danmex 0 Denunciar post Postado Abril 30, 2011 meu pc ta meio lento e reiniciando sozinho. Quando eu acesso muito a internet ele desliga do nada =/ isso começou faz 1 mes ,sendo q nao modifiquei nada nele, e ja uso varios programas de limpeza e bom desempenho dele.. aqui vai o log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:31:44, on 29/4/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=14597&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O1 - Hosts: easyanticheat.net easyanticheat.com # misleading site O1 - Hosts: www.easyanticheat.net www.easyanticheat.com # misleading site O1 - Hosts: easyanticheat.net easyanticheat.org # misleading site O1 - Hosts: www.easyanticheat.net www.easyanticheat.org # misleading site O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WindowsLivePhone] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe /AutoRun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-5/myWebFaceInitialSetup1.0.1.3.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52B03A6C-DA2A-45EB-A2D0-77CD73BEE6A1}: NameServer = 200.165.132.154,200.165.132.147 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7640 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Bruno Augusto 417 Denunciar post Postado Abril 30, 2011 Antes de algum Analista se dispor a efetuar toda análise e possível limpeza, que toma certo tempo de ambas as partes, por acaso você notou algum aumento de temperatura? Esse é um dos sinais indicando que o PC tá "com febre". Falo por experiência. :thumbsup: Compartilhar este post Link para o post Compartilhar em outros sites
danmex 0 Denunciar post Postado Maio 2, 2011 Ja verifiquei isso amigo, ta normal a temperatura dele.. sendo q os hardwares sao bem antigos e tals, tais como placa de video, memoria, processador =/ gostaria que alguem analise meu log, por favor =) Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 7, 2011 Ja verifiquei isso amigo, ta normal a temperatura dele.. sendo q os hardwares sao bem antigos e tals, tais como placa de video, memoria, processador =/ gostaria que alguem analise meu log, por favor =) :) Olá Danmex! :seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked: O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.3.cab _________________________ :seta: Siga, por gentileza, estas dicas: Tutorial do Ad-Remover Tutorial do Malwarebytes Anti-Malware _______________________ O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading siteO1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site O1 - Hosts: easyanticheat.net easyanticheat.com # misleading site O1 - Hosts: www.easyanticheat.net www.easyanticheat.com # misleading site O1 - Hosts: easyanticheat.net easyanticheat.org # misleading site O1 - Hosts: www.easyanticheat.net www.easyanticheat.org # misleading site Estas alterações no hosts são de acordo com a sua vontade? Você quer deixar assim mesmo ou quer deixar o hosts original? Se quiser deixá-lo original, faça o download do HostsXpert.zip: http://www.funkytoad.com/download/HostsXpert.zip • Extraia (unzip) HostsXpert.zip para uma pasta permanente do seu drive (exemplo C:\HostsXpert) • Duplo clique em HostsXpert.exe para executar o programa. • Se disponivel, clique em "Make Hosts Writable?" (estará no canto superior direito). • Clique em "Restore Microsoft's Hosts file" e depois clique em "OK". • Clique no X para sair do programa. _____________________ :seta: Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis, o log do Ad-Remover que estará em C:\Ad-Report-CLEAN[1].log e nos diga como está o seu PC após estes procedimentos. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
danmex 0 Denunciar post Postado Maio 9, 2011 Boa Noite Antonio Vieira obrigado por me ajudar, bom e o seguinte, descobri que o pc tava reiniciando sozinho quando acessava a internet devido a minha placa de video ( GE FORCE FX 5500 AGP). Retirei ela, e o pc ta normal.Não sei dizer se o problema e na placa de video ou no driver que instalei pra ela, se souberes algum driver bom pra essa placa, se poder me indicar eu ficaria grato.. Sobre aquele HOST foi devido um programa que instalei anticheater pra poder jogar CS na steam.. ai mudou lá, ja deixei original Aqui vai os logs Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Versão da Base de Dados: 6533 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/5/2011 20:48:06 mbam-log-2011-05-08 (20-48-02).txt Tipo de Verificação: Verificação Completa (C:\|D:\|) Objetos escaneados: 293970 Tempo decorrido: 47 minuto(s), 7 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 1 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 3 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken. Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: d:\dan arquivos\SOFTWARE\JOGOS\GTA SA\tradgtasa_1.0.exe (Trojan.Dropper) -> No action taken. d:\wagner\corel e photoshop e office 2007\COREL 13\SERIAL\keygencorel13.exe (RiskWare.Tool.CK) -> No action taken. d:\anderson arquivos\HD 2\programas\dvd anderson\sonic foundry sound forge 7.0\mp3-plugin keygen.exe (Trojan.Agent.CK) -> No action taken. ---------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:02:10, on 8/5/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WindowsLivePhone] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe /AutoRun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52B03A6C-DA2A-45EB-A2D0-77CD73BEE6A1}: NameServer = 200.165.132.154,200.165.132.147 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6740 bytes --------------------------------------------------------------------------------------------------- ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 19:13:19 on 08/05/2011, Normal boot Microsoft Windows XP Professional Service Pack 3 (X86) ANDKNUST@PC-HOMEKSA ( ) ============== ACTION(S) ============== File deleted: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Folder deleted: C:\Documents and Settings\ANDKNUST\Dados de aplicativos\Mozilla\FireFox\Profiles\drtuses0.default\extensions\toolbar@ask.com File deleted: C:\Documents and Settings\ANDKNUST\Dados de aplicativos\Mozilla\FireFox\Profiles\drtuses0.default\searchplugins\askcom.xml Folder deleted: C:\Arquivos de programas\Ask.com Folder deleted: C:\Documents and Settings\ANDKNUST\Configurações locais\Dados de aplicativos\AskToolbar (!) -- Temporary files deleted. -- File opened: C:\Documents and Settings\ANDKNUST\Dados de aplicativos\Mozilla\FireFox\Profiles\drtuses0.default\Prefs.js -- Line deleted: user_pref("browser.search.defaultengine", "Ask.com"); Line deleted: user_pref("browser.search.defaultenginename", "Ask.com"); Line deleted: user_pref("browser.search.order.1", "Ask.com"); Line deleted: user_pref("extensions.asktb.cbid", "FV"); Line deleted: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}... Line deleted: user_pref("extensions.asktb.dtid", "YYYYYYYYBR"); Line deleted: user_pref("extensions.asktb.enable-kw-search", true); Line deleted: user_pref("extensions.asktb.l", "dis"); Line deleted: user_pref("extensions.asktb.locale", "en_BR"); Line deleted: user_pref("extensions.asktb.o", "14594"); Line deleted: user_pref("extensions.asktb.qsrc", "2871"); Line deleted: user_pref("extensions.asktb.save-searches", false); Line deleted: user_pref("extensions.asktb.show-labels", false); Line deleted: user_pref("extensions.enabledAddons", "{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14,{CAFEEFAC-0016-... Line deleted: user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-... Line deleted: user_pref("keyword.URL", "hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb={tb}&o={o}&locale... -- File closed -- Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key deleted: HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key deleted: HKCU\Software\Ask.com Key deleted: HKCU\Software\AskToolbar Key deleted: HKCU\Software\AppDataLow\AskBarDis Key deleted: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Key deleted: HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll Key deleted: HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [4.0.1 (pt-BR)] **** HKLM_MozillaPlugins\@pages.tvunetworks.com/WebPlayer (x) Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura) Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk) Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca) Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search) Components\browsercomps.dll (Mozilla Foundation) -- C:\Documents and Settings\ANDKNUST\Dados de aplicativos\Mozilla\FireFox\Profiles\drtuses0.default -- Extensions\LogMeInClient@logmein.com (LogMeIn, Inc. Remote Access Plugin) Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} (Módulo de Segurança - Banco do Brasil) Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} (Adobe DLM (powered by getPlus®)) Prefs.js - browser.download.lastDir, D:\\wagner Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, www.google.com Prefs.js - browser.startup.homepage_override.buildID, 20110413222027 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1 ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll) BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540000} - "GbIehObj Class" (C:\Arquivos de programas\GbPlugin\gbieh.dll) ======================================== C:\Arquivos de programas\Ad-Remover\Quarantine: 48 File(s) C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s) C:\Ad-Report-CLEAN[1].txt - 08/05/2011 19:15:40 (7673 Byte(s)) End at: 19:16:48, 08/05/2011 ============== E.O.F ============== ------------------------------------------------------------------------------------------------ Agora normalmente o pc está otimo.. Obrigado, aguardando a resposta! Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 9, 2011 :) Vários problemas foram removidos pelo Ad-Remover. ___________________ No action taken Mas no log do Malwarebytes está constando que você ainda não removeu os problemas encontrados por ele. Veja que aparece a frase "No action taken" na frente dos problemas, isto é: nenhuma ação foi tomada. Também foram detectados programas pirateados e/ou crackeados no seu PC, seria muito importante desinstalá-los, pois a enorme maioria deles vem infectados com virus e malwares, além de poderem conter brechas de segurança que facilitam a invasão de seu computador. Faça uma nova verificação completa com o Malwarebytes e remova todos os problemas que ele encontrar, como é mostrado no tutorial dele que te passei. __________________ :seta: Siga também estas dicas: Tutorial do USBFix Tutorial do antivirus Nod32 Online _________________ :seta: Poste o log do Usbfix que estará em C:\UsbFix.txt em sua próxima resposta juntamente com um novo log do Hijackthis, o novo log do Malwarebytes e o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt e nos diga como está o PC após estes procedimentos. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
danmex 0 Denunciar post Postado Maio 9, 2011 Bom dia.. Aqui vão os logs ############################## | UsbFix 7.044 | [Pesquisa] Usuário: ANDKNUST (Administrador) # PC-HOMEKSA [ ] Atualizado em 25/04/2011 por TeamXscript Começou em 00:15:02 | 09/05/2011 Site: http://www.teamxscript.org Submit your sample: http://www.teamxscript.org/Upload.php Contato: TeamXscript.ElDesaparecido@gmail.com CPU: Intel® Pentium® 4 CPU 3.00GHz CPU 2: Intel® Pentium® 4 CPU 3.00GHz Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall: Habilitado Antivirus: AntiVir Desktop 9.0.1.32 [(!) Disabled | Updated] RAM -> 990 Mb C:\ (%systemdrive%) -> Disco fixo # 24 Gb (12 Mb livre - 51%) [] # NTFS D:\ -> Disco fixo # 125 Gb (50 Mb livre - 40%) [documentos] # NTFS E:\ -> CD-ROM ################## | Ficheiros # pastas infeciosos | ################## | Registro | Presente ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{d64ef8f6-d889-11de-bb41-0016ec4b124b} Shell\AutoRun\Command = ACC1\F1C1\acc1.exe Shell\open\Command = ACC1\F1C1\acc1.exe ################## | Vaccin | (!) Este computador não é vacinada! ################## | E.O.F | ------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 05:43:02, on 9/5/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WindowsLivePhone] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe /AutoRun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52B03A6C-DA2A-45EB-A2D0-77CD73BEE6A1}: NameServer = 200.165.132.154,200.165.132.147 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6901 bytes --------------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Versão da Base de Dados: 6533 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/5/2011 00:07:33 mbam-log-2011-05-09 (00-07-33).txt Tipo de Verificação: Verificação Completa (C:\|D:\|) Objetos escaneados: 294089 Tempo decorrido: 48 minuto(s), 11 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) ---------------------------------------------------------------------------------------------------- ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=03d31f4c97d3ff45bf26ac3c387eda0f # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-05-09 05:35:30 # local_time=2011-05-09 02:35:30 (-0300, Hora oficial do Brasil) # country="Brazil" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775141 100 94 0 76627861 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=75797 # found=12 # cleaned=12 # scan_time=6406 C:\Documents and Settings\Administrador\7zS800.tmp\MsgPlusLive-481.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\and\7zS800.tmp\MsgPlusLive-481.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Default User\7zS800.tmp\MsgPlusLive-481.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\anderson arquivos\HD 2\Programas\DVD Anderson\Software\agsetup183se.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C D:\anderson arquivos\HD 2\Programas\DVD Anderson\Software\MsgPlusLive-450.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\anderson arquivos\HD 2\Programas\DVD Anderson\Software\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application (deleted - quarantined) 00000000000000000000000000000000 C D:\DAN ARQUIVOS\N73\Phoenix_2009.34.7.exe probably a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C D:\DAN ARQUIVOS\SOFTWARE\aTube_Catcher.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C D:\DAN ARQUIVOS\SOFTWARE\FFSetup220.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C D:\DAN ARQUIVOS\SOFTWARE\FFSetup220.zip Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C D:\DAN ARQUIVOS\SOFTWARE\MsgPlusLive-450.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\DAN ARQUIVOS\SOFTWARE\PROGRAMAS DE LIMPEZA DO PC\PenClean.exe probably a variant of Win32/Spy.Agent.LSEPXML trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C ---------------------------------------------------------------------------------------------------- Abraços.. Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 9, 2011 :) Mais 12 problemas foram removidos pelo Nod32 Online. ___________________ ############################## | UsbFix 7.044 | [Pesquisa] :!: No log do Usbfix está constando que foi usada a função de pesquisa somente. Abra novamente o Usbfix > clique no botão Supressão > Insira o(s) pendrive(s) ou outra(s) mídia(s) removível que você suspeite que possa(m) estar infectada(s) na porta USB do PC (caso você tenha alguma mídia) e deixe esta(s) mídia(s) e/ou pendrive(s) conectado(s) até o final dos procedimentos abaixo. Depois disto no botão OK > Aguarde enquanto o procedimento de limpeza das infecções está sendo efetuado > Será então aberto o Bloco de Notas contendo o log (relatório) da limpeza efetuada, este log estará também em C:\Usbfix.txt __________________ :seta: Siga também esta dica: Tutorial do Norman Malware Cleaner Na sua próxima resposta poste o conteúdo do log do Norman Malware Cleaner juntamente com um novo log do Hijackthis e o novo log do Usbfix e nos diga como está o seu PC depois disto. Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
danmex 0 Denunciar post Postado Maio 9, 2011 Boa Noite Aqui vão os logs Norman Malware Cleaner v2.00.05 Copyright © 1990 - 2011, Norman ASA. Norman Scanner Engine Version: 6.07.07 nvcbin.def: Version: 6.07.00, Date: 2011/05/08 22:22:08, Variants: 11896449 nvcmacro.def: Version: 6.07.00, Date: 2011/02/01 12:21:31, Variants: 20465 Operating System: Windows XP Service Pack 3 Switches: /iagree Scan started: 2011/05/09 13:16:30 Running pre-scan cleanup routine... Scanning time: 0s Scanning system for active rootkit activity... Scanning time: 0s Scanning running processes and process memory... Number of objects found: 1227 Number of objects scanned: 1227 Number of objects not scanned: 0 Number of malicious memory objects found: 0 Scanning time: 37s Running custom scan... C:\Arquivos de programas\Avira\AntiVir Desktop\avwin.chm: Error opening file for read: 0x00000005 C:\Arquivos de programas\Avira\AntiVir Desktop\sweb.zip: Error opening file for read: 0x00000005 C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 5.9\MVREGCLEAN.EXE: File infected with W32/Scar.AV Deleted file: C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 5.9\MVREGCLEAN.EXE C:\Arquivos de programas\Valve\Steam.dll: File infected with W32/Malware.EZUM Deleted file: C:\Arquivos de programas\Valve\Steam.dll C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\avguard.tmp: Error opening file for read: 0x00000020 C:\Documents and Settings\ANDKNUST\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020 C:\Documents and Settings\ANDKNUST\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020 C:\Documents and Settings\ANDKNUST\Dados de aplicativos\Mozilla\Firefox\Profiles\drtuses0.default\parent.lock: Error opening file for read: 0x00000020 C:\Documents and Settings\ANDKNUST\NTUSER.DAT: Error opening file for read: 0x00000020 C:\Documents and Settings\ANDKNUST\ntuser.dat.LOG: Error opening file for read: 0x00000020 C:\Documents and Settings\LocalService.AUTORIDADE NT\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020 C:\Documents and Settings\LocalService.AUTORIDADE NT\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020 C:\Documents and Settings\LocalService.AUTORIDADE NT\NTUSER.DAT: Error opening file for read: 0x00000020 C:\Documents and Settings\LocalService.AUTORIDADE NT\ntuser.dat.LOG: Error opening file for read: 0x00000020 C:\Documents and Settings\NetworkService.AUTORIDADE NT\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020 C:\Documents and Settings\NetworkService.AUTORIDADE NT\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020 C:\Documents and Settings\NetworkService.AUTORIDADE NT\NTUSER.DAT: Error opening file for read: 0x00000020 C:\Documents and Settings\NetworkService.AUTORIDADE NT\ntuser.dat.LOG: Error opening file for read: 0x00000020 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\APEX.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\APEX.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ASPECT.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ASPECT.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CIVIC.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CIVIC.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONCOURSE.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONCOURSE.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EQUITY.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EQUITY.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FLOW.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FLOW.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FOUNDRY.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FOUNDRY.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDIAN.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDIAN.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\METRO.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\METRO.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MODULE.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MODULE.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OPULENT.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OPULENT.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ORIEL.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ORIEL.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ORIGIN.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ORIGIN.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PAPER.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PAPER.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOLSTICE.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOLSTICE.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TECHNIC.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TECHNIC.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TREK.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TREK.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\URBAN.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\URBAN.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VERVE.EFTX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VERVE.THMX: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60061400000000000F01FEC\12.0.4518\XLATE_COMPLETE.XSN_1046: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_jar.3643236F_FC70_11D3_A536_0090278A1BB8: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\1346c90.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\1346ca6.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\13c655.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\13c66c.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\13c683.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\203041.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\203057.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\20306d.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\203084.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\22bdd.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\22bf3.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\22f78f.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\22f81d.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\254e73.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\254e7b.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\25fffc.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\260012.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\260022.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\299086.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\29909d.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\2990b4.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\2a4512.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\2a4528.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\2a453f.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\2a4556.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\2a456c.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\2a4584.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\2a459d.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\2a45b3.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\2a45c9.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\34c8f.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\34ca6.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\34caf.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\34cb0.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\43cac.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\43cad.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\43cae.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\43caf.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\43cb0.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\43cb1.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\43cb2.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\43cb3.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\43cb4.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\4c10fa5.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\4f8cca1.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\4f8ccb9.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\4f8cccf.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\4f8cce6.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\4f8ccfd.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\5b650.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\5cf263.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\5cf27a.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\759da4.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\759dba.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\759dc5.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\759ddc.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\7748d.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\77499.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\7749a.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\774a9.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\774c4.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\774d1.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\774db.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\7902f.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\79030.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\79031.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\79032.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\79033.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\79034.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\79035.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\79036.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\79037.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\79038.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\8830bb5.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\8830bcc.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\88a392c.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\88a3943.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\88a395a.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\88a3971.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\88a397d.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\88a3995.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\88a39ac.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\88a39c3.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\8b26a1.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\8b26a8.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\8b26af.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\8b26b6.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\8b26cc.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\90f2d.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\90f38.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\90f44.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\924055.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\92406c.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\924082.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\b6fa2f.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\b6fa47.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\b6fa5e.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\b6fa74.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\b6fa8b.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\b6faa3.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\b6faa4.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\b6fabb.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\b6fad2.msp: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}\1046.MST: Error opening file for read: 0x00000005 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\ShellUI.MST: Error opening file for read: 0x00000005 C:\WINDOWS\system32\CatRoot2\edb.log: Error opening file for read: 0x00000020 C:\WINDOWS\system32\CatRoot2\tmp.edb: Error opening file for read: 0x00000020 C:\WINDOWS\system32\config\default: Error opening file for read: 0x00000020 C:\WINDOWS\system32\config\DEFAULT.LOG: Error opening file for read: 0x00000020 C:\WINDOWS\system32\config\SAM: Error opening file for read: 0x00000020 C:\WINDOWS\system32\config\SAM.LOG: Error opening file for read: 0x00000020 C:\WINDOWS\system32\config\SECURITY: Error opening file for read: 0x00000020 C:\WINDOWS\system32\config\SECURITY.LOG: Error opening file for read: 0x00000020 C:\WINDOWS\system32\config\software: Error opening file for read: 0x00000020 C:\WINDOWS\system32\config\SOFTWARE.LOG: Error opening file for read: 0x00000020 C:\WINDOWS\system32\config\system: Error opening file for read: 0x00000020 C:\WINDOWS\system32\config\SYSTEM.LOG: Error opening file for read: 0x00000020 C:\WINDOWS\system32\drivers\sptd.sys: Error opening file for read: 0x00000020 -------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:06:35, on 9/5/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\uTorrent\uTorrent.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WindowsLivePhone] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe /AutoRun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52B03A6C-DA2A-45EB-A2D0-77CD73BEE6A1}: NameServer = 200.165.132.154,200.165.132.147 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7016 bytes ------------------------------------------------------------------------------------------------------------- ############################## | UsbFix 7.044 | [supressão] Usuário: ANDKNUST (Administrador) # PC-HOMEKSA [ ] Atualizado em 25/04/2011 por TeamXscript Começou em 12:03:43 | 09/05/2011 Site: http://www.teamxscript.org Submit your sample: http://www.teamxscript.org/Upload.php Contato: TeamXscript.ElDesaparecido@gmail.com CPU: Intel® Pentium® 4 CPU 3.00GHz CPU 2: Intel® Pentium® 4 CPU 3.00GHz Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall: Habilitado Antivirus: AntiVir Desktop 9.0.1.32 [Enabled | Updated] RAM -> 990 Mb C:\ (%systemdrive%) -> Disco fixo # 24 Gb (12 Mb livre - 50%) [] # NTFS D:\ -> Disco fixo # 125 Gb (50 Mb livre - 40%) [documentos] # NTFS E:\ -> CD-ROM ################## | Ficheiros # pastas infeciosos | Supprimido ! C:\Recycler\S-1-5-21-1409082233-1637723038-1177238915-1001 Supprimido ! C:\Recycler\S-1-5-21-2052111302-682003330-839522115-1003 Supprimido ! D:\Recycler\S-1-5-21-1409082233-1637723038-1177238915-1001 Supprimido ! D:\Recycler\S-1-5-21-2052111302-682003330-839522115-1003 ################## | Registro | Supprimido ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman ################## | Mountpoints2 | Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{d64ef8f6-d889-11de-bb41-0016ec4b124b} ################## | Listing | [08/05/2011 - 19:16:49 | C | 8263] C:\Ad-Report-CLEAN[1].txt [18/02/2011 - 21:04:58 | DC ] C:\Adobe [09/05/2011 - 00:28:19 | DC ] C:\Arquivos de programas [14/09/2009 - 22:34:44 | C | 0] C:\AUTOEXEC.BAT [24/09/2009 - 12:44:33 | DC ] C:\autorun.inf [08/05/2011 - 19:11:31 | DC ] C:\backups [27/11/2009 - 03:12:35 | SHC | 211] C:\boot.ini [28/10/2001 - 15:06:10 | C | 4952] C:\Bootfont.bin [12/02/2010 - 12:36:13 | DC ] C:\CanoScan [17/09/2009 - 22:14:11 | D ] C:\cmdcons [14/09/2009 - 22:34:44 | C | 0] C:\CONFIG.SYS [15/01/2011 - 13:40:40 | C | 256] C:\dk2.mem [31/12/2002 - 23:22:47 | DC ] C:\Documents and Settings [20/02/2011 - 12:48:38 | DC ] C:\DriveKey [29/04/2011 - 21:30:47 | C | 388608] C:\HiJackThis.exe [09/05/2011 - 05:43:02 | C | 6902] C:\hijackthis.log [08/05/2011 - 20:54:30 | D ] C:\HostsXpert [26/03/2011 - 22:02:54 | C | 68792] C:\hpfr3840.log [25/01/2010 - 23:35:38 | DC ] C:\Inetpub [31/12/2002 - 23:13:47 | C | 0] C:\IO.SYS [31/12/2002 - 23:13:47 | C | 0] C:\MSDOS.SYS [18/03/2010 - 13:20:11 | RHDC ] C:\MSOCache [03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM [22/11/2009 - 19:21:36 | N | 251696] C:\ntldr [15/01/2011 - 23:36:03 | DC ] C:\NVIDIA [09/05/2011 - 07:15:18 | ASH | 1610612736] C:\pagefile.sys [11/02/2011 - 20:50:10 | DC ] C:\PenClean [09/05/2011 - 12:05:07 | SHD ] C:\RECYCLER [01/07/2010 - 19:20:16 | SHD ] C:\System Volume Information [28/01/2010 - 08:48:19 | D ] C:\temp [09/05/2011 - 12:05:07 | DC ] C:\UsbFix [09/05/2011 - 12:06:00 | AC | 1248] C:\UsbFix.txt [09/05/2011 - 07:15:56 | D ] C:\WINDOWS [07/03/2011 - 23:09:11 | D ] D:\anderson arquivos [09/12/2009 - 19:48:04 | DC ] D:\bruce 10 junho 09 [09/05/2011 - 10:46:20 | D ] D:\DAN ARQUIVOS [14/11/2010 - 19:28:32 | D ] D:\fotos aniver carolina [04/01/2011 - 14:56:20 | DC ] D:\Meus documentos [22/12/2010 - 08:23:05 | DC ] D:\minhas musics [09/05/2011 - 12:05:07 | SHDC ] D:\RECYCLER [01/07/2010 - 19:20:16 | SHD ] D:\System Volume Information [03/05/2010 - 15:56:21 | ASH | 120832] D:\Thumbs.db [09/05/2011 - 07:34:51 | DC ] D:\wagner ################## | Vaccin | C:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript) D:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript) ################## | Upload | Favor enviar o arquivo: C:\UsbFix_Upload_Me_PC-HOMEKSA.zip http://www.teamxscript.org/Upload.php Obrigado pela sua contribuição. ################## | E.O.F | aguardando respostas! Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 10, 2011 :) Outros problemas foram removidos do seu PC. ____________________ :seta: Favor enviar o arquivo: C:\UsbFix_Upload_Me_PC-HOMEKSA.zip para o site abaixo para que o Usbfix possa ser aperfeiçoado: http://www.teamxscript.org/Upload.php A equipe desenvolvedora do Usbfix agradece pela sua contribuição. ___________________ :seta: Siga também esta dica: Tutorial do Kaspersky Virus Removal Tool Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
danmex 0 Denunciar post Postado Maio 10, 2011 Boa Noiteee.. ja enviei o arquivo como pedido =) aqui vão os logs Verificação automática: concluído 3 minutos atrás (eventos: 2, objetos: 497993, hora: 02:35:50) 10/5/2011 16:09:13 Tarefa iniciada Ação padrão selecionada 10/5/2011 18:45:04 Tarefa concluída Ação padrão selecionada --------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:51:05, on 10/5/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WindowsLivePhone] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe /AutoRun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52B03A6C-DA2A-45EB-A2D0-77CD73BEE6A1}: NameServer = 200.165.132.154,200.165.132.147 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6953 bytes ------------------------------------------------------------------------------------------------------------ Normalmente o pc ta OK.. desde q tirei a placa de video do PC ele nao teve mais nenhum problema.. O que eu faço agora? tento instalar de novo? mas nao tenhu o driver correto :/ a placa e ( GE FORCE FX 5500 AGP ) Abraços Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 11, 2011 :) Seus logs estão limpos. ___________________ :seta: Siga as dicas deste tutorial para fazer uma limpeza com o Tools Cleaner: Tutorial do ToolsCleaner __________________ :seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado: Ccleaner Auslogics Disk Defrag SpywareBlaster Siga também as dicas deste tutorial: Dicas para deixar seu computador mais rápido e eficiente _____________________ :seta: Para evitar que os malwares voltem, desative e ative novamente a restauração do sistema. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok. Depois disso, volte no mesmo local: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Desmarque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok. _____________________ :seta: Fazendo isto, seu PC já estará livre dos virus e malwares que haviam nele. _____________________ Normalmente o pc ta OK..desde q tirei a placa de video do PC ele nao teve mais nenhum problema.. O que eu faço agora? tento instalar de novo? mas nao tenhu o driver correto :/ a placa e ( GE FORCE FX 5500 AGP ) :seta: Quanto a esta questão sugiro que você crie um novo tópico na área abaixo que é específica para esta questão: http://forum.imasters.com.br/forum/85-placas-de-video-e-multimidia/ _____________________ :thumbsup: Foi um prazer ajudar, conte sempre conosco! Compartilhar este post Link para o post Compartilhar em outros sites
danmex 0 Denunciar post Postado Maio 15, 2011 Muito obrigado Antonio Vieira! creio q o meu problema seja na minha placa de video mesmo hehehehe abraços ate a proxima ;) Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Maio 15, 2011 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
