[Resolvido!] Virus Protect (http://www.virprotect.com/?aff=1012)

[epfernandes 0]

Srs, tenho tentado já a algum tempo me livrar de uma praga que surgiu em meu Pc sem sucesso.

 

Ao lado do relógio do windows surgiu um ícone que fica piscando e de 10 em 10 minutos mandando uma msg de que meu computador estaria infectado por malwares.

 

 

Ao clicar nesse ícone, sou redirecionado para este endereço:

 

http://www.virprotect.com/?aff=1012

 

Segue meu log do HiJackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 19:10:17, on 5/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\Saitek\Software\Profiler.exe

C:\Arquivos de programas\Saitek\Software\SaiSmart.exe

C:\Arquivos de programas\Saitek\Software\SaiMfd.exe

E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\devldr32.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

E:\Arquivos de programas\WinRAR\WinRAR.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX15.3093\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.linux.org

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.linux.org/

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Arquivos de programas\Orbit\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - (no file)

O3 - Toolbar: (no name) - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - (no file)

O4 - HKLM\..\Run: [Profiler] C:\Arquivos de programas\Saitek\Software\Profiler.exe

O4 - HKLM\..\Run: [saiSmart] C:\Arquivos de programas\Saitek\Software\SaiSmart.exe

O4 - HKLM\..\Run: [saiMfd] C:\Arquivos de programas\Saitek\Software\SaiMfd.exe

O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: &Download by Orbit - res://E:\Arquivos de programas\Orbit\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://E:\Arquivos de programas\Orbit\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Arquivos de programas\Orbit\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://E:\Arquivos de programas\Orbit\orbitmxt.dll/202

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.linux.org

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: E404Helper - {57510638-b597-430a-a21c-5a94f4e7cd5a} - e404d.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

 

Desde já agradeço qualquer ajuda.

[DigRam 144]

Boa Noite epfernandes!

 

>@< Faça o download do SmitfraudFix.

>@< Salve-o no Disco Local-C!

>@< Descompacte-o aí mesmo,enviando o executável ( SmitfraudFix.cmd ),para o Desktop.( Atalho )

>@< Reinicie o computador em Modo de Segurança!

>@< Execute o SmitfraudFix.cmd <!>

>@< Aperte a opção 2 >> Enter.

>@< Quando aparecer a mensagem: Do you want to clean the registry,aperte a opção Y >> Enter.

>@< Reinicie,normalmente,o computador!

>@< Caso tenha ocorrido mudanças,no desktop,corrija nas propriedades de vídeo.( Tema )

>@< Copie o Log ( rapport.txt ) e poste,na sua resposta + HijackThis,atualizado.

 

Abraços!

[epfernandes 0]

Muito obrigado, DigiRam

 

Funcionou perfeitamente. Finalmete livrei-me desta praga. :natal_biggrin:

 

Log do SmitFraud:

 

SmitFraudFix v2.257

 

Scan done at 15:29:53,37, qui 06/12/2007

Run from C:\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [versão 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{d66c22b6-2217-4d1a-9a90-1a54de1fc706}"="edgers"

 

[HKEY_CLASSES_ROOT\CLSID\{d66c22b6-2217-4d1a-9a90-1a54de1fc706}\InProcServer32]

@="C:\WINDOWS\system32\zcwlnic.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d66c22b6-2217-4d1a-9a90-1a54de1fc706}\InProcServer32]

@="C:\WINDOWS\system32\zcwlnic.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

C:\WINDOWS\system32\zcwlnic.dll -> Hoax.Win32.Renos.gen.o

C:\WINDOWS\system32\zcwlnic.dll -> Deleted

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8CA164FF-6007-425B-8004-38B04C0DA945}: DhcpNameServer=200.189.80.5 200.246.46.134

HKLM\SYSTEM\CS1\Services\Tcpip\..\{C4AE3D25-2C28-468A-B928-5822332D28C8}: DhcpNameServer=200.189.80.5 200.246.46.132

HKLM\SYSTEM\CS2\Services\Tcpip\..\{8CA164FF-6007-425B-8004-38B04C0DA945}: DhcpNameServer=200.189.80.5 200.246.46.134

HKLM\SYSTEM\CS3\Services\Tcpip\..\{8CA164FF-6007-425B-8004-38B04C0DA945}: DhcpNameServer=200.189.80.5 200.246.46.134

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=200.189.80.5 200.246.46.134

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=200.189.80.5 200.246.46.132

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=200.189.80.5 200.246.46.134

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=200.189.80.5 200.246.46.134

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

Log do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 20:07:10, on 6/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Saitek\Software\Profiler.exe

C:\Arquivos de programas\Saitek\Software\SaiSmart.exe

C:\Arquivos de programas\Saitek\Software\SaiMfd.exe

E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

E:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.344\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.linux.org/

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Arquivos de programas\Orbit\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - (no file)

O4 - HKLM\..\Run: [Profiler] C:\Arquivos de programas\Saitek\Software\Profiler.exe

O4 - HKLM\..\Run: [saiSmart] C:\Arquivos de programas\Saitek\Software\SaiSmart.exe

O4 - HKLM\..\Run: [saiMfd] C:\Arquivos de programas\Saitek\Software\SaiMfd.exe

O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: &Download by Orbit - res://E:\Arquivos de programas\Orbit\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://E:\Arquivos de programas\Orbit\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Arquivos de programas\Orbit\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://E:\Arquivos de programas\Orbit\orbitmxt.dll/202

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.linux.org

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: E404Helper - {57510638-b597-430a-a21c-5a94f4e7cd5a} - e404d.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

 

 

 

Obrigado!!!!

[DigRam 144]

Boa Tarde epfernandes!

 

>@< Abra o HijackThis e,com todas as janelas fechadas,dê Fix nestas entradas:

 

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - (no file)

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)

O21 - SSODL: E404Helper - {57510638-b597-430a-a21c-5a94f4e7cd5a} - e404d.dll (file missing)

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Executar cleaner.

>@< Terminando,clique em Erros >> Procurar erros >> Corrigir erros.

___________________________

 

>@< Poste,na sua resposta,um nôvo Log do HijackThis.

 

Abraços!

[epfernandes 0]

Opa, DigRam....aí está o ultimo log:

 

Logfile of HijackThis v1.99.1

Scan saved at 18:02:09, on 11/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Saitek\Software\SaiMfd.exe

E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.687\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...px&id=64855

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.linux.org/

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Arquivos de programas\Orbit\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O4 - HKLM\..\Run: [Profiler] C:\Arquivos de programas\Saitek\Software\Profiler.exe

O4 - HKLM\..\Run: [saiSmart] C:\Arquivos de programas\Saitek\Software\SaiSmart.exe

O4 - HKLM\..\Run: [saiMfd] C:\Arquivos de programas\Saitek\Software\SaiMfd.exe

O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: &Download by Orbit - res://E:\Arquivos de programas\Orbit\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://E:\Arquivos de programas\Orbit\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Arquivos de programas\Orbit\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://E:\Arquivos de programas\Orbit\orbitmxt.dll/202

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.linux.org

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: E404Helper - {57510638-b597-430a-a21c-5a94f4e7cd5a} - (no file)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

 

Abraços

[DigRam 144]

Bom Dia epfernandes!

 

>@< Abra o HijackThis e,com todas as janelas fechadas,dê Fix nestas entradas:

 

R1- HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.linux.org/

O21 - SSODL: E404Helper - {57510638-b597-430a-a21c-5a94f4e7cd5a} - (no file)

 

>@< Para uma limpeza de cookies e temporários,use o < CCleaner 2.03.532 >

_________________________

 

>@< Para a sua segurança,leia: < Cuidados ao navegar na Net >

_________________________

 

>@< O Log está Limpo!

 

Abraços!

[epfernandes 0]

Saudações

 

Dei Fix nas entradas mencionadas.

 

Uso o CCleanner com frequência.

 

Abraços DigRam e obrigado por sua atenção

 

Feliz Natal...hehehehe :natal_noel:

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.