[Resolvido!]Reinicialização necessária

[RodrigoRJ 0]

Po pessoal, logo quando eu inicio o windows, aparece uma caixa de mensagem escrito "Reinicialização necessária", aí esta la escrito "O computador deve ser reinicializado para que a atualização possa continuar. Deseja reinicializar agora? aí esta la pra clikar, SIM ou NÃO".

Quando eu cliko em sim, o pc reinicia; quando eu cliko em não, o pc não reinicia, aí fecha a caixa (lógico). Isso acontece sempre quando eu inicio o windows. Estranho não?!

Alguem pode me ajudar? Esse problema vem acontecendo a 2 dias. :upset:

 

Meu log:

 

Logfile of HijackThis v1.99.1

Scan saved at 12:55:04, on 3/7/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\htpatch.exe

C:\WINDOWS\System32\RunDll32.exe

C:\WINDOWS\System32\pctspk.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINDOWS\SYSTEM32\mspaint.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

F2 - REG:system.ini: Shell=explorer.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FLASHGET\jccatch.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\fgiebar.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater\AdobeUpdater.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D9ED0E36-7C80-46FA-BFEE-D20BFDD7E90A}: NameServer = 200.149.55.142 200.165.132.155

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

 

Valeu!! :D

[RodrigoRJ 0]

Eu fiz scan com spybot e Avg, tirei um arquivo chmado ibm10003, acho q é isso, o mesmo arquivo que estava antes, mas continua o mesmo problema, quando inicia o windows, continua aparecendo a mesma mensagem.. alguem ae pode me ajudar? Pliss

 

Logfile of HijackThis v1.99.1

Scan saved at 20:17:26, on 4/7/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\htpatch.exe

C:\WINDOWS\System32\RunDll32.exe

C:\WINDOWS\System32\pctspk.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

F2 - REG:system.ini: Shell=explorer.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FLASHGET\jccatch.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\fgiebar.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater\AdobeUpdater.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D9ED0E36-7C80-46FA-BFEE-D20BFDD7E90A}: NameServer = 200.149.55.142 200.165.132.155

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

 

 

Valeu!!

[jgarcia 1]

Opa RodrigoRJ,

 

Baixe o SilentRunners.

 

Extraia o arquivo SillentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo.

 

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole aqui.

 

Abraços.

 

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

[RodrigoRJ 0]

Aí mestre!!

 

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

"msnmsgr" = ""C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background" [MS]

"AdobeUpdater" = "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater\AdobeUpdater.exe" ["Adobe Systems Incorporated"]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SystemTray" = "SysTray.Exe" [MS]

"HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]

"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]

"SiS Tray" = (empty string)

"SiS KHooker" = "C:\WINDOWS\System32\khooker.exe" [file not found]

"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]

"PCTVOICE" = "pctspk.exe" [empty string]

"Lexmark X1100 Series" = ""C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"" ["Lexmark International, Inc."]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"InCD" = "C:\Arquivos de programas\Ahead\InCD\InCD.exe" ["Ahead Software AG"]

"AVG7_CC" = "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\ARQUIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Sign-in Helper"

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)

-> {HKLM...CLSID} = "IeCatch2 Class"

\InProcServer32\(Default) = "C:\ARQUIV~1\FLASHGET\jccatch.dll" ["Amaze Soft"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"

-> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{5b4dae26-b807-11d0-9815-00c04fd91972}" = "Menu Band"

-> {HKLM...CLSID} = "Menu Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{8278F931-2A3E-11d2-838F-00C04FD918D0}" = "Tracking Shell Menu"

-> {HKLM...CLSID} = "Tracking Shell Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}" = "Menu Site"

-> {HKLM...CLSID} = "Menu Site"

\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}" = "Menu Desk Bar"

-> {HKLM...CLSID} = "Menu Desk Bar"

\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}" = "IShellFolderBand"

-> {HKLM...CLSID} = "IShellFolderBand"

\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{0E5CBF21-D15F-11d0-8301-00AA005B4383}" = "Lin&ks"

-> {HKLM...CLSID} = "Lin&ks"

\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{7487cd30-f71a-11d0-9ea7-00805f714772}" = "Thumbnail Image"

-> {HKLM...CLSID} = "Thumbnail Image"

\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]

"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"

-> {HKLM...CLSID} = "Shell Extension for CDRW"

\InProcServer32\(Default) = "C:\Arquivos de programas\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

-> {HKLM...CLSID} = "AVG7 Find Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Extensão de ícone de arquivo do Outlook"

\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\Office10\msohev.dll" [MS]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento"

\InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.0.0787.00.dll" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

 

 

E ae, o caso é grave?? :cry:

[jgarcia 1]

Opa RodrigoRJ,

 

Execute o Active Scan da Panda e retorne com o resultado.

 

Abraços.

[RodrigoRJ 0]

Ae! eu scan o HD.. vlwIncident Status Location Adware:adware/cydoor Not disinfected C:\WINDOWS\SYSTEM32\cd_clint.dll Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\SYSTEM32\Tools\Restart.exe Adware:Adware/Adsmart Not disinfected C:\WINDOWS\SYSTEM32\slx.exe Adware:Adware/KeenValue Not disinfected C:\Arquivos de programas\eMule\Incoming\Ableton Live v5.0.2 Crack - Keygen - Serial.zip[crackfix.exe] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TeR\Configurações locais\Temp\Cookies\ter@atdmt[1].txt Adware:Adware/ClockSync Not disinfected C:\Documents and Settings\TeR\Meus documentos\Setup's\turbo.exe[²ÖÇ\VVSNInst.exe] Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\TeR\Meus documentos\Setup's\SmitfraudFix.zip Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\- SnowBall - todo mundo em panico 4 52.zip[setup.exe] Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\[LiveStream] todo mundo em panico 4 27.zip[install.exe] Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\(Better Version) todo mundo em panico 4 01.zip[setup.exe] Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\[Full] todo mundo em panico 4 52.rar[install.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TeR\Desktop\SmitfraudFix\Process.exe Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TeR\Cookies\ter@ad.yieldmanager[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TeR\Cookies\ter@overture[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TeR\Cookies\ter@de.uol.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TeR\Cookies\ter@google.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TeR\Cookies\ter@ig.com[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TeR\Cookies\ter@uol.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TeR\Cookies\ter@acesso.uol.com[1].txt Adware:Adware/KeenValue Not disinfected C:\!KillBox\aesmsext.dll Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 1) Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 2) Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 3) Potentially unwanted tool:Application/Processor Not disinfected C:\Recycled\Dc55\Process.exe Virus:W32/Sdbot.BKO.worm Disinfected C:\My Shared Folder\Office XP Keygenerator.exe :Psó não da pra tirar os virus.. pq tem q pagar.. lembrando q os virus continuam xD

[jgarcia 1]

Opa RodrigoRJ,

 

Vamos lá.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

Baixe, mas não execute ainda.

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

2ª Etapa

 

Execute o KillBox:

1) Selecione Delete on reboot;

 

2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar:

C:\WINDOWS\SYSTEM32\cd_clint.dll

C:\WINDOWS\SYSTEM32\Process.exe

C:\WINDOWS\SYSTEM32\Tools\Restart.exe

C:\WINDOWS\SYSTEM32\slx.exe

C:\Arquivos de programas\eMule\Incoming\Ableton Live v5.0.2 Crack - Keygen - Serial.zip

C:\Documents and Settings\TeR\Meus documentos\Setup's\turbo.exe

C:\Documents and Settings\TeR\Meus documentos\Downloads\- SnowBall - todo mundo em panico 452.zip

C:\Documents and Settings\TeR\Meus documentos\Downloads\[LiveStream] todo mundo em panico 427.zip

C:\Documents and Settings\TeR\Meus documentos\Downloads\(Better Version) todo mundo em panico 401.zip

C:\Documents and Settings\TeR\Meus documentos\Downloads\[Full] todo mundo em panico 452.rar

3) Retorne ao Killbox. Clique em File --> Paste from clipboard --> All files;

 

4) Aperte em "X". Responda "não" à pergunta.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Vá até a pasta !KillBox e apague o conteúdo.

 

Delete o conteúdo da lixeira.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Execute o Active Scan da Panda novamente e veja se ainda detecta algo.

 

Um abraço.

[RodrigoRJ 0]

Fiz tudo..Incident Status Location Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\- SnowBall - todo mundo em panico 4 52.zip[setup.exe] Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\[LiveStream] todo mundo em panico 4 27.zip[install.exe] Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\(Better Version) todo mundo em panico 4 01.zip[setup.exe] Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\[Full] todo mundo em panico 4 52.rar[install.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TeR\Desktop\SmitfraudFix\Process.exe Adware:Adware/KeenValue Not disinfected C:\!KillBox\aesmsext.dll Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 1) Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 2) Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 3) Adware:Adware/ClockSync Not disinfected C:\!KillBox\turbo.exe[²ÖÇ\VVSNInst.exe] Adware:Adware/KeenValue Not disinfected C:\!KillBox\Ableton Live v5.0.2 Crack - Keygen - Serial.zip[crackfix.exe] Adware:Adware/Adsmart Not disinfected C:\!KillBox\slx.exe Potentially unwanted tool:Application/Restart Not disinfected C:\!KillBox\Restart.exe Potentially unwanted tool:Application/Processor Not disinfected C:\!KillBox\Process.exe spyware 12hacking Tools and potentially unwanted tools --apareceu isso la no scan do Panda.Vlw

[jgarcia 1]

Opa RodrigoRJ,

 

Vamos lá.

 

1ª Etapa

 

Execute o KillBox:

1) Selecione Delete on reboot;

 

2) Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar:

C:\Documents and Settings\TeR\Meus documentos\Downloads\- SnowBall - todo mundo em panico 4 52.zip

C:\Documents and Settings\TeR\Meus documentos\Downloads\[LiveStream] todo mundo em panico 4 27.zip

C:\Documents and Settings\TeR\Meus documentos\Downloads\(Better Version) todo mundo em panico 4 01.zip

C:\Documents and Settings\TeR\Meus documentos\Downloads\[Full] todo mundo em panico 4 52.rar

3) Retorne ao Killbox. Clique em File --> Paste from clipboard --> All files;

 

4) Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Vá até a pasta !KillBox novamente e apague o conteúdo.

 

Execute o CCleaner novamente e clique em Executar Cleaner.

 

Execute o Active Scan da Panda mais uma vez e veja se ainda detecta algo.

 

Um abraço.

[RodrigoRJ 0]

Ae.. continua cara.

 

 

Incident Status Location

 

Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\- SnowBall - todo mundo em panico 4 52.zip[setup.exe]

Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\[LiveStream] todo mundo em panico 4 27.zip[install.exe]

Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\(Better Version) todo mundo em panico 4 01.zip[setup.exe]

Adware:Adware/AdvertMem Not disinfected C:\Documents and Settings\TeR\Meus documentos\Downloads\[Full] todo mundo em panico 4 52.rar[install.exe]

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TeR\Desktop\SmitfraudFix\Process.exe

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TeR\Cookies\ter@ad.yieldmanager[2].txt

Adware:Adware/KeenValue Not disinfected C:\!KillBox\aesmsext.dll

Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe

Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 1)

Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 2)

Adware:Adware/Cydoor Not disinfected C:\!KillBox\cd_load.exe( 3)

Adware:Adware/ClockSync Not disinfected C:\!KillBox\turbo.exe[²ÖÇ\VVSNInst.exe]

Adware:Adware/KeenValue Not disinfected C:\!KillBox\Ableton Live v5.0.2 Crack - Keygen - Serial.zip[crackfix.exe]

Adware:Adware/Adsmart Not disinfected C:\!KillBox\slx.exe

Potentially unwanted tool:Application/Restart Not disinfected C:\!KillBox\Restart.exe

Potentially unwanted tool:Application/Processor Not disinfected C:\!KillBox\Process.exe

 

--

Cara, como assim?

 

Vá até a pasta !KillBox novamente e apague o conteúdo.

Aonde? Como?

Valeu!! :joia:

[jgarcia 1]

Opa RodrigoRJ,

 

Reinicie em Modo Seguro.

 

Vá até C:\Documents and Settings\TeR\Meus documentos\Downloads e apague:

 

- SnowBall - todo mundo em panico 4 52.zip[setup.exe]

[LiveStream] todo mundo em panico 4 27.zip[install.exe]

(Better Version) todo mundo em panico 4 01.zip[setup.exe]

[Full] todo mundo em panico 4 52.rar[install.exe]

 

Vá até C:\!KillBox e delete o conteúdo.

 

Reinicie em Modo Normal.

 

Execute o CCleaner novamente e clique em Executar Cleaner.

 

Execute o Active Scan da Panda mais uma vez e veja se ainda detecta algo.

 

Um abraço.

[RodrigoRJ 0]

Cara, eu instalei o AVAST, tirei um monte de virus.. tinha um virus na memória.. conseguir excluí!!Mas aqui, eu scaniei com o panda, não detectou nada. Mas quando eu inicio o computador, ainda continua aquela janela, falando para reiniciar... O Avast deixa o computador lento né?! Ele é bom.. tira um monte de coisa, mas deixa o computador uma porcaria..Mas é isso ae cara, ainda contina a praga da janela.. ja viu um caso que nem esse? :wacko: .. tinha que ser o meu né ?! rsrsrs :D Valeu cara.. Tem mais alguma coisa que possa se fazer, para tentar tirar essa coisa daqui? Isso é spy ou virus?Falow ae :!: :joia:

[jgarcia 1]

Opa RodrigoRJ,

 

Relate de modo mais apurado o problema que vem ocorrendo com seu PC, a fim de que eu possa tentar ajudá-lo.

 

Abraços.

[RodrigoRJ 0]

Bom, a mto tempo atrás, quando eu inicio o windows, logo de cara, aparece que tem q reiniciar o computador. Aparece uma caixa de mensagem escrito "Reinicialização necessária", aí esta la escrito "O computador deve ser reinicializado para que a atualização possa continuar. Deseja reinicializar agora? aí esta la pra clikar, SIM ou NÃO".

 

 

Meu log

 

Logfile of HijackThis v1.99.1

Scan saved at 21:55:32, on 16/7/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\htpatch.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FLASHGET\jccatch.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater\AdobeUpdater.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

 

 

Vlw

[jgarcia 1]

Opa RodrigoRJ,

 

A mensagem em questão só aparece após o download automático das atualizações do sistema ou vem aparecendo constantemente?

[RodrigoRJ 0]

Constantemente!!

 

Meu log ae, caso precisar...

 

Logfile of HijackThis v1.99.1

Scan saved at 18:57:30, on 19/7/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\htpatch.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARQUIV~1\FLASHGET\jccatch.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [AdobeUpdater] C:\Arquivos de programas\Arquivos comuns\Adobe\Updater\AdobeUpdater.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FLASHGET\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

 

 

 

Lembrando q eu desativei os downloads do windows automatico.

[jgarcia 1]

Opa RodrigoRJ,

 

Faça o download do F-Secure Blacklight em:

F-Secure Blacklight

 

Salve-o na área de trabalho e execute. Aceite o acordo.

 

Se ele encontrar qualquer arquivo, ignore. Preciso apenas do log.

 

Ao final do scan, copie o resultado do arquivo fsb-xxxxx.log (onde xxx são números).

 

Aguardo retorno.

 

Abraços.

[RodrigoRJ 0]

Opa.. é isso daqui?07/20/06 15:21:05 [info]: BlackLight Engine 1.0.42 initialized07/20/06 15:21:05 [info]: OS: 5.1 build 2600 (Service Pack 2)07/20/06 15:21:05 [Note]: 7019 407/20/06 15:21:05 [Note]: 7005 007/20/06 15:21:22 [Note]: 7006 007/20/06 15:21:22 [Note]: 7011 102807/20/06 15:21:23 [Note]: 7026 007/20/06 15:21:23 [Note]: 7026 007/20/06 15:21:31 [Note]: FSRAW library version 1.7.101907/20/06 15:21:48 [Note]: 2000 100607/20/06 15:22:53 [Note]: 7007 0Valeu!!

[jgarcia 1]

Opa RodrigoRJ,

 

Definitivamente o seu problema não está relacionado com malwares.

 

Sugiro que procure ajuda na seção de Windows, ok. ;)

 

Abraços.

[RodrigoRJ 0]

Vlw!! :clap: