Ir ao conteúdo
  • Cadastre-se
brunotb

nao consigo excluir o virus: win32:bho-kd

Posts recomendados

oie a um tempo tive problemas com um virus mas fui levando porque o avast nao o detectava porém agora sempre ao abrir qualquer janela do explorer (meus documentos, internet explorer)

o avast detecta um virus chamado win32:bho-kd

so q eu nao consigo nem sequer movelo para quarentena porque o acesso e negado

o que devo fazeer

? valeu

Compartilhar este post


Link para o post
Compartilhar em outros sites

alguem nos ajude por favor nao quero formatar o meu pc tem muito jogo q demora pra baixar hehehehh

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do HijackThis

  • Coloque o arquivo numa pasta própria em C:\;
  • Dê um duplo clique no HijackThis e clique em Do a system scan and save a logfile;
  • Copie o conteúdo do bloco de notas cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 01:05:39, on 6/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

C:\Arquivos de programas\Free Download Manager\fum\fum.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\hijaki\HijackThis.exe

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {386BE11C-A1A0-4493-8FED-09784B504823} - C:\WINDOWS\system32\avtap.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [Free Upload Manager] "C:\Arquivos de programas\Free Download Manager\fum\fum.exe" -autorun

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{812A1E41-8F2B-4219-9192-8952B944A788}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{812A1E41-8F2B-4219-9192-8952B944A788}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{812A1E41-8F2B-4219-9192-8952B944A788}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-01-10.2 - Bruno 2008-01-10 13:28:25.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.614 [GMT -2:00]

Executando de: C:\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))

.

2008-01-10 13:26 . 2008-01-10 13:26 1,496,020 --a------ C:\ComboFix.exe

2008-01-08 02:43 . 2008-01-08 02:44 <DIR> d-------- C:\lostpt

2008-01-03 17:32 . 2008-01-03 17:32 268 --ah----- C:\sqmdata09.sqm

2008-01-03 17:32 . 2008-01-03 17:32 244 --ah----- C:\sqmnoopt09.sqm

2008-01-01 23:28 . 2008-01-01 23:28 <DIR> d-------- C:\Documents and Settings\Bruno\Configuraes locais

2008-01-01 23:27 . 2008-01-01 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-01-01 23:04 . 2008-01-01 23:04 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2007-12-31 01:15 . 2008-01-03 13:11 <DIR> d-------- C:\hyper Priston Tale

2007-12-25 13:56 . 2007-12-25 13:56 72 --a------ C:\WINDOWS\MediaManager.INI

2007-12-25 13:54 . 2007-12-25 13:54 <DIR> d-------- C:\Arquivos de programas\MP3 Player Utilities 4.15

2007-12-22 01:26 . 2007-12-22 01:26 <DIR> d-------- C:\Arquivos de programas\KAIZEN Games

2007-12-21 15:56 . 2005-04-19 10:21 5,826 -ra------ C:\WINDOWS\GenAmvTool.INI

2007-12-21 15:54 . 2007-12-21 15:55 <DIR> d-------- C:\Arquivos de programas\MP3 Player Utilities 3.57

2007-12-21 15:54 . 2005-07-11 05:28 8,802 -ra------ C:\WINDOWS\AmvTransform.ini

2007-12-21 15:54 . 2005-07-06 23:07 7,763 -ra------ C:\WINDOWS\AmvPlayer.ini

2007-12-21 13:52 . 2007-12-21 13:52 <DIR> d-------- C:\endless

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-10 15:25 --------- d-----w C:\Documents and Settings\Bruno\Dados de aplicativos\Free Download Manager

2008-01-10 02:28 --------- d-----w C:\Arquivos de programas\Warcraft III

2008-01-04 19:24 --------- d-----w C:\Documents and Settings\Bruno\Dados de aplicativos\gtk-2.0

2008-01-04 04:38 --------- d-----w C:\Arquivos de programas\Soulseek

2008-01-02 01:15 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-12-09 18:10 --------- d-----w C:\Arquivos de programas\Valve

2007-12-07 17:26 19,456 ----a-w C:\WINDOWS\system32\drivers\susqnwri.dat

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 14:46 --------- d-----w C:\Documents and Settings\Bruno\Dados de aplicativos\Uniblue

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-11-29 01:26 --------- d-----w C:\Arquivos de programas\VirtualDJ

2007-11-27 19:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2007-11-27 18:09 --------- d-----w C:\Arquivos de programas\IObit

2007-11-26 18:08 --------- d-----w C:\Documents and Settings\Bruno\Dados de aplicativos\discosemerros

2007-11-26 18:06 --------- d-----w C:\Arquivos de programas\Yahoo!

2007-11-26 18:03 --------- d-----w C:\Arquivos de programas\Arquivos comuns\DiscoSemErros

2007-11-21 13:37 --------- d-----w C:\Arquivos de programas\Alwil Software

2007-11-18 01:09 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-11-18 01:09 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-11-17 21:08 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2007-11-17 21:08 --------- d-----w C:\Arquivos de programas\Ahead

2007-11-14 15:39 139,264 ----a-w C:\WINDOWS\War3Unin.exe

2007-10-20 01:12 47,360 ----a-w C:\Documents and Settings\Bruno\Dados de aplicativos\pcouffin.sys

2007-10-10 22:51 495,458 ----a-w C:\WINDOWS\Opengl95.exe

2004-10-01 17:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{386BE11C-A1A0-4493-8FED-09784B504823}]

2001-10-28 10:06 92416 --a------ C:\WINDOWS\system32\avtap.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Uniblue RegistryBooster 2"="C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 01:56 1667584]

"Free Uploader Oe Integration"="C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe" [2007-06-10 20:02 40960]

"Free Upload Manager"="C:\Arquivos de programas\Free Download Manager\fum\fum.exe" [2007-07-29 21:13 253952]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SMSERIAL"="sm56hlpr.exe" [2005-07-05 18:47 544768 C:\WINDOWS\sm56hlpr.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 08:04 2879488 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 06:56 16261632 C:\WINDOWS\RTHDCPL.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"Motive SmartBridge"="C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 16:46 397312]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 03:55 98304]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 03:55 118784]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 03:52 77824]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

R0 qdpdsjcw;qdpdsjcw;C:\WINDOWS\system32\drivers\susqnwri.dat []

S3 XDva031;XDva031;C:\WINDOWS\system32\XDva031.sys []

S3 XDva033;XDva033;C:\WINDOWS\system32\XDva033.sys []

S3 XDva063;XDva063;C:\WINDOWS\system32\XDva063.sys []

S3 XDva068;XDva068;C:\WINDOWS\system32\XDva068.sys []

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-10 13:31:54

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-01-10 13:32:31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 14:08:11, on 10/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\hijaki\HijackThis.exe

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {386BE11C-A1A0-4493-8FED-09784B504823} - C:\WINDOWS\system32\avtap.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [Free Upload Manager] "C:\Arquivos de programas\Free Download Manager\fum\fum.exe" -autorun

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{812A1E41-8F2B-4219-9192-8952B944A788}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{812A1E41-8F2B-4219-9192-8952B944A788}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

josemelo posso faze uma pergunta a respeito da mnha configuração do pc

Pentium D 820 MOBO: GA-8I945GZME

1GB DDR 400 Kingston

160GB MAXTOR

Chipset Northbridge: Intel® 945GZ Express Chipset

Southbridge: Intel® ICH7 Chipset e bom?

e bom da pra da um up e troca por core 2 duo mas pra frente ou a minha mobo nao guenta??

valeu cara:D

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

- Faça o download do ComboFix e salve-o na área de trabalho;

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

Driver::
qdpdsjcw
RootKit::
C:\WINDOWS\system32\drivers\susqnwri.dat
File::
C:\WINDOWS\system32\avtap.dll

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Cole o novo log do Combofix e do HijackThis na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-01-14.4 - Bruno 2008-01-14 15:25:36.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.615 [GMT -2:00]

Executando de: C:\Documents and Settings\Bruno\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Bruno\Desktop\CFScript.txt.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE

C:\WINDOWS\system32\avtap.dll

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\avtap.dll

C:\WINDOWS\system32\drivers\susqnwri.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_QDPDSJCW

-------\qdpdsjcw

((((((((((((((((((((((( Ficheiros criados de 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))))

.

2008-01-14 15:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-12 05:08 . 2008-01-12 05:08 <DIR> d-------- C:\WINDOWS\Sun

2008-01-12 05:08 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-01-12 05:07 . 2008-01-12 05:08 <DIR> d-------- C:\Arquivos de programas\Java

2008-01-12 05:07 . 2008-01-12 05:07 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-01-10 14:46 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS

2008-01-10 14:42 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\kawrddskjdkv.sys

2008-01-10 14:26 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys

2008-01-10 14:15 . 2008-01-10 14:42 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-01-10 14:15 . 2008-01-10 14:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-01-10 14:15 . 2008-01-10 14:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-01-10 14:15 . 2008-01-10 14:15 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-01-08 02:43 . 2008-01-08 02:44 <DIR> d-------- C:\lostpt

2008-01-03 17:32 . 2008-01-03 17:32 268 --ah----- C:\sqmdata09.sqm

2008-01-03 17:32 . 2008-01-03 17:32 244 --ah----- C:\sqmnoopt09.sqm

2008-01-01 23:28 . 2008-01-01 23:28 <DIR> d-------- C:\Documents and Settings\Bruno\Configuraes locais

2008-01-01 23:27 . 2008-01-01 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-01-01 23:04 . 2008-01-01 23:04 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2007-12-31 01:15 . 2008-01-03 13:11 <DIR> d-------- C:\hyper Priston Tale

2007-12-25 13:56 . 2007-12-25 13:56 72 --a------ C:\WINDOWS\MediaManager.INI

2007-12-25 13:54 . 2007-12-25 13:54 <DIR> d-------- C:\Arquivos de programas\MP3 Player Utilities 4.15

2007-12-22 01:26 . 2007-12-22 01:26 <DIR> d-------- C:\Arquivos de programas\KAIZEN Games

2007-12-21 15:56 . 2005-04-19 10:21 5,826 -ra------ C:\WINDOWS\GenAmvTool.INI

2007-12-21 15:54 . 2007-12-21 15:55 <DIR> d-------- C:\Arquivos de programas\MP3 Player Utilities 3.57

2007-12-21 15:54 . 2005-07-11 05:28 8,802 -ra------ C:\WINDOWS\AmvTransform.ini

2007-12-21 15:54 . 2005-07-06 23:07 7,763 -ra------ C:\WINDOWS\AmvPlayer.ini

2007-12-21 13:52 . 2007-12-21 13:52 <DIR> d-------- C:\endless

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-14 17:28 --------- d-----w C:\Documents and Settings\Bruno\Dados de aplicativos\Free Download Manager

2008-01-13 19:36 --------- d-----w C:\Arquivos de programas\Warcraft III

2008-01-11 20:51 --------- d-----w C:\Arquivos de programas\Soulseek

2008-01-10 16:36 --------- d-----w C:\Arquivos de programas\Free Download Manager

2008-01-04 19:24 --------- d-----w C:\Documents and Settings\Bruno\Dados de aplicativos\gtk-2.0

2008-01-02 01:15 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-12-09 18:10 --------- d-----w C:\Arquivos de programas\Valve

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 14:46 --------- d-----w C:\Documents and Settings\Bruno\Dados de aplicativos\Uniblue

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-11-29 01:26 --------- d-----w C:\Arquivos de programas\VirtualDJ

2007-11-27 19:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2007-11-27 18:09 --------- d-----w C:\Arquivos de programas\IObit

2007-11-26 18:08 --------- d-----w C:\Documents and Settings\Bruno\Dados de aplicativos\discosemerros

2007-11-26 18:06 --------- d-----w C:\Arquivos de programas\Yahoo!

2007-11-26 18:03 --------- d-----w C:\Arquivos de programas\Arquivos comuns\DiscoSemErros

2007-11-21 13:37 --------- d-----w C:\Arquivos de programas\Alwil Software

2007-11-18 01:09 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-11-18 01:09 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-11-17 21:08 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2007-11-17 21:08 --------- d-----w C:\Arquivos de programas\Ahead

2007-11-14 15:39 139,264 ----a-w C:\WINDOWS\War3Unin.exe

2007-10-20 01:12 47,360 ----a-w C:\Documents and Settings\Bruno\Dados de aplicativos\pcouffin.sys

2004-10-01 17:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((( snapshot@2008-01-14_15.19.35.54 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-14 17:15:05 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

+ 2008-01-14 17:25:29 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

- 2008-01-14 17:15:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

+ 2008-01-14 17:25:29 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

- 2008-01-14 17:15:07 5,414,912 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

+ 2008-01-14 17:25:29 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

- 2008-01-14 17:15:07 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-14 17:25:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-14 17:25:30 5,414,912 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

+ 2008-01-14 17:25:30 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2000-08-31 10:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

+ 2008-01-14 17:30:25 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5c8.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Uniblue RegistryBooster 2"="C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 01:56 1667584]

"Free Uploader Oe Integration"="C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe" [2007-06-10 20:02 40960]

"Free Upload Manager"="C:\Arquivos de programas\Free Download Manager\fum\fum.exe" [2007-07-29 21:13 253952]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SMSERIAL"="sm56hlpr.exe" [2005-07-05 18:47 544768 C:\WINDOWS\sm56hlpr.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 08:04 2879488 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 06:56 16261632 C:\WINDOWS\RTHDCPL.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"Motive SmartBridge"="C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 16:46 397312]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 03:55 98304]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 03:55 118784]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 03:52 77824]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

S3 XDva031;XDva031;C:\WINDOWS\system32\XDva031.sys []

S3 XDva033;XDva033;C:\WINDOWS\system32\XDva033.sys []

S3 XDva063;XDva063;C:\WINDOWS\system32\XDva063.sys []

S3 XDva068;XDva068;C:\WINDOWS\system32\XDva068.sys []

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-14 15:30:51

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 15:41, on 2008-01-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

C:\Arquivos de programas\Free Download Manager\fum\fum.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\hijaki\HijackThis.exe

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [Free Upload Manager] "C:\Arquivos de programas\Free Download Manager\fum\fum.exe" -autorun

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{812A1E41-8F2B-4219-9192-8952B944A788}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{812A1E41-8F2B-4219-9192-8952B944A788}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

esses sao os ultimos logs

valeu pela força

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Abra o HijackThis, clique em Do a system scan only e marque a entrada abaixo:

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- No mais, o log está limpo :)

- Apague a pasta backups que está em C:\hijaki;

- Atualize o Internet Explorer:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir Erros

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites

valeu mesmo pela ajuda ae :)

:D descupa qualquer enchesao de saco ae

abraço...

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...