Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
darkyoh

alguem me ajuda por favor

Posts recomendados

Meu computador está travando MUITO e está muito lento... aqui estão os logs do PANDA e Hijihack

Incidência Estado Localização

Adware:Adware/PurityScan Não desinfectado e:\docume~1\leonardo\dadosd~1\asembl~1\ntvdm.exe

Adware:adware/pornmagpass Não desinfectado e:\windows\system32\ismon.exe

Adware:adware/ist.istbar Não desinfectado E:\Documents and Settings\Leonardo\Favoritos\~ VIP Free Porn ~.url

Adware:adware/winres Não desinfectado e:\windows\winres.dll

Adware:adware/whenusearch Não desinfectado E:\Documents and Settings\Leonardo\Menu Iniciar\Programas\WhenU

Adware:adware/savenow Não desinfectado Registo do Windows

Adware:adware/ncase Não desinfectado Registo do Windows

Adware:adware/cws Não desinfectado Registo do Windows

Adware:adware/searchexe Não desinfectado Registo do Windows

Adware:Adware/SpySheriff Não desinfectado C:\36110103225.exe

Spyware:Cookie/Admotion Não desinfectado C:\Documents and Settings\Convidado\Cookies\convidado@admotion.com[2].txt

Spyware:Cookie/AdDynamix Não desinfectado C:\Documents and Settings\Convidado\Cookies\convidado@ads.addynamix[1].txt

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\Convidado\Cookies\convidado@atdmt[2].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Convidado\Cookies\convidado@google.com[1].txt

Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\Convidado\Cookies\convidado@serving-sys[2].txt

Ferramenta potencialmente indesejada:Application/MotherboardMonitor.A Não desinfectado C:\hxpscript50-01032006\HacKerXP Script\eXPert\Dlls\MOO.DLL

Hacktool:HackTool/Flood Não desinfectado C:\hxpscript50-01032006\HacKerXP Script\eXPert\Dlls\nHTMLn.dll

Hacktool:HackTool/Flood Não desinfectado C:\hxpscript50-01032006\HacKerXP Script\eXPert\Games\NetGames\nHTMLn_2.92.dll

Ferramenta potencialmente indesejada:Application/MotherboardMonitor.A Não desinfectado C:\hxpscript50-01032006.rar[HacKerXP Script\eXPert\Dlls\MOO.DLL]

Hacktool:HackTool/Flood Não desinfectado C:\hxpscript50-01032006.rar[HacKerXP Script\eXPert\Dlls\nHTMLn.dll]

Hacktool:HackTool/Flood Não desinfectado C:\hxpscript50-01032006.rar[HacKerXP Script\eXPert\Games\NetGames\nHTMLn_2.92.dll]

Hacktool:HackTool/Flood Não desinfectado D:\Backup\CyberScript31\sistema\dlls\nHTMLn.dll

Ferramenta potencialmente indesejada:Application/MotherboardMonitor.A Não desinfectado D:\Backup\CyberScript31_\DOWNLOAD\irCM\irCM\mooold.dll

Ferramenta potencialmente indesejada:Application/MotherboardMonitor.A Não desinfectado D:\Backup\CyberScript31_\DOWNLOAD\irCM.rar[irCM\moo.dll]

Ferramenta potencialmente indesejada:Application/MotherboardMonitor.A Não desinfectado D:\Backup\CyberScript31_\DOWNLOAD\irCM.rar[irCM\mooold.dll]

Ferramenta potencialmente indesejada:Application/MotherboardMonitor.A Não desinfectado D:\Backup\CyberScript31_\DOWNLOAD\irCM_futebol\irCM_futebol\irCM\mooold.dll

Ferramenta potencialmente indesejada:Application/MotherboardMonitor.A Não desinfectado D:\Backup\CyberScript31_\DOWNLOAD\irCM_futebol.rar[irCM_futebol\irCM\moo.dll]

Ferramenta potencialmente indesejada:Application/MotherboardMonitor.A Não desinfectado D:\Backup\CyberScript31_\DOWNLOAD\irCM_futebol.rar[irCM_futebol\irCM\mooold.dll]

Virus:W32/Parite.B Não desinfectado D:\Backup\CyberScript31_\DOWNLOAD\Medieval_4.0-0819.rar[Medieval 4.0\Medieval Bot.exe]

Ferramenta potencialmente indesejada:Application/MotherboardMonitor.A Não desinfectado D:\Backup\CyberScript31_\DOWNLOAD\XirCM\irCM\mooold.dll

Ferramenta potencialmente indesejada:Application/MotherboardMonitor.A Não desinfectado D:\Backup\CyberScript31_\DOWNLOAD\XirCM\XirCM\irCM\mooold.dll

Ferramenta potencialmente indesejada:Application/MotherboardMonitor.A Não desinfectado D:\Backup\CyberScript31_\DOWNLOAD\XirCM.rar[irCM\moo.dll]

Ferramenta potencialmente indesejada:Application/MotherboardMonitor.A Não desinfectado D:\Backup\CyberScript31_\DOWNLOAD\XirCM.rar[irCM\mooold.dll]

Logfile of HijackThis v1.99.1

Scan saved at 23:18:20, on 7/9/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Winamp\winampa.exe

E:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Php\xampp\apache\bin\apache.exe

E:\DOCUME~1\Leonardo\DADOSD~1\ASEMBL~1\ntvdm.exe

C:\Php\xampp\mysql\bin\mysqld-nt.exe

E:\WINDOWS\system32\drwtsn32.exe

E:\WINDOWS\system32\svchost.exe

C:\Php\xampp\apache\bin\apache.exe

E:\WINDOWS\system32\imapi.exe

E:\WINDOWS\system32\wscntfy.exe

E:\WINDOWS\system32\drwtsn32.exe

E:\WINDOWS\explorer.exe

E:\WINDOWS\system32\svchost.exe

E:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

E:\Arquivos de programas\Hijihack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - E:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\ARQUIV~1\FlashGet\fgiebar.dll (file missing)

O4 - HKLM\..\Run: [siSUSBRG] E:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siS KHooker] E:\WINDOWS\system32\khooker.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [HP Component Manager] "E:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "E:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [TrojanScanner] D:\Arquivos de programas\Trojan Remover\Trjscan.exe

O4 - HKCU\..\Run: [MsnMsgr] "E:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Aaps] "E:\DOCUME~1\Leonardo\DADOSD~1\ASEMBL~1\ntvdm.exe" -vt yazr

O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\ARQUIV~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\ARQUIV~1\FlashGet\flashget.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{725491F3-9F96-49B9-963C-5C4220BB2749}: NameServer = 10.1.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Apache2 - Unknown owner - C:\Php\xampp\apache\bin\apache.exe" -k runservice (file missing)

O23 - Service: mysql - Unknown owner - C:\Php\xampp\mysql\bin\mysqld-nt.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

As vezes pode ser outros problemas (hardware, cooler, demanda alta para rodar tudo de uma vez, etc..etc..)... se estiver relacionado a malwares vamos aliviar...

Faça o download do smitRem

http://noahdfear.geekstogo.com/click%20cou.../click.php?id=1

e salve o file em sua área de trabalho

Faça o download do KillBox do Option^Explicit

http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Unzip. Rode-o. Marque a opção Delete on Reboot. Agora selecione a lista em negrito abaixo e clique em Editar > Copiar (ou pressione CTRL + C).

e:\docume~1\leonardo\dadosd~1\asembl~1\ntvdm.exe

e:\windows\winres.dll

E:\Documents and Settings\Leonardo\Favoritos\~ VIP Free Porn ~.url

E:\Documents and Settings\Leonardo\Menu Iniciar\Programas\WhenU

Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files.

Clique no botão X. Responda Não à pergunta.

Feche o KillBox.

-> delete os acusados da outra parte a saber:

D:\Backup\CyberScript31_\DOWNLOAD\Medieval_4.0-0819.rar[Medieval 4.0\Medieval Bot.exe]

C:\36110103225.exe

C:\Documents and Settings\Convidado\Cookies\convidado@admotion.com[2].txt

C:\Documents and Settings\Convidado\Cookies\convidado@ads.addynamix[1].txt

C:\Documents and Settings\Convidado\Cookies\convidado@atdmt[2].txt

C:\Documents and Settings\Convidado\Cookies\convidado@google.com[1].txt

C:\Documents and Settings\Convidado\Cookies\convidado@serving-sys[2].txt

Faça o download do uninstall

http://www.purityscan.com/uninstall.html

-> em seu desktop

Clique em Iniciar -> Painel de Controle -> Adicionar/Remover Programas

Na lista, procure pelo seguintes programas e desinstale-os se encontrar:

--> WhenU

Save

Oin

Yazzle by Oin

Purityscan by Oin

Snowballwars by Oin

Cowabanga by OIN

ou algum similar com Oin.

Execute e siga as instruções -> clica

Talvez você queira imprimir essas instruções ou salvá-las em um arquivo texto para fácil acesso.

Reinicie em Modo Seguro (aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

Execute o HijackThis, clique em Do a System Scan Only, marque

somente as entradas abaixo e dê o Fix Checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

O4 - HKCU\..\Run: [Aaps] "E:\DOCUME~1\Leonardo\DADOSD~1\ASEMBL~1\ntvdm.exe" -vt yazr

Abra o smitRem folder, dê um duplo click no RunThis.bat file para starter na ferramenta. Vai abrir o prompt, e você vai aguardar com paciência até que a ferramenta cumpra a limpeza e rastreamento no disco..

Reinicie

Localize e post o smitfiles.txt que geralmente fica em -> E:/ ou partição de onde você executou a ferramenta juntamente com novo log hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites

muito obrigado pela ajuda aqui estão os novos logs que você pediu:

Logfile of HijackThis v1.99.1

Scan saved at 10:23:05, on 8/9/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\csrss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

C:\Php\xampp\apache\bin\apache.exe

E:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Php\xampp\mysql\bin\mysqld-nt.exe

E:\WINDOWS\system32\svchost.exe

C:\Php\xampp\apache\bin\apache.exe

E:\WINDOWS\system32\wuauclt.exe

E:\WINDOWS\system32\wscntfy.exe

E:\Arquivos de programas\Hijihack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - E:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\ARQUIV~1\FlashGet\fgiebar.dll (file missing)

O4 - HKLM\..\Run: [siSUSBRG] E:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siS KHooker] E:\WINDOWS\system32\khooker.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [HP Component Manager] "E:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "E:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [TrojanScanner] D:\Arquivos de programas\Trojan Remover\Trjscan.exe

O4 - HKCU\..\Run: [MsnMsgr] "E:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Aaps] "E:\DOCUME~1\Leonardo\DADOSD~1\ASEMBL~1\ntvdm.exe" -vt yazr

O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\ARQUIV~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\ARQUIV~1\FlashGet\flashget.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{725491F3-9F96-49B9-963C-5C4220BB2749}: NameServer = 10.1.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Apache2 - Unknown owner - C:\Php\xampp\apache\bin\apache.exe" -k runservice (file missing)

O23 - Service: mysql - Unknown owner - C:\Php\xampp\mysql\bin\mysqld-nt.exe

smitRem © log file

version 3.2

by noahdfear

Microsoft Windows XP [versÆo 5.1.2600]

"IE"="6.0000"

Running from

E:\Documents and Settings\Leonardo\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)

Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon de cache de categorias de componente"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]

@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]

@="%SystemRoot%\system32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe ©2000-2004 Markus Stephany

REGEDIT4

[Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

checking for drsmartload2 key

drsmartload2 key not present!

spyaxe uninstaller NOT present

Winhound uninstaller NOT present

SpywareStrike uninstaller NOT present

AlfaCleaner uninstaller NOT present

SpyFalcon uninstaller NOT present

SpywareQuake uninstaller NOT present

SpywareSheriff uninstaller NOT present

Trust Cleaner uninstaller NOT present

SpyHeal uninstaller NOT present

VirusBurst uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

ismon.exe

amcompat.tlb

nscompat.tlb

logfiles

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 812 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)

Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon de cache de categorias de componente"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]

@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]

@="%SystemRoot%\system32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leonardo

Faça o download do ATF Cleaner by Atribune

http://www.atribune.org/ccount/click.php?id=1

-> em seu desktop

Reinicie em Modo Seguro

(aperte a tecla F8 até aparecer uma tela DOS e escolha Modo de Segurança).

Execute o HijackThis, clique em Do a System Scan Only, marque somente a entrada abaixo e dê Fix Checked.

O4 - HKCU\..\Run: [Aaps] "E:\DOCUME~1\Leonardo\DADOSD~1\ASEMBL~1\ntvdm.exe" -vt yazr

Habilite o Windows para mostrar todos os arquivos (até ocultos). -> veja

Via Windows Explorer verifique e apague o arquivo se ele estiver presente

E:\DOCUME~1\Leonardo\DADOSD~1\ASEMBL~1\ntvdm.exe

Dois cliques no ATF-Cleaner.exe para rodar a ferramenta.

Check (assinale) os seguintes boxes:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

clica Empty Selected. Aparece uma janela "Done Cleaning" clique OK e exit.

NOTA: Somente p/ Firefox browser/Opera browser -> Se você gostar de manter suas senhas conservadas, clique No -> prompt.

Reiniciar

Cole o log novamente

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Aprenda_a_Ler_Resistores_e_Capacitores-capa-3d-newsletter.jpg

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!