[Arquivado]Problemas com firefox

[eassim 0]

oi estou com um problema quando abro ou estou utilizando o firefox esta abrindo novas janelas com propagandas d sites, já passei os antspyware aqui no pc mas nada resolveu vou postar o log do hijackthis para vcs analisarem obg!!!

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:38:37, on 5/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Java\jre1.5.0_09\bin\jucheck.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Dudu\Downloads\Programas\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [googletalk] "C:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3523ADB-5318-4C46-B467-012BED495398}: NameServer = 200.165.132.155 200.165.132.148

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

[Sam Spade 2]

Olá eassim! O problema acontece também com o IE?

[eassim 0]

opa cara embora eu não o use muito eu verifiquei hoje, acontece com IE tbm!! valew!!!

[eassim 0]

ah sim não sei se isso é uma informação irrelevante mas as propagandas não são as mesmas!!! obg valew!!!

[Sam Spade 2]

Ok, provavelmente as janelas que abrem quando está navegando com o Firefox, são do IE.

 

Baixe: F-Secure BlackLight > abra uma pasta própria em C:\ e salve nela.

 

Entre na pasta, dê um duplo-clique no ícone do BlackLight e faça um scan (mais nada, apenas o scan).

 

Será gerado um log que é um arquivo com este nome: fsb-seqüencia de números.log. Poste o mesmo.

[eassim 0]

opa cara ai está obg!!!03/10/07 10:48:47 [info]: BlackLight Engine 1.0.55 initialized03/10/07 10:48:47 [info]: OS: 5.1 build 2600 (Service Pack 2)03/10/07 10:48:47 [Note]: 7019 403/10/07 10:48:47 [Note]: 7005 003/10/07 10:48:51 [Note]: 7006 003/10/07 10:48:51 [Note]: 7011 105603/10/07 10:48:51 [Note]: 7026 003/10/07 10:48:51 [Note]: 7026 003/10/07 10:48:51 [Note]: 7024 303/10/07 10:48:51 [info]: Hidden process: C:\windows\system32\bsored.exe03/10/07 10:48:59 [Note]: FSRAW library version 1.7.102103/10/07 10:50:46 [info]: Hidden file: c:\WINDOWS\system32\bsored.dat03/10/07 10:50:46 [Note]: 10002 103/10/07 10:50:47 [info]: Hidden file: C:\windows\system32\bsored.exe03/10/07 10:50:47 [Note]: 10002 103/10/07 10:50:47 [info]: Hidden file: c:\WINDOWS\system32\bsored_nav.dat03/10/07 10:50:47 [Note]: 10002 103/10/07 10:50:47 [info]: Hidden file: c:\WINDOWS\system32\bsored_navps.dat03/10/07 10:50:47 [Note]: 10002 1

[Sam Spade 2]

Salve ou imprima estas instruções, pois vai segui-las desconectado e sem acesso a esta página:

 

1 - Faça o scan novamente com o BlackLight e ao acabar clique em Next.

 

2 - Na janela Step 2: Clean hidden items vá selecionando estas entradas abaixo e clicando em Rename:

 

Hidden process: C:\windows\system32\bsored.exe

Hidden file: c:\WINDOWS\system32\bsored.dat

Hidden file: C:\windows\system32\bsored.exe

Hidden file: c:\WINDOWS\system32\bsored_nav.dat

Hidden file: c:\WINDOWS\system32\bsored_navps.dat

 

Depois de ter feito isso, clique em Next.

 

3 - Selecione Restart now. Ao reiniciar, aperte itermitentemente F8 e escolha modo seguro.

 

4 - Faça um scan com o seu anti vírus e remova todos os arquivos encontrados.

 

5 - Reinicie em modo normal, faça um scan com o BlackLight (apenas o scan) e poste o seu log, juntamente com um novo log do HijackThis. Informe se acabou o problema.

[eassim 0]

oi cara valew o problema parece ter sido resolvido ai vai os logs do blacklight e do hijackthis

 

03/12/07 11:49:04 [info]: BlackLight Engine 1.0.55 initialized

03/12/07 11:49:04 [info]: OS: 5.1 build 2600 (Service Pack 2)

03/12/07 11:49:05 [Note]: 7019 4

03/12/07 11:49:05 [Note]: 7005 0

03/12/07 11:49:07 [Note]: 7006 0

03/12/07 11:49:07 [Note]: 7011 1052

03/12/07 11:49:08 [Note]: 7026 0

03/12/07 11:49:08 [Note]: 7026 0

03/12/07 11:49:15 [Note]: FSRAW library version 1.7.1021

03/12/07 11:52:51 [Note]: 7007 0

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:37:24, on 12/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

c:\arquiv~1\intern~1\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Dudu\Downloads\Programas\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [bsored] c:\windows\system32\bsored.exe bsored

O4 - HKLM\..\Run: [gpl32junkdoes] C:\Documents and Settings\All Users\Dados de aplicativos\balm start gpl 32\ClockStore.exe

O4 - HKCU\..\Run: [googletalk] "C:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [downloadbook] C:\DOCUME~1\ADMINI~1\DADOSD~1\FUNKBA~1\Cdrom Road Meet.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3523ADB-5318-4C46-B467-012BED495398}: NameServer = 200.165.132.155 200.165.132.148

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

[Sam Spade 2]

Olá, resolveu a infecção do dialer Instant Access, mas agora está com outra infecção. Instalou o Messenger Plus com patrocínio e assim, instalou junto o adware/hijacker Lop. Vai ter ou já tem janelas abrindo novamente.

 

É recomendável que se informe antes de instalar algo, se o programa é seguro ou não. Mesmo desinstalando o Plus, o Lop pode permanecer e é o que vemos no seu log.

 

Baixe primeiro o FindLop > Extraia os arquivos para uma pasta própria mas não use ainda.

 

Faça o download do Lop Uninstaller de uma das URLs abaixo:

 

http://lop.com/new_uninstall.exe

 

http://homepage.ntlworld.com/tc.alpha85/lo...w_uninstall.exe

 

Se o seu antivírus detectar algum problema no arquivo, ignore. O arquivo é seguro.

 

Desabilite seu antivírus e qualquer antispyware. Rode-o. Coloque os números e confirme.

 

Faça um scan com o HijackThis e salve o log.

 

Rode o findlop.bat e depois localize o findlop.txt em C:\

 

Ative novamente o anti vírus e os anti spywares.

 

Poste:

 

Log do HijackThis

findlop.txt

[eassim 0]

oi cara ai está. obg!!!

 

Logfile of HijackThis v1.99.1

Scan saved at 21:48:06, on 14/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\HP\hpcoretech\comp\hptskmgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [bsored] c:\windows\system32\bsored.exe bsored

O4 - HKLM\..\Run: [gpl32junkdoes] C:\Documents and Settings\All Users\Dados de aplicativos\balm start gpl 32\ClockStore.exe

O4 - HKCU\..\Run: [googletalk] "C:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3523ADB-5318-4C46-B467-012BED495398}: NameServer = 200.165.132.155 200.165.132.148

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

 

 

 

[TRACE] Enumerating jobs and queues

[TRACE] Activating job 'MP Scheduled Scan.job'

[TRACE] Printing all job properties

 

ApplicationName: 'C:\Arquivos de programas\Windows Defender\MpCmdRun.exe'

Parameters: 'Scan -RestrictPrivileges'

WorkingDirectory: ''

Comment: 'Scheduled Scan'

Creator: 'SYSTEM'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 00/00/0000 0:00:00

NextRun: 03/15/2007 6:00:00

StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET

ExitCode: 0

Status: SCHED_S_TASK_HAS_NOT_RUN

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 1

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 0

SystemRequired = 0

Hidden = 1

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Daily

DaysInterval: 1

StartDate: 03/05/2007

EndDate: 00/00/0000

StartTime: 06:00

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

[Sam Spade 2]

Baixe > KillBox

 

Salve ou imprima estas instruções:

 

1 - Rode o KillBox, marque Delete on Reboot e coloque em Full Path of File to Delete:

 

c:\windows\system32\bsored.exe

 

Clique no botão . Responda Não à pergunta.

 

Coloque agora:

 

C:\Documents and Settings\All Users\Dados de aplicativos\balm start gpl 32\ClockStore.exe

 

Clique no botão . Desta vez, responda Sim à pergunta.

 

Ao reiniciar o PC, aperte F8 intermitentemente. No menu escolha: modo seguro.

 

2 - Faça um scan com o HijackThis, marque as entradas abaixo, que ainda encontrar e clique em

 

O4 - HKLM\..\Run: [bsored] c:\windows\system32\bsored.exe bsored

 

O4 - HKLM\..\Run: [gpl32junkdoes] C:\Documents and Settings\All Users\Dados de aplicativos\balm start gpl 32\ClockStore.exe

 

3 - Reinicie em modo normal, faça um scan com o HijackThis e salve/poste o log.

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.