Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

kenjijp

[Resolvido!]meu pc ta reiniciando toda hora

Recommended Posts

Ola , meu micro esta reiniciando toda hora , o que pode ser ? obrigado .

Meu logfile

 

Logfile of HijackThis v1.99.1

Scan saved at 18:35:02, on 21/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Arquivos de programas\Logitech\Video\LogiTray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Documents and Settings\Felix\Meus documentos\Ares\Ares.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Felix\Meus documentos\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dgabc.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolbar.msn....;CM=MsgrInstall

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM\..\Run: [intelAudioStudio] "C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" TRAY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate"

O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\system32\cmrss.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [trioService] "C:\ARQUIV~1\FREEZE.COM\Halloween\\trioService.exe "

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\ARQUIV~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [dark2] C:\WINDOWS\system32\ppp.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Felix\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe

O4 - HKCU\..\Run: [AROReminder] C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe -rem

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZK

O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nani3030.spaces.live.com//PhotoUpload/MsnPUpld.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Documents and Settings\Felix\Meus documentos\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
Ola , meu micro esta reiniciando toda hora , o que pode ser ? obrigado .

@@@@@@@@@@@@@@

Boa Noite kenjijp!

 

<!> Faça o download do HijackThis.

<!> Baixe-o para o Disco Local-C e estabeleça uma pasta própria para o programa.

<!> Temos como exemplo: < C:\HijackThis.exe > ou < C:\HijackThis\HijackThis.exe >

<!> Mas,não execute-o ainda!

<!> Para que o Log do HijackThis saia completo,vá em Iniciar >> Executar.

<!> Digite: msconfig >> Ok.

<!> Na guia Inicializar,marque tôdos os ítens e confirme!

<!> Reinicie o computador!

<!> Abra o HijackThis e clique em Do a system scan and save a logfile.

<!> Abrir-se-á um Bloco de Notas!

<!> Selecione e copie o seu conteúdo para êste Tópico. Não crie outro!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Meu logfile

 

Logfile of HijackThis v1.99.1

Scan saved at 18:35:02, on 21/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Arquivos de programas\Logitech\Video\LogiTray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Documents and Settings\Felix\Meus documentos\Ares\Ares.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Felix\Meus documentos\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dgabc.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolbar.msn....;CM=MsgrInstall

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM\..\Run: [intelAudioStudio] "C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" TRAY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate"

O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\system32\cmrss.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [trioService] "C:\ARQUIV~1\FREEZE.COM\Halloween\\trioService.exe "

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\ARQUIV~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [dark2] C:\WINDOWS\system32\ppp.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Felix\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe

O4 - HKCU\..\Run: [AROReminder] C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe -rem

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZK

O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nani3030.spaces.live.com//PhotoUpload/MsnPUpld.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Documents and Settings\Felix\Meus documentos\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia kenjijp!

 

>@< Faça o download do Avenger.

>@< Descompacte-o e crie uma pasta para o programa!

>@< Coloque esta pasta no Disco Local-C ou Desktop!

>@< Rode o programa e marque Input script manually.

>@< Clique no ícone da lupa!

 

Files to delete:

C:\WINDOWS\system32\cmrss.exe

C:\WINDOWS\system32\ppp.exe

C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

C:\ARQUIV~1\FREEZE.COM\Halloween\\trioService.exe

C:\ARQUIV~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL

C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe

>@< Na caixa que abrir,cole o que foi copiado na área do quote,logo àcima!

>@< Clique em Done.

>@< Clique no ícone do semáforo!

>@< Clique em Ok.

>@< O computador irá reiniciar!

>@< Aproveite êste Reboot,e entre em Modo de Segurança.

>@< Abra o HijackThis,e clique em Do a system scan only.

>@< Marque as entradas,logo abaixo,e clique em Fix checked!

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolbar.msn....;CM=MsgrInstall

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\system32\cmrss.exe

O4 - HKLM\..\Run: [trioService] "C:\ARQUIV~1\FREEZE.COM\Halloween\\trioService.exe "

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\ARQUIV~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe

O4 - HKCU\..\Run: [dark2] C:\WINDOWS\system32\ppp.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZK

>@< Reinicie,normalmente,o computador!

>@< Faça e poste um nôvo log do HijackThis + Avenger.txt,na sua resposta.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 21:16:44, on 24/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Arquivos de programas\Logitech\Video\LogiTray.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\Felix\Meus documentos\Ares\Ares.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Felix\Meus documentos\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dgabc.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [intelAudioStudio] "C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" TRAY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Felix\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [AROReminder] C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe -rem

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nani3030.spaces.live.com//PhotoUpload/MsnPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D12C55E4-0190-46C5-8406-19EC34BB3698}: NameServer = 221.184.25.18 222.146.35.130

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Documents and Settings\Felix\Meus documentos\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\ihcjuhnb

 

*******************

 

Script file located at: \??\C:\WINDOWS\system32\koutkvap.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

 

 

File C:\WINDOWS\system32\cmrss.exe not found!

Deletion of file C:\WINDOWS\system32\cmrss.exe failed!

 

Could not process line:

C:\WINDOWS\system32\cmrss.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\ppp.exe not found!

Deletion of file C:\WINDOWS\system32\ppp.exe failed!

 

Could not process line:

C:\WINDOWS\system32\ppp.exe

Status: 0xc0000034

 

File C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL deleted successfully.

File C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL deleted successfully.

 

 

Could not open file C:\ARQUIV~1\FREEZE.COM\Halloween\\trioService.exe for deletion

Deletion of file C:\ARQUIV~1\FREEZE.COM\Halloween\\trioService.exe failed!

 

Could not process line:

C:\ARQUIV~1\FREEZE.COM\Halloween\\trioService.exe

Status: 0xc0000033

 

 

 

Could not open file C:\ARQUIV~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL for deletion

Deletion of file C:\ARQUIV~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL failed!

 

Could not process line:

C:\ARQUIV~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL

Status: 0xc000003a

 

 

 

Could not open file C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe for deletion

Deletion of file C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe failed!

 

Could not process line:

C:\ARQUIV~1\MYWEBS~1\bar\6.bin\mwsoemon.exe

Status: 0xc000003a

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

Compartilhar este post


Link para o post
Compartilhar em outros sites

E ai Digram tudo bem ? Entaw entrar no Modo de Segurança eu nw sei como faz , se o que fiz nw deu certo , você poderia me explica como entra nesse Modo de Segurança ? Faloo um abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites
E ai Digram tudo bem ? Entaw entrar no Modo de Segurança eu nw sei como faz , se o que fiz nw deu certo , você poderia me explica como entra nesse Modo de Segurança ? Faloo um abraço

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Opa!kenjijp

Boa Tarde!

 

>@< Entrar em Modo de Segurança,não é difícil...mas requer alguns cuidados,para evitar travamentos.

>@< Sugiro que imprima,êste Tutorial,e leia-o calmamente.

______________________

 

>@< Faça o download do a-squared Free 3.0

>@< Abra o programa e clique em: Atualizar agora >> Aguarde!

>@< Terminando,clique em: Analisar agora.

>@< Procure fazer,esta análise,em Modo de Segurança!

>@< Escolha a opção: A fundo.

>@< Clique em Analisar!

>@< Terminando,envie os ítens encontrados para a quarentena. Aonde,daí,serão excluídos ou restaurados.

>@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite DigRam tudo bem ? estou mandando os relatorios ...obrigado.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:13:31, on 27/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Arquivos de programas\Logitech\Video\LogiTray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe

C:\Documents and Settings\Felix\Meus documentos\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dgabc.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [intelAudioStudio] "C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" TRAY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [AROReminder] C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe -rem

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nani3030.spaces.live.com//PhotoUpload/MsnPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D12C55E4-0190-46C5-8406-19EC34BB3698}: NameServer = 221.184.25.18 222.146.35.130

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Documents and Settings\Felix\Meus documentos\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

logfile hijack this

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:13:31, on 27/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Arquivos de programas\Logitech\Video\LogiTray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe

C:\Documents and Settings\Felix\Meus documentos\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dgabc.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [intelAudioStudio] "C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" TRAY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [AROReminder] C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe -rem

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nani3030.spaces.live.com//PhotoUpload/MsnPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D12C55E4-0190-46C5-8406-19EC34BB3698}: NameServer = 221.184.25.18 222.146.35.130

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Documents and Settings\Felix\Meus documentos\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde kenjijp!

 

>@< O Log do HijackThis saiu duplicado e,não foi postado o relatório do a-squared.

>@< Poste,agora,na sua resposta,o relatório do a-squared.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

E ai Dig Ram tudo bem ? Estou mandando o relatorio a-squared .O pc melhorou bastante mas ainda ta reiniciando qdo vou assistir algum video .. Obrigado ...um abraço.

 

 

 

-squared Free - Versão 3.0

Last update: 27/10/2007 02:08:14

 

Configurações da análise:

 

Objetos: Memória, Rastros, Cookies, C:\, D:\

Análise de arquivos: Ligado

Heurística: Ligado

Análise de ADS: Ligado

 

Início da análise: 27/10/2007 08:34:46

 

Key: HKEY_CLASSES_ROOT\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{25560540-9571-4d7b-9389-0f166788785a} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{3e720452-b472-4954-b7aa-33069eb53906} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} detectado: Trace.Registry.MyWebSearchToobar

Key: HKEY_CLASSES_ROOT\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\clsid\{25560540-9571-4d7b-9389-0f166788785a} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\clsid\{3e720452-b472-4954-b7aa-33069eb53906} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} detectado: Trace.Registry.MyWebSearchToolbar

Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} detectado: Trace.Registry.MyWebSearchToolbar

C:\Documents and Settings\Felix\Cookies\felix@statcounter[2].txt detectado: Trace.TrackingCookie

C:\System Volume Information\_restore{526D7751-1BBF-420B-9DD0-A71A19C1229B}\RP560\A0151910.DLL detectado: Riskware.AdTool.Win32.MyWebSearch.az

C:\System Volume Information\_restore{526D7751-1BBF-420B-9DD0-A71A19C1229B}\RP560\A0151911.dll detectado: Riskware.AdTool.Win32.MyWebSearch.au

C:\System Volume Information\_restore{526D7751-1BBF-420B-9DD0-A71A19C1229B}\RP560\A0151912.dll detectado: Riskware.AdTool.Win32.MyWebSearch.au

C:\System Volume Information\_restore{526D7751-1BBF-420B-9DD0-A71A19C1229B}\RP560\A0151913.scr detectado: Adware.Win32.MyWebSearch

C:\System Volume Information\_restore{526D7751-1BBF-420B-9DD0-A71A19C1229B}\RP560\A0151914.dll detectado: Adware.Win32.MyWebSearch

 

Analisado

 

Arquivos: 125939

Objetos: 146623

Cookies: 266

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia kenjijp!

 

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Executar cleaner.

_____________________

 

>@< Vá à quarentena do a-squared,selecione todo o conteúdo e clique em Excluir.

>@< Voçê possui dois Antivírus,faça a opção por um dêles!

_____________________

 

>@< Faça o download do DiagHelp.

>@< Salve-o no Disco Local-C.

>@< Descompacte a ferramenta e abra a pasta DiagHelp.

>@< Dê um duplo clique em go.cmd

>@< Abrir-se-á um prompt e,nas opções,escolha o 1 >> Aperte Enter.

>@< Aperte Enter novamente!(...ou,qualquer tecla! )

>@< Aguarde o término da análise!

>@< Terminando,feche o programa e copie/cole o relatório ( C:\resultat.txt ),na sua resposta.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite DigRam ! Entao ...instalei o diaghelp, abri ele , cliquei no GO , dai apareceu uma telinha preta escrito em frances ou alemao , escrito atencao e embaixo escrito em portugues ...pressione qualquer tecla p continuar . So que nw da p escolher a opcao 1 que você falou e nw analisa nada . Daria p você explicar de novo essaparte ? Um abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa noite DigRam ! Entao ...instalei o diaghelp, abri ele , cliquei no GO , dai apareceu uma telinha preta escrito em frances ou alemao , escrito atencao e embaixo escrito em portugues ...pressione qualquer tecla p continuar . So que nw da p escolher a opcao 1 que você falou e nw analisa nada . Daria p você explicar de novo essaparte ? Um abraço

@@@@@@@@@@@@@@@@@@

Opa!kenjijp

Boa Noite!

 

>@< Abrir-se-á um prompt e,nas opções,escolha o 1 >> Aperte Enter.

>@< Na telinha preta,está aparecendo as opções? ( Que estão em Françês! )

>@< A opção que nos importa,é a 1 e,voçê deverá apertá-la no teclado.

>@< Leia com calma,os procedimentos!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite DigRam , na telinha preta nao aparece as opcoes , so aparece o testo em frances e embaixo escrito pressione uma tecla p continuar , mas qdo eu aperto a tela some e nw acontece nada ....o que eu faço ? faloo um abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa noite DigRam , na telinha preta nao aparece as opcoes , so aparece o testo em frances e embaixo escrito pressione uma tecla p continuar , mas qdo eu aperto a tela some e nw acontece nada ....o que eu faço ? faloo um abraço

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Opa!kenjijp

Bom Dia!

 

>@< Devido à êsse erro,baixe o ComboFix,que também é uma ferramenta de diagnóstico.

_______________________

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite DigRam !! Fiz todos os processos e estou mandando o relatorio , um abraço

 

ComboFix 07-10-29.1** - Felix 2007-10-31 23:43:33.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.201 [GMT 9:00]

Executando de: C:\Documents and Settings\Felix\Configurações locais\Temporary Internet Files\Content.IE5\A74DKD6F\ComboFix[1].exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Felix\Dados de aplicativos\FunWebProducts

C:\Documents and Settings\Felix\Dados de aplicativos\FunWebProducts\Data\Felix\wffavs.dat

C:\WINDOWS\system32\nvrssk.dll

C:\WINDOWS\system32\nvrssl.dll

C:\WINDOWS\system32\perfstringv4.9.dll

C:\WINDOWS\system32\simdataconf.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-09-28 to 2007-10-31 ))))))))))))))))))))))))))))))))

.

 

2007-10-31 23:41 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-30 22:58 <DIR> d--hs---- C:\FOUND.027

2007-10-29 23:12 763,737 --a------ C:\DiagHelp.zip

2007-10-29 23:00 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-10-29 21:23 <DIR> d--hs---- C:\FOUND.026

2007-10-28 02:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2007-10-28 00:50 <DIR> d--hs---- C:\FOUND.025

2007-10-26 22:36 <DIR> d-------- C:\Arquivos de programas\a-squared Free

2007-10-26 18:50 <DIR> d--hs---- C:\FOUND.024

2007-10-26 18:27 <DIR> d--hs---- C:\FOUND.023

2007-10-25 23:39 <DIR> d--hs---- C:\FOUND.022

2007-10-23 21:55 <DIR> d--hs---- C:\FOUND.021

2007-10-23 20:41 <DIR> d--hs---- C:\FOUND.020

2007-10-21 21:58 <DIR> d--hs---- C:\FOUND.019

2007-10-21 20:31 <DIR> d--hs---- C:\FOUND.018

2007-10-21 17:51 <DIR> d--hs---- C:\FOUND.017

2007-10-21 14:20 <DIR> d--hs---- C:\FOUND.016

2007-10-21 10:06 <DIR> d--hs---- C:\FOUND.015

2007-10-20 22:02 <DIR> d--hs---- C:\FOUND.014

2007-10-20 21:38 <DIR> d-------- C:\Documents and Settings\Felix\Dados de aplicativos\Sammsoft

2007-10-20 21:38 <DIR> d-------- C:\Arquivos de programas\Advanced Registry Optimizer

2007-10-20 20:36 <DIR> d--hs---- C:\FOUND.013

2007-10-20 20:15 <DIR> d--hs---- C:\FOUND.012

2007-10-20 18:53 <DIR> d--hs---- C:\FOUND.011

2007-10-19 18:59 <DIR> d--hs---- C:\FOUND.010

2007-10-16 21:38 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2007-10-16 20:45 <DIR> d--hs---- C:\FOUND.009

2007-10-14 23:10 <DIR> d--hs---- C:\FOUND.008

2007-10-14 15:57 <DIR> d--hs---- C:\FOUND.007

2007-10-14 10:50 <DIR> d--hs---- C:\FOUND.006

2007-09-30 20:24 <DIR> d--hs---- C:\FOUND.005

2007-09-30 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2007-09-30 11:07 <DIR> d--hs---- C:\FOUND.004

2007-09-05 19:51 <DIR> d-------- C:\Arquivos de programas\imaxel

2007-09-03 16:14 <DIR> d--hs---- C:\FOUND.003

2007-09-02 11:06 <DIR> d--hs---- C:\FOUND.002

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2006-09-27 14:16 774,144 ----a-w C:\Arquivos de programas\RngInterstitial.dll

2004-03-11 04:27 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelAudioStudio"="C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" [2005-04-08 19:37]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 16:15]

"LogitechVideoRepair"="C:\Arquivos de programas\Logitech\Video\ISStart.exe" [2004-02-25 17:15]

"LogitechVideoTray"="C:\Arquivos de programas\Logitech\Video\LogiTray.exe" [2004-02-25 17:06]

"EPSON PictureMate"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.exe" [2003-09-19 03:00]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2006-06-19 00:59]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-19 09:14]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 15:29]

"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 15:29]

"Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 00:07]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:45]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"PowerBar"="" []

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" []

"Nero PhotoShow Media Manager"="C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" []

"AROReminder"="C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe" [2007-07-23 09:34]

"Yahoo! Pager"="C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL

 

R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys

 

.

**************************************************************************

 

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-31 23:46:40

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2007-10-31 23:47:23 - machine was rebooted

.

--- E O F ---

 

 

 

 

hijack

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 23:53:58, on 31/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Arquivos de programas\Logitech\Video\LogiTray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\Arquivos de programas\Logitech\Video\FxSvr2.exe

C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe

C:\Documents and Settings\Felix\Meus documentos\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [intelAudioStudio] "C:\Arquivos de programas\Intel Audio Studio\IntelAudioStudio.exe" TRAY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Arquivos de programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Arquivos de programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [AROReminder] C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe -rem

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nani3030.spaces.live.com//PhotoUpload/MsnPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D12C55E4-0190-46C5-8406-19EC34BB3698}: NameServer = 221.184.25.18 222.146.35.130

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Documents and Settings\Felix\Meus documentos\Ares\chatServer.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde kenjijp!

 

>@< Apague todas estas pastas,sob o code.

 

C:\FOUND.027C:\FOUND.026C:\FOUND.025C:\FOUND.024C:\FOUND.023C:\FOUND.022C:\FOUND.021C:\FOUND.020C:\FOUND.019C:\FOUND.018C:\FOUND.017C:\FOUND.016C:\FOUND.015C:\FOUND.014C:\FOUND.013C:\FOUND.012C:\FOUND.011C:\FOUND.010C:\FOUND.009C:\FOUND.008C:\FOUND.007C:\FOUND.006C:\FOUND.005C:\FOUND.004C:\FOUND.003C:\FOUND.002

 

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< O PC,ainda,está reiniciando toda hora?

>@< Pois o Log está Limpo!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite DigRam !!! Entao , nw estou achando as pasta CODE ,pesquisei mas nw encontrei , elas se encontram onde ? Hoje o pc nw queria iniciar , pensei que tivesse queimado , rs , faloo um abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa noite DigRam !!! Entao , nw estou achando as pasta CODE ,pesquisei mas nw encontrei , elas se encontram onde ? Hoje o pc nw queria iniciar , pensei que tivesse queimado , rs , faloo um abraço

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Opa,amigo kenjijp!

Boa Noite!

 

>@< Estava me referindo às pastas,sob à palavra Code.

___________________________

 

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares.

>@< Dê um duplo clique no Bankerfix.exe,depois Enter. Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

>@< Poste o relatorio.txt do BankerFix que está em C:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

E ai DigRam beleza ? Entaw minha placa mae queimou , por isso nw respondi. Comprei a placa ja mandei montar e formatar , agora ta bom ... Obrigado pela ajuda ate mais , um abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.