - C:\DOCUME~1\ADMINI~1\DADOSD~1\COPYSH~1\Amencast.exe

O2 - BHO: (no name) - {6C716061-5EB8-9A9F-AABD-B6A73CB29599} - C:\DOCUME~1\ADMINI~1\DADOSD~1\COPYSH~1\PureDefault.exe

O4 - HKLM\..\Run: [Defy User Dvd Media] C:\Documents and Settings\All Users\Dados de aplicativos\Bleh Play Defy User\NurbHelp.exe

O4 - HKLM\..\Run: [cmd32.exe] C:\WINDOWS\system32\cmd32.exe

O4 - HKLM\..\Run: [Obj2loadgrim] C:\Documents and Settings\All Users\Dados de aplicativos\FLAG SIZE OBJ 2\meow glue.exe

O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe

O4 - HKCU\..\Run: [Mail mix] C:\DOCUME~1\ADMINI~1\DADOSD~1\MEMOTH~1\eq bits bend.exe

O16 - DPF: {24311111-1111-1121-1111-111191113457} -

O16 - DPF: {33331111-1111-1111-1111-611111193458} -

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://200.189.188.245/g_bin/eng/boards_2_0_0_18.cab

Clique em Fix Checked.

 

4ª Etapa

 

Ainda em Modo Seguro faça o seguinte:

 

1) Execute uma verificação completa com o SpySweeper.

 

5ª Etapa

 

Reinicie em modo normal.

 

Poste um novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

 

PS.: Sugiro que modifique suas senhas bancárias, pois há um trojan do tipo Banker em sua máquina.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Kesley Campi Grellet    0

Kesley Campi Grellet
Postado

Caro JgarciaJa fiz tudo q você pediu ateh a parte de reiniciar em Modo Seguro...Eu executei o killBox fiz o Delete on reboot lah e tals...Ai Eu reinicio o PC No botao de reiniciar eh claro...Pq num da nem pra mim desligar nem reiniciar o PC normalmente...Mais ai eu num sei direito a Hora q eu tenhu q apertar e Tecla F8 E Os Meus botoes de F1 ateh o F12 Num sei Pq mais num funcionam...tipo pra fez alguma pagina se apertar alt F4 ela se fexa mais aki num da pq essas teclas num funcionam...Mais entao...Precisa reiniciar o PC em modo seguro msm? Nao estou conseguindo =((Aguardo resposta...

Compartilhar este post

Link para o post
Compartilhar em outros sites

Kesley Campi Grellet    0

Kesley Campi Grellet
Postado

Caro JGarcia...Ja sei em q Hora q eu tenhu q Apertar F8 Pra iniciar em Modo Seguro...Na parte inferior da Tela ateh tem uma Msg....Inicializar em Modo de segurança : pressione F8 (alguma coisa assim ta escrito)

Mais eu pressiono e Pressionooo F8 e nada...essas Minhas teclas num funcionam msm...

Bom...Eu fiz tudo q você falou Ateh a parte de iniciar, Os negocios q tem q fazer em modo seguro eu Ainda nao fiz...Ja reiniciei o PC umas 2, 3 vezes e nao da pra entrar em Modo Seguro...E Agora o q eu faço? posso fazer akelas otras coisas sem estar em modo seguro? Aguardo Retorno...

Ai esta o Log, Eu ja fiz tudo ateh a parte de reinicar em modo seguro...o q falta ainda?

OBS.: Eu Ja desinstalei o Messenger Plus e Instalei denovo agora SEM O programa de Patrocinio ^^

 

Logfile of HijackThis v1.99.1

Scan saved at 15:12:31, on 31/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\NCLAUNCH.EXe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Akiller\Advertising Killer\akiller.exe

c:\arquiv~1\intern~1\iexplore.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\HTJ\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qnhlieefdezforkqspmxp.com/WjrfQ7R_P...SndGRteHBU.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pnyxeufauslydkmqgvei.info/WjrfQ7R_P...NbIJ9MATGBs.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll

O2 - BHO: (no name) - {37B295C7-C366-9EC7-FC84-AD41F8670D55} - C:\DOCUME~1\ADMINI~1\DADOSD~1\COPYSH~1\axis sign.exe

O2 - BHO: (no name) - {6C716061-5EB8-9A9F-AABD-B6A73CB29599} - C:\DOCUME~1\ADMINI~1\DADOSD~1\COPYSH~1\PureDefault.exe

O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [Defy User Dvd Media] C:\Documents and Settings\All Users\Dados de aplicativos\Bleh Play Defy User\NurbHelp.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [cmd32.exe] C:\WINDOWS\system32\cmd32.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [system32] C:\WINDOWS\system32\system32.exe

O4 - HKLM\..\Run: [Obj2loadgrim] C:\Documents and Settings\All Users\Dados de aplicativos\FLAG SIZE OBJ 2\helphold.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [Mail mix] C:\DOCUME~1\ADMINI~1\DADOSD~1\MEMOTH~1\eq bits bend.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AKiller] "C:\Arquivos de programas\Akiller\Advertising Killer\akiller.exe"

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0000.1082\pt-br\bin\WindowsSearch.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Portbuster XP - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &Portbuster 2002 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.br

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {24311111-1111-1121-1111-111191113457} -

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

O16 - DPF: {33331111-1111-1111-1111-611111193458} -

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://200.189.188.245/g_bin/eng/boards_2_0_0_18.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B1557D1-ED25-4752-929C-C08F5B0260AB}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B1557D1-ED25-4752-929C-C08F5B0260AB}: NameServer = 200.204.0.10 200.204.0.10

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Opa Kesley Campi Grellet,

 

O procedimento em Modo Normal não surtiu o efeito desejado. A máquina continua com os mesmos problemas.

 

Você precisará repetir os procedimentos, conforme descrito anteriormente.

 

Para reiniciar em Modo Seguro sem a utilização das teclas faça o seguinte:

 

1. Feche todos os programas.

 

2. Vá em Iniciar --> Executar.

 

3. Digite msconfig na caixa de diálogos e dê Ok.

 

4. Na janela de Configurações de Utilitários do Sistema vá à aba BOOT.INI.

 

5. Em Opções de Inicialização (Boot Options) escolha /SAFE BOOT (primeiro item da lista).

 

6. Clique em Restart na janela que abrir-se-á.

 

7. Pronto. O seu PC será reiniciado em Modo Seguro.

 

PS.: Depois você precisará fazer o procedimento inverso, caso contrário a máquina sempre será reiniciada em Modo Seguro.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Kesley Campi Grellet    0

Kesley Campi Grellet
Postado

Caro JGarcia...Fiz tudo como você falou...Aki esta o Log do PC depois disso =)

E tbm O Resultado da verificaçao Completa do SpySweper...Tiveram 49 Itens Founds...

 

Logfile of HijackThis v1.99.1

Scan saved at 22:33:58, on 31/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\NCLAUNCH.EXe

C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Akiller\Advertising Killer\akiller.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\HTJ\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oypnozuufhq.net/WjrfQ7R_P_0rtv/...bIJ9MATGBs.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll

O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [Defy User Dvd Media] C:\Documents and Settings\All Users\Dados de aplicativos\Bleh Play Defy User\NurbHelp.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AKiller] "C:\Arquivos de programas\Akiller\Advertising Killer\akiller.exe"

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0000.1082\pt-br\bin\WindowsSearch.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Portbuster XP - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &Portbuster 2002 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.br

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B1557D1-ED25-4752-929C-C08F5B0260AB}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B1557D1-ED25-4752-929C-C08F5B0260AB}: NameServer = 200.204.0.10 200.204.0.10

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

 

 

E aki o Resultado do Spy Sweper...

 

Spy Sweeper will provide you with detailed information about the operations being performed in this area.

Program Version 4.5.9 (Build 709) Using Spyware Definitions 556

 

To ensure proper removal of spyware, adware and other unwanted items, be sure to close any programs that are open.

Your Sweep Options indicate the following will be swept:

Drives: C:

Also sweeping: Memory, Cookies, Registry, All Folders

Adware found: easyinstall

Adware found: winad

Adware found: hotbar

Adware found: lopdotcom

Spy Cookie found: go.com cookie

Spy Cookie found: rn11 cookie

Spy Cookie found: touchclarity cookie

Spy Cookie found: accoona cookie

Spy Cookie found: domain sponsor cookie

Spy Cookie found: screensavers.com cookie

Spy Cookie found: yieldmanager cookie

Spy Cookie found: xiti cookie

Spy Cookie found: 888 cookie

Spy Cookie found: atlas dmt cookie

Spy Cookie found: serving-sys cookie

Spy Cookie found: hbmediapro cookie

Spy Cookie found: adjuggler cookie

Spy Cookie found: bs.serving-sys cookie

Spy Cookie found: gostats cookie

Spy Cookie found: toplist cookie

Spy Cookie found: tickle cookie

Spy Cookie found: tripod cookie

Spy Cookie found: belnk cookie

Spy Cookie found: adrevolver cookie

Spy Cookie found: domainsponsor cookie

Spy Cookie found: overture cookie

Spy Cookie found: enhance cookie

Spy Cookie found: adprofile cookie

Spy Cookie found: burstnet cookie

Spy Cookie found: searchweb2 cookie

Spy Cookie found: passion cookie

Spy Cookie found: empnads cookie

Spy Cookie found: 66.220.17 cookie

Spy Cookie found: adultfriendfinder cookie

Spy Cookie found: pointroll cookie

Spy Cookie found: yadro cookie

Spy Cookie found: partypoker cookie

Spy Cookie found: hypertracker.com cookie

Spy Cookie found: atwola cookie

Spy Cookie found: paypopup cookie

Spy Cookie found: 2o7.net cookie

Spy Cookie found: reliablestats cookie

Spy Cookie found: go2net.com cookie

Spy Cookie found: infospace cookie

Spy Cookie found: nextag cookie

Spy Cookie found: videodome cookie

Spy Cookie found: cassava cookie

Spy Cookie found: primaryads cookie

System Monitor found: ardamax keylogger

Adware found: logih adware

Full Sweep has completed. Elapsed time 00:16:07

Traces Found: 303

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

Cara Kesley Campi Grellet,

 

Falta pouco agora. :)

 

1ª Etapa

 

Execute o Uninstall Lop novamente.

 

2ª Etapa

 

1) Execute o Killbox, clique em Delete on Reboot.

 

2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar.

C:\Documents and Settings\All Users\Dados de aplicativos\Bleh Play Defy User

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

3ª Etapa

 

Reinicie o computador em Modo Seguro.

 

Execute o HijackThis, clique em Do a system scan only e marque:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oypnozuufhq.net/WjrfQ7R_P_0rtv/...bIJ9MATGBs.html

O4 - HKLM\..\Run: [Defy User Dvd Media] C:\Documents and Settings\All Users\Dados de aplicativos\Bleh Play Defy User\NurbHelp.exe

Clique em Fix Checked.

 

4ª Etapa

 

Reinicie em modo normal.

 

Poste um novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Kesley Campi Grellet    0

Kesley Campi Grellet
Postado

Caro JGarcia

Ta Ai o Log...Mais Alguma coisa precisa ser feita?

 

Logfile of HijackThis v1.99.1

Scan saved at 13:26:17, on 1/2/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\NCLAUNCH.EXe

C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Akiller\Advertising Killer\akiller.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\HTJ\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\system32\scpsssh2.dll

O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AKiller] "C:\Arquivos de programas\Akiller\Advertising Killer\akiller.exe"

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\MSN Toolbar Suite\DS\02.05.0000.1082\pt-br\bin\WindowsSearch.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Portbuster XP - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &Portbuster 2002 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.br

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B1557D1-ED25-4752-929C-C08F5B0260AB}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B1557D1-ED25-4752-929C-C08F5B0260AB}: NameServer = 200.204.0.10 200.204.0.10

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

Kesley Campi Grellet    0

Kesley Campi Grellet
Postado

Caro JGarcia...Mto Obrigado Mesmo...Depois disso Meu Pc Ja Inicia Sem o Socket Error, Ele desliga e Reinicia Normalmente e Algumas Pastas q Estavao No Favoritos Do internet Explorer q Nao Keriam sair de jeito Nenhum ja sairam e Umas otras coisas tbm xDEu Tbm vi em Otros topicos sobre como Melhorar o Pc e tals...E Desinstalei o java Da Microsoft e Instalei o Da Sun... ^^Obrigado msm!

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito