RodrigoRJ 0 Denunciar post Postado Julho 3, 2006 Po pessoal, logo quando eu inicio o windows, aparece uma caixa de mensagem escrito "Reinicialização necessária", aí esta la escrito "O computador deve ser reinicializado para que a atualização possa continuar. Deseja reinicializar agora? aí esta la pra clikar, SIM ou NÃO". Quando eu cliko em sim, o pc reinicia; quando eu cliko em não, o pc não reinicia, aí fecha a caixa (lógico). Isso acontece sempre quando eu inicio o windows. Estranho não?! Alguem pode me ajudar? Esse problema vem acontecendo a 2 dias. :upset: Meu log: Logfile of HijackThis v1.99.1 Scan saved at 12:55:04, on 3/7/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\htpatch.exe C:\WINDOWS\System32\RunDll32.exe C:\WINDOWS\System32\pctspk.exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe C:\Arquivos de programas\Ahead\InCD\InCD.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\System32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe C:\Arquivos de programas\WinZip\WZQKPICK.EXE C:\WINDOWS\SYSTEM32\mspaint.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/ F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FLASHGET\jccatch.dll O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\fgiebar.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater\AdobeUpdater.exe O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D9ED0E36-7C80-46FA-BFEE-D20BFDD7E90A}: NameServer = 200.149.55.142 200.165.132.155 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE Valeu!! :D Compartilhar este post Link para o post Compartilhar em outros sites
RodrigoRJ 0 Denunciar post Postado Julho 4, 2006 Eu fiz scan com spybot e Avg, tirei um arquivo chmado ibm10003, acho q é isso, o mesmo arquivo que estava antes, mas continua o mesmo problema, quando inicia o windows, continua aparecendo a mesma mensagem.. alguem ae pode me ajudar? Pliss Logfile of HijackThis v1.99.1 Scan saved at 20:17:26, on 4/7/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\htpatch.exe C:\WINDOWS\System32\RunDll32.exe C:\WINDOWS\System32\pctspk.exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe C:\Arquivos de programas\Ahead\InCD\InCD.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\System32\ctfmon.exe C:\Arquivos de programas\WinZip\WZQKPICK.EXE C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/ F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FLASHGET\jccatch.dll O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\fgiebar.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater\AdobeUpdater.exe O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D9ED0E36-7C80-46FA-BFEE-D20BFDD7E90A}: NameServer = 200.149.55.142 200.165.132.155 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE Valeu!! Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Julho 6, 2006 Opa RodrigoRJ, Baixe o SilentRunners. Extraia o arquivo SillentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo. Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole aqui. Abraços. Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução. Compartilhar este post Link para o post Compartilhar em outros sites
RodrigoRJ 0 Denunciar post Postado Julho 7, 2006 Aí mestre!! "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS] "msnmsgr" = ""C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background" [MS] "AdobeUpdater" = "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater\AdobeUpdater.exe" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SystemTray" = "SysTray.Exe" [MS] "HTpatch" = "C:\WINDOWS\htpatch.exe" [null data] "SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."] "SiS Tray" = (empty string) "SiS KHooker" = "C:\WINDOWS\System32\khooker.exe" [file not found] "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] "PCTVOICE" = "pctspk.exe" [empty string] "Lexmark X1100 Series" = ""C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"" ["Lexmark International, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "InCD" = "C:\Arquivos de programas\Ahead\InCD\InCD.exe" ["Ahead Software AG"] "AVG7_CC" = "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\ARQUIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided) -> {HKLM...CLSID} = "IeCatch2 Class" \InProcServer32\(Default) = "C:\ARQUIV~1\FLASHGET\jccatch.dll" ["Amaze Soft"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo" -> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{5b4dae26-b807-11d0-9815-00c04fd91972}" = "Menu Band" -> {HKLM...CLSID} = "Menu Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{8278F931-2A3E-11d2-838F-00C04FD918D0}" = "Tracking Shell Menu" -> {HKLM...CLSID} = "Tracking Shell Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{E13EF4E4-D2F2-11d0-9816-00C04FD91972}" = "Menu Site" -> {HKLM...CLSID} = "Menu Site" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{ECD4FC4F-521C-11D0-B792-00A0C90312E1}" = "Menu Desk Bar" -> {HKLM...CLSID} = "Menu Desk Bar" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{D82BE2B0-5764-11D0-A96E-00C04FD705A2}" = "IShellFolderBand" -> {HKLM...CLSID} = "IShellFolderBand" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{0E5CBF21-D15F-11d0-8301-00AA005B4383}" = "Lin&ks" -> {HKLM...CLSID} = "Lin&ks" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{7487cd30-f71a-11d0-9ea7-00805f714772}" = "Thumbnail Image" -> {HKLM...CLSID} = "Thumbnail Image" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW" -> {HKLM...CLSID} = "Shell Extension for CDRW" \InProcServer32\(Default) = "C:\Arquivos de programas\Ahead\InCD\incdshx.dll" ["Ahead Software AG"] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook" \InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\Office10\msohev.dll" [MS] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento" \InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.0.0787.00.dll" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" E ae, o caso é grave?? :cry: Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Julho 7, 2006 Opa RodrigoRJ, Execute o Active Scan da Panda e retorne com o resultado. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
RodrigoRJ 0 Denunciar post Postado Julho 7, 2006 Ae! eu scan o HD.. vlwIncident Status Location Adware:adware/cydoor Not disinfected C:\WINDOWS\SYSTEM32\cd_clint.dll Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\SYSTEM32\Tools\Restart.exe Adware:Adware/Adsmart Not disinfected C:\WINDOWS\SYSTEM32\slx.exe Adware:Adware/KeenValue Not disinfected C:\Arquivos de programas\eMule\Incoming\Ableton Live v5.0.2 Crack - Keygen - Serial.zip[crackfix.exe] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TeR\Configurações locais\Temp\Cookies\ter@atdmt[1].txt Adware:Adware/ClockSync Not disinfected C:\Documents and Settings\TeR\Meus documentos\Setup's\turbo.exe[²ÖÇ\VVSNInst.exe] Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\TeR\Meus documentos\Setup's\SmitfraudFix.zip Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\- SnowBall - todo mundo em panico 4 52.zip[setup.exe] Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\[LiveStream] todo mundo em panico 4 27.zip[install.exe] Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\(Better Version) todo mundo em panico 4 01.zip[setup.exe] Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\[Full] todo mundo em panico 4 52.rar[install.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TeR\Desktop\SmitfraudFix\Process.exe Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TeR\Cookies\ter@ad.yieldmanager[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TeR\Cookies\ter@overture[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TeR\Cookies\ter@de.uol.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TeR\Cookies\ter@google.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TeR\Cookies\ter@ig.com[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TeR\Cookies\ter@uol.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TeR\Cookies\ter@acesso.uol.com[1].txt Adware:Adware/KeenValue Not disinfected C:\!KillBox\aesmsext.dll Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 1) Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 2) Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 3) Potentially unwanted tool:Application/Processor Not disinfected C:\Recycled\Dc55\Process.exe Virus:W32/Sdbot.BKO.worm Disinfected C:\My Shared Folder\Office XP Keygenerator.exe :Psó não da pra tirar os virus.. pq tem q pagar.. lembrando q os virus continuam xD Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Julho 8, 2006 Opa RodrigoRJ, Vamos lá. 1ª Etapa Baixe o Killbox em: Killbox Baixe, mas não execute ainda. Baixe o CCleaner em: CCleaner Baixe, mas não execute ainda. 2ª Etapa Execute o KillBox: 1) Selecione Delete on reboot; 2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar: C:\WINDOWS\SYSTEM32\cd_clint.dllC:\WINDOWS\SYSTEM32\Process.exe C:\WINDOWS\SYSTEM32\Tools\Restart.exe C:\WINDOWS\SYSTEM32\slx.exe C:\Arquivos de programas\eMule\Incoming\Ableton Live v5.0.2 Crack - Keygen - Serial.zip C:\Documents and Settings\TeR\Meus documentos\Setup's\turbo.exe C:\Documents and Settings\TeR\Meus documentos\Downloads\- SnowBall - todo mundo em panico 452.zip C:\Documents and Settings\TeR\Meus documentos\Downloads\[LiveStream] todo mundo em panico 427.zip C:\Documents and Settings\TeR\Meus documentos\Downloads\(Better Version) todo mundo em panico 401.zip C:\Documents and Settings\TeR\Meus documentos\Downloads\[Full] todo mundo em panico 452.rar 3) Retorne ao Killbox. Clique em File --> Paste from clipboard --> All files; 4) Aperte em "X". Responda "não" à pergunta. 3ª Etapa Reinicie em Modo Normal. Vá até a pasta !KillBox e apague o conteúdo. Delete o conteúdo da lixeira. Execute o CCleaner e clique em Executar Cleaner. Execute o Active Scan da Panda novamente e veja se ainda detecta algo. Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
RodrigoRJ 0 Denunciar post Postado Julho 9, 2006 Fiz tudo..Incident Status Location Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\- SnowBall - todo mundo em panico 4 52.zip[setup.exe] Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\[LiveStream] todo mundo em panico 4 27.zip[install.exe] Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\(Better Version) todo mundo em panico 4 01.zip[setup.exe] Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\[Full] todo mundo em panico 4 52.rar[install.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TeR\Desktop\SmitfraudFix\Process.exe Adware:Adware/KeenValue Not disinfected C:\!KillBox\aesmsext.dll Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 1) Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 2) Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 3) Adware:Adware/ClockSync Not disinfected C:\!KillBox\turbo.exe[²ÖÇ\VVSNInst.exe] Adware:Adware/KeenValue Not disinfected C:\!KillBox\Ableton Live v5.0.2 Crack - Keygen - Serial.zip[crackfix.exe] Adware:Adware/Adsmart Not disinfected C:\!KillBox\slx.exe Potentially unwanted tool:Application/Restart Not disinfected C:\!KillBox\Restart.exe Potentially unwanted tool:Application/Processor Not disinfected C:\!KillBox\Process.exe spyware 12hacking Tools and potentially unwanted tools --apareceu isso la no scan do Panda.Vlw Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Julho 9, 2006 Opa RodrigoRJ, Vamos lá. 1ª Etapa Execute o KillBox: 1) Selecione Delete on reboot; 2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar: C:\Documents and Settings\TeR\Meus documentos\Downloads\- SnowBall - todo mundo em panico 4 52.zipC:\Documents and Settings\TeR\Meus documentos\Downloads\[LiveStream] todo mundo em panico 4 27.zip C:\Documents and Settings\TeR\Meus documentos\Downloads\(Better Version) todo mundo em panico 4 01.zip C:\Documents and Settings\TeR\Meus documentos\Downloads\[Full] todo mundo em panico 4 52.rar 3) Retorne ao Killbox. Clique em File --> Paste from clipboard --> All files; 4) Aperte em "X". Responda "não" à pergunta. 2ª Etapa Reinicie em Modo Normal. Vá até a pasta !KillBox novamente e apague o conteúdo. Execute o CCleaner novamente e clique em Executar Cleaner. Execute o Active Scan da Panda mais uma vez e veja se ainda detecta algo. Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
RodrigoRJ 0 Denunciar post Postado Julho 9, 2006 Ae.. continua cara. Incident Status Location Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\- SnowBall - todo mundo em panico 4 52.zip[setup.exe] Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\[LiveStream] todo mundo em panico 4 27.zip[install.exe] Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\(Better Version) todo mundo em panico 4 01.zip[setup.exe] Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\[Full] todo mundo em panico 4 52.rar[install.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TeR\Desktop\SmitfraudFix\Process.exe Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TeR\Cookies\ter@ad.yieldmanager[2].txt Adware:Adware/KeenValue Not disinfected C:\!KillBox\aesmsext.dll Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 1) Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 2) Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 3) Adware:Adware/ClockSync Not disinfected C:\!KillBox\turbo.exe[²ÖÇ\VVSNInst.exe] Adware:Adware/KeenValue Not disinfected C:\!KillBox\Ableton Live v5.0.2 Crack - Keygen - Serial.zip[crackfix.exe] Adware:Adware/Adsmart Not disinfected C:\!KillBox\slx.exe Potentially unwanted tool:Application/Restart Not disinfected C:\!KillBox\Restart.exe Potentially unwanted tool:Application/Processor Not disinfected C:\!KillBox\Process.exe -- Cara, como assim? Vá até a pasta !KillBox novamente e apague o conteúdo. Aonde? Como? Valeu!! :joia: Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Julho 10, 2006 Opa RodrigoRJ, Reinicie em Modo Seguro. Vá até C:\Documents and Settings\TeR\Meus documentos\Downloads e apague: - SnowBall - todo mundo em panico 4 52.zip[setup.exe] [LiveStream] todo mundo em panico 4 27.zip[install.exe] (Better Version) todo mundo em panico 4 01.zip[setup.exe] [Full] todo mundo em panico 4 52.rar[install.exe] Vá até C:\!KillBox e delete o conteúdo. Reinicie em Modo Normal. Execute o CCleaner novamente e clique em Executar Cleaner. Execute o Active Scan da Panda mais uma vez e veja se ainda detecta algo. Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
RodrigoRJ 0 Denunciar post Postado Julho 11, 2006 Cara, eu instalei o AVAST, tirei um monte de virus.. tinha um virus na memória.. conseguir excluí!!Mas aqui, eu scaniei com o panda, não detectou nada. Mas quando eu inicio o computador, ainda continua aquela janela, falando para reiniciar... O Avast deixa o computador lento né?! Ele é bom.. tira um monte de coisa, mas deixa o computador uma porcaria..Mas é isso ae cara, ainda contina a praga da janela.. ja viu um caso que nem esse? :wacko: .. tinha que ser o meu né ?! rsrsrs :D Valeu cara.. Tem mais alguma coisa que possa se fazer, para tentar tirar essa coisa daqui? Isso é spy ou virus?Falow ae :!: :joia: Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Julho 17, 2006 Opa RodrigoRJ, Relate de modo mais apurado o problema que vem ocorrendo com seu PC, a fim de que eu possa tentar ajudá-lo. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
RodrigoRJ 0 Denunciar post Postado Julho 17, 2006 Bom, a mto tempo atrás, quando eu inicio o windows, logo de cara, aparece que tem q reiniciar o computador. Aparece uma caixa de mensagem escrito "Reinicialização necessária", aí esta la escrito "O computador deve ser reinicializado para que a atualização possa continuar. Deseja reinicializar agora? aí esta la pra clikar, SIM ou NÃO". Meu log Logfile of HijackThis v1.99.1 Scan saved at 21:55:32, on 16/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\htpatch.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\pctspk.exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe C:\Arquivos de programas\Ahead\InCD\InCD.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\WinZip\WZQKPICK.EXE C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FLASHGET\jccatch.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater\AdobeUpdater.exe O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE Vlw Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Julho 18, 2006 Opa RodrigoRJ, A mensagem em questão só aparece após o download automático das atualizações do sistema ou vem aparecendo constantemente? Compartilhar este post Link para o post Compartilhar em outros sites
RodrigoRJ 0 Denunciar post Postado Julho 19, 2006 Constantemente!! Meu log ae, caso precisar... Logfile of HijackThis v1.99.1 Scan saved at 18:57:30, on 19/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\htpatch.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\pctspk.exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe C:\Arquivos de programas\Ahead\InCD\InCD.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\WinZip\WZQKPICK.EXE C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FLASHGET\jccatch.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater\AdobeUpdater.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE Lembrando q eu desativei os downloads do windows automatico. Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Julho 20, 2006 Opa RodrigoRJ, Faça o download do F-Secure Blacklight em: F-Secure Blacklight Salve-o na área de trabalho e execute. Aceite o acordo. Se ele encontrar qualquer arquivo, ignore. Preciso apenas do log. Ao final do scan, copie o resultado do arquivo fsb-xxxxx.log (onde xxx são números). Aguardo retorno. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
RodrigoRJ 0 Denunciar post Postado Julho 20, 2006 Opa.. é isso daqui?07/20/06 15:21:05 [info]: BlackLight Engine 1.0.42 initialized07/20/06 15:21:05 [info]: OS: 5.1 build 2600 (Service Pack 2)07/20/06 15:21:05 [Note]: 7019 407/20/06 15:21:05 [Note]: 7005 007/20/06 15:21:22 [Note]: 7006 007/20/06 15:21:22 [Note]: 7011 102807/20/06 15:21:23 [Note]: 7026 007/20/06 15:21:23 [Note]: 7026 007/20/06 15:21:31 [Note]: FSRAW library version 1.7.101907/20/06 15:21:48 [Note]: 2000 100607/20/06 15:22:53 [Note]: 7007 0Valeu!! Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Julho 21, 2006 Opa RodrigoRJ, Definitivamente o seu problema não está relacionado com malwares. Sugiro que procure ajuda na seção de Windows, ok. ;) Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
RodrigoRJ 0 Denunciar post Postado Julho 21, 2006 Vlw!! :clap: Compartilhar este post Link para o post Compartilhar em outros sites
