[Resolvido!] mensagen "finalizando sis fader" ao deslig

astoufo 0

Denunciar post

Postado Novembro 21, 2008

Socorro! quando vou desligar o PC aparece a mensagen "finalizando sis fader",

o meu PC está lento e o antivírus avast do nada dá o alarme de virus.

Por favor alguém me ajuda a resolver este problema?

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Novembro 21, 2008

Socorro! quando vou desligar o PC aparece a mensagen "finalizando sis fader",
o meu PC está lento e o antivírus avast do nada dá o alarme de virus.

Por favor alguém me ajuda a resolver este problema?

------------------------

Opa! astoufo

<!> Poste,segundo o Link,o relatório do HijackThis.

< http://forum.imasters.com.br/index.php?showtopic=165906 >

<!> Faça-o em Modo Normal!

Abraços!

Compartilhar este post

Link para o post

Compartilhar em outros sites

astoufo 0

Denunciar post

Postado Novembro 21, 2008

Olá ! aqui está o log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:19:50, on 21/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\VM303_STI.EXE

C:\WINDOWS\cisvc.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\VIA\RAID\raid_tool.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

C:\Arquivos de programas\Sleepy\service.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Sleepy\slptask.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfre1.dll

R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Arquivos de programas\securedie\tbsecu.dll

F3 - REG:win.ini: load=C:\WINDOWS\cisvc.exe

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Arquivos de programas\securedie\tbsecu.dll

O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfre1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfre1.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - (no file)

O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Arquivos de programas\securedie\tbsecu.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [AdmTask] C:\Arquivos de programas\AdmTask\admtask.exe /m

O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\dllhst3g.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\USER\CONFIG~1\Temp\comrepl.exe /waitservice

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\USER\CONFIG~1\Temp\rsvp.exe /waitservice (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\USER\CONFIG~1\Temp\rsvp.exe /waitservice (User 'Default user')

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?6fc7b623c63940c6b2ca1dab8f2900d3

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?6fc7b623c63940c6b2ca1dab8f2900d3

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {1F831FA6-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) -

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Control de AcDcToday) -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {AE563726-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Control AcPreview) -

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Sleepy - Sashazur, LLC - C:\Arquivos de programas\Sleepy\service.exe

O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/USER/Desktop/100px-AranhaBicha%5B1%5D.gif

--

End of file - 10178 bytes

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Denunciar post

Postado Novembro 22, 2008

Bom Dia! astoufo

<@> BAIXE: < KillBox.exe >

<@> Salve-o numa pasta,em C:/xxx... <-- Pasta própria!

--------------------------

<@> Abra o KillBox --> Marque a opção: Delete on Reboot

<@> Copie o ficheiro,sob o QUOTE,para o Bloco de Notas.( ctrl + a ) --> ( ctrl + c )

C:\WINDOWS\cisvc.exe

<@> No KillBox: Clique em File --> Paste from clipboard --> All Files.

<@> Clique no X e,na pergunta,diga Não!

<@> Reinicie o computador!

<@> Vá até a pasta: C:\!KillBox

<@> Poste o relatório de backup,que está em seu interior! ( C:\!Killbox\Logs\kb.log )

--------------------------

<@> Abra o HijackThis --> Clique: Do a system scan only

<@> Marque,abaixo,estas entradas.

F3 - REG:win.ini: load=C:\WINDOWS\cisvc.exe

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\dllhst3g.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\USER\CONFIG~1\Temp\comrepl.exe /waitservice

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\USER\CONFIG~1\Temp\rsvp.exe /waitservice (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\USER\CONFIG~1\Temp\rsvp.exe /waitservice (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

<@> Com todos os programas fechados,clique em Fix checked.

<@> Terminando,poste: kb.log + HijackThis,atualizado.

Abraços!

Compartilhar este post

Link para o post

Compartilhar em outros sites

astoufo 0

Denunciar post

Postado Novembro 22, 2008

Olá estou postando o relatório de backup do KillBox;

Pocket Killbox version 2.0.0.978

Running on Windows XP as USER(Administrator)

was started @ sábado, novembro 22, 2008, 1:40 AM

# 1 [Delete on Reboot]

Path = C:\WINDOWS\cisvc.exe

Killbox Closed(Exit) @ 1:44:33 AM

__________________________________________________

Compartilhar este post

Link para o post

Compartilhar em outros sites

astoufo 0

Denunciar post

Postado Novembro 22, 2008

E aqui estão os logs kb+ HijackThis,atualizados:

Pocket Killbox version 2.0.0.978

Running on Windows XP as USER(Administrator)

was started @ sábado, novembro 22, 2008, 2:14 AM

Killbox Closed(Exit) @ 2:15:53 AM

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:08:54, on 22/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\VM303_STI.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\DOCUME~1\USER\CONFIG~1\Temp\cisvc.exe

C:\Arquivos de programas\VIA\RAID\raid_tool.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

C:\Arquivos de programas\Sleepy\service.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Sleepy\slptask.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfre1.dll

R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Arquivos de programas\securedie\tbsecu.dll

F3 - REG:win.ini: load=C:\WINDOWS\mqtgsvc.exe