Manain 0 Denunciar post Postado Março 17, 2010 Nao consigo instalar antivirus e nem spyboot, tento reiniciar em modo seguro tambem não consigo o PC reinicia sozinho no modo de segurança. Segue log Logfile of HijackThis v1.99.1 Scan saved at 22:49:37, on 16/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE C:\Arquivos de programas\Nokia\Nokia Internet Modem\WellPhone2.exe C:\folhawin\atualizador\atualizador.exe C:\folhawin\backup\autobkp\autobkp.exe C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\DOCUME~1\Usuario\CONFIG~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [LManager] C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [iNPROCOMMWireless] C:\Arquivos de programas\Atheros\Wireless\Utility\WlanUtil.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ZTE Wireless Terminal] "C:\Arquivos de programas\AIKO 76E\bin\App.exe" O4 - HKCU\..\Run: [Nokia Internet Modem] "C:\Arquivos de programas\Nokia\Nokia Internet Modem\WellPhone2.exe" /background O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Usuario\CONFIG~1\Temp\herss.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Atualizador Automatico - Folhamatic.lnk = C:\folhawin\atualizador\atualizador.exe O4 - Global Startup: Auto Backup - Folhamatic.LNK = C:\folhawin\backup\autobkp\autobkp.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with GetRight - C:\Arquivos de programas\GetRight\GRdownload.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255203921203 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{807575EF-C243-4BEE-8569-AC426FF90E70}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{AAD354BA-26B4-4D47-A7B5-75DE4C662074}: NameServer = 200.142.130.202 200.220.227.56 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 17, 2010 *Baixe o USBFix e salve-o no desktop *Espete o Pendrive no PC *Duplo clique em UsbFix *Tecle P > [ENTER] *Tecle 1 > [ENTER] e aguarde o término *Remova o Pendrive *Cole o relatório criado em C:\UsbFix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Março 17, 2010 Ok fiz o procedimento executei e agora ha um arquivo no c: usbfix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Março 17, 2010 Aqui esta o log gerado pelo Usbfix ############################## | UsbFix V6.099 | User : Usuario (Administradores) # ACER Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8 Start at: 09:17:33 | 17/03/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Mobile AMD Sempron Processor 3500+ Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled C:\ -> Disco fixo local # 111,78 Go (49,67 Go free) # NTFS D:\ -> Disco CD-ROM E:\ -> Disco removível # 1008,26 Mo (887,93 Mo free) # FAT32 ################## | Ficheiros # pastas infeciosos | C:\DOCUME~1\Usuario\CONFIG~1\Temp\AutoRun.exe C:\DATA E:\autorun.inf -> ficheiro chamado : "E:\fk.exe" ( Ausente ! ) E:\autorun.inf Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 17, 2010 1. *Espete novamente o Pendrive no PC *Duplo clique em UsbFix *Tecle P > [ENTER] *Tecle 2 > [ENTER] e aguarde o término *Remova o Pendrive *Cole o relatório criado em C:\UsbFix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Março 17, 2010 OBS: é necessário postar em http://chiquitine.chngelog.fr/sample/upload.php o arquivo gerado usbfix_upload_Me_ACER.zip? Segue o Log criado; ############################## | UsbFix V6.099 | User : Usuario (Administradores) # ACER Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8 Start at: 11:05:18 | 17/03/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Mobile AMD Sempron Processor 3500+ Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled C:\ -> Disco fixo local # 111,78 Go (49,63 Go free) # NTFS D:\ -> Disco CD-ROM ################## | Ficheiros # pastas infeciosos | Supprimido ! C:\DOCUME~1\Usuario\CONFIG~1\Temp\AutoRun.exe Supprimido ! C:\DATA Supprimido ! C:\Recycler\S-1-5-21-746137067-823518204-682003330-1003 Supprimido ! C:\Recycler\S-1-5-21-746137067-823518204-682003330-1007 E:\autorun.inf -> ficheiro chamado : "E:\fk.exe" ( Ausente ! ) Supprimido ! E:\autorun.inf ################## | Registro | Supprimido ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft" Supprimido ! [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableConfig" Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions" ################## | Mountpoints2 | Supprimido ! HKCU\...\Explorer\MountPoints2\{44ed8af8-b666-11de-85b6-00197e3f60dd}\Shell\AutoRun\Command Supprimido ! HKCU\...\Explorer\MountPoints2\{8d0cffd0-e8a9-11de-8625-00197e3f60dd}\Shell\AutoRun\Command ################## | Listing | [08/10/2009 14:44|--a------|0] C:\AUTOEXEC.BAT [08/10/2009 15:06|-rahs----|223] C:\boot.ini [14/04/2008 09:00|-rahs----|4952] C:\Bootfont.bin [08/10/2009 14:44|--a------|0] C:\CONFIG.SYS [22/01/2009 16:07|---------|466037] C:\desinsta.exe [08/10/2009 14:44|-rahs----|0] C:\IO.SYS [08/10/2009 14:44|-rahs----|0] C:\MSDOS.SYS [14/04/2008 09:00|-rahs----|47564] C:\NTDETECT.COM [14/04/2008 09:00|-rahs----|251696] C:\ntldr [?|?|?] C:\pagefile.sys [11/02/2010 19:55|--a------|15084] C:\PatchLog.txt [05/03/2010 16:53|--a------|449951] C:\prox.log [08/10/2009 16:22|--a------|3153920] C:\secsetup.sdb [17/03/2010 11:13|--a------|2150] C:\UsbFix.txt [06/03/2010 10:07|--a------|150016] E:\audesp_clientes.xls [17/02/2010 14:11|--a------|40448] E:\CONTRATO DE LOCA€ÇO Prefeitura.doc [05/03/2010 15:50|--a------|18432] E:\amec_calculo_custos.xls [05/03/2010 13:52|--a------|46080] E:\comunicado Amec.doc [09/03/2010 08:37|--a------|36864] E:\contrato_locacao_IVA.doc [10/03/2010 08:26|--a------|39936] E:\ComunicadoSDG.doc [?|?|?] E:\Åeijo.exe [16/03/2010 07:43|--a------|33122] E:\Rais2008_backup.bkp [17/03/2010 08:11|--a------|9728] E:\~WRD2275.tmp [16/03/2010 18:07|--a------|2992752] E:\DMSetup-Serial.exe [17/03/2010 08:59|--a------|1775837] E:\UsbFix.exe [24/02/2010 10:59|--a------|134144] E:\PISO DE HONORARIOS ano de 2.01_.doc [16/03/2010 22:34|--a------|22528] E:\µREA SEGURAN€A.doc [16/03/2010 23:14|--a------|10949] E:\hijackthis.log [09/03/2010 16:40|--a------|24576] E:\CARTA_INSS_JAIR FRANCHINI.doc [17/03/2010 09:21|--a------|1636] E:\UsbFix.txt [03/03/2010 09:24|--a------|61952] E:\contrato_locacao_nao_residencial.doc ################## | Vaccinação | # C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido). # E:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido). ################## | Upload | Favor enviar o arquivo : C:\UsbFix_Upload_Me_ACER.zip : http://chiquitine.changelog.fr/Sample/Upload.php Obrigado pela sua contribuição . Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 17, 2010 Não... O arquivo é para você fazer um upload para o autor da ferramenta. Basta clicar no link e enviar o arquivo. 1. *Duplo clique em UsbFix *Tecle P > [ENTER] *Tecle 6 > [ENTER] 2. *Baixe o AD-Remover e salve-o no desktop *Duplo clique em AD-R.exe *Clique em [Clean]...aguarde o término *Cole o relatório criado em C:\Ad-Report-CLEAN.log e novo log do hijack Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Março 17, 2010 Log do AD-Report Clean . ======= RAPPORT D'AD-REMOVER 2.0.0.0,A | ONLY XP/VISTA/7 ======= . Updated by C_XX on 15/03/10 à 17:00 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Started: 15:42:21 le 17/03/2010 | Normal boot | Option: CLEAN Executed from: C:\Ad-Remover\ADR.exe Operating systèm: Microsoft® Windows XP™ Service Pack 3 Computer name: ACER | Current user: Usuario (Administrator) . ============== FIXED ELEMENTS ============== . . C:\Arquivos de programas\Ask Search Assistant C:\Arquivos de programas\Ask.com C:\Arquivos de programas\Mozilla FireFox\Components\AskHPRFF.js C:\Documents and Settings\Suellen\Configurações locais\Dados de aplicativos\AskToolbar C:\Documents and Settings\Suellen\Configurações locais\Temp\AskSearch C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Ask Search Assistant C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job (!) -- Deleted temporary files. . HKCU\Software\AskToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} HKLM\Software\Classes\AppID\GenericAskToolbar.DLL HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AskSearchAsst.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll . ============== ADDITIONNAL SCAN ============== . * Mozilla FireFox Version 3.6 (pt-BR) * . C:\Documents and Settings\Usuario\Dados de aplicativos\mozilla\firefox\profiles\izmfp1am.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Usuario\\Meus documentos\\Minhas imagens C:\Documents and Settings\Usuario\Dados de aplicativos\mozilla\firefox\profiles\izmfp1am.default\prefs.js - browser.startup.homepage: hxxp://www.plusnetwork.com C:\Documents and Settings\Usuario\Dados de aplicativos\mozilla\firefox\profiles\izmfp1am.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2 C:\Documents and Settings\Suellen\Dados de aplicativos\Mozilla\Firefox\Profiles\ncg7gp7g.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Suellen\\Meus documentos\\Minhas imagens\\Oun\\Twilight C:\Documents and Settings\Suellen\Dados de aplicativos\Mozilla\Firefox\Profiles\ncg7gp7g.default\prefs.js - browser.search.defaultenginename: Ask.com C:\Documents and Settings\Suellen\Dados de aplicativos\Mozilla\Firefox\Profiles\ncg7gp7g.default\prefs.js - browser.search.selectedEngine: Google C:\Documents and Settings\Suellen\Dados de aplicativos\Mozilla\Firefox\Profiles\ncg7gp7g.default\prefs.js - browser.startup.homepage: hxxp://www.orkut.com.br/Main#Home C:\Documents and Settings\Suellen\Dados de aplicativos\Mozilla\Firefox\Profiles\ncg7gp7g.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2 C:\Documents and Settings\Suellen\Dados de aplicativos\Mozilla\Firefox\Profiles\ncg7gp7g.default\prefs.js - keyword.URL: hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&q= . . * Internet Explorer Version 8.0.6001.18702 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . AutoHide: yes Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Custom Search URL: 1 Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ======================================== . C:\DOCUME~1\Usuario\CONFIG~1\Temp: 12 Files, 131 Folders C:\WINDOWS\temp: 2 Files, 7 Folders Temporary Internet Files: 3 Files, 13 Folders . C:\Ad-Remover\Quarantine: 2 Files C:\Ad-Remover\Backup: 14 Files . C:\Ad-Report-CLEAN[1].txt - 5984 Byte(s) . End at:15:50:51, 17/03/2010 . ============== E.O.F - CLEAN[1] ============== Novo Log hijackthis Logfile of HijackThis v1.99.1 Scan saved at 15:52:08, on 17/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\RTHDCPL.EXE C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Nokia\Nokia Internet Modem\WellPhone2.exe C:\folhawin\atualizador\atualizador.exe C:\folhawin\backup\autobkp\autobkp.exe C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\DOCUME~1\Usuario\CONFIG~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msfeedssync.exe C:\Arquivos de programas\Java\jre6\bin\javaws.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jaucheck.exe C:\Arquivos de programas\Java\jre6\bin\javaw.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [LManager] C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [iNPROCOMMWireless] C:\Arquivos de programas\Atheros\Wireless\Utility\WlanUtil.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ZTE Wireless Terminal] "C:\Arquivos de programas\AIKO 76E\bin\App.exe" O4 - HKCU\..\Run: [Nokia Internet Modem] "C:\Arquivos de programas\Nokia\Nokia Internet Modem\WellPhone2.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Atualizador Automatico - Folhamatic.lnk = C:\folhawin\atualizador\atualizador.exe O4 - Global Startup: Auto Backup - Folhamatic.LNK = C:\folhawin\backup\autobkp\autobkp.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with GetRight - C:\Arquivos de programas\GetRight\GRdownload.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255203921203 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{807575EF-C243-4BEE-8569-AC426FF90E70}: NameServer = 192.168.0.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 17, 2010 1. *Execute novamente o AD-Remover *Clique em [uninstall] Informe se já consegue instalar o antivírus. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 17, 2010 1. *Execute novamente o AD-Remover *Clique em [uninstall] Informe se já consegue instalar o antivírus. Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Março 17, 2010 Não consegui instalar anti-virus, nem o spyboot Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 17, 2010 *Baixe o ComboFix e salve-o no desktop *Duplo-clique no arquivo Combofix.exe *Aceite o contrato *Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [sIM] para aceitar a instalação do mesmo. *Após a instalação, clique em [sIM] para continuar. *Aguarde a conclusão de todas as etapas *Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER. *O programa será fechado automaticamente *Cole o relatório criado em C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Março 18, 2010 So estou conseguindo acessar a internet, através do mozilla firefox, o Internet Explorer apenas abre uma pagina em branco (com mensagem no canto esquerdo superior da tela "conectando". Já o Mozilla firefox aparece a mensagem abaixo. Esta mensagem tambem aparece quando vou instalar o antivirus da uol, pois não consigo acessar nenhum site de segurança. Se eu baixar o combofix em outro computador e executar neste o efeito sera o mesmo? Já que se eu abrir o firefox consigo ter acesso a internet? O Firefox não conseguiu estabelecer uma conexão com o servidor download.bleepingcomputer.com. * Este site pode estar temporariamente fora do ar ou sobrecarregado. Tente de novo em alguns instantes. * Se você não consegue carregar nenhuma página, verifique a conexão de rede do computador. * Se o seu computador ou rede forem protegidos por um firewall ou proxy, certifique-se de que o Firefox esteja autorizado a acessar a web. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 18, 2010 *Baixe o Combofix por outro PC. Depois, copie-o para o desktop deste PC com problema. Siga as orientações conforme indiquei. Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Março 18, 2010 Segue Relatorio preparado pelo ComboFix ComboFix 10-03-17.07 - Usuario 18/03/2010 17:48:00.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.766.438 [GMT -3:00] Executando de: c:\documents and settings\Usuario\Desktop\ComboFix.exe * Criado um novo ponto de restauração . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\arquivos de programas\Gravity\Ragnarok Online\skin\default\basic_interface\_desktop.ini c:\arquivos de programas\Gravity\Ragnarok Online\skin\Scribbling Kid\_desktop.ini c:\arquivos de programas\Gravity\Ragnarok Online\skin\Scribbling Kid\basic_interface\_desktop.ini C:\MessengerPlus c:\messengerplus\adilson.boleiro@hotmail.com1.log c:\messengerplus\aformosaconselheira@hotmail.com1.log c:\messengerplus\alina_romeiro@hotmail.com1.log c:\messengerplus\aniinha_rodriigues@hotmail.com1.log c:\messengerplus\anubiarodrigues@hotmail.com1.log c:\messengerplus\azanormais@hotmail.com1.log c:\messengerplus\bebella.brito.braune@hotmail.com1.log c:\messengerplus\camilinhaanalandia@hotmail.com1.log c:\messengerplus\caprica27@hotmail.com1.log c:\messengerplus\carol_correa_pink@hotmail.com1.log c:\messengerplus\carolcorreapink@hotmail.com1.log c:\messengerplus\carolina_vivaldini@hotmail.com1.log c:\messengerplus\claudete_37@hotmail.com1.log c:\messengerplus\danilinho_10@hotmail.com1.log c:\messengerplus\danlove_10@hotmail.com1.log c:\messengerplus\deisesl_30@hotmail.com1.log c:\messengerplus\drikinhamelo@hotmail.com1.log c:\messengerplus\felipinhodenami@hotmail.com1.log c:\messengerplus\fgcanello@hotmail.com1.log c:\messengerplus\flor_deinha@hotmail.com1.log c:\messengerplus\gabi.r.benites@hotmail.com1.log c:\messengerplus\iarasara@msn.com1.log c:\messengerplus\IEBrowserEvents.dll c:\messengerplus\jujueraf@hotmail.com1.log c:\messengerplus\keilaerika@hotmail.com1.log c:\messengerplus\lizinha192@hotmail.com1.log c:\messengerplus\luana_speedvendas@hotmail.com1.log c:\messengerplus\luiss.rodrigues@hotmail.com1.log c:\messengerplus\mah_fagiolli@hotmail.com1.log c:\messengerplus\mangela-brandao@hotmail.com1.log c:\messengerplus\nanapopic@hotmail.com1.log c:\messengerplus\priscilinhaglamurosa@yahoo.com1.log c:\messengerplus\rafab_sanches@hotmail.com1.log c:\messengerplus\rafaela.rsantos@hotmail.com1.log c:\messengerplus\rakire_turismo@hotmail.com1.log c:\messengerplus\re_fig@hotmail.com1.log c:\messengerplus\ronildoz@hotmail.com1.log c:\messengerplus\samantabpb@hotmail.com1.log c:\messengerplus\shine_g12@hotmail.com1.log c:\messengerplus\thaisazangrando@hotmail.com1.log c:\messengerplus\trestamboresebaliza@hotmail.com1.log c:\messengerplus\vabrito@hotmail.com1.log c:\messengerplus\vaniosa@hotmail.com1.log c:\messengerplus\vaz.mari@hotmail.com1.log c:\windows\system32\kernel.dll c:\windows\system32\userinit.exe . . . está infectado!! . (((((((((((((((( Arquivos/Ficheiros criados de 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))) . 2010-03-17 15:02 . 2010-03-17 15:02 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-03-17 14:15 . 2010-03-17 14:15 241775 ----a-w- C:\UsbFix_Upload_Me_ACER.zip 2010-03-17 12:04 . 2010-03-17 14:15 -------- d-----w- C:\UsbFix 2010-03-17 01:28 . 2010-03-17 18:52 -------- d-----w- c:\arquivos de programas\HJT 2010-03-16 22:01 . 2010-03-16 22:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2010-03-16 20:35 . 2010-03-16 20:35 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-03-14 14:20 . 2010-03-14 14:20 -------- d-----w- C:\Games 2010-03-04 16:24 . 2008-04-28 09:14 293888 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP1006S.DLL 2010-02-24 15:46 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2010-02-24 15:46 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll 2010-02-24 15:46 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-02-24 15:46 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-13 21:03 . 2010-01-27 23:21 -------- d-----w- c:\arquivos de programas\JDownloader 0.8.821 2010-03-13 18:54 . 2009-10-10 17:23 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\Free Download Manager 2010-03-02 10:39 . 2008-04-14 12:00 80178 ----a-w- c:\windows\system32\perfc016.dat 2010-03-02 10:39 . 2008-04-14 12:00 471260 ----a-w- c:\windows\system32\perfh016.dat 2010-02-21 20:25 . 2009-12-13 05:31 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\Ahead 2010-02-15 20:47 . 2009-10-10 18:55 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight 2010-02-15 11:05 . 2010-02-15 10:54 -------- d-----w- c:\arquivos de programas\SEFAZ 2010-02-15 10:54 . 2009-10-08 18:05 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-02-15 10:53 . 2010-02-15 10:49 -------- d-----w- c:\arquivos de programas\SEFAZ JOSI 2010-02-15 10:21 . 2009-10-10 22:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus! 2010-02-15 10:20 . 2009-10-10 21:31 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2010-02-12 00:45 . 2009-12-11 12:57 -------- d-----w- c:\arquivos de programas\EA GAMES 2010-02-11 22:02 . 2010-02-11 22:02 -------- d-----w- c:\arquivos de programas\Gravity 2010-02-02 13:16 . 2010-02-01 13:50 -------- d-----w- c:\arquivos de programas\CAIXA 2010-01-29 11:12 . 2010-01-29 11:12 -------- d-----w- c:\arquivos de programas\MSECache 2010-01-28 19:48 . 2010-01-28 19:31 -------- d-----w- c:\arquivos de programas\MCESimplificado 2010-01-28 19:36 . 2009-10-10 23:09 249856 ------w- c:\windows\Setup1.exe 2010-01-27 23:49 . 2009-10-08 18:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java 2010-01-27 23:48 . 2009-10-08 18:40 -------- d-----w- c:\arquivos de programas\Java 2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-30 20:30 . 2009-12-30 20:30 2887680 ----a-w- c:\windows\system32\VagalumePluginWMP.dll 2009-12-21 19:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840] "Nokia Internet Modem"="c:\arquivos de programas\Nokia\Nokia Internet Modem\WellPhone2.exe" [2009-07-29 1962648] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-08-16 16248320] "SkyTel"="SkyTel.EXE" [2006-08-16 2879488] "AzMixerSel"="c:\arquivos de programas\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248] "LManager"="c:\arquiv~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-07 479232] "ATICCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-01-11 246504] "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SecurDisc"="c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208] "InCD"="c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328] "ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184] "ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-8 110592] Atualizador Automatico - Folhamatic.lnk - c:\folhawin\atualizador\atualizador.exe [2009-12-5 1398572] Auto Backup - Folhamatic.LNK - c:\folhawin\backup\autobkp\autobkp.exe [2009-12-5 85494] BTTray.lnk - c:\arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557] HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Ares\\Ares.exe"= "c:\\Documents and Settings\\Suellen\\Desktop\\Ares.exe"= "c:\\folhawin\\atualizador\\atualizador.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"= S3 nokiacpo;Nokia Internet Stick Wireless Modem Service Install;c:\windows\system32\drivers\nokiacpo.sys [22/06/2009 13:41 18688] S3 nokiappo;Nokia Internet Stick Wireless Modem Power Policy Service;c:\windows\system32\drivers\nokiappo.sys [22/06/2009 13:41 27008] S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\zteusbser.sys [09/10/2009 17:29 98432] . Conteúdo da pasta 'Tarefas Agendadas' 2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{2DFD6A99-60EB-42AE-BE0E-4865A1A7142D}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31] 2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{A63760CC-2B08-48B6-A9DA-BAA3844E50E8}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31] . . ------- Scan Suplementar ------- . IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm IE: Download with GetRight - c:\arquivos de programas\GetRight\GRdownload.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Enviar para Dispositivo &Bluetooth... - c:\arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Open with GetRight Browser - c:\arquivos de programas\GetRight\GRbrowse.htm TCP: {807575EF-C243-4BEE-8569-AC426FF90E70} = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\izmfp1am.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com FF - prefs.js: network.proxy.http - FF - prefs.js: network.proxy.http_port - 0 FF - prefs.js: network.proxy.type - 0 FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORFÃOS REMOVIDOS - - - - HKCU-Run-fsm - (no file) HKCU-Run-ZTE Wireless Terminal - c:\arquivos de programas\AIKO 76E\bin\App.exe HKLM-Run-INPROCOMMWireless - c:\arquivos de programas\Atheros\Wireless\Utility\WlanUtil.exe AddRemove-Bem Vindos a BRMU - c:\documents and settings\Usuario\Meus documentos\BRMU\Uninstal.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-18 18:02 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(608) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(416) c:\windows\system32\WININET.dll c:\arquivos de programas\Scpad\scpLIB.dll c:\arquivos de programas\Scpad\scpMIB.dll c:\arquivos de programas\Scpad\sshib.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\arquivos de programas\Arquivos comuns\SmartCom\DragnDropCopyHook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\RTHDCPL.EXE c:\arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe c:\arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe c:\docume~1\Usuario\CONFIG~1\Temp\RtkBtMnt.exe c:\arquivos de programas\ATI Technologies\ATI.ACE\cli.exe c:\arquivos de programas\ATI Technologies\ATI.ACE\cli.exe . ************************************************************************** . Tempo para conclusão: 2010-03-18 18:15:52 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-03-18 21:15 Pré-execução: 20 pasta(s) 54.236.389.376 bytes disponíveis Pós execução: 24 pasta(s) 54.299.099.136 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - 44AE9DD9390F289C599CBBC8B7EF8DA4 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 18, 2010 *Baixe o WinFileReplace e salve-o no desktop *Selecione e copie (Ctrl+c) o código abaixo: c:\windows\system32\userinit.exe *Duplo clique em WinFileReplace *Tecle 2 > [ENTER] *O bloco de notas será aberto. Cole (Ctrl+v) o código *Feche o bloco de notas, será perguntado se desejas salvar *Clique em [sim] *Aceite os termos de contrato e confirme a restauração do arquivo *Ao término tecle Y > [ENTER] *O PC será reiniciado e surgirá um relatório *Cole-o na sua próxima resposta Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Março 19, 2010 Nao consigo efetuar a colagem do c:\windows\system32\userinit.exe no editor de texto aberto quando dou duplo click no programa WinFileReplace no Desktop, pois é aberto um tela azul com os seguintes dizeres: checking OS version. Microsoft Windows XP - OK Checking OS install language 'end´ não é reconhecido como um comando interno ou externo, um programa operável ou um arquivo em lotes. OS install language not supported by this tool. Press any key to exit. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 19, 2010 OK... 1. *Delete o WinFileReplace. 2. *Clique em [iniciar] > [Executar] > digite: Combofix /uninstall *Clique [OK] *Clique em [Executar] *Aguarde até surgir a mensagem: "ComboFix está desinstalado" *Clique [OK] 3. *Clique em [iniciar] > [Executar] > digite: sfc /scannow *Clique OK *Será solicitado o cd do Windows *Coloque-o no CD-Rom e aguarde o término *Retire o CD e reinicie o PC Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Março 19, 2010 Ok já o computador esta funcionando, muito obrigado pela atenção, pode encerrar este Post . Porem informo que estarei abrindo outro Posto e enviando o registro de outras maquinas para desinfecta-las pois como este PC esta em rede acredito que houve outras contaminações. ou posso utilizar alguns procedimentos de limpeza antes de postar um novo reg. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 19, 2010 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
