Jump to content
Fórum Script Brasil
  • 0

[resolvido]log Para Análise


RenatoMejias

Question

Um amigo da faculdade tem tido problemas na conexão com a internet, ele alega lentidão e problemas com o navegador, pedi para ele fazer o log e me passar por disquete. Ai vai...

Logfile of HijackThis v1.99.1

Scan saved at 16:57:21, on 20/10/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

C:\WINDOWS\system32\pctspk.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Documents and Settings\Windows XP\Configurações locais\Temp\Diretório temporário 1 para hijackthis.zip\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/

O1 - Hosts: 66.197.204.213 www.halifax-online.co.uk

O1 - Hosts: 66.197.204.213 ibank.barclays.co.uk

O1 - Hosts: 66.197.204.213 online.lloydstsb.co.uk

O1 - Hosts: 66.197.204.213 online-business.lloydstsb.co.uk

O1 - Hosts: 66.197.204.213 www.ukpersonal.hsbc.co.uk

O1 - Hosts: 66.197.204.213 www.nwolb.com

O1 - Hosts: 66.197.204.213 banesnet.banesto.es

O1 - Hosts: 66.197.204.213 extranet.banesto.es

O1 - Hosts: 66.197.204.213 ebanking.bccbrescia.it

O1 - Hosts: 66.197.204.213 www.bankofscotlandhalifax-online.co.uk

O1 - Hosts: 66.197.204.213 www.rbsdigital.com

O1 - Hosts: 66.197.204.213 oi.cajamadrid.es

O1 - Hosts: 66.197.204.213 bancae.caixapenedes.com

O1 - Hosts: 66.197.204.213 banking.postbank.de

O1 - Hosts: 66.197.204.213 meine.deutsche-bank.de

O1 - Hosts: 66.197.204.213 myonlineaccounts2.abbeynational.co.uk

O1 - Hosts: 66.197.204.213 ibank.cahoot.com

O1 - Hosts: 66.197.204.213 webbank.openplan.co.uk

O1 - Hosts: 66.197.204.213 bancopostaonline.poste.it

O1 - Hosts: 66.197.204.213 www.rasbank.it

O1 - Hosts: 66.197.204.213 www.credem.it

O1 - Hosts: 66.197.204.213 mybank.bybank.it

O1 - Hosts: 66.197.204.213 www.bancagenerali.it

O1 - Hosts: 66.197.204.213 www.bancaintesa.it

O1 - Hosts: 66.197.204.213 www.creval.it

O1 - Hosts: 66.197.204.213 ibank.internationalbanking.barclays.com

O1 - Hosts: 66.197.204.213 www.abbeyinternational.com

O1 - Hosts: 66.197.204.213 www.bbvanet.com

O1 - Hosts: 66.197.204.213 www.fineco.it

O1 - Hosts: 66.197.204.213 www.cajamar.es

O1 - Hosts: 66.197.204.213 welcome7.co-operativebank.co.uk

O1 - Hosts: 66.197.204.213 welcome11.co-operativebankonline.co.uk

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\System32\vturq.dll

O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\System32\quejmuqc.dll

O4 - HKLM\..\Run: [taskmgr] C:\WINDOWS\System32\msbcs.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerDVD] C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe /autostart

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Nero DriveSpeed] C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\system32\syshost.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [ierro] C:\ierro.exe

O4 - HKLM\..\Run: [foxhhfp3611] C:\WINDOWS\help\gfjh2263.exe

O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"

O4 - HKLM\..\Run: [Compaq Service Drivers] winsvc32.exe

O4 - HKLM\..\Run: [cmrss] C:\WINDOWS\System32\cmrss.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunServices: [Compaq Service Drivers] winsvc32.exe

O4 - HKCU\..\Run: [WinFixer2005] "C:\Arquivos de programas\WinFixer 2005\uwfx5.exe" /min

O4 - HKCU\..\Run: [sysProtect] C:\Arquivos de programas\SysProtect Free\USYP.exe /min

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\RunServices: [Compaq Service Drivers] winsvc32.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118467307328

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtool...ams/hbtools.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.MSN.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/...ece5b5b666353a7

O16 - DPF: {E cellSpacing=5 cellPadding=3 width=400} -

O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} - http://www.gazzag.com/imp/grabmail.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: qjpcrlqy - C:\WINDOWS\SYSTEM32\qjpcrlqy.dll

O20 - Winlogon Notify: vturq - C:\WINDOWS\System32\vturq.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Link to comment
Share on other sites

16 answers to this question

Recommended Posts

  • 0

Primeiramente, o Hijackthis deve estar em uma pasta própria, no caso do Log acima, está em uma pasta temporária.

Baixe o BankerFix

Dê um duplo-clique no bankerfix.exe, dê o Enter e espere

ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

O Bloco de Notas irá aparecer. Copie toda a informação na tela (Editar -> Selecionar Tudo /

Editar -> Copiar) e então cole tudo aqui na sua resposta (Editar -> Colar).

Faça também um novo log do HijackThis para colocar na sua resposta.

Depois de fazer sua resposta você pode apagar a pasta LinhaDefensiva que está em C:\

Link to comment
Share on other sites

  • 0

Meu amigo fez os procedimentos indicados e ai vai o log:

Logfile of HijackThis v1.99.1

Scan saved at 23:14:49, on 28/10/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\K-Lite2006\kazaalite.kpp

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Windows XP\Configurações locais\Temp\Diretório temporário 3 para hijackthis.zip\HijackThis.exe

C:\WINDOWS\System32\mysvcc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/

O1 - Hosts: 66.197.204.213 www.halifax-online.co.uk

O1 - Hosts: 66.197.204.213 ibank.barclays.co.uk

O1 - Hosts: 66.197.204.213 online.lloydstsb.co.uk

O1 - Hosts: 66.197.204.213 online-business.lloydstsb.co.uk

O1 - Hosts: 66.197.204.213 www.ukpersonal.hsbc.co.uk

O1 - Hosts: 66.197.204.213 www.nwolb.com

O1 - Hosts: 66.197.204.213 banesnet.banesto.es

O1 - Hosts: 66.197.204.213 extranet.banesto.es

O1 - Hosts: 66.197.204.213 ebanking.bccbrescia.it

O1 - Hosts: 66.197.204.213 www.bankofscotlandhalifax-online.co.uk

O1 - Hosts: 66.197.204.213 www.rbsdigital.com

O1 - Hosts: 66.197.204.213 oi.cajamadrid.es

O1 - Hosts: 66.197.204.213 bancae.caixapenedes.com

O1 - Hosts: 66.197.204.213 banking.postbank.de

O1 - Hosts: 66.197.204.213 meine.deutsche-bank.de

O1 - Hosts: 66.197.204.213 myonlineaccounts2.abbeynational.co.uk

O1 - Hosts: 66.197.204.213 ibank.cahoot.com

O1 - Hosts: 66.197.204.213 webbank.openplan.co.uk

O1 - Hosts: 66.197.204.213 bancopostaonline.poste.it

O1 - Hosts: 66.197.204.213 www.rasbank.it

O1 - Hosts: 66.197.204.213 www.credem.it

O1 - Hosts: 66.197.204.213 mybank.bybank.it

O1 - Hosts: 66.197.204.213 www.bancagenerali.it

O1 - Hosts: 66.197.204.213 www.bancaintesa.it

O1 - Hosts: 66.197.204.213 www.creval.it

O1 - Hosts: 66.197.204.213 ibank.internationalbanking.barclays.com

O1 - Hosts: 66.197.204.213 www.abbeyinternational.com

O1 - Hosts: 66.197.204.213 www.bbvanet.com

O1 - Hosts: 66.197.204.213 www.fineco.it

O1 - Hosts: 66.197.204.213 www.cajamar.es

O1 - Hosts: 66.197.204.213 welcome7.co-operativebank.co.uk

O1 - Hosts: 66.197.204.213 welcome11.co-operativebankonline.co.uk

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\System32\vturq.dll

O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\System32\quejmuqc.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerDVD] C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe /autostart

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Nero DriveSpeed] C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\system32\syshost.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"

O4 - HKLM\..\Run: [Compaq Service Drivers] winsvc32.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe

O4 - HKLM\..\RunServices: [Compaq Service Drivers] winsvc32.exe

O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe

O4 - HKCU\..\Run: [WinFixer2005] "C:\Arquivos de programas\WinFixer 2005\uwfx5.exe" /min

O4 - HKCU\..\Run: [sysProtect] C:\Arquivos de programas\SysProtect Free\USYP.exe /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\RunServices: [Compaq Service Drivers] winsvc32.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: K-Lite2006.lnk = C:\Arquivos de programas\K-Lite2006\klrun.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118467307328

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtool...ams/hbtools.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.MSN.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/...ece5b5b666353a7

O16 - DPF: {E cellSpacing=5 cellPadding=3 width=400} -

O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} - http://www.gazzag.com/imp/grabmail.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F0394FE6-E4B9-4747-8A37-6BF69035149A}: NameServer = 200.225.159.124 200.225.159.126

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: qjpcrlqy - C:\WINDOWS\SYSTEM32\qjpcrlqy.dll

O20 - Winlogon Notify: vturq - C:\WINDOWS\System32\vturq.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Obs: Ele apagou a pasta antes de copiar o relatório.

Link to comment
Share on other sites

  • 0

Antes de continuar o processo Crie uma pasta em C:\ e coloque o hijackthis dentro desta pasta!

So de continuidade no tópico se fizer isto pois com hijackthis em temporario se acontecer um erro você não terá backup para restaurar o sistema!

Baixe o Pocket KillBox

Salve em uma pasta em C:\

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Abra o Bloco de Notas, copie estas linhas e salve.

C:\WINDOWS\system32\syshost.exe

C:\WINDOWS\System32\mysvcc.exe

C:\Arquivos de programas\WinFixer 2005\uwfx5.exe

Abra o KillBox e marque a função Delete on Reboot. Abra o Bloco de notas, selecione e copie as linhas salvas. No KillBox, clique em File, depois em Paste from Clipboard, Clique no botão All Files e clique no botão vermelho com o X. Depois clique em Não.

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão Fix Checked.

O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\system32\syshost.exe

O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe

O4 - HKCU\..\Run: [WinFixer2005] "C:\Arquivos de programas\WinFixer 2005\uwfx5.exe" /min

O4 - HKLM\..\RunServices: [Compaq Service Drivers] winsvc32.exe

O4 - HKLM\..\Run: [Compaq Service Drivers] winsvc32.exe

O4 - HKCU\..\RunServices: [Compaq Service Drivers] winsvc32.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) -

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/...ece5b5b666353a7

O16 - DPF: {E cellSpacing=5 cellPadding=3 width=400} -

Reinicie e poste um novo Log do Hijackthis feito em Modo Normal.

Link to comment
Share on other sites

  • 0

Novo log:

Logfile of HijackThis v1.99.1

Scan saved at 17:15:19, on 20/11/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\svcchost.exe

C:\WINDOWS\System32\kavsvc.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\kavsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\K-Lite2006\kazaalite.kpp

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Hijackthis\HijackThis.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: 66.197.204.213 www.halifax-online.co.uk

O1 - Hosts: 66.197.204.213 ibank.barclays.co.uk

O1 - Hosts: 66.197.204.213 online.lloydstsb.co.uk

O1 - Hosts: 66.197.204.213 online-business.lloydstsb.co.uk

O1 - Hosts: 66.197.204.213 www.ukpersonal.hsbc.co.uk

O1 - Hosts: 66.197.204.213 www.nwolb.com

O1 - Hosts: 66.197.204.213 banesnet.banesto.es

O1 - Hosts: 66.197.204.213 extranet.banesto.es

O1 - Hosts: 66.197.204.213 ebanking.bccbrescia.it

O1 - Hosts: 66.197.204.213 www.bankofscotlandhalifax-online.co.uk

O1 - Hosts: 66.197.204.213 www.rbsdigital.com

O1 - Hosts: 66.197.204.213 oi.cajamadrid.es

O1 - Hosts: 66.197.204.213 bancae.caixapenedes.com

O1 - Hosts: 66.197.204.213 banking.postbank.de

O1 - Hosts: 66.197.204.213 meine.deutsche-bank.de

O1 - Hosts: 66.197.204.213 myonlineaccounts2.abbeynational.co.uk

O1 - Hosts: 66.197.204.213 ibank.cahoot.com

O1 - Hosts: 66.197.204.213 webbank.openplan.co.uk

O1 - Hosts: 66.197.204.213 bancopostaonline.poste.it

O1 - Hosts: 66.197.204.213 www.rasbank.it

O1 - Hosts: 66.197.204.213 www.credem.it

O1 - Hosts: 66.197.204.213 mybank.bybank.it

O1 - Hosts: 66.197.204.213 www.bancagenerali.it

O1 - Hosts: 66.197.204.213 www.bancaintesa.it

O1 - Hosts: 66.197.204.213 www.creval.it

O1 - Hosts: 66.197.204.213 ibank.internationalbanking.barclays.com

O1 - Hosts: 66.197.204.213 www.abbeyinternational.com

O1 - Hosts: 66.197.204.213 www.bbvanet.com

O1 - Hosts: 66.197.204.213 www.fineco.it

O1 - Hosts: 66.197.204.213 www.cajamar.es

O1 - Hosts: 66.197.204.213 welcome7.co-operativebank.co.uk

O1 - Hosts: 66.197.204.213 welcome11.co-operativebankonline.co.uk

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\System32\vturq.dll

O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Arquivos de programas\Power Translator\Applications\LEC IE Translation Extension.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerDVD] C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe /autostart

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Nero DriveSpeed] C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe

O4 - HKLM\..\Run: [msvcc25] svcchost.exe

O4 - HKLM\..\Run: [Windows Updates Security System] kavsvc.exe

O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe

O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe

O4 - HKLM\..\RunServices: [Windows Updates Security System] kavsvc.exe

O4 - HKCU\..\Run: [sysProtect] C:\Arquivos de programas\SysProtect Free\USYP.exe /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Windows Updates Security System] kavsvc.exe

O4 - HKCU\..\RunServices: [Windows Updates Security System] kavsvc.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: K-Lite2006.lnk = C:\Arquivos de programas\K-Lite2006\klrun.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118467307328

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.MSN.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} - http://www.gazzag.com/imp/grabmail.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: qjpcrlqy - qjpcrlqy.dll (file missing)

O20 - Winlogon Notify: vturq - C:\WINDOWS\System32\vturq.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Link to comment
Share on other sites

  • 0

Baixe o Hoster Descompacte, abra o Programa, clique em Restore Microsoft’s Original Hosts File.

Baixe o Pocket KillBox

Salve em uma pasta em C:\

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Abra o Bloco de Notas, copie estas linhas e salve.

C:\WINDOWS\System32\svcchost.exe

C:\WINDOWS\System32\kavsvc.exe

C:\WINDOWS\System32\vturq.dll

C:\WINDOWS\System32\mysvcc.exe

C:\Arquivos de programas\SysProtect Free\USYP.exe

C:\WINDOWS\System32\qjpcrlqy.dll

Abra o KillBox e marque a função Delete on Reboot. Abra o Bloco de notas, selecione e copie as linhas salvas. No KillBox, clique em File, depois em Paste from Clipboard, Clique no botão All Files e clique no botão Vermelho com um X. Depois clique em Não.

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão Fix Checked.

O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\System32\vturq.dll

O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe

O4 - HKLM\..\Run: [msvcc25] svcchost.exe

O4 - HKLM\..\Run: [Windows Updates Security System] kavsvc.exe

O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe

O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe

O4 - HKLM\..\RunServices: [Windows Updates Security System] kavsvc.exe

O4 - HKCU\..\Run: [sysProtect] C:\Arquivos de programas\SysProtect Free\USYP.exe /min

O4 - HKCU\..\Run: [Windows Updates Security System] kavsvc.exe

O4 - HKCU\..\RunServices: [Windows Updates Security System] kavsvc.exe

O20 - Winlogon Notify: qjpcrlqy - qjpcrlqy.dll (file missing)

O20 - Winlogon Notify: vturq - C:\WINDOWS\System32\vturq.dll

Reinicie e poste um novo Log do Hijackthis feito em Modo Normal.

Link to comment
Share on other sites

  • 0

Logfile of HijackThis v1.99.1

Scan saved at 18:22:57, on 20/11/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\kavsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\K-Lite2006\kazaalite.kpp

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\System32\vturq.dll

O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Arquivos de programas\Power Translator\Applications\LEC IE Translation Extension.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerDVD] C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe /autostart

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Nero DriveSpeed] C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Windows Updates Security System] kavsvc.exe

O4 - HKLM\..\RunServices: [Windows Updates Security System] kavsvc.exe

O4 - HKCU\..\Run: [sysProtect] C:\Arquivos de programas\SysProtect Free\USYP.exe /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Windows Updates Security System] kavsvc.exe

O4 - HKCU\..\RunServices: [Windows Updates Security System] kavsvc.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: K-Lite2006.lnk = C:\Arquivos de programas\K-Lite2006\klrun.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118467307328

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.MSN.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} - http://www.gazzag.com/imp/grabmail.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: vturq - C:\WINDOWS\System32\vturq.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O Avast detecta um trojan neste caminho: C:\Documents and Settings\Windows XP\msdirectx.sys

Link to comment
Share on other sites

  • 0

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Abra o Bloco de Notas, copie estas linhas e salve.

C:\WINDOWS\System32\kavsvc.exe

C:\Arquivos de programas\SysProtect Free\USYP.exe

Abra o KillBox e marque a função Delete on Reboot. Abra o Bloco de notas, selecione e copie as linhas salvas. No KillBox, clique em File, depois em Paste from Clipboard, Clique no botão All Files e clique no botão Vermelho com um X. Depois clique em Não.

Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão Fix Checked.

O4 - HKLM\..\Run: [Windows Updates Security System] kavsvc.exe

O4 - HKLM\..\RunServices: [Windows Updates Security System] kavsvc.exe

O4 - HKCU\..\Run: [sysProtect] C:\Arquivos de programas\SysProtect Free\USYP.exe /min

O4 - HKCU\..\Run: [Windows Updates Security System] kavsvc.exe

O4 - HKCU\..\RunServices: [Windows Updates Security System] kavsvc.exe

Reinicie e poste um novo Log do Hijackthis feito em Modo Normal.

Link to comment
Share on other sites

  • 0

Logfile of HijackThis v1.99.1

Scan saved at 19:08:23, on 20/11/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\pctspk.exe

C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\K-Lite2006\kazaalite.kpp

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\System32\vturq.dll

O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Arquivos de programas\Power Translator\Applications\LEC IE Translation Extension.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerDVD] C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe /autostart

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Nero DriveSpeed] C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: K-Lite2006.lnk = C:\Arquivos de programas\K-Lite2006\klrun.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118467307328

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.MSN.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} - http://www.gazzag.com/imp/grabmail.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: vturq - C:\WINDOWS\System32\vturq.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Parou de dar aquele aviso do Avast agora.

Link to comment
Share on other sites

  • 0

Logfile of HijackThis v1.99.1

Scan saved at 19:29:49, on 20/11/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\System32\vturq.dll

O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Arquivos de programas\Power Translator\Applications\LEC IE Translation Extension.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerDVD] C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe /autostart

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Nero DriveSpeed] C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: K-Lite2006.lnk = C:\Arquivos de programas\K-Lite2006\klrun.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118467307328

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.MSN.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} - http://www.gazzag.com/imp/grabmail.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: vturq - C:\WINDOWS\System32\vturq.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Link to comment
Share on other sites

  • 0

Faça o download do VundoFix

http://linhadefensiva.uol.com.br/dl/vundofix

Salve-o em sua área de trabalho.

  1. Rode o VundoFix.exe.
  2. Quando o VundoFix abrir novamente, clique em Scan for Vundo
  3. Quando ele terminar, clique em Remove Vundo
  4. Você receberá um prompt perguntando se você quer remover os arquivos. Confirme. Sua área de trabalho vai sumir.
  5. Você receberá um aviso dizendo que seu computador deve ser desligado. Clique em OK e depois ligue o computador novamente.
  6. É possível que o VundoFix encontre um arquivo, mas não consiga removê-lo. Se isso acontecer, a ferramenta rodará ao reiniciar.

    Quando o VundoFix aparecer, clique no botão Scan for Vundo para repetir o processo.

Quando o VundoFix não encontrar mais nenhum arquivo que não consegue remover, faça e poste um novo log do HijackThis.

Link to comment
Share on other sites

  • 0

Logfile of HijackThis v1.99.1

Scan saved at 19:55:51, on 20/11/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\System32\vturq.dll (file missing)

O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Arquivos de programas\Power Translator\Applications\LEC IE Translation Extension.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerDVD] C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe /autostart

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Nero DriveSpeed] C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: K-Lite2006.lnk = C:\Arquivos de programas\K-Lite2006\klrun.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118467307328

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.MSN.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} - http://www.gazzag.com/imp/grabmail.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Link to comment
Share on other sites

  • 0

Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão Fix Checked.

O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\System32\vturq.dll (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

Reinicie e poste um novo Log do Hijackthis feito em Modo Normal.

Link to comment
Share on other sites

  • 0

Logfile of HijackThis v1.99.1

Scan saved at 20:07:37, on 20/11/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.MSN.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Arquivos de programas\Power Translator\Applications\LEC IE Translation Extension.dll

O4 - HKLM\..\Run: [PowerDVD] C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe /autostart

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Nero DriveSpeed] C:\ARQUIV~1\Ahead\NEROTO~1\DRIVES~1.EXE

O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: K-Lite2006.lnk = C:\Arquivos de programas\K-Lite2006\klrun.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118467307328

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.MSN.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} - http://www.gazzag.com/imp/grabmail.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Link to comment
Share on other sites

  • 0

Clique em Iniciar -> Configurações -> Painel de Controle -> Abra o item Sistema.

Clique na guia Restauração do Sistema -> Marque Desativar restauração do sistemas em todas as unidades -> Em seguida clique em Aplicar. Após aplicado, desmarque a caixa Desativar restauração do sistemas em todas as unidades e clique novamente em Aplicar depois Ok. Para que você possua um ponto limpo de restauração.

É extremamente aconselhado também que atualize seu Windows para o Service Pack 2, você pode baixa-lo neste endereço: Microsoft

Delete a pasta !KillBox que está localizada em C:\.

Seu Log está limpo. Ainda há algum problema com o PC?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.


  • Forum Statistics

    • Total Topics
      152.1k
    • Total Posts
      651.8k
×
×
  • Create New...