kenjijp 0 Denunciar post Postado Outubro 20, 2007 Ola , meu micro esta reiniciando toda hora , o que pode ser ? obrigado . Meu logfile Logfile of HijackThis v1.99.1 Scan saved at 18:35:02, on 21/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Arquivos de programas\Logitech\Video\LogiTray.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\rundll32.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\Documents and Settings\Felix\Meus documentos\Ares\Ares.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\Arquivos de programas\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Felix\Meus documentos\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dgabc.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolbar.msn....;CM=MsgrInstall R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [intelAudioStudio] "C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate" O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\system32\cmrss.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [trioService] "C:\ARQUIV~1\FREEZE.COM\Halloween\\trioService.exe " O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\ARQUIV~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [dark2] C:\WINDOWS\system32\ppp.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Felix\Meus documentos\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe O4 - HKCU\..\Run: [AROReminder] C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe -rem O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZK O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nani3030.spaces.live.com//PhotoUpload/MsnPUpld.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Documents and Settings\Felix\Meus documentos\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 20, 2007 Ola , meu micro esta reiniciando toda hora , o que pode ser ? obrigado . @@@@@@@@@@@@@@ Boa Noite kenjijp! <!> Faça o download do HijackThis. <!> Baixe-o para o Disco Local-C e estabeleça uma pasta própria para o programa. <!> Temos como exemplo: < C:\HijackThis.exe > ou < C:\HijackThis\HijackThis.exe > <!> Mas,não execute-o ainda! <!> Para que o Log do HijackThis saia completo,vá em Iniciar >> Executar. <!> Digite: msconfig >> Ok. <!> Na guia Inicializar,marque tôdos os ítens e confirme! <!> Reinicie o computador! <!> Abra o HijackThis e clique em Do a system scan and save a logfile. <!> Abrir-se-á um Bloco de Notas! <!> Selecione e copie o seu conteúdo para êste Tópico. Não crie outro! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
kenjijp 0 Denunciar post Postado Outubro 23, 2007 Meu logfile Logfile of HijackThis v1.99.1 Scan saved at 18:35:02, on 21/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Arquivos de programas\Logitech\Video\LogiTray.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\rundll32.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\Documents and Settings\Felix\Meus documentos\Ares\Ares.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\Arquivos de programas\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Felix\Meus documentos\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dgabc.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolbar.msn....;CM=MsgrInstall R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [intelAudioStudio] "C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate" O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\system32\cmrss.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [trioService] "C:\ARQUIV~1\FREEZE.COM\Halloween\\trioService.exe " O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\ARQUIV~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [dark2] C:\WINDOWS\system32\ppp.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Felix\Meus documentos\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe O4 - HKCU\..\Run: [AROReminder] C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe -rem O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZK O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nani3030.spaces.live.com//PhotoUpload/MsnPUpld.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Documents and Settings\Felix\Meus documentos\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 24, 2007 Bom Dia kenjijp! >@< Faça o download do Avenger. >@< Descompacte-o e crie uma pasta para o programa! >@< Coloque esta pasta no Disco Local-C ou Desktop! >@< Rode o programa e marque Input script manually. >@< Clique no ícone da lupa! Files to delete:C:\WINDOWS\system32\cmrss.exe C:\WINDOWS\system32\ppp.exe C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL C:\ARQUIV~1\FREEZE.COM\Halloween\\trioService.exe C:\ARQUIV~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe >@< Na caixa que abrir,cole o que foi copiado na área do quote,logo àcima! >@< Clique em Done. >@< Clique no ícone do semáforo! >@< Clique em Ok. >@< O computador irá reiniciar! >@< Aproveite êste Reboot,e entre em Modo de Segurança. >@< Abra o HijackThis,e clique em Do a system scan only. >@< Marque as entradas,logo abaixo,e clique em Fix checked! R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolbar.msn....;CM=MsgrInstallR3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\system32\cmrss.exe O4 - HKLM\..\Run: [trioService] "C:\ARQUIV~1\FREEZE.COM\Halloween\\trioService.exe " O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\ARQUIV~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe O4 - HKCU\..\Run: [dark2] C:\WINDOWS\system32\ppp.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZK >@< Reinicie,normalmente,o computador! >@< Faça e poste um nôvo log do HijackThis + Avenger.txt,na sua resposta. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
kenjijp 0 Denunciar post Postado Outubro 24, 2007 Logfile of HijackThis v1.99.1 Scan saved at 21:16:44, on 24/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Arquivos de programas\Logitech\Video\LogiTray.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Felix\Meus documentos\Ares\Ares.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\Arquivos de programas\Logitech\Video\FxSvr2.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Documents and Settings\Felix\Meus documentos\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dgabc.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [intelAudioStudio] "C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Felix\Meus documentos\Ares\Ares.exe" -h O4 - HKCU\..\Run: [AROReminder] C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe -rem O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nani3030.spaces.live.com//PhotoUpload/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D12C55E4-0190-46C5-8406-19EC34BB3698}: NameServer = 221.184.25.18 222.146.35.130 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Documents and Settings\Felix\Meus documentos\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ihcjuhnb ******************* Script file located at: \??\C:\WINDOWS\system32\koutkvap.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\cmrss.exe not found! Deletion of file C:\WINDOWS\system32\cmrss.exe failed! Could not process line: C:\WINDOWS\system32\cmrss.exe Status: 0xc0000034 File C:\WINDOWS\system32\ppp.exe not found! Deletion of file C:\WINDOWS\system32\ppp.exe failed! Could not process line: C:\WINDOWS\system32\ppp.exe Status: 0xc0000034 File C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL deleted successfully. File C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL deleted successfully. Could not open file C:\ARQUIV~1\FREEZE.COM\Halloween\\trioService.exe for deletion Deletion of file C:\ARQUIV~1\FREEZE.COM\Halloween\\trioService.exe failed! Could not process line: C:\ARQUIV~1\FREEZE.COM\Halloween\\trioService.exe Status: 0xc0000033 Could not open file C:\ARQUIV~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL for deletion Deletion of file C:\ARQUIV~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL failed! Could not process line: C:\ARQUIV~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL Status: 0xc000003a Could not open file C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe for deletion Deletion of file C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe failed! Could not process line: C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe Status: 0xc000003a Completed script processing. ******************* Finished! Terminate. Compartilhar este post Link para o post Compartilhar em outros sites
kenjijp 0 Denunciar post Postado Outubro 24, 2007 E ai Digram tudo bem ? Entaw entrar no Modo de Segurança eu nw sei como faz , se o que fiz nw deu certo , você poderia me explica como entra nesse Modo de Segurança ? Faloo um abraço Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 24, 2007 E ai Digram tudo bem ? Entaw entrar no Modo de Segurança eu nw sei como faz , se o que fiz nw deu certo , você poderia me explica como entra nesse Modo de Segurança ? Faloo um abraço @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Opa!kenjijp Boa Tarde! >@< Entrar em Modo de Segurança,não é difícil...mas requer alguns cuidados,para evitar travamentos. >@< Sugiro que imprima,êste Tutorial,e leia-o calmamente. ______________________ >@< Faça o download do a-squared Free 3.0 >@< Abra o programa e clique em: Atualizar agora >> Aguarde! >@< Terminando,clique em: Analisar agora. >@< Procure fazer,esta análise,em Modo de Segurança! >@< Escolha a opção: A fundo. >@< Clique em Analisar! >@< Terminando,envie os ítens encontrados para a quarentena. Aonde,daí,serão excluídos ou restaurados. >@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
kenjijp 0 Denunciar post Postado Outubro 26, 2007 Boa noite DigRam tudo bem ? estou mandando os relatorios ...obrigado. Logfile of HijackThis v1.99.1 Scan saved at 00:13:31, on 27/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Arquivos de programas\Logitech\Video\LogiTray.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\a-squared Free\a2service.exe C:\WINDOWS\system32\rundll32.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Logitech\Video\FxSvr2.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe C:\Documents and Settings\Felix\Meus documentos\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dgabc.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [intelAudioStudio] "C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [AROReminder] C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe -rem O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nani3030.spaces.live.com//PhotoUpload/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D12C55E4-0190-46C5-8406-19EC34BB3698}: NameServer = 221.184.25.18 222.146.35.130 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Documents and Settings\Felix\Meus documentos\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe logfile hijack this Logfile of HijackThis v1.99.1 Scan saved at 00:13:31, on 27/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Arquivos de programas\Logitech\Video\LogiTray.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\a-squared Free\a2service.exe C:\WINDOWS\system32\rundll32.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Logitech\Video\FxSvr2.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe C:\Documents and Settings\Felix\Meus documentos\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dgabc.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [intelAudioStudio] "C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [AROReminder] C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe -rem O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nani3030.spaces.live.com//PhotoUpload/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D12C55E4-0190-46C5-8406-19EC34BB3698}: NameServer = 221.184.25.18 222.146.35.130 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Documents and Settings\Felix\Meus documentos\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 27, 2007 Boa Tarde kenjijp! >@< O Log do HijackThis saiu duplicado e,não foi postado o relatório do a-squared. >@< Poste,agora,na sua resposta,o relatório do a-squared. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
kenjijp 0 Denunciar post Postado Outubro 28, 2007 E ai Dig Ram tudo bem ? Estou mandando o relatorio a-squared .O pc melhorou bastante mas ainda ta reiniciando qdo vou assistir algum video .. Obrigado ...um abraço. -squared Free - Versão 3.0 Last update: 27/10/2007 02:08:14 Configurações da análise: Objetos: Memória, Rastros, Cookies, C:\, D:\ Análise de arquivos: Ligado Heurística: Ligado Análise de ADS: Ligado Início da análise: 27/10/2007 08:34:46 Key: HKEY_CLASSES_ROOT\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} detectado: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\clsid\{25560540-9571-4d7b-9389-0f166788785a} detectado: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\clsid\{3e720452-b472-4954-b7aa-33069eb53906} detectado: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5} detectado: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805} detectado: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} detectado: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} detectado: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} detectado: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} detectado: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\clsid\{25560540-9571-4d7b-9389-0f166788785a} detectado: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\clsid\{3e720452-b472-4954-b7aa-33069eb53906} detectado: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5} detectado: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805} detectado: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} detectado: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} detectado: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} detectado: Trace.Registry.MyWebSearchToolbar C:\Documents and Settings\Felix\Cookies\felix@statcounter[2].txt detectado: Trace.TrackingCookie C:\System Volume Information\_restore{526D7751-1BBF-420B-9DD0-A71A19C1229B}\RP560\A0151910.DLL detectado: Riskware.AdTool.Win32.MyWebSearch.az C:\System Volume Information\_restore{526D7751-1BBF-420B-9DD0-A71A19C1229B}\RP560\A0151911.dll detectado: Riskware.AdTool.Win32.MyWebSearch.au C:\System Volume Information\_restore{526D7751-1BBF-420B-9DD0-A71A19C1229B}\RP560\A0151912.dll detectado: Riskware.AdTool.Win32.MyWebSearch.au C:\System Volume Information\_restore{526D7751-1BBF-420B-9DD0-A71A19C1229B}\RP560\A0151913.scr detectado: Adware.Win32.MyWebSearch C:\System Volume Information\_restore{526D7751-1BBF-420B-9DD0-A71A19C1229B}\RP560\A0151914.dll detectado: Adware.Win32.MyWebSearch Analisado Arquivos: 125939 Objetos: 146623 Cookies: 266 Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 28, 2007 Bom Dia kenjijp! >@< Faça o download do CCleaner. >@< Baixe-o para o Desktop! >@< Abra o programa e clique em Executar cleaner. _____________________ >@< Vá à quarentena do a-squared,selecione todo o conteúdo e clique em Excluir. >@< Voçê possui dois Antivírus,faça a opção por um dêles! _____________________ >@< Faça o download do DiagHelp. >@< Salve-o no Disco Local-C. >@< Descompacte a ferramenta e abra a pasta DiagHelp. >@< Dê um duplo clique em go.cmd >@< Abrir-se-á um prompt e,nas opções,escolha o 1 >> Aperte Enter. >@< Aperte Enter novamente!(...ou,qualquer tecla! ) >@< Aguarde o término da análise! >@< Terminando,feche o programa e copie/cole o relatório ( C:\resultat.txt ),na sua resposta. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
kenjijp 0 Denunciar post Postado Outubro 29, 2007 Boa noite DigRam ! Entao ...instalei o diaghelp, abri ele , cliquei no GO , dai apareceu uma telinha preta escrito em frances ou alemao , escrito atencao e embaixo escrito em portugues ...pressione qualquer tecla p continuar . So que nw da p escolher a opcao 1 que você falou e nw analisa nada . Daria p você explicar de novo essaparte ? Um abraço Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 29, 2007 Boa noite DigRam ! Entao ...instalei o diaghelp, abri ele , cliquei no GO , dai apareceu uma telinha preta escrito em frances ou alemao , escrito atencao e embaixo escrito em portugues ...pressione qualquer tecla p continuar . So que nw da p escolher a opcao 1 que você falou e nw analisa nada . Daria p você explicar de novo essaparte ? Um abraço @@@@@@@@@@@@@@@@@@ Opa!kenjijp Boa Noite! >@< Abrir-se-á um prompt e,nas opções,escolha o 1 >> Aperte Enter. >@< Na telinha preta,está aparecendo as opções? ( Que estão em Françês! ) >@< A opção que nos importa,é a 1 e,voçê deverá apertá-la no teclado. >@< Leia com calma,os procedimentos! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
kenjijp 0 Denunciar post Postado Outubro 30, 2007 Boa noite DigRam , na telinha preta nao aparece as opcoes , so aparece o testo em frances e embaixo escrito pressione uma tecla p continuar , mas qdo eu aperto a tela some e nw acontece nada ....o que eu faço ? faloo um abraço Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 31, 2007 Boa noite DigRam , na telinha preta nao aparece as opcoes , so aparece o testo em frances e embaixo escrito pressione uma tecla p continuar , mas qdo eu aperto a tela some e nw acontece nada ....o que eu faço ? faloo um abraço @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Opa!kenjijp Bom Dia! >@< Devido à êsse erro,baixe o ComboFix,que também é uma ferramenta de diagnóstico. _______________________ >@< Faça o download do ComboFix. >@< Baixe-o para o Desktop! >@< Feche todas as janelas e execute a ferramenta! >@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado. >@< Abrirá a janela Auto Scan. Aguarde! >@< Digite a opção para continuar < Enter > >@< Aguarde a conclusão! >@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
kenjijp 0 Denunciar post Postado Outubro 31, 2007 Boa noite DigRam !! Fiz todos os processos e estou mandando o relatorio , um abraço ComboFix 07-10-29.1** - Felix 2007-10-31 23:43:33.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.201 [GMT 9:00] Executando de: C:\Documents and Settings\Felix\Configurações locais\Temporary Internet Files\Content.IE5\A74DKD6F\ComboFix[1].exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Felix\Dados de aplicativos\FunWebProducts C:\Documents and Settings\Felix\Dados de aplicativos\FunWebProducts\Data\Felix\wffavs.dat C:\WINDOWS\system32\nvrssk.dll C:\WINDOWS\system32\nvrssl.dll C:\WINDOWS\system32\perfstringv4.9.dll C:\WINDOWS\system32\simdataconf.dll . ((((((((((((((((((((((( Ficheiros criados de 2007-09-28 to 2007-10-31 )))))))))))))))))))))))))))))))) . 2007-10-31 23:41 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-30 22:58 <DIR> d--hs---- C:\FOUND.027 2007-10-29 23:12 763,737 --a------ C:\DiagHelp.zip 2007-10-29 23:00 <DIR> d-------- C:\Arquivos de programas\CCleaner 2007-10-29 21:23 <DIR> d--hs---- C:\FOUND.026 2007-10-28 02:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion 2007-10-28 00:50 <DIR> d--hs---- C:\FOUND.025 2007-10-26 22:36 <DIR> d-------- C:\Arquivos de programas\a-squared Free 2007-10-26 18:50 <DIR> d--hs---- C:\FOUND.024 2007-10-26 18:27 <DIR> d--hs---- C:\FOUND.023 2007-10-25 23:39 <DIR> d--hs---- C:\FOUND.022 2007-10-23 21:55 <DIR> d--hs---- C:\FOUND.021 2007-10-23 20:41 <DIR> d--hs---- C:\FOUND.020 2007-10-21 21:58 <DIR> d--hs---- C:\FOUND.019 2007-10-21 20:31 <DIR> d--hs---- C:\FOUND.018 2007-10-21 17:51 <DIR> d--hs---- C:\FOUND.017 2007-10-21 14:20 <DIR> d--hs---- C:\FOUND.016 2007-10-21 10:06 <DIR> d--hs---- C:\FOUND.015 2007-10-20 22:02 <DIR> d--hs---- C:\FOUND.014 2007-10-20 21:38 <DIR> d-------- C:\Documents and Settings\Felix\Dados de aplicativos\Sammsoft 2007-10-20 21:38 <DIR> d-------- C:\Arquivos de programas\Advanced Registry Optimizer 2007-10-20 20:36 <DIR> d--hs---- C:\FOUND.013 2007-10-20 20:15 <DIR> d--hs---- C:\FOUND.012 2007-10-20 18:53 <DIR> d--hs---- C:\FOUND.011 2007-10-19 18:59 <DIR> d--hs---- C:\FOUND.010 2007-10-16 21:38 <DIR> d-------- C:\Arquivos de programas\Alwil Software 2007-10-16 20:45 <DIR> d--hs---- C:\FOUND.009 2007-10-14 23:10 <DIR> d--hs---- C:\FOUND.008 2007-10-14 15:57 <DIR> d--hs---- C:\FOUND.007 2007-10-14 10:50 <DIR> d--hs---- C:\FOUND.006 2007-09-30 20:24 <DIR> d--hs---- C:\FOUND.005 2007-09-30 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ahead 2007-09-30 11:07 <DIR> d--hs---- C:\FOUND.004 2007-09-05 19:51 <DIR> d-------- C:\Arquivos de programas\imaxel 2007-09-03 16:14 <DIR> d--hs---- C:\FOUND.003 2007-09-02 11:06 <DIR> d--hs---- C:\FOUND.002 . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2006-09-27 14:16 774,144 ----a-w C:\Arquivos de programas\RngInterstitial.dll 2004-03-11 04:27 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelAudioStudio"="C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" [2005-04-08 19:37] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 16:15] "LogitechVideoRepair"="C:\Arquivos de programas\Logitech\Video\ISStart.exe" [2004-02-25 17:15] "LogitechVideoTray"="C:\Arquivos de programas\Logitech\Video\LogiTray.exe" [2004-02-25 17:06] "EPSON PictureMate"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.exe" [2003-09-19 03:00] "TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2006-06-19 00:59] "AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-19 09:14] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 15:29] "nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 15:29] "Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 00:07] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:45] "MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "PowerBar"="" [] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [] "Nero PhotoShow Media Manager"="C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [] "AROReminder"="C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe" [2007-07-23 09:34] "Yahoo! Pager"="C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys . ************************************************************************** catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-31 23:46:40 Windows 5.1.2600 Service Pack 2 FAT NTAPI Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2007-10-31 23:47:23 - machine was rebooted . --- E O F --- hijack Logfile of HijackThis v1.99.1 Scan saved at 23:53:58, on 31/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\a-squared Free\a2service.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Arquivos de programas\Logitech\Video\LogiTray.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\Arquivos de programas\Logitech\Video\FxSvr2.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe C:\Documents and Settings\Felix\Meus documentos\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [intelAudioStudio] "C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [AROReminder] C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe -rem O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe" -quiet O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nani3030.spaces.live.com//PhotoUpload/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D12C55E4-0190-46C5-8406-19EC34BB3698}: NameServer = 221.184.25.18 222.146.35.130 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Documents and Settings\Felix\Meus documentos\Ares\chatServer.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 31, 2007 Boa Tarde kenjijp! >@< Apague todas estas pastas,sob o code. C:\FOUND.027C:\FOUND.026C:\FOUND.025C:\FOUND.024C:\FOUND.023C:\FOUND.022C:\FOUND.021C:\FOUND.020C:\FOUND.019C:\FOUND.018C:\FOUND.017C:\FOUND.016C:\FOUND.015C:\FOUND.014C:\FOUND.013C:\FOUND.012C:\FOUND.011C:\FOUND.010C:\FOUND.009C:\FOUND.008C:\FOUND.007C:\FOUND.006C:\FOUND.005C:\FOUND.004C:\FOUND.003C:\FOUND.002 Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,Limpo!Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok. Depois,desmarque novamente! >> Aplicar >> Ok. Para maiores detalhes,vá em:< Docs > >@< O PC,ainda,está reiniciando toda hora? >@< Pois o Log está Limpo! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
kenjijp 0 Denunciar post Postado Novembro 1, 2007 Boa noite DigRam !!! Entao , nw estou achando as pasta CODE ,pesquisei mas nw encontrei , elas se encontram onde ? Hoje o pc nw queria iniciar , pensei que tivesse queimado , rs , faloo um abraço Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 2, 2007 Boa noite DigRam !!! Entao , nw estou achando as pasta CODE ,pesquisei mas nw encontrei , elas se encontram onde ? Hoje o pc nw queria iniciar , pensei que tivesse queimado , rs , faloo um abraço @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Opa,amigo kenjijp! Boa Noite! >@< Estava me referindo às pastas,sob à palavra Code. ___________________________ >@< Faça o download do BankerFix. >@< Baixe-o para o Desktop! >@< Feche todas as janelas e o navegador,ao rodar o BankerFix.Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares. >@< Dê um duplo clique no Bankerfix.exe,depois Enter. Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente. >@< Poste o relatorio.txt do BankerFix que está em C:\LinhaDefensiva\relatorio.txt >@< Poste,também,um nôvo Log do HijackThis,na sua resposta. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
kenjijp 0 Denunciar post Postado Novembro 11, 2007 E ai DigRam beleza ? Entaw minha placa mae queimou , por isso nw respondi. Comprei a placa ja mandei montar e formatar , agora ta bom ... Obrigado pela ajuda ate mais , um abraço Compartilhar este post Link para o post Compartilhar em outros sites