Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Amilkar

Analisem log

Recommended Posts

MEu PC está c/ um pequeno problema!O meu Pc ás vezes desliga-se sozinho, e dps nao ker ligar!Estou eu muito bem no computador e ele desligase sem mais nem menos, o que será?

Vou deixar aqui o log para analisarem, sff!

Obrigado

Comprimentos

Logfile of HijackThis v1.99.1

Scan saved at 22:04:49, on 04-09-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\keyhook.exe

C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programas\Java\jre1.6.0_02\bin\jusched.exe

D:\Programas\DAEMON Tools\daemon.exe

D:\Programas\QuickTime\qttask.exe

C:\Programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Save\Save.exe

C:\Programas\Macrogaming\SweetIM\SweetIM.exe

D:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

D:\Programas\PocketCam 3Mega\ICON.EXE

C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

D:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Windows Live\Messenger\msnmsgr.exe

C:\Programas\Windows Live\Messenger\usnsvc.exe

D:\Programas\Winamp\winamp.exe

D:\Programas\Shareaza\Shareaza.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programas\Mozilla Firefox\firefox.exe

D:\Programas\WinRAR\WinRAR.exe

C:\DOCUME~1\JOV\DEFINI~1\Temp\Rar$EX00.000\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - D:\Programas\BitDownload\TorrentManager.dll (file missing)

O2 - BHO: (no name) - {E7E9F57E-2947-40B1-9BBF-0896D19C092F} - C:\DOCUME~1\JOV\DEFINI~1\Temp\~DPA7.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [real proxy acid lite] C:\Documents and Settings\All Users\Application Data\Ball balm real proxy\SUPPORT UP.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [googletalk] C:\Programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [PrevxOne] "C:\Programas\Prevx2\PXConsole.exe"

O4 - HKCU\..\Run: [Plan vga] C:\DOCUME~1\JOV\APPLIC~1\THATPO~1\SETTINGS ELSE LONG.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [internetCalls] "d:\programas\internetcalls.com\internetcalls\internetcalls.exe" -nosplash -minimized

O4 - HKCU\..\Run: [VoipBuster] "D:\Programas\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [K-Lite Nitro] D:\Programas\K-LiteNitro\K-LiteNitro.exe /hide

O4 - HKCU\..\Run: [WhenUSave] "C:\Programas\Save\Save.exe"

O4 - HKCU\..\Run: [sweetIM] C:\Programas\Macrogaming\SweetIM\SweetIM.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = D:\Programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: PocketCam 3Mega Monitor.lnk = ?

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Open with BitPump - D:\Programas\AnalogX\BitPump\ieint.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O17 - HKLM\System\CCS\Services\Tcpip\..\{9877A77A-AD8E-4BED-9B68-D0E6FC0B1B21}: NameServer = 192.168.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: iPod Service - Unknown owner - C:\Programas\iPod\bin\iPodService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programas\Prevx2\PXAgent.exe" -f (file missing)

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite Amilkar!

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares!!

>@< Dê um duplo clique no Bankerfix.exe,depois Enter. Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

>@< Poste o relatorio.txt do BankerFix que está em C:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Vou postar o resultado do bankerfix, e um novo log do Hijackthis!

    Bankerfix

    BankerFix 2.4 - Removedor de Bankers

    Linha Defensiva - http://www.linhadefensiva.org

    http://www.linhadefensiva.org/bankerfix/

    Data: 07-09-2007 - 12:21

    -------------------------------------------------------

    Lista de Definição: 2007-09-05-1

    =======================================================

    Killando arquivos em Help

    -----------------------------------

    Killing '*'

    Removendo Arquivos em Help

    -----------------------------------

    ----- Fim -------------------------

    HijackThis

    Logfile of HijackThis v1.99.1

    Scan saved at 12:21:45, on 07-09-2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\RunDll32.exe

    C:\WINDOWS\system32\keyhook.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Programas\Java\jre1.6.0_02\bin\jusched.exe

    D:\Programas\DAEMON Tools\daemon.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Programas\Save\Save.exe

    C:\Programas\Macrogaming\SweetIM\SweetIM.exe

    D:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    D:\Programas\PocketCam 3Mega\ICON.EXE

    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    D:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\dllhost.exe

    C:\WINDOWS\System32\vssvc.exe

    C:\WINDOWS\System32\dllhost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Windows Live\Messenger\usnsvc.exe

    C:\WINDOWS\System32\cmd.exe

    D:\Programas\WinRAR\WinRAR.exe

    C:\DOCUME~1\JOV\DEFINI~1\Temp\Rar$EX00.844\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - D:\Programas\BitDownload\TorrentManager.dll (file missing)

    O2 - BHO: (no name) - {E7E9F57E-2947-40B1-9BBF-0896D19C092F} - C:\DOCUME~1\JOV\DEFINI~1\Temp\~DPA7.dll

    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll

    O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

    O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [real proxy acid lite] C:\Documents and Settings\All Users\Application Data\Ball balm real proxy\SUPPORT UP.exe

    O4 - HKLM\..\Run: [QuickTime Task] "D:\Programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [googletalk] C:\Programas\Google\Google Talk\googletalk.exe /autostart

    O4 - HKCU\..\Run: [Plan vga] C:\DOCUME~1\JOV\APPLIC~1\THATPO~1\SETTINGS ELSE LONG.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [internetCalls] "d:\programas\internetcalls.com\internetcalls\internetcalls.exe" -nosplash -minimized

    O4 - HKCU\..\Run: [VoipBuster] "D:\Programas\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [K-Lite Nitro] D:\Programas\K-LiteNitro\K-LiteNitro.exe /hide

    O4 - HKCU\..\Run: [WhenUSave] "C:\Programas\Save\Save.exe"

    O4 - HKCU\..\Run: [sweetIM] C:\Programas\Macrogaming\SweetIM\SweetIM.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: BTTray.lnk = ?

    O4 - Global Startup: hp psc 1000 series.lnk = ?

    O4 - Global Startup: hpoddt01.exe.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = D:\Programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: PocketCam 3Mega Monitor.lnk = ?

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Enviar para &Bluetooth - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

    O8 - Extra context menu item: Open with BitPump - D:\Programas\AnalogX\BitPump\ieint.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O17 - HKLM\System\CCS\Services\Tcpip\..\{9877A77A-AD8E-4BED-9B68-D0E6FC0B1B21}: NameServer = 192.168.1.1

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

    O23 - Service: iPod Service - Unknown owner - C:\Programas\iPod\bin\iPodService.exe (file missing)

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programas\Windows Live\installer\WLSetupSvc.exe

    Obrigado

    Comprimentos

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Bom Dia Amilkar!

    >@< Crie um ponto de restauração,antes de executar êstes procedimentos!

    >@< Configure o Windows para que mostre: Ver todos os Arquivos,até os ocultos!

    >@< Desabilite as proteções residentes de AntiVírus e AntiSpywares!

    >@< Faça o download da EliStarA.

    >@< Baixe-a para o Desktop!

    >@< Faça o download do EliTriIP.

    >@< Baixe-o para o Desktop!

    >@< Ps: Ambas,as ferramentas,estarão na página descargas ( Descargas > Utilidades SATINFO ).

    >@< Selecione as ferramentas ( Uma por vez! ) e clique no pé da página,no botão Descargar xxx.Onde xxx é a denominação da ferramenta escolhida!

    >@< Faça o download do Clean.

    >@< Salve-o no Disco Local-C e descompacte-o aí mesmo,enviando o executável para o Desktop! ( Atalho. )

    >@< O executável é um ícone denominado: clean.cmd

    >@< Reinicie o computador e entre em Modo de Segurança.

    >@< Execute,primeiro,a ferramenta: EliStartA.

    >@< Vá ao seu ícone e execute-a!

    >@< Aceite as condições propostas e aguarde o término do scan.Aguarde!Pois,pode demorar alguns minutos.

    >@< Terminando,execute a ferramenta EliTriIP.

    >@< O scan desta ferramenta é mais rápido!

    >@< Terminando,execute o programa de limpeza profunda ( clean ) com um duplo clique no seu executável.

    >@< Abrir-se-á um prompt com três opções: Escolha o dois ( 2 )!

    >@< Aperte Enter! >> Aperte Enter,novamente! >> Aguarde!

    >@< Aperte Enter,novamente!

    >@< Surgirá um relatório ( rapport_clean ),que você deverá copiar e postar para análise.

    _______________________________

    >@< Poste o relatório infoSAT.txt que está na raíz C:\ ( Disco Local-C ) + rapport_clean.

    >@< Poste,também,um nôvo Log do HijackThis,feito em Modo Normal,na sua resposta.

    >@< Ps: A ferramenta EliStarA,deletará (Opcional! ) a sua página inicial!Posteriormente,você à configurará novamente.

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Desculpem o tempo de resposta, mas tive de férias...

    Posto agora os relatórios dos progs...

    Mon Sep 17 21:40:44 2007

    EliStartPage v14.60 ©2007 S.G.H. / Satinfo S.L.

    --------------------------------------------------

    Lista de Acciones (por Acción Directa):

    C:\PROGRAMAS\SAVE\SAVE.EXE --> SaveNow Acceso Denegado.

    Entrada Eliminada [HKCU\...\Run] "WhenUSave"=""C:\Programas\Save\Save.exe""

    Eliminada Class, "{9AFB8248-617F-460D-9366-D71CDEDA3179}" -> NULL1

    Mon Sep 17 21:47:59 2007

    EliStartPage v14.60 ©2007 S.G.H. / Satinfo S.L.

    --------------------------------------------------

    Lista de Acciones (por Acción Directa):

    C:\PROGRAMAS\SAVE\SAVE.EXE --> Eliminado SaveNow

    Eliminada Carpeta "%Archivos de Programa%\FunWebProducts"

    Eliminada Carpeta "%Archivos de Programa%\Video Activex Access"

    Eliminadas las Paginas de Inicio y de Busqueda del IE

    Mon Sep 17 22:05:03 2007

    EliStartPage v14.60 ©2007 S.G.H. / Satinfo S.L.

    --------------------------------------------------

    Lista de Acciones (por Acción Directa):

    Linea Eliminada del HOSTS --> 127.0.0.1 bin.errorprotector.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 br.errorsafe.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 br.winantivirus.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 br.winfixer.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 cdn.drivecleaner.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 cdn.errorsafe.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 cdn.winsoftware.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 de.errorsafe.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 de.winantivirus.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.errorsafe.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.winsoftware.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 download.errorsafe.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 download.systemdoctor.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 download.winantispyware.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 download.windrivecleaner.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 download.winfixer.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 drivecleaner.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 dynamique.drivecleaner.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 errorprotector.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 errorsafe.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 es.winantivirus.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 fr.winantivirus.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 fr.winfixer.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 go.drivecleaner.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 go.errorsafe.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 go.winantispyware.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 go.winantivirus.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 hk.winantivirus.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 instlog.errorsafe.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winantivirus.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winfixer.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 jsp.drivecleaner.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 kb.errorsafe.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 kb.winantivirus.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 nl.errorsafe.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 se.errorsafe.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 secure.drivecleaner.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 secure.errorsafe.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispam.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispy.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantivirus.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 support.winantivirus.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 trial.updates.winsoftware.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 ulog.winantivirus.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 utils.errorsafe.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 utils.winantivirus.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 utils.winfixer.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 winantispyware.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 winantivirus.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 winfixer.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 winfixer2006.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 winsoftware.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.drivecleaner.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.errorprotector.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.errorsafe.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.systemdoctor.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.utils.winfixer.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.win-virus-pro.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispam.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispy.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispyware.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.winantivirus.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.winantiviruspro.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.windrivecleaner.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.windrivesafe.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.winfixer.com ## added by CiD

    Linea Eliminada del HOSTS --> 127.0.0.1 www.winfixer2006.com ## added by CiD

    Eliminada Carpeta "%Archivos de Programa%\Save"

    Eliminadas las Paginas de Inicio y de Busqueda del IE

    Eliminados Ficheros Temporales del IE

    Detectado AUTORUN.INF en la Unidad (E)

    OPEN=Start.exe

    Si Desconoce la Aplicación, por favor envienosla

    acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.

    Mon Sep 17 22:08:05 2007

    EliStartPage v14.60 ©2007 S.G.H. / Satinfo S.L.

    --------------------------------------------------

    Lista de Acciones (por Exploración):

    Explorando Unidad C:\

    Mon Sep 17 22:29:16 2007

    EliTriIP v3.89 ©2007 S.G.H. / Satinfo S.L.

    ---------------------------------------------

    Lista de Acciones (por Acción Directa):

    Mon Sep 17 22:29:24 2007

    EliTriIP v3.89 ©2007 S.G.H. / Satinfo S.L.

    ---------------------------------------------

    Lista de Acciones (por Exploración):

    Explorando Unidad C:\

    C:\WINDOWS\SiSport.sys --> Eliminado, RootKit

    Script executed in Safe Mode

    Rapport clean par Malekal_morte - http://www.malekal.com

    Script executed in Safe Mode 17-09-2007 a 22:37:02,95

    Microsoft Windows XP [VersÆo 5.1.2600]

    *** Suppression C:

    *** Suppression C:\WINDOWS\

    *** Suppression C:\WINDOWS\system32

    *** Suppression C:\Programas

    tentative de suppression de "C:\Programas\Adverts\"

    *** Deletion of the registry keys successful..

    *** End of the report !

    Logfile of HijackThis v1.99.1

    Scan saved at 22:46:10, on 17-09-2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\RunDll32.exe

    C:\WINDOWS\system32\keyhook.exe

    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Programas\Java\jre1.6.0_02\bin\jusched.exe

    D:\Programas\DAEMON Tools\daemon.exe

    D:\Programas\QuickTime\qttask.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\Programas\Macrogaming\SweetIM\SweetIM.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    D:\Programas\PocketCam 3Mega\ICON.EXE

    D:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

    C:\WINDOWS\System32\dllhost.exe

    C:\WINDOWS\System32\vssvc.exe

    C:\WINDOWS\System32\dllhost.exe

    C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

    C:\Programas\Mozilla Firefox\firefox.exe

    C:\WINDOWS\System32\svchost.exe

    D:\Programas\WinRAR\WinRAR.exe

    C:\DOCUME~1\JOV\DEFINI~1\Temp\Rar$EX00.265\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: (no name) - {E7E9F57E-2947-40B1-9BBF-0896D19C092F} - C:\DOCUME~1\JOV\DEFINI~1\Temp\~DPA7.dll (file missing)

    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll

    O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

    O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [real proxy acid lite] C:\Documents and Settings\All Users\Application Data\Ball balm real proxy\SUPPORT UP.exe

    O4 - HKLM\..\Run: [QuickTime Task] "D:\Programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [googletalk] C:\Programas\Google\Google Talk\googletalk.exe /autostart

    O4 - HKCU\..\Run: [Plan vga] C:\DOCUME~1\JOV\APPLIC~1\THATPO~1\SETTINGS ELSE LONG.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [internetCalls] "d:\programas\internetcalls.com\internetcalls\internetcalls.exe" -nosplash -minimized

    O4 - HKCU\..\Run: [VoipBuster] "D:\Programas\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [K-Lite Nitro] D:\Programas\K-LiteNitro\K-LiteNitro.exe /hide

    O4 - HKCU\..\Run: [sweetIM] C:\Programas\Macrogaming\SweetIM\SweetIM.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: BTTray.lnk = ?

    O4 - Global Startup: hp psc 1000 series.lnk = ?

    O4 - Global Startup: hpoddt01.exe.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = D:\Programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: PocketCam 3Mega Monitor.lnk = ?

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Enviar para &Bluetooth - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

    O8 - Extra context menu item: Open with BitPump - D:\Programas\AnalogX\BitPump\ieint.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O17 - HKLM\System\CCS\Services\Tcpip\..\{9877A77A-AD8E-4BED-9B68-D0E6FC0B1B21}: NameServer = 192.168.1.1

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

    O23 - Service: iPod Service - Unknown owner - C:\Programas\iPod\bin\iPodService.exe (file missing)

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programas\Windows Live\installer\WLSetupSvc.exe

    Obrigado.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Bom Dia Amilkar!

    >@< Faça o download do FindLop.

    >@< Descompacte o programa e envie os arquivos,para uma pasta própria: < C:\FindLop.exe >

    >@< Mas,não execute-o ainda!

    >@< Faça o download do Lop Uninstaller.

    >@< Caso o AntiVírus,acuse a ferramenta como Malware,ignore o aviso e permita a sua execução.

    >@< Caso o navegador dificulte o download,coloque: < http://lop.com >,como Site Preferencial.

    >@< Desabilite as proteções residentes de AntiVírus e AntiSpywares.

    >@< Execute o desinstalador!Digite os números e confirme!

    >@< Ps: Não sendo possível,rodar o desinstalador,siga apenas com o FindLop.

    _____________________

    >@< Abra o HijackThis e,com todos os programas fechados,dê Fix nestas entradas,logo abaixo:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: (no name) - {E7E9F57E-2947-40B1-9BBF-0896D19C092F} - C:\DOCUME~1\JOV\DEFINI~1\Temp\~DPA7.dll (file missing)

    O4 - HKLM\..\Run: [real proxy acid lite] C:\Documents and Settings\All Users\Application Data\Ball balm real proxy\SUPPORT UP.exe

    O4 - HKCU\..\Run: [Plan vga] C:\DOCUME~1\JOV\APPLIC~1\THATPO~1\SETTINGS ELSE LONG.exe

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZCfox000

    O11 - Options group: [iNTERNATIONAL] International*

    >@< Estabeleça a sua página inicial!

    _____________________

    >@< Apague as pastas,em destaque:

    C:\Documents and Settings\All Users\Application Data\Ball balm real proxy

    C:\DOCUME~1\JOV\APPLIC~1\THATPO~1

    >@< Execute,agora,o findlop.bat

    >@< Será gerado um relatório ( findlop.txt ),no Disco Local-C.

    >@< Poste,na sua resposta,um nôvo Log do HijackThis.

    >@< Poste,também,o relatório [ findlop.txt ],que está em C:\xxx..

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Está aqui o que pediram!

    [TRACE] Enumerating jobs and queues

    [TRACE] Activating job 'AppleSoftwareUpdate.job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\Programas\Apple Software Update\SoftwareUpdate.exe'

    Parameters: '-Task'

    WorkingDirectory: ''

    Comment: ''

    Creator: 'SYSTEM'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 09/25/2007 19:46:00

    NextRun: 10/02/2007 19:46:00

    StartError: S_OK

    ExitCode: 0

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 0

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 0

    SystemRequired = 0

    Hidden = 0

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Weekly

    WeeksInterval: 1

    DaysOfTheWeek: ..T....

    StartDate: 01/08/2007

    EndDate: 00/00/0000

    StartTime: 19:46

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    [TRACE] Activating job 'FRU Task #Hewlett-Packard#hp psc 1200 series#1173210357

    .job'

    [TRACE] Printing all job properties

    ApplicationName: 'C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe'

    Parameters: '-I "#Hewlett-Packard#hp psc 1200 series#1173210357"'

    WorkingDirectory: ''

    Comment: ''

    Creator: 'JOV'

    Priority: NORMAL

    MaxRunTime: 259200000 (3d 0:00:00)

    IdleWait: 10

    IdleDeadline: 60

    MostRecentRun: 00/00/0000 0:00:00

    NextRun: 09/29/2007 2:48:00

    StartError: SCHED_S_TASK_HAS_NOT_RUN

    ExitCode: 0

    Status: SCHED_S_TASK_READY

    ScheduledWorkItem Flags:

    DeleteWhenDone = 1

    Suspend = 0

    StartOnlyIfIdle = 0

    KillOnIdleEnd = 0

    RestartOnIdleResume = 0

    DontStartIfOnBatteries = 0

    KillIfGoingOnBatteries = 0

    RunOnlyIfLoggedOn = 1

    SystemRequired = 0

    Hidden = 0

    TaskFlags: 0

    1 Trigger

    Trigger 0:

    Type: Daily

    DaysInterval: 1

    StartDate: 06/08/2007

    EndDate: 00/00/0000

    StartTime: 02:48

    MinutesDuration: 0

    MinutesInterval: 0

    Flags:

    HasEndDate = 0

    KillAtDuration = 0

    Disabled = 0

    Logfile of HijackThis v1.99.1

    Scan saved at 22:04:32, on 28-09-2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    D:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\dllhost.exe

    C:\WINDOWS\System32\vssvc.exe

    C:\WINDOWS\system32\RunDll32.exe

    C:\WINDOWS\system32\keyhook.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Programas\Java\jre1.6.0_02\bin\jusched.exe

    D:\Programas\DAEMON Tools\daemon.exe

    C:\WINDOWS\System32\dllhost.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Programas\Macrogaming\SweetIM\SweetIM.exe

    D:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    D:\Programas\PocketCam 3Mega\ICON.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Windows Live\Messenger\msnmsgr.exe

    C:\Programas\Windows Live\Messenger\usnsvc.exe

    C:\WINDOWS\explorer.exe

    C:\DOCUME~1\JOV\DEFINI~1\Temp\Rar$EX00.750\HijackThis.exe

    C:\Programas\Mozilla Firefox\firefox.exe

    D:\Programas\Winamp\winamp.exe

    C:\WINDOWS\system32\Notepad.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll

    O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

    O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [QuickTime Task] "D:\Programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [googletalk] C:\Programas\Google\Google Talk\googletalk.exe /autostart

    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [internetCalls] "d:\programas\internetcalls.com\internetcalls\internetcalls.exe" -nosplash -minimized

    O4 - HKCU\..\Run: [VoipBuster] "D:\Programas\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [K-Lite Nitro] D:\Programas\K-LiteNitro\K-LiteNitro.exe /hide

    O4 - HKCU\..\Run: [sweetIM] C:\Programas\Macrogaming\SweetIM\SweetIM.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: BTTray.lnk = ?

    O4 - Global Startup: hp psc 1000 series.lnk = ?

    O4 - Global Startup: hpoddt01.exe.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = D:\Programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: PocketCam 3Mega Monitor.lnk = ?

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Enviar para &Bluetooth - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

    O8 - Extra context menu item: Open with BitPump - D:\Programas\AnalogX\BitPump\ieint.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{9877A77A-AD8E-4BED-9B68-D0E6FC0B1B21}: NameServer = 192.168.1.1

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

    O23 - Service: iPod Service - Unknown owner - C:\Programas\iPod\bin\iPodService.exe (file missing)

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programas\Windows Live\installer\WLSetupSvc.exe

    Obrigado

    João Esteves

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Boa Noite Amilkar!

    >@< Apague as pastas,em destaque:

    C:\LinhaDefensiva

    C:\Programas\Save << Caso encontre,pode deletar!

    ____________________

    >@< Faça o download do CCleaner.

    >@< Baixe-o para o Desktop!

    >@< Abra o programa e clique em Executar cleaner.

    >@< Terminando,clique em Erros >> Procurar erros >> Corrigir erros.

    ____________________

    Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,Limpo!

    Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

    Depois,desmarque novamente! >> Aplicar >> Ok.

    Para maiores detalhes,vá em:< Docs >

    ____________________

    MEu PC está c/ um pequeno problema!O meu Pc ás vezes desliga-se sozinho, e dps nao ker ligar!Estou eu muito bem no computador e ele desligase sem mais nem menos, o que será?

    >@< Esse problema,ainda,lhe incomoda?

    >@< Bom trabalho!

    >@< Log Limpo!

    Abraços! :)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boas!

    Por agr está td bem!

    Esperemos para ver se acontece outra vez!

    Muito Obrigado!!

    Cumprimentos

    João Esteves

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • O problema continua!

    O que poderá ser?nao será mlhr formatar o Pc?

    Cumprimentos

    João Esteves

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    O problema continua!

    O que poderá ser?nao será mlhr formatar o Pc?

    Cumprimentos

    João Esteves

    @@@@@@@@@@@@@@@@@@@@@@@@@@

    Opa!Amilkar.

    >@< Faça o download do ComboFix.

    >@< Baixe-o para o Desktop!

    >@< Feche todas as janelas e execute a ferramenta!

    >@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

    >@< Abrirá a janela Auto Scan. Aguarde!

    >@< Digite a opção para continuar < Enter >

    >@< Aguarde a conclusão!

    >@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 07-10-02.2 - JOV 2007-10-02 0:11:30.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.390 [GMT 1:00]

    Executando de: C:\Documents and Settings\JOV\Ambiente de trabalho\ComboFix.exe

    * Criado um novo ponto de restauro

    .

    ((((((((((((((((((((((( Ficheiros criados de 2007-09-02 to 2007-10-02 ))))))))))))))))))))))))))))))))

    .

    2007-10-02 00:11 51,200 --a------ C:\WINDOWS\NirCmd.exe

    2007-09-29 18:34 <DIR> d-------- C:\Programas\CCleaner

    2007-09-28 22:08 <DIR> d-------- C:\Programas\that poke

    2007-09-28 22:08 <DIR> d-------- C:\Documents and Settings\JOV\Application Data\that poke

    2007-09-28 21:18 <DIR> d-------- C:\findlop.exe

    2007-09-19 11:45 <DIR> d-------- C:\Programas\Adverts

    2007-09-17 21:51 <DIR> d-------- C:\clean

    2007-09-17 09:42 21,656 --a------ C:\WINDOWS\system32\novamnl5.dll

    2007-09-17 09:42 17,560 --a------ C:\WINDOWS\system32\novamil5.dll

    2007-09-04 12:58 637 --a------ C:\WINDOWS\unins000.dat

    2007-09-04 12:58 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL

    2007-09-04 12:58 <DIR> d-------- C:\WTALUNO

    2007-09-04 12:58 <DIR> d-------- C:\Programas\Ficheiros comuns\Borland Shared

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2007-09-28 22:07 --------- d-------- C:\Programas\Messenger Plus! Live

    2007-09-27 10:40 --------- d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

    2007-09-22 17:45 --------- d-------- C:\Programas\Windows Live Safety Center

    2007-08-18 11:38 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

    2007-08-16 16:17 51568 --a------ C:\WINDOWS\system32\sirenacm.dll

    2007-08-06 13:34 --------- d-------- C:\Programas\Macrogaming

    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

    2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

    2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll

    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

    2007-07-05 11:36 77312 --a------ C:\WINDOWS\ua2.dll

    2007-06-26 14:07 8 --a------ C:\Documents and Settings\All Users\Application Data\SDGLYBMPWPP.SYS

    2001-11-23 05:08 712704 --a------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15]

    "Cmaudio"="cmicnfg.cpl" []

    "SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2003-08-19 15:11]

    "!AVG Anti-Spyware"="C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-28 10:09]

    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-21 15:09]

    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:57 C:\WINDOWS\system32\bthprops.cpl]

    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]

    "SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    "DAEMON Tools"="D:\Programas\DAEMON Tools\daemon.exe" [2005-11-08 23:00]

    "QuickTime Task"="D:\Programas\QuickTime\qttask.exe" [2007-04-27 09:41]

    "googletalk"="C:\Programas\Google\Google Talk\googletalk.exe" [2007-01-01 23:54]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MSMSGS"="C:\Programas\Messenger\msmsgs.exe" [2004-10-13 17:24]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]

    "SweetIM"="C:\Programas\Macrogaming\SweetIM\SweetIM.exe" [2007-07-25 16:35]

    "Plan vga"="C:\DOCUME~1\JOV\APPLIC~1\THATPO~1\SETTINGS ELSE LONG.exe" [2007-09-28 22:08]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\

    Adobe Reader Speed Launch.lnk - C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

    BTTray.lnk - D:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe [2003-09-15 17:53:06]

    hp psc 1000 series.lnk - C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18]

    hpoddt01.exe.lnk - C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58]

    Microsoft Office.lnk - D:\Programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04]

    PocketCam 3Mega Monitor.lnk - D:\Programas\PocketCam 3Mega\ICON.EXE [2007-02-10 21:42:14]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\

    Adobe Reader Speed Launch.lnk - C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

    BTTray.lnk - D:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe [2003-09-15 17:53:06]

    hp psc 1000 series.lnk - C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18]

    hpoddt01.exe.lnk - C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58]

    Microsoft Office.lnk - D:\Programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04]

    PocketCam 3Mega Monitor.lnk - D:\Programas\PocketCam 3Mega\ICON.EXE [2007-02-10 21:42:14]

    R1 SiSEsc;SISLIB_ESC;C:\WINDOWS\system32\sisesc.sys

    S2 Ca533av;PocketCam 3Mega, WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys

    S3 dump_wmimmc;dump_wmimmc;\??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys

    S3 USBCamera;DSC Still Image Capture (CA100);C:\WINDOWS\system32\Drivers\Bulk533.sys

    S3 usbscan;Controlador de scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

    S3 USBSTOR;Controlador de armazenamento de massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

    AutoRun\command- E:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

    AutoRun\command- F:\WWIISniper.exe

    *Newly Created Service* - CATCHME

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    "2007-09-25 18:46:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Programas\Apple Software Update\SoftwareUpdate.exe

    "2007-06-07 01:48:13 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1173210357.job"

    - C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe

    .

    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-10-02 00:13:08

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2007-10-02 0:14:04

    .

    --- E O F ---

    Logfile of HijackThis v1.99.1

    Scan saved at 0:15:27, on 02-10-2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    D:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\dllhost.exe

    C:\WINDOWS\System32\vssvc.exe

    C:\WINDOWS\system32\RunDll32.exe

    C:\WINDOWS\system32\keyhook.exe

    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Programas\Java\jre1.6.0_02\bin\jusched.exe

    D:\Programas\DAEMON Tools\daemon.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Programas\Macrogaming\SweetIM\SweetIM.exe

    D:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    D:\Programas\PocketCam 3Mega\ICON.EXE

    C:\Programas\Internet Explorer\IEXPLORE.EXE

    C:\WINDOWS\System32\dllhost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Windows Live\Messenger\usnsvc.exe

    C:\Programas\Mozilla Firefox\firefox.exe

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\notepad.exe

    D:\Programas\WinRAR\WinRAR.exe

    C:\DOCUME~1\JOV\DEFINI~1\Temp\Rar$EX00.672\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll

    O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

    O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [QuickTime Task] "D:\Programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [googletalk] C:\Programas\Google\Google Talk\googletalk.exe /autostart

    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [sweetIM] C:\Programas\Macrogaming\SweetIM\SweetIM.exe

    O4 - HKCU\..\Run: [Plan vga] C:\DOCUME~1\JOV\APPLIC~1\THATPO~1\SETTINGS ELSE LONG.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: BTTray.lnk = ?

    O4 - Global Startup: hp psc 1000 series.lnk = ?

    O4 - Global Startup: hpoddt01.exe.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = D:\Programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: PocketCam 3Mega Monitor.lnk = ?

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Enviar para &Bluetooth - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

    O8 - Extra context menu item: Open with BitPump - D:\Programas\AnalogX\BitPump\ieint.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{9877A77A-AD8E-4BED-9B68-D0E6FC0B1B21}: NameServer = 192.168.1.1

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

    O23 - Service: iPod Service - Unknown owner - C:\Programas\iPod\bin\iPodService.exe (file missing)

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programas\Windows Live\installer\WLSetupSvc.exe

    Cumprimentos

    Obrigado

    João Esteves

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Bom Dia Amilkar!

    >@< Faça o download do KillBox.

    >@< Salve-o no Desktop!

    >@< Abra o KillBox e marque Delete on reboot.

    >@< Insira ou digite na caixa Full path of file to delete,o seguinte ficheiro:

    C:\DOCUME~1\JOV\APPLIC~1\THATPO~1\SETTINGS ELSE LONG.exe

    >@< Clique no botão X e,na pergunta sobre o reboot,confirme!

    >@< O computador vai reiniciar!

    >@< Abra o HijackThis e clique em: Do a system scan only.

    >@< Marque a entrada abaixo e,com todas os programas fechados,clique em Fix checked!

    O4 - HKCU\..\Run: [Plan vga] C:\DOCUME~1\JOV\APPLIC~1\THATPO~1\SETTINGS ELSE LONG.exe

    @@@@@@@@@@@@@@@@@@@@@@@@@@

    BAIXE

    < Advanced WindowsCare >

    >@< Salve-o no Desktop ou Arquivos de Programa.

    >@< Este é um bom programa de limpeza,pois além de remover: Cookies,históricos e temporários.Procura,também,otimizar o SO e remover alguns Spywares.

    >@< Recomendo o programa,a todos àqueles que têm problemas de lentidão,sem nenhuma causa aparente!

    TUTORIAL

    >1< Antes de rodar o programa,atualize o Banco de Dados: Clique em Estado.

    >2< Clique em Atualizar Agora. >> Aguarde!

    >3< Terminando,vá em Mais >> Clique em Limpador de Memória.

    >@< Abrir-se-á a janela: Limpador de Memória.

    >@< Clique em Limpar agora! Aguarde...

    >@< Surgirá uma mensagem,após o término,informando a quantidade de memória liberada.

    >@< Clique em Sair.

    >4< Agora,o utilitário está pronto para limpar e otimizar o seu computador.

    >5< Abra o programa e clique em Start >> Clique em Scan. ( Analisar )

    >6< Terminando,aparecerão em vermelho,os ítens a serem removidos.

    >7< Clique,agora,no botão Care. ( Reparar )

    >8< Caso queira monitorar,o que será removido,clique para cada ítem,em: Show Details,antes de clicar em Reparar.

    >9< Terminando,reinicie o computador e execute,novamente,o Advanced WindowsCare.

    ___________________

    >@< Poste,na sua resposta,um novo Log do HJT e,informe se os desligamentos continuam.

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Fiz tudo como disseram em cima...mas o PC continua a desligar-se!:/

    Está aqui o Log do Hijackthis

    Logfile of HijackThis v1.99.1

    Scan saved at 22:11:45, on 02-10-2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    D:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\dllhost.exe

    C:\WINDOWS\System32\vssvc.exe

    C:\WINDOWS\System32\dllhost.exe

    C:\WINDOWS\system32\RunDll32.exe

    C:\WINDOWS\system32\keyhook.exe

    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Programas\Java\jre1.6.0_02\bin\jusched.exe

    D:\Programas\DAEMON Tools\daemon.exe

    D:\Programas\QuickTime\qttask.exe

    C:\Programas\Messenger\msmsgs.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Programas\Macrogaming\SweetIM\SweetIM.exe

    D:\Programas\Software WIDCOMM\Bluetooth\BTTray.exe

    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    D:\Programas\PocketCam 3Mega\ICON.EXE

    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

    C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Programas\Windows Live\Messenger\msnmsgr.exe

    D:\Programas\Winamp\winamp.exe

    C:\DOCUME~1\JOV\DEFINI~1\Temp\Rar$EX00.172\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll

    O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

    O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programas\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [QuickTime Task] "D:\Programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [googletalk] C:\Programas\Google\Google Talk\googletalk.exe /autostart

    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [sweetIM] C:\Programas\Macrogaming\SweetIM\SweetIM.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: BTTray.lnk = ?

    O4 - Global Startup: hp psc 1000 series.lnk = ?

    O4 - Global Startup: hpoddt01.exe.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = D:\Programas\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: PocketCam 3Mega Monitor.lnk = ?

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Enviar para &Bluetooth - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

    O8 - Extra context menu item: Open with BitPump - D:\Programas\AnalogX\BitPump\ieint.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{9877A77A-AD8E-4BED-9B68-D0E6FC0B1B21}: NameServer = 192.168.1.1

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

    O23 - Service: iPod Service - Unknown owner - C:\Programas\iPod\bin\iPodService.exe (file missing)

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programas\Windows Live\installer\WLSetupSvc.exe

    Cumprimentos

    João Esteves

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Boa Noite Amilkar!

    >@< Faça um escaneamento OnLine,pelo Panda.

    >@< Na página,clique no botão Scan you PC.

    >@< Clique em Next.

    >@< Digite o seu E-Mail.

    >@< Clique em Send.

    >@< Finalize clicando em All PC. ( All My Computer )

    >@< Aguarde!Pois vai demorar um pouco para concluir o scan.

    >@< Terminando,copie o relatório e poste,na sua resposta + HJT,atualizado.

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×