Leoking 0 Denunciar post Postado Março 28, 2007 Quando estou no pc,a cada 15 segundos come;ca a abrir páginas no IE,endereçadas http://qaz[XXXX].xhost.ro/ , e após uma mensagem: 'O caminho 'alex116' não existe ou não é um diretório' *[XXXX]: número de 2000~2015 pelo amor de Deus alguém me ajude! aí vai meu log: Logfile of HijackThis v1.99.1 Scan saved at 23:56:09, on 28/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Arquivos comuns\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Stardock\Object Desktop\KLP\Keys.exe C:\Arquivos de programas\Stardock\Object Desktop\IconX\IconX.exe C:\Arquivos de programas\Stardock\Object Desktop\RightClick\RightClick.exe C:\WINDOWS\system32\winlogin.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Arquivos de programas\Logitech\Video\LogiTray.exe C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Arquivos de programas\Logitech\Video\FxSvr2.exe D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe D:\Desktop\Programas\HijackThis.exe F3 - REG:win.ini: run=C:\WINDOWS\system32\winlogin.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\PROTECT\protect.sld,C:\WINDOWS\system32\userinit.exe, O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdmcks.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Protect] "C:\WINDOWS\PROTECT\protect.exe" /a O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Arquivos de programas\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [FreeRAM XP] "D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe" -win O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: Execute a Ferramenta de Registo do Nintendo Wi-Fi USB Connector...lnk = C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 O8 - Extra context menu item: Analisar com LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Parser.html O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download usando Assistente LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Wizard.html O8 - Extra context menu item: Download usando LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\AddUrl.html O8 - Extra context menu item: Download with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun ?I Java ?R?“?\?[?? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//h...ALStreaming.cab O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab O16 - DPF: {731E2481-5410-49C6-BE75-083740869284} (QOnlineCtrl Class) - http://www.meteosonline.jp/QOnline.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D41CE0FC-D720-413E-A9A6-82EC4CDAE742} (Session Class) - http://segalink.jp/_app/SJSessionAX.cab O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (????????????) - http://www.filebank.co.jp/setup/win/fbx2.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: MCPClient - C:\Arquivos de programas\Arquivos comuns\Stardock\mcpstub.dll O20 - Winlogon Notify: WBSrv - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe Valeu! Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Março 28, 2007 Opa Leoking, 1. Baixe o SmitfraudFix; 2. Desabilite a proteção do seu anti-vírus (temporariamente); 3. Extraia o arquivo SmitFraudFix para o seu desktop; 4. Reinicie em Modo Seguro; 5. Execute o SmitfraudFix dando um duplo clique sobre smitfraudfix.cmd --> escolha a Opção 2; 6. Responda sim (y) à pergunta sobre a limpeza no registro (Do you want to clean the registry?); 7. Aguarde o término do scan e a geração do log; 8. Reinicie em Modo Normal; 9. Reabilite o seu anti-vírus; 10. Poste o log do SmitfraudFix (opção 2) + log HijackThis (gerado em Modo Normal). Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Leoking 0 Denunciar post Postado Março 29, 2007 Obrigado mesmo jgarcia (sabia que você ia me salvar)!!! aí vai meu log do Smitfraudfix: SmitFraudFix v2.158 Scan done at 11:21:19,98, 29/03/2007 qui Run from D:\Desktop\SmitfraudFix OS: Microsoft Windows XP [versao 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode ササササササササササササササササササササササササ SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll ササササササササササササササササササササササササ Killing process ササササササササササササササササササササササササ hosts 127.0.0.1 localhost 127.0.0.1 www.jetix.com.br 127.0.0.1 www.jetix.com.br/Series/ 127.0.0.1 www.jetix.com.br/Series/WITCH/ 127.0.0.1 www.disney.com.br/Publishing/Witchmagazine/ 127.0.0.1 www.winxclub.com/ 127.0.0.1 www.winxclub.com 127.0.0.1 www.disney.com.br 127.0.0.1 www.4kids.tv 127.0.0.1 barbie.everythinggirl.com 127.0.0.1 senna.globo.com 127.0.0.1 myscene.everythinggirl.com 127.0.0.1 www.winxclub.tv 127.0.0.1 igirl.ig.com.br 127.0.0.1 www.disney.pt 127.0.0.1 sitedaswitch.tripod.com 127.0.0.1 www.barbie-japan.com 127.0.0.1 br.barbie.com 127.0.0.1 es.barbie.com 127.0.0.1 uk.barbie.com 127.0.0.1 fr.barbie.com 127.0.0.1 www.barbie.de 127.0.0.1 www.barbie.nl 127.0.0.1 humortadela3.uol.com.br 127.0.0.1 humortadela.uol.com.br 127.0.0.1 ad.yieldmanager.com 127.0.0.1 content.yieldmanager.edgesuite.net 127.0.0.1 winx-candy-witch.mylog.pl 127.0.0.1 www.flogao.com/winxclubrasiloficial 127.0.0.1 bloomka.mylog.pl 127.0.0.1 shapely-bloom.mylog.pl 127.0.0.1 fotolog.terra.com.br/julianacasal 127.0.0.1 fotolog.terra.com.br/aisha_winx 127.0.0.1 4kids.tv 127.0.0.1 bloom-claudia.mylog.pl 127.0.0.1 www.bratzpetz.com 127.0.0.1 www.bratz.com 127.0.0.1 www.cutewinx.com 127.0.0.1 winx-i-linx.mylog.pl 127.0.0.1 games.bratz.com 127.0.0.1 fotolog.terra.com.br 127.0.0.1 www.freewebs.com/magicofwinxclub 127.0.0.1 www.winxclub.us 127.0.0.1 www.flogao.com 127.0.0.1 zwinky.smileycentral.com 127.0.0.1 http://www.freewebs.com/magicofwinxclub/bloomsenchantix.htm 127.0.0.1 www.alemdalenda.com.br 127.0.0.1 www.on.br 127.0.0.1 asimpatiquinhas.blogspot.com 127.0.0.1 atrevida.uol.com.br 127.0.0.1 www.betinhocarrero.com.br 127.0.0.1 www.corbinbleu.com ササササササササササササササササササササササササ Generic Renos Fix GenericRenosFix by S!Ri ササササササササササササササササササササササササ Deleting infected files ササササササササササササササササササササササササ Deleting Temp Files ササササササササササササササササササササササササ Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" "Startup"="MCPSystemStartup" ササササササササササササササササササササササササ Registry Cleaning Registry Cleaning done. ササササササササササササササササササササササササ SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll ササササササササササササササササササササササササ End E o do Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 11:29:45, on 29/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Arquivos comuns\Stardock\SDMCP.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\Arquivos de programas\Stardock\Object Desktop\KLP\Keys.exe C:\Arquivos de programas\Stardock\Object Desktop\IconX\IconX.exe C:\Arquivos de programas\Stardock\Object Desktop\RightClick\RightClick.exe C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Arquivos de programas\Logitech\Video\LogiTray.exe C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe C:\Arquivos de programas\Logitech\Video\FxSvr2.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\WINDOWS\system32\dllcache\wordpad.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe D:\Desktop\Programas\HijackThis.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\PROTECT\protect.sld,C:\WINDOWS\system32\userinit.exe, O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdmcks.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Protect] "C:\WINDOWS\PROTECT\protect.exe" /a O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Arquivos de programas\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [FreeRAM XP] "D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe" -win O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: Execute a Ferramenta de Registo do Nintendo Wi-Fi USB Connector...lnk = C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 O8 - Extra context menu item: Analisar com LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Parser.html O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download usando Assistente LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Wizard.html O8 - Extra context menu item: Download usando LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\AddUrl.html O8 - Extra context menu item: Download with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun ?I Java ?R?“?\?[?? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//h...ALStreaming.cab O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab O16 - DPF: {731E2481-5410-49C6-BE75-083740869284} (QOnlineCtrl Class) - http://www.meteosonline.jp/QOnline.cab O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D41CE0FC-D720-413E-A9A6-82EC4CDAE742} (Session Class) - http://segalink.jp/_app/SJSessionAX.cab O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (????????????) - http://www.filebank.co.jp/setup/win/fbx2.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: MCPClient - C:\Arquivos de programas\Arquivos comuns\Stardock\mcpstub.dll O20 - Winlogon Notify: WBSrv - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe []'s Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Março 29, 2007 Opa Leoking, Vamos lá. Habilite o Windows para mostrar todos os arquivos (até ocultos). 1ª Etapa Baixe o CCleaner em: CCleaner Baixe, mas não execute ainda. Baixe o Killbox em: Killbox 1. Execute o Killbox, clique em Delete on Reboot. 2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar. C:\WINDOWS\PROTECT\protect.sld C:\WINDOWS\PROTECT\protect.exe 3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files. 4. Aperte em "X". Responda "não" à pergunta. É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível. 2ª Etapa Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro). Execute o HijackThis, clique em Do a system scan only e marque: F2 - REG:system.ini: UserInit=C:\WINDOWS\PROTECT\protect.sld,C:\WINDOWS\system32\userinit.exe,O4 - HKLM\..\Run: [Protect] "C:\WINDOWS\PROTECT\protect.exe" /a O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm O11 - Options group: [iNTERNATIONAL] International* Clique em Fix Checked. 3ª Etapa Ainda em Modo Seguro localize e delete: C:\WINDOWS\PROTECT <- a pasta 4ª Etapa Reinicie em Modo Normal. Execute o CCleaner e clique em Executar Cleaner. Submeta o arquivo abaixo ao site VirusTotal: C:\WINDOWS\system32\dllcache\wordpad.exe Retorne com o resultado e um novo log do HijackThis. Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Leoking 0 Denunciar post Postado Março 30, 2007 Opa,estou de volta! aí vai o log: Logfile of HijackThis v1.99.1 Scan saved at 12:25:25, on 30/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Arquivos de programas\Arquivos comuns\Stardock\SDMCP.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Stardock\Object Desktop\KLP\Keys.exe C:\Arquivos de programas\Stardock\Object Desktop\IconX\IconX.exe C:\Arquivos de programas\Stardock\Object Desktop\RightClick\RightClick.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\RunDLL32.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Arquivos de programas\Logitech\Video\LogiTray.exe C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe C:\Arquivos de programas\Logitech\Video\FxSvr2.exe C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllcache\wordpad.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe D:\Desktop\Programas\HijackThis.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdmcks.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Arquivos de programas\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [FreeRAM XP] "D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe" -win O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: Execute a Ferramenta de Registo do Nintendo Wi-Fi USB Connector...lnk = C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: Analisar com LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Parser.html O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download usando Assistente LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Wizard.html O8 - Extra context menu item: Download usando LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\AddUrl.html O8 - Extra context menu item: Download with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun ?I Java ?R?“?\?[?? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//h...ALStreaming.cab O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab O16 - DPF: {731E2481-5410-49C6-BE75-083740869284} (QOnlineCtrl Class) - http://www.meteosonline.jp/QOnline.cab O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D41CE0FC-D720-413E-A9A6-82EC4CDAE742} (Session Class) - http://segalink.jp/_app/SJSessionAX.cab O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (????????????) - http://www.filebank.co.jp/setup/win/fbx2.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: MCPClient - C:\Arquivos de programas\Arquivos comuns\Stardock\mcpstub.dll O20 - Winlogon Notify: WBSrv - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe e a do Virus Total: STATUS: FINISHED Complete scanning result of "wordpad.exe", received in VirusTotal at 03.30.2007, 05:24:09 (CET). Antivirus Version Update Result AhnLab-V3 2007.3.30.0 03.29.2007 no virus found AntiVir 7.3.1.46 03.29.2007 no virus found Authentium 4.93.8 03.30.2007 no virus found Avast 4.7.936.0 03.29.2007 no virus found AVG 7.5.0.447 03.29.2007 no virus found BitDefender 7.2 03.30.2007 no virus found CAT-QuickHeal 9.00 03.29.2007 no virus found ClamAV devel-20070312 03.30.2007 no virus found DrWeb 4.33 03.29.2007 no virus found eSafe 7.0.15.0 03.29.2007 no virus found eTrust-Vet 30.6.3522 03.29.2007 no virus found Ewido 4.0 03.29.2007 no virus found FileAdvisor 1 03.30.2007 No threat detected Fortinet 2.85.0.0 03.30.2007 no virus found F-Prot 4.3.1.45 03.30.2007 no virus found F-Secure 6.70.13030.0 03.30.2007 no virus found Ikarus T3.1.1.3 03.29.2007 no virus found Kaspersky 4.0.2.24 03.30.2007 no virus found McAfee 4995 03.29.2007 no virus found Microsoft 1.2306 03.30.2007 no virus found NOD32v2 2156 03.30.2007 no virus found Norman 5.80.02 03.29.2007 no virus found Panda 9.0.0.4 03.29.2007 no virus found Prevx1 V2 03.30.2007 no virus found Sophos 4.16.0 03.29.2007 no virus found Sunbelt 2.2.907.0 03.29.2007 no virus found Symantec 10 03.30.2007 no virus found TheHacker 6.1.6.080 03.23.2007 no virus found UNA 1.83 03.16.2007 no virus found VBA32 3.11.3 03.29.2007 no virus found VirusBuster 4.3.7:9 03.29.2007 no virus found Webwasher-Gateway 6.0.1 03.30.2007 no virus found Aditional Information File size: 215040 bytes MD5: 27174ca329a122b1b75774bca3f0afbd SHA1: 839112767aeb6dcfb5b73dc74ed38e76b90d22f4 Bit9 info: http://fileadvisor.bit9.com/services/extin...75774bca3f0afbd Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Março 30, 2007 Opa Leoking, O seu log está LIMPO. :thumbsup: Para finalizar: 1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Leoking 0 Denunciar post Postado Abril 2, 2007 o services.exe está fechando sozinho,daí começa uma contagem... e o pc reinicia! pode me salvar? xD aí vai o log: Logfile of HijackThis v1.99.1 Scan saved at 10:15:01, on 2/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Stardock\Object Desktop\KLP\Keys.exe C:\Arquivos de programas\Stardock\Object Desktop\RightClick\RightClick.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\RunDLL32.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Arquivos de programas\Logitech\Video\LogiTray.exe C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe C:\Arquivos de programas\Logitech\Video\FxSvr2.exe C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe C:\WINDOWS\system32\dwwin.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe D:\Desktop\Programas\HijackThis.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdmcks.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Arquivos de programas\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [FreeRAM XP] "D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe" -win O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Arquivos de programas\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: Execute a Ferramenta de Registo do Nintendo Wi-Fi USB Connector...lnk = C:\Arquivos de programas\WiFiConnector\NintendoWFCReg.exe O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: Analisar com LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Parser.html O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download usando Assistente LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\Wizard.html O8 - Extra context menu item: Download usando LeechGet - file://D:\Arquivos de programas\LeechGet 2006\\AddUrl.html O8 - Extra context menu item: Download with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun ?I Java ?R?“?\?[?? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Arquivos de programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//h...ALStreaming.cab O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab O16 - DPF: {731E2481-5410-49C6-BE75-083740869284} (QOnlineCtrl Class) - http://www.meteosonline.jp/QOnline.cab O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D41CE0FC-D720-413E-A9A6-82EC4CDAE742} (Session Class) - http://segalink.jp/_app/SJSessionAX.cab O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (????????????) - http://www.filebank.co.jp/setup/win/fbx2.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: MCPClient - C:\Arquivos de programas\Arquivos comuns\Stardock\mcpstub.dll O20 - Winlogon Notify: WBSrv - C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Arquivos de programas\Arquivos comuns\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe []'s Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Abril 2, 2007 Opa Leoking, Baixe o F-Secure Blacklight em: F-Secure Blacklight Salve-o em sua área de trabalho (desktop) e o execute. Aceite o acordo. Clique em Scan e aguarde. Se ele encontrar algum arquivo, ignore, pois quero apenas o log. Ao final do scan será gerado o arquivo fsbl-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Leoking 0 Denunciar post Postado Abril 3, 2007 o link não tá funcionando:ERROR 404: Sorry, URL not found.Please click here for the Main Index.This page will automatically load the Main Index in 10 seconds ... .eu peguei a outra versão,mas no fim do scan ela não gerou um log =/[]'s Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Abril 3, 2007 Opa Leoking. Eu já corrigi o link. Tente novamente. Obrigado pelo toque. :thumbsup: Editado: Acabei de testar e funcionou perfeitamente. Compartilhar este post Link para o post Compartilhar em outros sites
Leoking 0 Denunciar post Postado Abril 4, 2007 Depois do scan foi criado um arquivo de texto,acho que é esse o log:04/04/07 10:35:53 [info]: BlackLight Engine 1.0.61 initialized04/04/07 10:35:53 [info]: OS: 5.1 build 2600 (Service Pack 2)04/04/07 10:35:53 [Note]: 7019 404/04/07 10:35:53 [Note]: 7005 004/04/07 10:35:58 [Note]: 7006 004/04/07 10:35:58 [Note]: 7011 58804/04/07 10:35:59 [Note]: 7026 004/04/07 10:35:59 [Note]: 7026 004/04/07 10:36:06 [Note]: FSRAW library version 1.7.102104/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 10:42:45 [Note]: 2000 101204/04/07 11:01:01 [Note]: 7007 0(bem extranho isso xD)[]'s Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Abril 5, 2007 Opa Leoking, Baixe o SilentRunners. Extraia o arquivo SilentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo. Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole em sua próxima resposta. Abraços. Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução. Compartilhar este post Link para o post Compartilhar em outros sites
Leoking 0 Denunciar post Postado Abril 6, 2007 Opa,valeu! Aí vai o log: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "MsnMsgr" = ""C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background" [MS] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "LogitechSoftwareUpdate" = ""C:\Arquivos de programas\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."] "FreeRAM XP" = ""D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe" -win" ["YourWare Solutions "] "MSMSGS" = ""C:\Arquivos de programas\Messenger\msmsgs.exe" /background" [MS] "lmpc4" = "C:\Arquivos de programas\Lock My PC 4\lockpc.exe /s" ["FSPro Labs"] "Pando" = ""C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized" ["Pando Networks"] "(Default)" = "(empty string)" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS] "PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS] "PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS] "avast!" = "C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [null data] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."] "LogitechVideoRepair" = "C:\Arquivos de programas\Logitech\Video\ISStart.exe " ["Logitech Inc."] "LogitechVideoTray" = "C:\Arquivos de programas\Logitech\Video\LogiTray.exe" ["Logitech Inc."] "1A:Stardock TrayMonitor" = "C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe" ["Stardock"] "BootSkin Startup Jobs" = ""C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs" [empty string] "!AVG Anti-Spyware" = ""C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."] "ccApp" = ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "osCheck" = ""C:\Arquivos de programas\Norton AntiVirus\osCheck.exe"" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar Helper" \InProcServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" \InProcServer32\(Default) = "C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll" ["Google Inc."] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided) -> {HKLM...CLSID} = "FDMIECookiesBHO Class" \InProcServer32\(Default) = "D:\Arquivos de programas\Free Download Manager\iefdmcks.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensao de icone do HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] []'s Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Abril 6, 2007 Opa Leoking, O log está incompleto. Um documento completo apresenta uma conjuntura parecida com esta (Post #9). Retorne com um log na íntegra. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Leoking 0 Denunciar post Postado Abril 7, 2007 Opa,desculpa,fui na pressa. Aí vai o log completo: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "MsnMsgr" = ""C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background" [MS] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "LogitechSoftwareUpdate" = ""C:\Arquivos de programas\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."] "FreeRAM XP" = ""D:\Desktop\Programas\FreeRAM XP Pro 1.40.exe" -win" ["YourWare Solutions "] "MSMSGS" = ""C:\Arquivos de programas\Messenger\msmsgs.exe" /background" [MS] "lmpc4" = "C:\Arquivos de programas\Lock My PC 4\lockpc.exe /s" ["FSPro Labs"] "Pando" = ""C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized" ["Pando Networks"] "(Default)" = "(empty string)" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS] "PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS] "PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS] "avast!" = "C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [null data] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."] "LogitechVideoRepair" = "C:\Arquivos de programas\Logitech\Video\ISStart.exe " ["Logitech Inc."] "LogitechVideoTray" = "C:\Arquivos de programas\Logitech\Video\LogiTray.exe" ["Logitech Inc."] "1A:Stardock TrayMonitor" = "C:\Arquivos de programas\Arquivos comuns\Stardock\TrayServer.exe" ["Stardock"] "BootSkin Startup Jobs" = ""C:\ARQUIV~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs" [empty string] "!AVG Anti-Spyware" = ""C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."] "ccApp" = ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "osCheck" = ""C:\Arquivos de programas\Norton AntiVirus\osCheck.exe"" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar Helper" \InProcServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" \InProcServer32\(Default) = "C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll" ["Google Inc."] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided) -> {HKLM...CLSID} = "FDMIECookiesBHO Class" \InProcServer32\(Default) = "D:\Arquivos de programas\Free Download Manager\iefdmcks.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensao de icone do HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\ARQUIV~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll" [MS] "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt" -> {HKLM...CLSID} = "RecordNow! SendToExt" \InProcServer32\(Default) = "C:\Arquivos de programas\Sonic\RecordNow Deluxe\RecordNow! Deluxe\shlext.dll" [null data] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento" \InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.0.0812.00.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{29D37B90-E2B2-408A-8F0A-F08BF1F9B074}" = "SxContextMenu1" -> {HKLM...CLSID} = "SxContextMenu1" \InProcServer32\(Default) = "C:\ARQUIV~1\REACON~1.0PR\Context\context.dll" [null data] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures" -> {HKLM...CLSID} = "My Logitech Pictures" \InProcServer32\(Default) = "C:\Arquivos de programas\Logitech\Video\Namespc2.dll" ["Logitech Inc."] "{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender" -> {HKLM...CLSID} = "CMenuExtender" \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Crystal Clear\iColorFolder\CMExt.dll" ["Revenger inc."] "{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}" = "ZipGenius Shell Extension" -> {HKLM...CLSID} = "ZipGenius Shell Extension" \InProcServer32\(Default) = "C:\ARQUIV~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"] "{2E5AC2E0-406D-11D4-86B3-FA5861508E25}" = "ZipGenius Zip InfoTip" -> {HKLM...CLSID} = "ZipGenius InfoTip" \InProcServer32\(Default) = "C:\ARQUIV~1\ZIPGEN~1\zgtips.dll" ["M.Dev Software"] "{310A0C95-EA11-42AE-A8E4-53E69E650310}" = "ZipGenius Drop handler" -> {HKLM...CLSID} = "ZipGenius Drag and Drop handler" \InProcServer32\(Default) = "C:\ARQUIV~1\ZIPGEN~1\DROPHA~1.DLL" ["M.Dev Software"] "{FE8D01BF-610A-4261-9C6E-32D65A42C907}" = "ZipGenius DnD Extract handler" -> {HKLM...CLSID} = "ZipGenius DnD Extract handler" \InProcServer32\(Default) = "C:\ARQUIV~1\ZIPGEN~1\ZGDRAG~1.DLL" ["M.Dev Software"] "{2F5AC606-70CF-461C-BFE1-734234536262}" = "WindowBlinds CPL Extension" -> {HKLM...CLSID} = "DisplayCplExt Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\wbui.dll" ["Stardock.Net, Inc"] "{611AD258-4138-4348-A534-9856FA6BA398}" = "IconPackager Icon Handler" -> {HKLM...CLSID} = "IPIconHandlerExt Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Stardock\Object Desktop\IconPackager\shellext.dll" ["Stardock.net, Inc"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "0aMCPClient" = "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" -> {HKLM...CLSID} = "MCPShellInstantiator Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Stardock\MCPCore.dll" ["Stardock"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "wbsys.dll" ["Stardock.Net, Inc"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> fsp_lmwl\DLLName = "fsp_lmwl.dll" ["FSPro Labs"] <<!>> MCPClient\DLLName = "C:\Arquivos de programas\Arquivos comuns\Stardock\mcpstub.dll" ["Stardock"] <<!>> WBSrv\DLLName = "C:\ARQUIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll" ["Stardock"] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}" -> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension" \InProcServer32\(Default) = "D:\Arquivos de programas\LeechGet 2006\ShellExtension.dll" [null data] PandoShellExt\(Default) = "{9C150845-2A2D-44CC-90B3-AA03480AA3D2}" -> {HKLM...CLSID} = "PDShellExt Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Pando Networks\Pando\PandoShellExt.dll" ["Pando Networks"] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\ARQUIV~1\NORTON~2\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] ZipGenius 6\(Default) = "{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}" -> {HKLM...CLSID} = "ZipGenius Shell Extension" \InProcServer32\(Default) = "C:\ARQUIV~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}" -> {HKLM...CLSID} = "CMenuExtender" \InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Crystal Clear\iColorFolder\CMExt.dll" ["Revenger inc."] LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}" -> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension" \InProcServer32\(Default) = "D:\Arquivos de programas\LeechGet 2006\ShellExtension.dll" [null data] PandoShellExt\(Default) = "{9C150845-2A2D-44CC-90B3-AA03480AA3D2}" -> {HKLM...CLSID} = "PDShellExt Class" \InProcServer32\(Default) = "C:\Arquivos de programas\Pando Networks\Pando\PandoShellExt.dll" ["Pando Networks"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] ZipGenius 6\(Default) = "{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}" -> {HKLM...CLSID} = "ZipGenius Shell Extension" \InProcServer32\(Default) = "C:\ARQUIV~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}" -> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension" \InProcServer32\(Default) = "D:\Arquivos de programas\LeechGet 2006\ShellExtension.dll" [null data] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\ARQUIV~1\NORTON~2\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\ARQUIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ SxContextMenu1\(Default) = "{29D37B90-E2B2-408A-8F0A-F08BF1F9B074}" -> {HKLM...CLSID} = "SxContextMenu1" \InProcServer32\(Default) = "C:\ARQUIV~1\REACON~1.0PR\Context\context.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoViewOnDrive" = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoCDBurning" = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ "Colors" = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Configuracoes locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\Leowall.bmp" Startup items in "Leo" & "All Users" startup folders: ----------------------------------------------------- C:\Documents and Settings\Leo\Menu Iniciar\Programas\Inicializar "Stardock ObjectDock" -> shortcut to: "C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe" ["Stardock"] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar "Google Updater" -> shortcut to: "C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe -systray -startup" ["Google"] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."] "Norton AntiVirus - Run Full System Scan - Leo" -> launches: "C:\ARQUIV~1\NORTON~2\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] "One Button Checkup do Norton SystemWorks" -> launches: "C:\Arquivos de programas\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE /AUTO" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 25 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] "{4D5C8C2A-D075-11D0-B416-00C04FB90376}" -> {HKLM...CLSID} = "Microsoft CommBand" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{F2CF5485-4E02-4F68-819C-B92DE9277049}" -> {HKLM...CLSID} = "&Links" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Pesquisar" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Java コンソール (Sun)" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" -> {HKLM...CLSID} = "Web Browser Applet Control" \InProcServer32\(Default) = "C:\WINDOWS\system32\msjava.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Pesquisar" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Arquivos de programas\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] avast! Antivirus, avast! Antivirus, ""C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] Google Updater Service, gusvc, ""C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] StarWind iSCSI Service, StarWindService, "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] Symantec AppCore Service, SymAppCore, ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"] Symantec Core LC, Symantec Core LC, ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Symantec Lic NetConnect service, CLTNetCnService, ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ "UpperFilters" = <<!>> "lmpc4" ["FSPro Labs"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 73 seconds, including 7 seconds for message boxes) []'s! Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Abril 9, 2007 Opa Leoking, Baixe o Fixwareout. Feche todos os programas. Execute o FixWareout (dê duplo clique sobre o ícone) --> "Next" --> "Install" --> "Finish" --> aperte qualquer tecla para continuar --> caso a ferramenta peça reboot, clique em Ok. Verifique o arquivo C:\fixwareout\report.txt. Preciso que coloque o conteúdo do report.txt em sua próxima resposta. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Leoking 0 Denunciar post Postado Abril 10, 2007 jgarcia, meu PC anda meio doido... esse problema do services.exe parou,mas eu já tive esse problema há pouco tempo atrás...então desconfio que ele voltará. Agora apareceu um novo problema: Quando ligo o PC,logo após carregar todos os programas de inicialização,aparece uma mensagem: Alerta de Prevenção de Execução de Dados - Microsoft Windows Para ajudar a proteger seu computador, o Windows fechou este programa. Nome: Windows Explorer e se aperto na única opção,fechar mensagem,logo já fecha o explorer.exe e o drwtsn (alguma coisa assim). O que devo fazer? EDIT: não sei o que aconteceu,mas esse problema parou também(o novo que mencionei acima),mas acredito que pode voltar,como eu disse,meu computador tá ficando louco! Ah, e aqui segue o log, como foi pedido: Fixwareout Last edited 4/5/2007 Post this report in the forums please ... サササササPrerun check サササササ System restarted サササササ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... サササササ Misc files. .... サササササ Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ サササササ Other サササササ Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "avast!"="C:\\ARQUIV~1\\ALWILS~1\\Avast4\\ashDisp.exe" "SoundMan"="SOUNDMAN.EXE" "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE" "LogitechVideoRepair"="C:\\Arquivos de programas\\Logitech\\Video\\ISStart.exe " "LogitechVideoTray"="C:\\Arquivos de programas\\Logitech\\Video\\LogiTray.exe" "1A:Stardock TrayMonitor"="C:\\Arquivos de programas\\Arquivos comuns\\Stardock\\TrayServer.exe" "BootSkin Startup Jobs"="\"C:\\ARQUIV~1\\Stardock\\WINCUS~1\\BootSkin\\BootSkin.exe\" /StartupJobs" "!AVG Anti-Spyware"="\"C:\\Arquivos de programas\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "ccApp"="\"C:\\Arquivos de programas\\Arquivos comuns\\Symantec Shared\\ccApp.exe\"" "osCheck"="\"C:\\Arquivos de programas\\Norton AntiVirus\\osCheck.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled] "ISUSPM Startup"="C:\\ARQUIV~1\\ARQUIV~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "ISUSScheduler"="\"C:\\Arquivos de programas\\Arquivos comuns\\InstallShield\\UpdateService\\issch.exe\" -start" "SunJavaUpdateSched"="\"C:\\Arquivos de programas\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="\"C:\\Arquivos de programas\\MSN Messenger\\MsnMsgr.Exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "LogitechSoftwareUpdate"="\"C:\\Arquivos de programas\\Logitech\\Video\\ManifestEngine.exe\" boot" "FreeRAM XP"="\"D:\\Desktop\\Programas\\FreeRAM XP Pro 1.40.exe\" -win" "MSMSGS"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background" "lmpc4"="C:\\Arquivos de programas\\Lock My PC 4\\lockpc.exe /s" "Pando"="\"C:\\Arquivos de programas\\Pando Networks\\Pando\\Pando.exe\" /Minimized" @="" .... Hosts file was reset, If you use a custom hosts file please replace it サササササ End report サササササ Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Abril 11, 2007 Opa Leoking, Execute o Active Scan da Panda e retorne com o resultado. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Leoking 0 Denunciar post Postado Abril 12, 2007 O meu Avast detectou como verme =Psó tinha a opção desconectar,como faço? Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Abril 12, 2007 O meu Avast detectou como verme =Psó tinha a opção desconectar,como faço? É um falso-positivo do Avast. Desabilite-o para executar o Active Scan. ;) Compartilhar este post Link para o post Compartilhar em outros sites