Ir para conteúdo
Fórum Script Brasil
  • 0

[Resolvido]meu pc não desliga na tecla iniciar


novacap

Pergunta

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:48:27, on 11/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\windows\IEXPLORER.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: (no name) - {3F888695-9B41-4B29-9F44-6B560E464A16} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - (no file)

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\system32\khooker.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [symantecFilterCheck] C:\WINDOWS\system32\imglog.exe

O4 - HKLM\..\Run: [GlobalFlagACER] C:\WINDOWS\system32\ACER.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [internet Explorer] C:\windows\IEXPLORER.EXE

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Arquivos de programas\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Arquivos de programas\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .qt: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by14fd.bay14.hotmail.MSN.com/resources/MsnPUpld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.MSN.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://bradesconetempresa.com.br/pj/CA.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.MSN.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginSUD.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/...089/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6490C5BA-CB3F-4E66-AE03-9725096D8D1F}: NameServer = 200.204.0.10 200.204.0.138

O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

--

End of file - 6160 bytes

ficaria grato pela ajuda e atenção obrigado!!!!!!!!!!!!!!!!!!!!!

Editado por novacap
Link para o comentário
Compartilhar em outros sites

11 respostass a esta questão

Posts Recomendados

  • 0

Faça o download do BankerFix:

http://linhadefensiva.uol.com.br/dl/bankerfix

Importante: A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.

Dê dois cliques no bankerfix.exe para executá-lo.

Clique em OK na primeira e na segunda vez que aparecerem caixas de mensagem. Se você estiver executando o BankerFix pela segunda vez, ele irá pedir para verificar por uma atualização. Diga que Sim e depois clique em OK.

Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.

Ao terminar, leia a mensagem na tela e aperte Enter novamente. Quando ele terminar, poste o arquivo relatorio.txt localizado em: C:\LinhaDefensiva\relatorio.txt

Faça também um novo log do HijackThis para colocar na sua resposta.

Depois de fazer sua resposta você pode apagar a pasta:

C:\LinhaDefensiva

Link para o comentário
Compartilhar em outros sites

  • 0
Faça o download do BankerFix:

http://linhadefensiva.uol.com.br/dl/bankerfix

Importante: A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.

Dê dois cliques no bankerfix.exe para executá-lo.

Clique em OK na primeira e na segunda vez que aparecerem caixas de mensagem. Se você estiver executando o BankerFix pela segunda vez, ele irá pedir para verificar por uma atualização. Diga que Sim e depois clique em OK.

Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.

Ao terminar, leia a mensagem na tela e aperte Enter novamente. Quando ele terminar, poste o arquivo relatorio.txt localizado em: C:\LinhaDefensiva\relatorio.txt

Faça também um novo log do HijackThis para colocar na sua resposta.

Depois de fazer sua resposta você pode apagar a pasta:

C:\LinhaDefensiva

opa muito obrigado!!!!!

log bankerfix..............

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 12/12/2007 - 11:33

-------------------------------------------------------

Lista de Definição: 2007-12-12-1

=======================================================

Arquivo infectado detectado: C:\WINDOWS\ponto.dll

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\syst.dat

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\iexplorer.exe

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\SYSTEM32\ACER.exe

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\SYSTEM32\imglog.exe

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\SYSTEM32\Windows.scr

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\Arquivos de programas\msn_livers.exe

Arquivo infectado removido com sucesso!

Killando arquivos em Help

-----------------------------------

Killing '*'

Removendo Arquivos em Help

-----------------------------------

----- Fim -------------------------

log hijackthis.................

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:39:07, on 12/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\sistray.EXE

C:\WINDOWS\system32\khooker.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\WINDOWS\system32\pctspk.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: (no name) - {3F888695-9B41-4B29-9F44-6B560E464A16} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - (no file)

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\system32\khooker.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Arquivos de programas\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Arquivos de programas\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .qt: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by14fd.bay14.hotmail.MSN.com/resources/MsnPUpld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.MSN.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://bradesconetempresa.com.br/pj/CA.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.MSN.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginSUD.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/...089/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6490C5BA-CB3F-4E66-AE03-9725096D8D1F}: NameServer = 200.204.0.10 200.204.0.138

O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Marilena/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg

--

End of file - 6429 bytes

novamente obrigado!!!!!!

Link para o comentário
Compartilhar em outros sites

  • 0

Faça o download do SDFix:

http://linhadefensiva.uol.com.br/dl/sdfix

Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix)

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

  1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
  2. Tecle Y para que a ferramenta inicie o processo de remoção
  3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
  4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
  5. Uma janela com o relatório do SDFix irá aparecer.
  6. Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt
Reinicie e poste um novo Log do Hijackthis feito em Modo Normal.
Link para o comentário
Compartilhar em outros sites

  • 0

Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão ht-fix.png

O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

Reinicie.

Faça um scan on line na Kaspersky

*Acesse o site, clique em kasperdx9.jpg.

Na próxima página, clique em I Accept para instalar o controle activeX e em seguida atualize o banco de dados.

Na próxima página, clique em My Computer e faça o scan.

Tenha paciência. Tanto para atualizar a base de dados, quanto para o próprio exame, demora bastante.

Salve e poste o resultado.

Link para o comentário
Compartilhar em outros sites

  • 0
Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão ht-fix.png

O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

Reinicie.

Faça um scan on line na Kaspersky

*Acesse o site, clique em kasperdx9.jpg.

Na próxima página, clique em I Accept para instalar o controle activeX e em seguida atualize o banco de dados.

Na próxima página, clique em My Computer e faça o scan.

Tenha paciência. Tanto para atualizar a base de dados, quanto para o próprio exame, demora bastante.

Salve e poste o resultado.

scaneamento do KASPERSKY

KASPERSKY ONLINE SCANNER REPORT

Thursday, December 13, 2007 9:00:21 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 13/12/2007

Kaspersky Anti-Virus database records: 481736

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

Scan Statistics:

Total number of scanned objects: 46136

Number of viruses found: 5

Number of infected objects: 7

Number of suspicious objects: 0

Duration of the scan process: 02:36:36

Infected Object Name / Virus Name / Last Action

C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped

C:\Arquivos de programas\msn_livers.txt Infected: Trojan-Downloader.Win32.Banload.exn skipped

C:\Arquivos de programas\PartyGaming\PartyPoker\6081641.hhf Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Marilena\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Marilena\Configurações locais\Histórico\History.IE5\MSHist012007121320071214\index.dat Object is locked skipped

C:\Documents and Settings\Marilena\Configurações locais\Temp\~DFE134.tmp Object is locked skipped

C:\Documents and Settings\Marilena\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Marilena\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Marilena\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Marilena\ntuser.dat Object is locked skipped

C:\Documents and Settings\Marilena\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{695020E1-3C1E-44BC-B1BC-0FEA4A653C0E}\RP297\A0100402.cmd Infected: Trojan-Downloader.Win32.Banload.fmb skipped

C:\System Volume Information\_restore{695020E1-3C1E-44BC-B1BC-0FEA4A653C0E}\RP314\A0128757.EXE Infected: Trojan-Spy.Win32.Banker.gfv skipped

C:\System Volume Information\_restore{695020E1-3C1E-44BC-B1BC-0FEA4A653C0E}\RP314\A0128759.exe Infected: Trojan-Spy.Win32.Banker.fyu skipped

C:\System Volume Information\_restore{695020E1-3C1E-44BC-B1BC-0FEA4A653C0E}\RP314\A0128761.exe Infected: Trojan-Downloader.Win32.Banload.exn skipped

C:\System Volume Information\_restore{695020E1-3C1E-44BC-B1BC-0FEA4A653C0E}\RP315\change.log Object is locked skipped

C:\WINDOWS\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\WINDOWS\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\WINDOWS\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\WINDOWS\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\WINDOWS\CSC0000001 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLog.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped

C:\WINDOWS\SYSTEM32\mod1.scr Infected: Trojan-Spy.Win32.Banker.fyu skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\TEMP\Perflib_Perfdata_3c4.dat Object is locked skipped

C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\_Disks\Drivers\Utility\PCDJ\setupsilver.exe Infected: not-a-virus:AdWare.Win32.TimeSink.d skipped

Scan process completed.

log do HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:03:34, on 14/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\sistray.EXE

C:\WINDOWS\system32\khooker.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\WINDOWS\system32\pctspk.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: (no name) - {3F888695-9B41-4B29-9F44-6B560E464A16} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - (no file)

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\system32\khooker.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Arquivos de programas\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Arquivos de programas\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .qt: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by14fd.bay14.hotmail.MSN.com/resources/MsnPUpld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.MSN.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://bradesconetempresa.com.br/pj/CA.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.MSN.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginSUD.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/...089/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6490C5BA-CB3F-4E66-AE03-9725096D8D1F}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Marilena/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg

--

End of file - 6400 bytes

Link para o comentário
Compartilhar em outros sites

  • 0

Baixe o Pocket KillBox

Salve em uma pasta em C:\

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Abra o Bloco de Notas, copie estas linhas e salve.

C:\Arquivos de programas\msn_livers.txt

C:\WINDOWS\SYSTEM32\mod1.scr

Abra o KillBox e marque a função Delete on Reboot. Abra o Bloco de notas, selecione e copie as linhas salvas. No KillBox, clique em File, depois em Paste from Clipboard, Clique no botão All Files e clique no botão killbox.png. Depois clique em Não.

Reinicie.

Clique em Iniciar -> Configurações -> Painel de Controle -> Abra o item Sistema.

Clique na guia Restauração do Sistema -> Marque Desativar restauração do sistemas em todas as unidades -> Em seguida clique em Aplicar. Após aplicado, desmarque a caixa Desativar restauração do sistemas em todas as unidades e clique novamente em Aplicar depois Ok.

Delete a pasta !KillBox que está localizada em C:\.

Seu Log está limpo. Ainda há algum problema com o PC?

Link para o comentário
Compartilhar em outros sites

  • 0
Baixe o Pocket KillBox

Salve em uma pasta em C:\

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Abra o Bloco de Notas, copie estas linhas e salve.

C:\Arquivos de programas\msn_livers.txt

C:\WINDOWS\SYSTEM32\mod1.scr

Abra o KillBox e marque a função Delete on Reboot. Abra o Bloco de notas, selecione e copie as linhas salvas. No KillBox, clique em File, depois em Paste from Clipboard, Clique no botão All Files e clique no botão killbox.png. Depois clique em Não.

Reinicie.

Clique em Iniciar -> Configurações -> Painel de Controle -> Abra o item Sistema.

Clique na guia Restauração do Sistema -> Marque Desativar restauração do sistemas em todas as unidades -> Em seguida clique em Aplicar. Após aplicado, desmarque a caixa Desativar restauração do sistemas em todas as unidades e clique novamente em Aplicar depois Ok.

Delete a pasta !KillBox que está localizada em C:\.

Seu Log está limpo. Ainda há algum problema com o PC?

bom primeiramente gostaria de agradeçer o todos vces pelo otimo trabalho e paciencia com todos

diferença eu senti logo no primeiro processo melhorou o rendimento da maquina e parou de dar umas travadas q frequentimente dava muito obrigado .......agora quero arrumar o de casa também hehehehe já postei o log em outro tópico por vias das duvidas postarei denovo o log deste obrigado um abraço e muito sucesso a todos vces......

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:37:42, on 14/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\sistray.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\khooker.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\WINDOWS\system32\pctspk.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.MSN.com/0SEENUS/SAOS01?FORM=TOOLBR

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: (no name) - {3F888695-9B41-4B29-9F44-6B560E464A16} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - (no file)

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\system32\khooker.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Arquivos de programas\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Arquivos de programas\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O12 - Plugin for .qt: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by14fd.bay14.hotmail.MSN.com/resources/MsnPUpld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.MSN.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://bradesconetempresa.com.br/pj/CA.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.MSN.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginSUD.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/...089/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6490C5BA-CB3F-4E66-AE03-9725096D8D1F}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Marilena/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg

--

End of file - 6334 bytes

Editado por JackSSA
Link para o comentário
Compartilhar em outros sites

Visitante
Este tópico está impedido de receber novos posts.


  • Estatísticas dos Fóruns

    • Tópicos
      152,3k
    • Posts
      652,4k
×
×
  • Criar Novo...