Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
jgmarcos

Análise de log...micro não desliga

Recommended Posts

Meu micro não está mais desligando depois que abri um e-mail.

Não sai da tela da Area de Trabalho quando tento desligá-lo.

As vezes os ícones da Barra de Feramenta do lado direito desaparecem quando passo a seta do mouse por cima deles.

Passei o anti-viris e o CCleaner porém o problema persiste.

Logfile of HijackThis v1.99.1

Scan saved at 03:54:01, on 7/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\windows\system32\IEXPLORES.EXE

C:\WINDOWS\system\msnmsssgser.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\Hijack This\HijackThis.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Microsoft Internet Explorer] C:\windows\system32\IEXPLORES.EXE

O4 - HKCU\..\Run: [msnmsg] C:\WINDOWS\system\msnmsssgser.exe

O4 - Startup: Registration .LNK = C:\Arquivos de programas\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\support\Register\Reg.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia...

Baixei o Combofix e está aí o resultado, porém agora a pouco as Instalações Automáticas do Windows entrarm em funcionamento e depois de baixar as atualizações o micro passou a deligar normalmente, mesmo assim te passo e resultado do Combofix...

Obrigado mais um vez...:)

ComboFix 08-04-08.7 - beto 2008-04-09 1:53:18.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.51 [GMT -3:00]

Executando de: E:\Instaladores\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\monitorado.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))

.

2008-04-09 01:40 . 2008-04-09 01:40 118 --a------ C:\WINDOWS\system32\MRT.INI

2008-04-09 01:38 . 2008-04-09 01:41 1,355 --a------ C:\WINDOWS\imsins.BAK

2008-04-08 11:48 . 2008-04-08 11:48 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\ESET

2008-04-08 11:48 . 2008-04-08 11:48 <DIR> d-------- C:\Arquivos de programas\ESET

2008-04-07 03:00 . 2008-04-07 03:00 284 --a------ C:\WINDOWS\system\KEYBOARD1.DRV

2008-04-07 02:50 . 2008-04-07 02:50 353,280 ---hs---- C:\WINDOWS\system\msnmsssgser.exe

2008-03-30 16:02 . 2008-03-30 16:02 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-03-26 20:42 . 2008-03-26 20:42 1,190 --a------ C:\WINDOWS\mozver.dat

2008-03-25 16:17 . 2008-03-25 16:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-03-25 16:13 . 2008-03-25 16:25 <DIR> d-------- C:\Documents and Settings\beto\.housecall6.6

2008-03-25 15:56 . 2008-03-29 22:07 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-25 15:56 . 2008-03-29 22:07 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-24 23:49 . 2008-03-24 23:49 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-19 01:53 . 2008-03-19 01:53 <DIR> d-------- C:\Arquivos de programas\IObit

2008-03-17 14:34 . 2008-04-07 03:56 <DIR> d-------- C:\Hijack This

2008-03-17 12:49 . 2008-04-03 16:55 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2008-03-17 12:49 . 2008-04-03 16:55 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-03-17 10:58 . 2008-03-17 11:21 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP

2008-03-13 16:52 . 2008-03-13 16:52 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys

2008-03-13 16:44 . 2008-03-13 16:44 29,704 --a------ C:\WINDOWS\system32\drivers\easdrv.sys

2008-03-13 16:43 . 2008-03-13 16:43 40,456 --a------ C:\WINDOWS\system32\drivers\eamon.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-09 04:04 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\AVG7

2008-04-07 19:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\avg7

2008-03-30 19:51 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\AdobeUM

2008-03-30 01:29 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-03-20 22:00 17,448 ----a-w C:\Documents and Settings\beto\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-17 17:17 --------- d-----w C:\Arquivos de programas\Common Files

2008-03-17 17:17 --------- d-----w C:\Arquivos de programas\Assistente Tecnico Speedy

2008-03-12 17:05 --------- d-----w C:\Arquivos de programas\IrfanView

2008-03-11 13:38 --------- d-----w C:\Arquivos de programas\MYMA Decoder and Viewer

2008-03-05 20:25 --------- d-----w C:\Arquivos de programas\Windows Live

2008-03-05 20:21 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-05 20:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\WLInstaller

2008-03-05 20:00 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\Kazaa Lite

2008-03-05 19:30 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\DivX

2008-03-05 19:30 --------- d-----w C:\Arquivos de programas\DivX

2008-03-05 16:08 --------- d-----w C:\Arquivos de programas\Java

2008-03-05 16:06 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-03-05 14:01 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\Leadertech

2008-03-05 13:53 --------- d-----w C:\Arquivos de programas\Programas RFB

2008-03-04 01:42 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\eMule

2008-03-04 01:42 --------- d-----w C:\Arquivos de programas\eMule

2008-03-03 23:28 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-03-03 22:34 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\Motive

2008-03-03 22:34 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Motive

2008-03-03 22:29 155,995 ----a-w C:\WINDOWS\java\Packages\0ICZRLNF.ZIP

2008-03-03 22:24 --------- d-----w C:\Arquivos de programas\Telefonica

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-24 12:42 --------- d-----w C:\Arquivos de programas\Programas SRF

2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\PxCpyI64.exe

2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\PxInsI64.exe

2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2004-10-01 17:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((( snapshot@2008-03-25_ 9.40.21,42 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-03-20 07:57:58 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll

+ 2008-02-20 05:20:26 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll

+ 2008-02-20 18:50:28 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll

+ 2008-02-20 06:53:07 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll

- 2000-08-31 11:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2005-10-20 23:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2000-08-31 11:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe

+ 2000-08-31 11:00:00 80,412 ----a-w C:\WINDOWS\grep.exe

+ 2007-12-07 02:09:20 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll

+ 2007-12-19 22:53:59 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll

+ 2007-12-07 02:09:20 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll

+ 2007-12-07 02:09:20 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll

+ 2007-12-07 02:09:20 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll

+ 2007-12-06 11:05:55 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe

+ 2007-12-07 02:09:20 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll

+ 2007-12-07 02:09:20 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll

+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll

+ 2007-12-07 02:09:20 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll

+ 2007-12-07 02:09:20 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll

+ 2007-12-07 02:09:21 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll

+ 2007-12-07 02:09:21 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll

+ 2007-12-07 02:09:21 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll

+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe

+ 2007-12-06 11:06:21 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe

+ 2007-12-07 02:09:21 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll

+ 2007-12-07 02:09:21 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll

+ 2007-12-07 02:09:21 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll

+ 2007-12-08 05:09:22 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll

+ 2007-12-07 02:09:22 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll

+ 2007-12-07 02:09:22 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll

+ 2007-12-07 02:09:22 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll

+ 2007-12-07 02:09:22 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll

+ 2008-01-11 05:37:21 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll

+ 2007-03-06 01:01:00 215,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:02:08 384,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll

+ 2007-12-07 02:09:22 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll

+ 2007-12-07 02:09:22 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll

+ 2007-12-07 02:09:22 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll

+ 2007-12-07 02:09:22 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll

+ 2008-04-08 14:49:43 10,134 ----a-r C:\WINDOWS\Installer\{86A6E235-C08F-4A14-B14C-793C7D8844A0}\callmsi.exe

+ 2008-04-08 14:49:43 136,448 ----a-r C:\WINDOWS\Installer\{86A6E235-C08F-4A14-B14C-793C7D8844A0}\egui.exe

+ 2008-03-30 19:00:35 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1046-7B44-A70900000002}\SC_Reader.exe

+ 2000-08-31 11:00:00 98,816 ----a-w C:\WINDOWS\sed.exe

+ 2000-08-31 11:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe

+ 2000-08-31 11:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe

+ 2000-08-31 11:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe

- 2007-12-07 02:09:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2008-03-01 13:02:08 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2006-08-02 15:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe

- 2007-12-07 02:09:20 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-03-01 13:02:08 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll

- 2006-06-26 17:41:41 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

+ 2008-02-20 05:37:59 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

- 2004-08-04 03:45:22 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

+ 2008-02-20 05:37:59 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

- 2007-12-19 22:53:59 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-03-01 13:02:09 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2007-12-07 02:09:20 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-03-01 13:02:09 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2007-12-07 02:09:20 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-03-01 13:02:09 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2007-06-19 13:31:22 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll

+ 2008-02-20 06:51:35 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll

- 2007-12-07 02:09:20 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

+ 2008-03-01 13:02:09 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

- 2007-12-06 11:05:55 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2008-02-29 08:59:58 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2007-12-07 02:09:20 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2008-03-01 13:02:09 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2007-12-07 02:09:20 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2008-03-01 13:02:09 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2007-12-06 04:59:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

- 2007-12-07 02:09:20 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

+ 2008-03-01 13:02:09 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

- 2007-12-07 02:09:20 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2008-03-01 13:02:09 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2007-12-07 02:09:21 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

+ 2008-03-01 13:02:10 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

- 2007-12-07 02:09:21 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2008-03-01 13:02:10 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2007-12-07 02:09:21 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

+ 2008-03-01 13:02:10 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

- 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

- 2007-12-06 11:06:21 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe

+ 2008-02-29 09:00:27 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe

- 2007-12-07 02:09:21 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-03-01 13:02:10 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2007-12-07 02:09:21 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

+ 2008-03-01 13:02:10 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

- 2007-12-07 02:09:21 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

+ 2008-03-01 13:02:10 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

- 2007-12-08 05:09:22 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-03-01 21:32:12 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2007-12-07 02:09:22 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-03-01 13:02:12 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2007-12-07 02:09:22 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-03-01 13:02:12 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

- 2007-12-07 02:09:22 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-03-01 13:02:12 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

- 2007-12-07 02:09:22 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

+ 2008-03-01 13:02:12 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

- 2008-01-11 05:37:21 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-03-01 13:02:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2007-12-07 02:09:22 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll

+ 2008-03-01 13:02:12 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll

- 2007-12-07 02:09:22 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-03-01 13:02:12 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2007-12-07 02:09:22 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2008-03-01 13:02:12 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2007-03-08 15:33:32 1,843,712 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys

+ 2008-03-20 08:09:41 1,845,376 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys

- 2007-12-07 02:09:22 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-03-01 13:02:12 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

- 2006-06-26 17:41:41 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll

+ 2008-02-20 05:37:59 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

- 2007-12-19 22:53:59 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-03-01 13:02:09 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2007-12-07 02:09:20 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-03-01 13:02:09 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2007-12-07 02:09:20 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

+ 2008-03-01 13:02:09 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

- 2008-03-04 02:11:09 113,376 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-04-09 04:45:06 113,376 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2007-12-07 02:09:20 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

+ 2008-03-01 13:02:09 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2007-12-06 11:05:55 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

+ 2008-02-29 08:59:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

- 2007-12-07 02:09:20 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

+ 2008-03-01 13:02:09 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

- 2007-12-07 02:09:20 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

+ 2008-03-01 13:02:09 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

- 2007-12-07 02:09:20 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2008-03-01 13:02:09 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2007-12-07 02:09:20 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

+ 2008-03-01 13:02:09 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

- 2007-12-07 02:09:21 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

+ 2008-03-01 13:02:10 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2007-12-07 02:09:21 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

+ 2008-03-01 13:02:10 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

- 2007-12-07 02:09:21 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

+ 2008-03-01 13:02:10 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2007-12-07 02:09:21 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-03-01 13:02:10 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2007-11-20 19:52:00 2,884,992 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

+ 2007-11-20 19:52:00 218,496 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe

- 2007-12-07 02:09:21 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

+ 2008-03-01 13:02:10 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2007-12-07 02:09:21 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2008-03-01 13:02:10 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2007-12-08 05:09:22 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-03-01 21:32:12 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2007-12-07 02:09:22 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-03-01 13:02:12 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2007-12-07 02:09:22 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2008-03-01 13:02:12 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

- 2007-12-07 02:09:22 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2008-03-01 13:02:12 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

- 2007-12-07 02:09:22 102,912 ----a-w C:\WINDOWS\system32\occache.dll

+ 2008-03-01 13:02:12 102,912 ----a-w C:\WINDOWS\system32\occache.dll

- 2008-01-11 05:37:21 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-03-01 13:02:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

- 2007-12-07 02:09:22 105,984 ----a-w C:\WINDOWS\system32\url.dll

+ 2008-03-01 13:02:12 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2007-12-07 02:09:22 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-03-01 13:02:12 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2007-12-07 02:09:22 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-03-01 13:02:12 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2000-08-31 11:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe

+ 2000-08-31 11:00:00 68,096 ----a-w C:\WINDOWS\zip.exe

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PowerBar"="" []

"updateMgr"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-02-26 05:53 65024 C:\WINDOWS\SOUNDMAN.EXE]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-22 00:51 579072]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 07:18 196608]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-24 17:29 219136]

C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Discador Yahoo\\DialUP.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG Free\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG Free\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG Free\\avgcc.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG Free\\avgemc.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]

S3 FXDRV;FXDRV;D:\Fxdrv.sys []

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-04-09 04:23:02 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-09 01:55:00

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = ????????????l?@?l?@?D?????6~??????????????6~l?@?l?@????? ???????????W?9~??6~??????6~K?6~x???????[?6~???????? ??????????????|x???0???????????? ot??6~????????????????????`???????????l?@?l?@?????Q?7~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-04-09 1:55:42

ComboFix-quarantined-files.txt 2008-04-09 04:55:33

ComboFix2.txt 2008-03-25 12:40:45

Pre-Run: 15,357,128,704 bytes disponíveis

Post-Run: 15,348,858,880 bytes disponíveis

.

2008-04-09 04:41:43 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do Killbox e execute-o:

  • Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

C:\windows\system32\IEXPLORES.EXE
C:\WINDOWS\system\msnmsssgser.exe
  • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;
  • Clique no killbox.png e responda Não à pergunta.

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

O4 - HKCU\..\Run: [Microsoft Internet Explorer] C:\windows\system32\IEXPLORES.EXE

O4 - HKCU\..\Run: [msnmsg] C:\WINDOWS\system\msnmsssgser.exe

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- Reinicie em modo normal, gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixei o Killbox e executei-o, e fiz os procedimetos que você me pediu...

Reiniciei o micro em Modo Seguro, abri o Hijackthis e cliquei no botão que me indicou, porém as entradas que me pediu para marcar não apareceram...

Será que fiz algo de errado...tentei por 3 vezes e não apareceram as entradas....

O micro está desligando normalmente....

O que faço agora?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tá aí o novo log...

Logfile of HijackThis v1.99.1

Scan saved at 20:47:27, on 10/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Registration .LNK = C:\Arquivos de programas\Ubisoft\Demo\Tom Clancy's Splinter Cell Double Agent Demo\support\Register\Reg.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{520B4726-3E33-4E17-BE6C-1431AFF8D0E9}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Apague a pasta backups que está em C:\Hijack This e C:\!Killbox;

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×