vitor siqueira
-
Total de itens
13 -
Registro em
-
Última visita
Posts postados por vitor siqueira
-
-
Obrigado!!!
Funcionou bem, agora a tela de boas vindas aparece novamente.
Valeu!!!!
-
Os Serviços de cliente para netware desativaram a tela de boas vindas e a troca rápida de usuário.
Já sei que devo desinstalar, no entanto, como utilizo a netcombo para acessar a internet, fico com medo de desinstalar e gerar outro problema, gostaria de saber se posso desinstalá-lo sem que ocorra algum problema.
Obrigado!!
-
Quando inicializo meu pc, aparecem várias mensagens de erro, não consigo entrar em nenhum programa, nem navegar pelo windows explorer, quando clico no iniciar e tento ir para meus documentos (por exemplo) surge a seguinte mensagem:
"o explorer.EXE encontrou um problema e precisa ser fechado". Somente pelo gerenciador de tarefas é que consegui acessar a internet e abrir alguns programas.
Erro típico de ( Bad Cluster ) Trilhas ruins no HD....por isso não consegue executar os programas ..... surigo formatar o seu HD e reisntalar o windows
abraço
Obrigado!
-
Quando inicializo meu pc, aparecem várias mensagens de erro, não consigo entrar em nenhum programa, nem navegar pelo windows explorer, quando clico no iniciar e tento ir para meus documentos (por exemplo) surge a seguinte mensagem:
"o explorer.EXE encontrou um problema e precisa ser fechado". Somente pelo gerenciador de tarefas é que consegui acessar a internet e abrir alguns programas.
-
Olá boa tarde, estou com um problema no meu pc, que acontece o seguinte:
quando vou em iniciar /desligar surge uma caixa de mensagem dizendo : "end program wms idle".
E o mesmo não encerra enquanto não é fechado. Desde já agradeço a atenção !
-
Olá, Miliane.
Obrigado pela ajuda.
Acho não tem nenhum outro problema.
Um abraço!
-
-
Esse é o resultado que aparece do virustotal :
Arquivo regwiz.exe recebido em 2008.03.08 23:45:16 (CET)
Andamento: Carregando ... na fila aguardando analisando terminado NÃO ENCONTRADO PARADO
Resultado: 0/32 (0%)
-
-
-
Olá Miliane, acho que fiz tudo certo !!!
Espero resposta para saber se já está desinfectado.
Obrigado pela ajuda!!!
Aí vai o que estava no Combofix.txt:
ComboFix 08-03-05.1 - Administrador 2008-03-06 1:30:40.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.88 [GMT -3:00]
Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Arquivos de programas\Helper
C:\Arquivos de programas\Helper\1204260677.dll
C:\Arquivos de programas\montorgueil
C:\Arquivos de programas\montorgueil\_defexitcd_971_1_6\_defexitcd_971_1_6.exe
C:\Arquivos de programas\montorgueil\_defexitcd_971_1_6\_defexitcd_971_1_6.ico
C:\Arquivos de programas\montorgueil\14.06268
C:\WINDOWS.0\new_drv.sys
C:\WINDOWS.0\system32\DefLib.sys
C:\WINDOWS.0\system32\drivers\protect.sys
C:\WINDOWS.0\system32\heuvth.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_MSUPDATE
-------\LEGACY_NEW_DRV
-------\LEGACY_PROTECT
-------\LEGACY_SYSLIBRARY
-------\msupdate
-------\new_drv
-------\protect
-------\SysLibrary
((((((((((((((((((((((( Ficheiros criados de 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))))
.
2008-03-05 00:52 . 2008-03-05 00:52 <DIR> d-------- C:\Arquivos de programas\Trend Micro
2008-03-04 18:22 . 2008-03-04 18:22 <DIR> d--hs---- C:\FOUND.010
2008-03-01 17:16 . 2008-03-01 17:16 268 --ah----- C:\sqmdata05.sqm
2008-03-01 17:16 . 2008-03-01 17:16 244 --ah----- C:\sqmnoopt05.sqm
2008-03-01 17:16 . 2008-03-01 17:16 172 --ah----- C:\sqmnoopt07.sqm
2008-03-01 17:16 . 2008-03-01 17:16 172 --ah----- C:\sqmnoopt06.sqm
2008-03-01 17:16 . 2008-03-01 17:16 172 --ah----- C:\sqmdata07.sqm
2008-03-01 17:16 . 2008-03-01 17:16 172 --ah----- C:\sqmdata06.sqm
2008-03-01 16:44 . 2008-03-01 16:44 <DIR> d--hs---- C:\FOUND.009
2008-02-29 01:51 . 2008-02-29 01:51 <DIR> d-------- C:\Arquivos de programas\Sotfone
2008-02-29 01:51 . 2008-02-29 01:51 116 --a------ C:\4592032.bat
2008-02-29 01:50 . 2008-02-29 01:50 <DIR> d-------- C:\Arquivos de programas\NetProject
2008-02-28 03:04 . 2008-02-28 03:04 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0
2008-02-24 16:15 . 2008-02-24 16:15 1,517,568 --a------ C:\WINDOWS.0\krn4.exe
2008-02-24 03:20 . 2008-02-24 03:20 <DIR> d-------- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2
2008-02-24 03:19 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS.0\system32\spupdsvc.exe
2008-02-09 18:48 . 2008-02-09 18:49 61,952 --a------ C:\2F.tmp
2008-02-09 18:48 . 2008-02-09 18:48 12,800 --a------ C:\WINDOWS.0\system32\mssrv32.exe
2008-02-09 18:48 . 2008-02-09 18:48 4 --a------ C:\30.tmp
2008-02-09 03:08 . 2008-02-09 03:08 <DIR> d--hs---- C:\FOUND.008
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 07:02 3,796,338 ----a-w C:\AVG7DB_F.DAT
2008-02-09 21:49 46,080 ----a-w C:\WINDOWS.0\system32\regwiz.exe.tmp
2008-01-19 07:38 --------- d-----w C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Live Toolbar
2008-01-19 07:22 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar
2008-01-18 08:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\snpstd
2008-01-18 08:18 --------- d-----w C:\Arquivos de programas\Reality Fusion
2008-01-18 08:16 724,992 ----a-w C:\WINDOWS.0\iun6002.exe
2008-01-18 06:16 --------- d-----w C:\Arquivos de programas\Acelerador POP
2008-01-18 06:15 2,507,385 ----a-w C:\InstaladorPopA.exe
2008-01-18 06:15 --------- d-----w C:\Arquivos de programas\POPDiscador
2008-01-18 05:58 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\SlipStream
2008-01-18 05:57 1,979,437 ----a-w C:\aceleradorpop.exe
2008-01-18 04:23 --------- d-----w C:\Arquivos de programas\CC2000
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS.0\system32\dllcache\mrxdav.sys
2001-12-23 21:31 271 --sh--w C:\Arquivos de programas\desktop.ini
2001-12-23 21:31 23,439 ---h--w C:\Arquivos de programas\folder.htt
.
<pre> ----a-w 258,048 2000-03-22 21:43:56 C:\games\Win Games\beertend .exe </pre>
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C52A42-DB8B-4ade-AA4A-CED6A8282B67}]
2008-02-29 01:51 14848 --a------ C:\Arquivos de programas\Sotfone\1204260679.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
2008-03-06 01:01 9728 --a------ C:\Arquivos de programas\NetProject\sbmdl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{8B79EE88-E62D-4AA8-B530-CC357BA112B7}
{81705D67-3F73-4983-859B-97D0922E5ABE}
[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{81705D67-3F73-4983-859B-97D0922E5ABE}"= C:\Arquivos de programas\NetProject\wamdl.dll [2008-02-29 01:51 72704]
[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS.0\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 07:28 172032]
"HPHUPD06"="C:\Arquivos de programas\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 01:53 49152]
"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38 49152]
"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HPHmon06"="C:\WINDOWS.0\system32\hphmon06.exe" [2004-06-07 01:48 659456]
"POPDiscador"="C:\Arquivos de programas\POPDiscador\POPDiscador.exe" [2007-07-30 10:52 2040832]
"snpstd"="C:\WINDOWS.0\vsnpstd.exe" [2004-06-10 13:48 286720]
"SlipStream"="C:\Arquivos de programas\Acelerador POP\slipcore.exe" [2006-11-23 16:39 245760]
"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-02-29 03:29 352256]
"AVG7_EMC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-02-29 03:29 273920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe" [2001-12-26 03:04 151552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-04 04:45 400384 C:\WINDOWS.0\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS.0\system32\tscupgrd.exe" [2004-08-04 02:34 44544]
C:\DOCUME~1\ALLUSE~1\MENUIN~1\PROGRA~1\INICIA~1\
HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\digital imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]
Inicializa‡Æo r pida do HP Image Zone.lnk - C:\Arquivos de programas\HP\digital imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]
STK02N PNP Monitor.lnk - C:\Arquivos de programas\STK02N\STK02NM.exe [2007-12-21 12:45:03 163840]
Acelerador POP.lnk - C:\Arquivos de programas\Acelerador POP\slipgui.exe [2008-02-09 16:32:34 159744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-02-29 03:29 352256 C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
--a------ 2008-02-29 03:29 273920 C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GLDStart]
C:\Arquivos de programas\GLDirect\gldirect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
--a------ 2001-10-04 14:48 173056 C:\WINDOWS.0\system32\pctspk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-03-10 15:45 35328 C:\Arquivos de programas\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\DremTeamShare\\DreMule\\emule.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
R3 SiS630;SiS630;C:\WINDOWS.0\system32\DRIVERS\sis630p.sys [2001-08-30 18:59]
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS.0\system32\DRIVERS\NtApm.sys [2001-09-06 01:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 01:43:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS.0\system32\HPZipm12.exe
C:\Arquivos de programas\HP\hpcoretech\comp\hptskmgr.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Tempo para conclusão: 2008-03-06 1:46:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-06 04:46:00
.
2008-03-03 23:14:06 --- E O F ---
-
Your computer is infected with adware or spyware that displays advertisements while you browse the internet.
Would you like to dowload additional software to remove malwere threats and protect your sistem?
Essa é uma das mensagens e quando eu clico no balão ele abre uma página da internet em inglês que parece ser de dowload de programas para remover malware. No entanto não baixei nada fiquei um pouco indeciso.
Por favor diga-me o que fazer.
Um abraço!!
-
Meu pc está infectado.
Segui as instruções do tópico baixei o Hijack this.
aí vai o que deu!!!
Por favor ajuda-me.
Abraço!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:55:14, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\svchost.exe
C:\Arquivos de programas\NetProject\scit.exe
C:\Arquivos de programas\NetProject\sbmntr.exe
C:\WINDOWS.0\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Arquivos de programas\NetProject\scm.exe
C:\Arquivos de programas\NetProject\sbsm.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS.0\system32\hphmon06.exe
C:\Arquivos de programas\POPDiscador\POPDiscador.exe
C:\WINDOWS.0\vsnpstd.exe
C:\Arquivos de programas\Acelerador POP\slipcore.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS.0\system32\HPZipm12.exe
C:\Arquivos de programas\STK02N\STK02NM.exe
C:\Arquivos de programas\Acelerador POP\slipgui.exe
C:\Arquivos de programas\HP\hpcoretech\comp\hptskmgr.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
F2 - REG:system.ini: UserInit=C:\WINDOWS.0\system32\userinit.exe,C:\WINDOWS.0\system32\regwiz.exe,
O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - C:\Arquivos de programas\Helper\1204260677.dll
O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Arquivos de programas\Sotfone\1204260679.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Arquivos de programas\Acelerador POP\PBHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Arquivos de programas\NetProject\sbmdl.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acelerador POP - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Arquivos de programas\Acelerador POP\Toolband.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Arquivos de programas\NetProject\wamdl.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS.0\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Arquivos de programas\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS.0\system32\hphmon06.exe
O4 - HKLM\..\Run: [POPDiscador] C:\Arquivos de programas\POPDiscador\POPDiscador.exe --minimized
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS.0\vsnpstd.exe
O4 - HKLM\..\Run: [slipStream] "C:\Arquivos de programas\Acelerador POP\slipcore.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Firewall auto setup] C:\WINDOWS.0\TEMP\winlogon.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Arquivos de programas\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Arquivos de programas\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: STK02N PNP Monitor.lnk = ?
O4 - Global Startup: Acelerador POP.lnk = C:\Arquivos de programas\Acelerador POP\slipgui.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Mostrar Imagem Original - res://C:\Arquivos de programas\Acelerador POP\gui_resource.dll/328
O8 - Extra context menu item: Mostrar Todas as Imagens Originais - res://C:\Arquivos de programas\Acelerador POP\gui_resource.dll/327
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php (file missing)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{53603D80-91A8-41E8-B089-6AEA7FD99724}: NameServer = 200.175.8.89 200.175.5.185
O22 - SharedTaskScheduler: corduroyed - {699fabf8-1087-491f-b57c-80a68929d82b} - C:\WINDOWS.0\system32\heuvth.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows.0\system32\mssrv32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.0\system32\HPZipm12.exe
--
End of file - 7714 bytes
-
Há uma infecção por um trojan banker. Este trojan captura senhas e as envia para um cracker. É recomendável que troque as mesmas.
Baixe o BankerFix
Desative o seu antivírus temporariamente, para não haver conflitos.
Dê um duplo-clique no bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.
Habilite o seu antivírus.
Faça também um novo log do HijackThis para colocar na sua resposta, junto com o relatorio.txt do BankerFix. Está em C:\LinhaDefensiva\relatorio.txt
Depois de fazer sua resposta você pode apagar a pasta LinhaDefensiva que está em C:\
Desculpe se estiver sendo chato, mas não sei como desativar meu anti-vírus tenho q desinstalar???
E esse novo log que tu falaste, faço o mesmo procedimento que fiz anteriormente??
Obrigado pela ajuda!!
Acho que fiz tudo certo! Por favor mande-me resposta. Obrigado
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:19:02, on 20/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\sm56hlpr.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\POPDiscador\POPDiscador.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Acelerador POP\slipcore.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Acelerador POP\slipgui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Favorites\wlfsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-1.dll (file missing)
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Acelerador POP\PBHelper.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsk1FA.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Acelerador POP\components\NOWImaging.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Acelerador POP - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\Acelerador POP\Toolband.dll
O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [CallControl 4.5] "C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe" /autoload
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [POPDiscador] C:\Program Files\POPDiscador\POPDiscador.exe --minimized
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [slipStream] "C:\Program Files\Acelerador POP\slipcore.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Acelerador POP.lnk = C:\Program Files\Acelerador POP\slipgui.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Mostrar Imagem Original - res://C:\Program Files\Acelerador POP\gui_resource.dll/328
O8 - Extra context menu item: Mostrar Todas as Imagens Originais - res://C:\Program Files\Acelerador POP\gui_resource.dll/327
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1192177059515
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2895.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{714EBA45-40F1-4664-AA00-68D9A8A35D11}: NameServer = 200.175.8.89 200.175.5.185
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 9471 bytes
BankerFix 2.4 - Removedor de Bankers
Linha Defensiva - http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
Data: 20/12/2007 - 0:13
-------------------------------------------------------
Lista de Definição: 2007-12-12-1
=======================================================
Arquivo infectado detectado: C:\WINDOWS\Winbra.cas
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\system32\gmilogof.exe
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\system32\Mscheldork.exe
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\system32\Walcult.exe
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\system32\Zred2.exe
Arquivo infectado removido com sucesso!
Killando arquivos em Help
-----------------------------------
Killing '*'
Removendo Arquivos em Help
-----------------------------------
----- Fim -------------------------
-
Há uma infecção por um trojan banker. Este trojan captura senhas e as envia para um cracker. É recomendável que troque as mesmas.
Baixe o BankerFix
Desative o seu antivírus temporariamente, para não haver conflitos.
Dê um duplo-clique no bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.
Habilite o seu antivírus.
Faça também um novo log do HijackThis para colocar na sua resposta, junto com o relatorio.txt do BankerFix. Está em C:\LinhaDefensiva\relatorio.txt
Depois de fazer sua resposta você pode apagar a pasta LinhaDefensiva que está em C:\
Desculpe se estiver sendo chato, mas não sei como desativar meu anti-vírus tenho q desinstalar???
E esse novo log que tu falaste, faço o mesmo procedimento que fiz anteriormente??
Obrigado pela ajuda!!
-
Segui as intruções... por favor avisem-me quando estiver pronto. Obrigado!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:08:49, on 19/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\sm56hlpr.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\POPDiscador\POPDiscador.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Acelerador POP\slipcore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\gmilogof.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Acelerador POP\slipgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-1.dll (file missing)
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Acelerador POP\PBHelper.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsk1FA.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Acelerador POP\components\NOWImaging.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Acelerador POP - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\Acelerador POP\Toolband.dll
O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [CallControl 4.5] "C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe" /autoload
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [POPDiscador] C:\Program Files\POPDiscador\POPDiscador.exe --minimized
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [slipStream] "C:\Program Files\Acelerador POP\slipcore.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [symantecFilterCheck] C:\WINDOWS\system32\gmilogof.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Acelerador POP.lnk = C:\Program Files\Acelerador POP\slipgui.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Mostrar Imagem Original - res://C:\Program Files\Acelerador POP\gui_resource.dll/328
O8 - Extra context menu item: Mostrar Todas as Imagens Originais - res://C:\Program Files\Acelerador POP\gui_resource.dll/327
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1192177059515
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2895.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{714EBA45-40F1-4664-AA00-68D9A8A35D11}: NameServer = 200.175.8.89 200.175.5.185
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 9563 bytes
-
@ vitor siqueira
Siga os procedimentos do tópico abaixo e poste seu log na área de Remoção de Malwares para ser análisado, observando também o que é informado em Notas e orientações.
Posso baixar direto do pc??? Quando eu tentei baixar um anti-vírus não consegui???
O Hijackthis é um programa de análise, faça conforme o JackSSA recomendou, baixe o Hijackthis no seu computador, instale-o e crie um log conforme explica no post, depois poste em Remoção de Malwares, os analistas o ajudarão dali para frente.
Muito obrigado!!
-
Já passou o anti-vírus ? Você consegue executar o anti-vírus ou o pc trava antes de finalizar ? Se você executou o anti-vírus e não encontrou nada, então faça backup dos seus arquivos importantes, guarde-os em CD's ou DVD's. Depois disso formate e instale tudo de novo.
Já passei e continua dando essa mensagem....
não consigo baixar nada da internet e o pc tá lento pra caramba!!
-
@ vitor siqueira
Siga os procedimentos do tópico abaixo e poste seu log na área de Remoção de Malwares para ser análisado, observando também o que é informado em Notas e orientações.
Posso baixar direto do pc??? Quando eu tentei baixar um anti-vírus não consegui???
-
Não sei o q fazer.... não consigo baixar nada da internet.
E o pc tá demorado, fica trancando dai tenho que reiniciar.
Obrigado pela ajuda desde já.
PC reinica sozinho e muito lento
em Remoção De Malwares
Postado
Meu pc está com um problema. Reinicializa sozinho e está muito lento.
Segue log HijackThis v2.0.2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:59:28, on 29/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\ARQUIV~1\Magentic\bin\MgApp.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashSimpl.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll (file missing)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Arquivos de programas\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Magentic] C:\ARQUIV~1\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Arquivos de programas\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\digital imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c98ee030fd60a0) (gupdate1c98ee030fd60a0) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5441 bytes
Aguardo instruções.
Abraço.