[Resolvido!]meu pc reinicia sozinho

[Beloc 0]

Meu PC tá cheio de problemas... Às vezes qdo ligo não aparece imagem, notei q qdo acontece isso uma "luzinha" verde no Gabinete não acende (acende só uma vermelha). e outra qdo ela liga normal, às vezes ele reinicia sozinho. quer dizer ele se desliga, pq ele só consegue reiniciar qdo eu clico no botão de reiniciar do gabinete. Abaixo eu coloquei meu log:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 19:01:39, on 19/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

F:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

F:\WINDOWS\System32\nvsvc32.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\wscntfy.exe

F:\WINDOWS\Explorer.EXE

F:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe

F:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

F:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

F:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe

F:\WINDOWS\WinLogT.exe

F:\WINDOWS\winpos.exe

F:\Arquivos de programas\Ahead\InCD\InCD.exe

F:\Arquivos de programas\lg_fwupdate\fwupdate.exe

F:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

F:\Arquivos de programas\QuickTime\qttask.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Arquivos de programas\BitTorrent\bittorrent.exe

F:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

F:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

F:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

F:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

F:\DOCUME~1\Bel\CONFIG~1\Temp\Diretório temporário 3 para hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Arquivos de programas\Orbit\orbitcth.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Office XP crack (nao remover)] F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Office10\zera_oxp.exe

O4 - HKLM\..\Run: [HP Software Update] F:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eSnips] "F:\Arquivos de programas\eSnips\ClientGW.exe"

O4 - HKLM\..\Run: [avgnt] "F:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [WinLogT] F:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [itunesff] F:\WINDOWS\system32\itunesff.exe -go -c220 -w46

O4 - HKLM\..\Run: [winpos] F:\WINDOWS\winpos.exe

O4 - HKLM\..\Run: [inCD] F:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LGODDFU] "F:\Arquivos de programas\lg_fwupdate\fwupdate.exe"

O4 - HKLM\..\Run: [RemoteControl] "F:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "F:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "F:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [Free Download Manager] F:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = F:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Windows Live Search - res://F:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://F:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?41cb421b07ec49c896e73a76c9d14f96

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://F:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?41cb421b07ec49c896e73a76c9d14f96

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: F:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {33331111-1111-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl220bf2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://egline.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: rpcc - F:\WINDOWS\system32\rpcc.dll (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - F:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - F:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe

[jgarcia 1]

Opa Beloc,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em F:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no F.

 

Abraços.

[Beloc 0]

HIJACKTHIS

 

Logfile of HijackThis v1.99.1

Scan saved at 18:13:42, on 20/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\Explorer.EXE

F:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe

F:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

F:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

F:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe

F:\WINDOWS\WinLogT.exe

F:\WINDOWS\winpos.exe

F:\Arquivos de programas\Ahead\InCD\InCD.exe

F:\Arquivos de programas\lg_fwupdate\fwupdate.exe

F:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

F:\Arquivos de programas\QuickTime\qttask.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Arquivos de programas\BitTorrent\bittorrent.exe

F:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

F:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

F:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

F:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

F:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

F:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

F:\WINDOWS\System32\nvsvc32.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\wscntfy.exe

F:\DOCUME~1\Bel\CONFIG~1\Temp\Diretório temporário 4 para hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Arquivos de programas\Orbit\orbitcth.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Office XP crack (nao remover)] F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Office10\zera_oxp.exe

O4 - HKLM\..\Run: [HP Software Update] F:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eSnips] "F:\Arquivos de programas\eSnips\ClientGW.exe"

O4 - HKLM\..\Run: [avgnt] "F:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [WinLogT] F:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [itunesff] F:\WINDOWS\system32\itunesff.exe -go -c220 -w46

O4 - HKLM\..\Run: [winpos] F:\WINDOWS\winpos.exe

O4 - HKLM\..\Run: [inCD] F:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LGODDFU] "F:\Arquivos de programas\lg_fwupdate\fwupdate.exe"

O4 - HKLM\..\Run: [RemoteControl] "F:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "F:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "F:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [Free Download Manager] F:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = F:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Windows Live Search - res://F:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://F:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?41cb421b07ec49c896e73a76c9d14f96

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://F:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?41cb421b07ec49c896e73a76c9d14f96

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: F:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {33331111-1111-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl220bf2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://egline.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: rpcc - F:\WINDOWS\system32\rpcc.dll (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - F:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe

 

 

RELATÓRIO

BankerFix 2.2 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 20/4/2007 - 18:11

=======================================================

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[jgarcia 1]

Opa Beloc,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

F:\WINDOWS\system32\itunesff.exe -go -c220 -w46

F:\WINDOWS\system32\rpcc.dll

F:\WINDOWS\WinLogT.exe

F:\WINDOWS\winpos.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

O4 - HKLM\..\Run: [WinLogT] F:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [itunesff] F:\WINDOWS\system32\itunesff.exe -go -c220 -w46

O4 - HKLM\..\Run: [winpos] F:\WINDOWS\winpos.exe

O20 - Winlogon Notify: rpcc - F:\WINDOWS\system32\rpcc.dll (file missing)

Clique em Fix Checked.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Poste um novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

[Beloc 0]

Logfile of HijackThis v1.99.1

Scan saved at 13:34:33, on 22/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\Explorer.EXE

F:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe

F:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

F:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

F:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe

F:\Arquivos de programas\Ahead\InCD\InCD.exe

F:\Arquivos de programas\lg_fwupdate\fwupdate.exe

F:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

F:\Arquivos de programas\QuickTime\qttask.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Arquivos de programas\BitTorrent\bittorrent.exe

F:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

F:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

F:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

F:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

F:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

F:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

F:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

F:\WINDOWS\System32\nvsvc32.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\wscntfy.exe

F:\ARQUIV~1\Mozilla Firefox\firefox.exe

F:\DOCUME~1\Bel\CONFIG~1\Temp\Diretório temporário 6 para hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Arquivos de programas\Orbit\orbitcth.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Office XP crack (nao remover)] F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Office10\zera_oxp.exe

O4 - HKLM\..\Run: [HP Software Update] F:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eSnips] "F:\Arquivos de programas\eSnips\ClientGW.exe"

O4 - HKLM\..\Run: [avgnt] "F:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [inCD] F:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LGODDFU] "F:\Arquivos de programas\lg_fwupdate\fwupdate.exe"

O4 - HKLM\..\Run: [RemoteControl] "F:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "F:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "F:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [Free Download Manager] F:\Arquivos de programas\Free Download Manager\fdm.exe -autorun

O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = F:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Windows Live Search - res://F:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://F:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?41cb421b07ec49c896e73a76c9d14f96

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://F:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?41cb421b07ec49c896e73a76c9d14f96

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: F:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {33331111-1111-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl220bf2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://egline.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{86E68754-F89F-4DFE-9D57-9576C16A385D}: NameServer = 200.165.132.155 200.165.132.148

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - F:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe

[jgarcia 1]

Opa Beloc,

 

O seu log está limpo. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como.

 

Abraços.

[Beloc 0]

Mto obrigada! você é dez!

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.