1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.
  2. A secção Microsoft/Windows encontra-se actualmente em processo de reestruturação.
    Remover anúncio

erro estranho

Discussão em 'Windows 7 e anteriores' iniciada por kenaii, 31 de Julho de 2008. (Respostas: 21; Visualizações: 1028)

  1. kenaii

    kenaii Power Member

    boas.
    desde hoje a tarde que determinadas paginas da net nao abrem tanto no mozzila como no ie mas nao percebo pq... por exemplo... o gmail, abre... mas quando faço login fica td em branco e nao sai dali... o maisfutebol a mm coisa, hotmail idem aspas...
    nao sei o q se possa ter passado. entretanto tenho as actualizaçoes automaticas activas e tenho o icone no tray a dizer que estao desligadas... :'(
    sera um virus?
     
  2. zecp

    zecp Power Member

    tb n sei o k é :lol:,mas corre o avg para limpar o pc...
     
  3. kenaii

    kenaii Power Member

    eh pah... ja corri o avira... nao detectou nada.
    o spybot detectou umas cenas eliminei-as, mas esta td na mesma... :S
     
  4. zecp

    zecp Power Member

    á algumas paginas k konsegues abir sem problemas? ou nao abre nenhuma?
     
  5. kenaii

    kenaii Power Member

    por exemplo, a techzone abre na boa.
    mas as que referi nao...
    o que acho é estranho é o gmail
    da pa ir la... faço login e qd supostamente ia redirecionar fica a 'pensar'
     
  6. zecp

    zecp Power Member

    Última edição: 31 de Julho de 2008
  7. Blue Zee

    Blue Zee Power Member

    Descarregue e instale o versão FREE do SUPERAntispyware:
    http://www.superantispyware.com/

    Arranque o programa utilizando o ícone criado no ambiente de trabalho.

    Actualize as definições clicando no botão Check for Updates...
    Terminada a actualização clique em Preferences, depois no separador Scanning Control, em Scanner Options, assegure-se que selecciona

    - Close browsers before scanning.
    - Scan for tracking cookies.
    - Terminate memory threats before quarantining.

    E desmarque todos os outros. Agora clique em Close para sair deste menu.

    Clique em Scan your Computer..., seleccione Perform Complete Scan, clique em Next e aguarde pacientemente até lhe ser apresentado um relatório dos itens encontrados. Clique em OK e Next para confirmar a limpeza.

    Encerre o programa, reinicie o PC e teste.

    Diga-nos se resultou.

    Zee
     
  8. kenaii

    kenaii Power Member

    boas
    experimentei com o superantispyware e os sites ja funcam como deve ser. tinha uns trojans ca :S
    é estranho é que o meu antivirus nao os detectou nem o spybot...
    aparentemente o pc esta normal com excepçao de uma coisa.
    reiniciei e aparecem 2 caixas com isto.

    c:\windows\system32\edyykyqx.dll

    c:\windows\system32\yauwxhmn.dll

    O titulo é Rundll
     
  9. Blue Zee

    Blue Zee Power Member

    Corra de novo o SUPERAntiSpyware mas desta vez em Modo de Segurança (carregue em F8 ao arrancar o sistema).
    Se não resolver precisaremos de um log do HijackThis mas penso que não será necessário.

    Zee
     
  10. kenaii

    kenaii Power Member

    boas. corri em modo de segurança. encontrou 'apenas' 2.
    limpei, reiniciei mas aquilo que referi no post anterior continua a aparecer. fui ao msconfig e desactivei esses ditos 'modulos'. reiniciei e já nao aparece.
    mas esta la no 'arranque do msconfig'
    sera que ja esta td limpo e apenas é um caminho invalido?
    se sim ha maneira de eliminar esse caminho invalido?
    senao o que fazer?
    cumps
     
    Última edição: 1 de Agosto de 2008
  11. Blue Zee

    Blue Zee Power Member

    Correcto, apenas o caminho é inválido.

    Descarregue e instale o HijackThis daqui (descarregue o instalador/installer)

    Arranque com o HJT usando o ícone criado no ambiente de trabalho.

    Clique no botão Do a system scan and save a log file.

    No final criará um log em formato de texto.

    Copie esse log todo e coloque-o aqui.

    De seguida veremos como limpar essas entradas que apontam para os tais ficheiros.

    Zee
     
  12. kenaii

    kenaii Power Member

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:27:59, on 02-08-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\Program Files\ASUS\Splendid\ACMON.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\COMODO\Firewall\cfp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ACEngSvr.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\COMODO\Firewall\cmdagent.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\tlntsvr.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214416161484
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1214416234875
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    --
    End of file - 7555 bytes
     
  13. kenaii

    kenaii Power Member

  14. Blue Zee

    Blue Zee Power Member

    Desculpe mas tem que alterar via MSCONFIG para permitir a repetição dos erros.

    Faça um novo log depois de arrancar com os erros.

    Zee
     
  15. Mister paulo

    Mister paulo Power Member

    a mim tbem aparece isso ! omg mega irritante! primeiro o meu msn deixou de funcionar , depois para ir ao hotmail para activar o techzone não dava tentei ir á página do hotmail tbem nao deu ! algunas sites não conseguem abrir derrepente ! se descubrirem pqe ....
     
  16. Blue Zee

    Blue Zee Power Member

    Tente isto que coloquei acima.
     
  17. kenaii

    kenaii Power Member

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:26:45, on 02-08-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\Program Files\ASUS\Splendid\ACMON.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\COMODO\Firewall\cfp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\ACEngSvr.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\COMODO\Firewall\cmdagent.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\tlntsvr.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\DOCUME~1\PEDROS~1\LOCALS~1\Temp\SSUPDATE.EXE
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
    O4 - HKLM\..\Run: [BM13cdcee5] Rundll32.exe "C:\WINDOWS\system32\edyykyqx.dll",s
    O4 - HKLM\..\Run: [10fefd79] rundll32.exe "C:\WINDOWS\system32\yauwxhmn.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1214416161484
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1214416234875
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    --
    End of file - 7799 bytes


    penso que agr esteja ca td ;)
     
  18. Blue Zee

    Blue Zee Power Member

    Ora aí estão eles.

    Arranque em Modo de Segurança, depois de carregar em F8 ao iniciar o sistema.

    Seleccione estas entradas (clique no quadradinho antes de cada uma) no log do HJT:

    O4 - HKLM\..\Run: [BM13cdcee5] Rundll32.exe "C:\WINDOWS\system32\edyykyqx.dll",s
    O4 - HKLM\..\Run: [10fefd79] rundll32.exe "C:\WINDOWS\system32\yauwxhmn.dll",b


    Clique no botão Fix checked, encerre o HJT e reinicie em Modo de Segurança.

    Localize e apague estes ficheiros se existirem:

    C:\WINDOWS\system32\edyykyqx.dll
    C:\WINDOWS\system32\yauwxhmn.dll

    Reinicie em Modo Normal.

    O problema deverá estar resolvido.

    Zee
     
    Última edição: 2 de Agosto de 2008
  19. kenaii

    kenaii Power Member

    eu qd vi que tinha esses erros no arranque, fui logo ao msconfig ver o que era e procura-los e de facto ja nao existem. a partida eles foram eliminados pelo superantispyware.
    ja agr um conselho: uso o spybot ou o superantispyware?
    é que o spybot nao me detectou nada disto... nem o antivirus avira... q é o que acho estranho... a firewall nao detectou pq o ficheiro veio via pen e penso que tenha sido por isso que a firewall nao detectou nada...
     
  20. Blue Zee

    Blue Zee Power Member

    Eu sou adepto do SUPERAntiSpyware.
     

Partilhar esta Página