Ir para o conteúdo

Publicidade

 Estatísticas do Fórum

  • 0 Usuários ativos

    0 membro(s), 0 visitante(s) e 0 membros anônimo(s)

Foto:

[Arquivado] meu pc demora a abrir o internet explorer e a pagina

  • Por favor, faça o login para responder
8 respostas neste tópico

#1 arona

arona
  • Membros
  • 6 posts

Postado 10 julho 2010 - 00:45

Olá amigos
meu pc demora muito pra abrir o internet explorer
e a pagina inicial esta about:blank
ja fiz de tudo pra trocar e nao da certo
eu digito a pagina inicial e quando abro o internet explorer esta about:blank


abaixo segue o log do HiJackThis



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:43:09, on 10/7/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Arquivos de programas\Iminent\IMBooster4Web\Iminent.WebBooster.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll
O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm
O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?6a8ff442109c48a891508d583b64eaee
O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?6a8ff442109c48a891508d583b64eaee
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O20 - AppInit_DLLs: c:\windows\system32\
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Arquivos de programas\Arquivos comuns\XoftSpySE\6\xoftspyservice.exe

--
End of file - 8950 bytes
  • 0

#2 Power Max

Power Max
  • Moderadores
  • 2.910 posts

Postado 10 julho 2010 - 10:14

:) Olá Arona!

:seta: Siga, por gentileza, as dicas destes tutoriais:

Tutorial do Malwarebytes Anti-Malware

Tutorial do RegUnlocker

Tutorial do Zeb-Restore

Tutorial do AboutBuster
________________________________

:seta: Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e o log que estará em Ab LogFile.txt (localizado na pasta do programa AboutBuster) e nos diga como está o seu PC após estes procedimentos.

Ficamos no aguardo.
  • 0

#3 arona

arona
  • Membros
  • 6 posts

Postado 11 julho 2010 - 03:22

Olá Antonio!
Fiz todos os procedimestos recomendados

melhorou agora abre rapido o internet explorer
mas continua com a pagina inicial em branco e não consigo mudar

abaixo segue o log do Malwarebyte e do Hijackthis
o AboutBuster não gerou log apos o scan completo cliquei em ok e apareceu uma mensagem de erro com o seguinte

Run-time erro '339':
Component 'comctl32.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

e agora o que fazer pra mudar a pagina inicial?


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versão da Base de Dados: 4300

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

11/7/2010 01:13:49
mbam-log-2010-07-11 (01-13-49).txt

Tipo de Verificação: Verificação Completa (C:\|)
Objetos escaneados: 218814
Tempo decorrido: 56 minuto(s), 0 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 2
Pastas Infectadas: 0
Arquivos Infectados: 5

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP121\A0082389.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP121\A0083454.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP121\A0083506.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP121\A0083539.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\imaster forum\RegUnlocker.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:08:46, on 11/7/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Arquivos de programas\Iminent\IMBooster4Web\Iminent.WebBooster.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll
O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm
O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?6a8ff442109c48a891508d583b64eaee
O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?6a8ff442109c48a891508d583b64eaee
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O20 - AppInit_DLLs: c:\windows\system32\
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Arquivos de programas\Arquivos comuns\XoftSpySE\6\xoftspyservice.exe

--
End of file - 8571 bytes
  • 0

#4 Power Max

Power Max
  • Moderadores
  • 2.910 posts

Postado 11 julho 2010 - 10:21

:) Vários problemas foram removidos pelo Malwarebytes.
__________________________

:seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
_________________________

:seta: Sugiro que você desinstale esta toolbar IMinent WebBooster
_________________________

:seta: Configure o seu Avast 5 de acordo com estes tutoriais:

Tutorial do Avast 5 free (instalação e configuração)

Tutorial do Avast 5 free (como usá-lo corretamente)

Depois disto, clique com o botão direito do mouse sobre o ícone do avast! e escolha a opção Abrir a interface do avast!, como mostra a imagem abaixo:

Imagem postada

Clique, então, no item ESCANEAMENTOS e clique no item Escaneamento ao reiniciar, como mostra esta figura:

Imagem postada

Deixe selecionada a opção Todos os discos.

E, então, clique na setinha voltada para baixo (abaixo da opção Todos os discos) e clique no botão Navegar...

Isto é mostrado nesta imagem:

Imagem postada

Na próxima tela que aparecer, marque todas as caixinhas e clique no botão OK, como mostra esta imagem:

Imagem postada

Depois disto, clique na setinha voltada para baixo (abaixo da opção C:\*) e selecione a opção Drive de sistema, como mostra esta imagem:

Imagem postada

Deixe as outras opções configuradas conforme a imagem abaixo e clique no botão Agendar:
Obs: Caso você esteja fazendo algum trabalho ou outra coisa no PC salve-o para não perder informações importantes, já que o PC será reiniciado quando você clicar no botão Agendar.

Imagem postada

E caso seja encontrado algum virus e/ou malware durante este escaneamento no boot e o avast! te perguntar sobre qual destino deve ser dado aos arquivos infectados, é importante escolher sempre a opção de Reparar o arquivo (que é o mesmo que desinfectá-lo) > quando não for possível a opção de Reparar, escolha a opção de enviar o arquivo contaminado para a Quarentena > e caso o envio do arquivo para a quarentena também falhe, escolha a opção de Excluí-lo.
_____________________________

:seta: Siga também as dicas destes tutoriais:

Tutorial do Norman Malware Cleaner

Tutorial do antivirus Nod32 Online
_________________________

:seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis, o log do Norman Malware Cleaner e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos e se algum virus foi removido pelo Avast . Ficamos no aguardo de sua resposta.
  • 0

#5 arona

arona
  • Membros
  • 6 posts

Postado 17 julho 2010 - 08:45

Olá Antonio
Fiz os procedimentos recomendados abaixo segue os log
O IE continua com a página inicial em branco e não consigo alterar.

O Avaste não encontrou virus!


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=27bdb80913afb14bb16ca2e8bcf88de4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-17 10:06:29
# local_time=2010-07-17 07:06:29 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1636020 1636020 0 0
# compatibility_mode=768 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=59552
# found=5
# cleaned=5
# scan_time=15384
C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP121\A0083556.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP135\A0089719.exe Win32/PSWTool.RAS.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP135\A0089722.exe Win32/PSWTool.RAS.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP135\A0089725.exe Win32/PSWTool.RAS.A application (deleted - quarantined) 00000000000000000000000000000000 C


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:44:11, on 17/7/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll
O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm
O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?6a8ff442109c48a891508d583b64eaee
O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?6a8ff442109c48a891508d583b64eaee
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8589 bytes



Norman Malware Cleaner
Version 1.6.2
Copyright © 1990 - 2009, Norman ASA. Built 2010/07/13 05:49:26

Norman Scanner Engine Version: 6.05.06
Nvcbin.def Version: 6.05.00, Date: 2010/07/13 05:49:26, Variants: 6305999

Scan started: 15/07/2010 03:32:21

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user: ODIRLEI\Mariana

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "c:\windows\system32\" -> ""

Scanning bootsectors...

Number of sectors found: 0
Number of sectors scanned: 0
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s


Scanning running processes and process memory...

Number of processes/threads found: 2447
Number of processes/threads scanned: 2447
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 3m 18s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Meus Documentos\Jogos\GTA- você\GTA 4 Vice City\Audio\wav2raw.exe (Infected with W32/Suspicious_Gen2.CSXB)
Deleted file

C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Meus Documentos\Nova pasta\Ðessa vez eu me rendo_alexandre p.mp3 (Error opening file: Not found)

C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP100\A0077635.exe (Infected with Suspicious_Gen2.BJHXO)
Deleted file

C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP135\A0091735.exe (Infected with W32/Suspicious_Gen2.CSXB)
Deleted file

C:\WINDOWS\system32\autorun.i (Infected with BAT/Autorun.IXD)
Deleted file

Scanning: D:\*.*

Scanning: C:\System Volume Information\*.*

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 176292
Number of archives unpacked: 2051
Number of files scanned: 176286
Number of files not scanned: 6
Number of files skipped due to exclude list: 0
Number of infected files found: 4
Number of infected files repaired/deleted: 4
Number of infections removed: 4
Total scanning time: 2h 5m 40s
  • 0

#6 Power Max

Power Max
  • Moderadores
  • 2.910 posts

Postado 18 julho 2010 - 08:43

:) Outros problemas foram removidos do seu PC.
_____________________________

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

Faça o download do ComboFix
Salve-o no Desktop (área de trabalho).
* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )
* Feche todas as janelas e execute a ferramenta.
* Ps: A execução, por comando, também é possível:
* Vá em Iniciar --> Executar --> Digite ou cole:
"%userprofile%\desktop\Combofix.exe" /killall

Imagem postada

* Clique em Ok.
* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

Imagem postada

* Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo.
* Terminando,clique Sim ou Yes. --> Aguarde.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.
* Salve-a no Desktop,renomeada como: Kombo.exe
* Ps: Nomeie durante o salvamento,e não após salvá-la!
* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "Modo Seguro". <-- Link!
* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

Imagem postada

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.
* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
* Ps: Para evitar problemas, siga todas as recomendações propostas.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

* Abrir-se-á a janela Auto Scan. --> Aguarde!
* Para finalizar remoções, o ComboFix poderá reiniciar o computador.
* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!
* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.
<><><><><><><><><><><><>

O log do Combofix estará em C:\ComboFix.txt
_________________________

:seta: Siga também as dicas destes tutoriais:

Tutorial do USBFix

Tutorial do Spyware Doctor Starter Edition

Tutorial do antivírus BitDefender Online
_________________________

:seta: Na sua próxima resposta poste o log do BitDefender Online que estará em C:\Windows\BDOSCAN8\bdoscan.log juntamente com um novo log do Hijackthis, o log do Spyware Doctor, o log que estará em C:\UsbFix.txt, o log que estará em C:\ComboFix.txt e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

Ficamos no aguardo de sua resposta.
  • 0

#7 arona

arona
  • Membros
  • 6 posts

Postado 20 julho 2010 - 05:36

Bom dia!
Fiz todos os procedimentos recomendados

O pc continua no mesmo IE com a pagina inicial em branco e não da de alterar.
O que fazer agora?

O UsbFix é totalmente diferente do tutorial, não tem Exclusão eu cliquei em Supressão.
Ele também criou em cada disco uma pasta Autorun.inf com um arquivo NUL.Usbfix dentro dessa pasta.
ate no meu modem usb de internet também esta com essa pasta Autorun.inf com um arquivo NUL.Usbfix.
quando eu precisar instalar novamente o modem ele será executado automaticamente ou o UsbFix mexeu nas configurações?

O BitDefender Online deletou um programa de minha utilidade o CTPLH
Sei que CTPLH programa não contem vírus porque já uso a muito tempo e nunca tive problemas no pc!
Não tem como recuperar?

E os programas usados ate agora tem seres desinstalados?

Vou aguardar novas instruções para resolver os problemas
Obrigado.
Abaixo segue os log




[General]
App = "楂䑴晥湥敤⁲湏楬敮匠慣湮牥 v8"
Date = 20:07:2010
Time = 04:23:59
Scan Path = A:\;C:\;D:\;E:\;

[Engines Info]
Virus Definitions = 6561654
Engine build = "AVCORE v2.1 Windows/i386 11.0.0.33 (Jun 10 2010)"
Scan plugins = 18
Archive plugins = 44
Unpack plugins = 10
E-mail plugins = 6
System plugins = 4

[Scan Statistics]
Folders = 5488
Files = 123025
Archives = 2796
Packed files = 7988
Identified viruses = 3
Infected files = 8
Warnings = 0
Suspect files = 0
Disinfected files = 0
Deleted files = 6
Copied files = 0
Moved files = 0
Renamed files = 0
I/O Errors = 26

[Scan Settings]
SecondAction = Delete
FirstAction = Disinfect
Heuristics = 1
Enable Warnings = 1
Exclude Ext =
Extensions = *;
Scan Emails = 1
Scan Archives = 1
Scan Packed = 1
Scan Files = 1
Scan Boot = 1
Verify Memory = 0

[Scan Results]
Line00000016 = "C:\Arquivos de programas\RRGSoftware\CTPLH\csrss.exe Infected with: Generic.Banker.Delf.850A51D3"
Line00000015 = "C:\Arquivos de programas\RRGSoftware\CTPLH\csrss.exe Deleted"
Line00000014 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Nova pasta (3)\CTPLH\CTPLH.exe=>(Instyler o)=>(Instyler Module 0) Infected with: Generic.Banker.Delf.850A51D3"
Line00000013 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Nova pasta (3)\CTPLH\CTPLH.exe=>(Instyler o)=>(Instyler Module 0) Disinfection failed"
Line00000012 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Nova pasta (3)\Odirlei\CTPLH.rar=>CTPLH\CTPLH.exe=>(Instyler o)=>(Instyler Module 0) Infected with: Generic.Banker.Delf.850A51D3"
Line00000011 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Nova pasta (3)\Odirlei\CTPLH.rar=>CTPLH\CTPLH.exe=>(Instyler o)=>(Instyler Module 0) Disinfection failed"
Line00000010 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\UsbFix_Upload_Me\C\WINDOWS\system32\autorun.in.vir Infected with: Trojan.AutorunINF.Gen"
Line00000009 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\UsbFix_Upload_Me\C\WINDOWS\system32\autorun.in.vir Deleted"
Line00000008 = "C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP139\A0096399.exe Infected with: Generic.Banker.Delf.850A51D3"
Line00000007 = "C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP139\A0096399.exe Deleted"
Line00000006 = "C:\UsbFix\Quarantine\C\WINDOWS\system32\autorun.in.vir Infected with: Trojan.AutorunINF.Gen"
Line00000005 = "C:\UsbFix\Quarantine\C\WINDOWS\system32\autorun.in.vir Deleted"
Line00000004 = "C:\UsbFix\Quarantine\F\Recycled.exe.vir Infected with: Worm.Generic.48369"
Line00000003 = "C:\UsbFix\Quarantine\F\Recycled.exe.vir Deleted"
Line00000002 = "C:\UsbFix_Upload_Me_ODIRLEI.zip=>UsbFix_Upload_Me/C/WINDOWS/system32/autorun.in.vir Infected with: Trojan.AutorunINF.Gen"
Line00000001 = "C:\UsbFix_Upload_Me_ODIRLEI.zip=>UsbFix_Upload_Me/C/WINDOWS/system32/autorun.in.vir Deleted"
Line00000000 = "C:\UsbFix_Upload_Me_ODIRLEI.zip Updated"


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:51:24, on 20/7/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft....k/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll
O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm
O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?6a8ff442109c48a891508d583b64eaee
O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?6a8ff442109c48a891508d583b64eaee
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

--
End of file - 8350 bytes


PC Tools Spyware Doctor
Date Status
20/7/2010 01:24:24:778 Verificação Concluída
Tipo de Verificação - Verificação Completa
Itens Processados - 370704
Ameaças Detectadas - 3
Infecções Detectadas - 5
Infecções Ignoradas - 0

20/7/2010 01:26:15:838 Infecção em quarentena
Nome da Ameaça - Application.NirCmd
Tipo - Arquivo
Nível de Risco - Informações
Infecção - C:\WINDOWS\SWXCACLS.exe

20/7/2010 01:26:18:602 Infecção em quarentena
Nome da Ameaça - Application.NirCmd
Tipo - Arquivo
Nível de Risco - Informações
Infecção - C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\ComboFix.exe

20/7/2010 01:26:20:515 Infecção excluída
Nome da Ameaça - Application.NirCmd
Tipo - Arquivo
Nível de Risco - Informações
Infecção - C:\WINDOWS\SWXCACLS.exe

20/7/2010 01:26:20:515 Infecção excluída
Nome da Ameaça - Application.NirCmd
Tipo - Arquivo
Nível de Risco - Informações
Infecção - C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\ComboFix.exe

20/7/2010 01:26:20:715 Infecção em quarentena
Nome da Ameaça - Adware.Altnet_Software
Tipo - Arquivo
Nível de Risco - Severo
Infecção - C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP139\A0096376.Manifest

20/7/2010 01:26:20:775 Infecção em quarentena
Nome da Ameaça - Adware.Altnet_Software
Tipo - Arquivo
Nível de Risco - Severo
Infecção - C:\Documents and Settings\Mariana.PARTICUL-A73101\Menu Iniciar.rar

20/7/2010 01:26:20:936 Infecção excluída
Nome da Ameaça - Adware.Altnet_Software
Tipo - Arquivo
Nível de Risco - Severo
Infecção - C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP139\A0096376.Manifest

20/7/2010 01:26:20:936 Infecção excluída
Nome da Ameaça - Adware.Altnet_Software
Tipo - Arquivo
Nível de Risco - Severo
Infecção - C:\Documents and Settings\Mariana.PARTICUL-A73101\Menu Iniciar.rar

20/7/2010 01:26:21:206 Infecção em quarentena
Nome da Ameaça - PWSTool.RAS
Tipo - Arquivo
Nível de Risco - Alto
Infecção - D:\Validação do windows\kf141.zip

20/7/2010 01:26:21:697 Infecção excluída
Nome da Ameaça - PWSTool.RAS
Tipo - Arquivo
Nível de Risco - Alto
Infecção - D:\Validação do windows\kf141.zip

20/7/2010 01:26:23:790 Resumo de Infecções em Quarentena/Removidas
Quarentena - 5
Falha na Quarentena - 0
Removido - 5
Falha na Remoção - 0


############################## | UsbFix 7.016 | [Supressão]

Usuário: Mariana (Administrador) # ODIRLEI [ ]
Atualizado em 05/07/10 por El Desaparecido / C_XX
Começou em 22:05:17 | 19/07/2010
Site: http://pagesperso-or...ools/index.html
Contato: FindyKill.Contact@gmail.com

CPU: AMD Duron™
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18702

Windows Firewall: Habilitado
Antivirus: avast! Antivirus 5.0.83886587 [(!) Disabled | Updated]
RAM -> 1023 Mb
C:\ (%systemdrive%) -> Disco fixo # 37 Gb (9 Mb livre - 25%) [] # NTFS
D:\ -> Disco fixo # 19 Gb (10 Mb livre - 54%) [] # FAT32
E:\ -> CD-ROM
F:\ -> Disco removível # 170 Mb (24 Mb livre - 14%) [MD300] # FAT

################## | Ficheiros # pastas infeciosos |

Não supprimido ! C:\Arquivos de programas\GbPlugin
Supprimido ! C:\WINDOWS\system32\autorun.in
Supprimido ! C:\kht
Supprimido ! C:\khw
Supprimido ! D:\kht
Supprimido ! D:\khw
Supprimido ! F:\Recycled.exe

################## | Registro |

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Listing |

[02/02/2009 - 13:39:21 | A | 2] C:\-933005945
[19/07/2010 - 01:36:31 | RD ] C:\Arquivos de programas
[01/11/2005 - 15:01:14 | A | 0] C:\AUTOEXEC.BAT
[18/09/2006 - 09:59:58 | A | 32] C:\BIOSINFO.INI
[18/09/2006 - 09:59:58 | A | 75] C:\BIOSVIEW.INI
[15/07/2010 - 16:16:10 | A | 211] C:\Boot.bak
[18/07/2010 - 03:52:40 | RASH | 281] C:\boot.ini
[08/11/2005 - 13:47:32 | D ] C:\C-Media
[18/07/2010 - 03:52:39 | RASHD ] C:\cmdcons
[03/08/2004 - 23:00:02 | A | 261920] C:\cmldr
[19/07/2010 - 21:20:37 | A | 21177] C:\ComboFix.txt
[01/11/2005 - 15:01:14 | A | 0] C:\CONFIG.001
[13/07/2010 - 22:56:27 | D ] C:\Config.Msi
[25/12/2005 - 19:06:26 | A | 2982] C:\CONFIG.SYS
[08/09/2006 - 08:47:50 | ASH | 14] C:\config.sy_
[30/10/2006 - 11:38:14 | D ] C:\DBBackup
[07/07/2010 - 19:53:41 | D ] C:\Documents and Settings
[16/06/2008 - 23:11:05 | D ] C:\Downloads
[14/03/2003 - 04:54:17 | A | 3474653184] C:\DUDUGAMES.ISO
[14/03/2003 - 04:54:17 | A | 4322] C:\DUDUGAMES.MDS
[26/07/2008 - 10:59:59 | A | 1107] C:\DV.txt
[19/07/2010 - 21:12:04 | ASH | 1073270784] C:\hiberfil.sys
[06/02/2004 - 16:20:46 | RA | 16384] C:\hpqimgrc.resources.dll
[20/07/2008 - 10:27:40 | A | 27681] C:\instaler.log
[16/11/2007 - 20:47:38 | A | 1120] C:\INSTALL.LOG
[01/11/2005 - 15:01:14 | RASH | 0] C:\IO.SYS
[24/04/2010 - 22:52:11 | D ] C:\LinhaDefensiva
[10/07/2010 - 20:10:43 | A | 100] C:\mbam-error.txt
[01/11/2005 - 15:01:14 | RASH | 0] C:\MSDOS.SYS
[28/07/2008 - 19:26:07 | D ] C:\MyWorks
[03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM
[03/08/2004 - 22:59:34 | RASH | 251168] C:\ntldr
[19/07/2010 - 21:11:58 | ASH | 2831155200] C:\pagefile.sys
[01/11/2005 - 15:20:11 | D ] C:\Plg2Spss
[03/02/2008 - 13:40:15 | D ] C:\Program Files
[19/07/2010 - 21:20:41 | D ] C:\Qoobox
[19/07/2010 - 22:13:39 | SHD ] C:\RECYCLER
[11/07/2010 - 01:55:33 | D ] C:\RegUnlocker Backups
[07/07/2010 - 23:35:52 | D ] C:\RRGSoftware
[06/01/2008 - 13:28:30 | AH | 268] C:\sqmdata00.sqm
[06/01/2008 - 14:34:41 | AH | 172] C:\sqmdata01.sqm
[28/06/2008 - 10:19:43 | AH | 268] C:\sqmdata02.sqm
[28/06/2008 - 10:19:43 | AH | 148] C:\sqmdata03.sqm
[28/06/2008 - 10:53:34 | AH | 172] C:\sqmdata04.sqm
[20/08/2008 - 18:28:07 | AH | 268] C:\sqmdata05.sqm
[01/02/2009 - 09:17:09 | AH | 268] C:\sqmdata06.sqm
[06/01/2008 - 13:28:30 | AH | 244] C:\sqmnoopt00.sqm
[06/01/2008 - 14:34:41 | AH | 172] C:\sqmnoopt01.sqm
[28/06/2008 - 10:19:43 | AH | 244] C:\sqmnoopt02.sqm
[28/06/2008 - 10:19:43 | AH | 136] C:\sqmnoopt03.sqm
[28/06/2008 - 10:53:34 | AH | 172] C:\sqmnoopt04.sqm
[01/02/2009 - 09:17:09 | AH | 244] C:\sqmnoopt05.sqm
[19/07/2010 - 21:01:44 | SHD ] C:\System Volume Information
[24/05/2001 - 11:59:30 | A | 162304] C:\UNWISE.EXE
[19/07/2010 - 22:13:39 | D ] C:\UsbFix
[19/07/2010 - 22:13:50 | A | 1893] C:\UsbFix.txt
[28/06/2010 - 23:43:29 | D ] C:\ViteSoft
[19/07/2010 - 21:20:40 | D ] C:\WINDOWS
[15/11/2005 - 09:28:57 | A | 2366] C:\_Sid.txt
[01/01/1999 - 00:40:20 | RASH | 1687] D:\MSDOS.SYS
[15/05/1998 - 20:01:00 | RSH | 222390] D:\IO.SYS
[01/01/1999 - 03:44:08 | SHD ] D:\RECYCLED
[23/08/2008 - 15:21:42 | D ] D:\Filmes
[15/07/2010 - 00:35:24 | D ] D:\Validação do windows
[15/05/1998 - 20:01:00 | A | 95688] D:\COMMAND.COM
[01/01/1999 - 01:06:42 | A | 134] D:\AUTOEXEC.BAT
[01/01/1999 - 03:43:06 | SH | 49152] D:\VIDEOROM.BIN
[01/01/1999 - 01:06:42 | A | 100] D:\CONFIG.SYS
[01/01/1999 - 03:04:48 | ASH | 73508] D:\DETLOG.TXT
[16/11/2009 - 15:44:08 | SHD ] D:\System Volume Information
[13/06/2008 - 15:03:32 | HD ] F:\Install

################## | Vaccin |

C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)



ComboFix 10-07-19.01 - Mariana 19/07/2010 21:03:27.4.1 - x86
Executando de: c:\documents and settings\Mariana.PARTICUL-A73101\desktop\Combofix.exe
Comandos utilizados :: /killall
.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-06-20 to 2010-07-20 ))))))))))))))))))))))))))))
.

9999-12-28 23:27 . 2001-09-06 01:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
9999-12-28 23:27 . 2004-08-04 02:45 21504 ----a-w- c:\windows\system32\hidserv.dll
9999-12-28 23:27 . 2004-08-04 02:39 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-07-17 21:50 . 2010-07-17 21:51 -------- d-----w- c:\windows\system32\Adobe
2010-07-17 05:41 . 2010-07-17 05:41 -------- d-----w- c:\arquivos de programas\ESET
2010-07-11 00:53 . 2010-07-11 04:55 -------- d-----w- C:\RegUnlocker Backups
2010-07-08 20:47 . 2010-07-08 20:47 -------- d-----w- c:\arquivos de programas\RRGSoftware
2010-07-08 02:35 . 2010-07-08 02:35 -------- d-----w- C:\RRGSoftware
2010-07-07 22:53 . 2010-07-07 22:53 -------- d-----w- c:\documents and settings\Nova pasta
2010-07-05 02:23 . 1999-10-18 01:01 26384 ----a-w- c:\windows\system32\fm20enu.dll
2010-07-05 02:23 . 1999-12-09 16:19 147456 ----a-w- c:\windows\system32\vbzip10.dll
2010-06-29 02:47 . 2010-06-29 02:47 -------- d-----w- c:\arquivos de programas\Artwork Develop
2010-06-29 02:44 . 2004-06-14 21:35 53248 ----a-w- c:\windows\system32\wm_hooks.dll
2010-06-29 02:44 . 2004-06-14 21:34 12288 ----a-w- c:\windows\system32\logmessages.dll
2010-06-29 02:10 . 2010-06-29 02:22 -------- d-----w- c:\arquivos de programas\FirebirdClient
2010-06-29 02:10 . 2007-12-12 04:05 356437 ----a-w- c:\windows\system32\GDS32.DLL
2010-06-29 02:09 . 2010-06-29 02:09 -------- d-----w- c:\arquivos de programas\Firebird
2010-06-29 02:09 . 2010-06-29 02:43 -------- d-----w- C:\ViteSoft
2010-06-22 19:01 . 2004-08-04 03:45 25600 ----a-w- c:\documents and settings\LocalService.AUTORIDADE NT\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-06-21 06:03 . 2008-08-18 22:45 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-06-21 06:03 . 2008-08-18 22:45 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-06-21 06:03 . 2008-08-18 22:44 110080 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2010-06-21 06:03 . 2008-08-18 22:44 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-06-21 06:03 . 2010-06-22 05:26 -------- d-----w- c:\arquivos de programas\InstallAffixationInfo

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 05:23 . 2010-03-04 04:08 -------- d-----w- c:\arquivos de programas\Alwil Software
2010-07-14 01:57 . 2010-04-27 23:47 -------- d-----w- c:\arquivos de programas\Iminent
2010-07-14 01:57 . 2010-04-27 23:47 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\{B65BB65B-9882-4CCB-99A9-9EBCA06A2255}
2010-07-10 23:10 . 2010-04-13 20:03 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-07-09 19:13 . 2004-08-31 00:55 70980 ----a-w- c:\windows\system32\perfc016.dat
2010-07-09 19:13 . 2004-08-31 00:55 433840 ----a-w- c:\windows\system32\perfh016.dat
2010-06-22 05:26 . 2005-11-01 19:49 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-06-19 13:09 . 2010-06-19 13:07 -------- d-----w- c:\arquivos de programas\Sony Ericsson
2010-06-19 13:08 . 2010-06-19 13:07 -------- d-----w- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\Sony Ericsson
2010-06-17 16:23 . 2010-06-17 16:23 388096 ----a-r- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-17 16:23 . 2010-06-17 16:23 -------- d-----w- c:\arquivos de programas\Trend Micro
2010-06-05 14:54 . 2009-12-01 01:00 -------- d-----w- c:\arquivos de programas\TP-LINK
2010-06-04 08:57 . 2010-06-04 08:57 -------- d-----w- c:\arquivos de programas\Device Doctor
2010-06-04 08:08 . 2010-06-04 08:08 -------- d-----w- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\Easeware
2010-06-04 06:57 . 2010-06-04 06:57 -------- d-----w- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\DeviceDoctorSoftware
2010-05-30 07:11 . 2010-05-30 07:11 -------- d-----w- c:\arquivos de programas\DVD Audio Extractor
2010-04-29 18:39 . 2010-04-13 20:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 18:39 . 2010-04-13 20:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 06:13 . 2010-04-25 06:13 52224 ----a-w- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-25 06:13 . 2010-04-25 06:13 117760 ----a-w- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-24 17:19 . 2010-04-27 23:48 2475032 ------w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\{B65BB65B-9882-4CCB-99A9-9EBCA06A2255}\IMBoosterSetup.exe
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Image Zone.lnk]
backup=c:\windows\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Windows Desktop Search.lnk]
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mariana.PARTICUL-A73101^Menu Iniciar^Programas^Inicializar^Reboot.exe]
backup=c:\windows\pss\Reboot.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22 1004544 ----a-w- c:\arquivos de programas\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 03:45 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
2003-08-19 17:47 16384 ----a-w- c:\program files\DSLink180U\Adsl\dslagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]
2003-09-19 20:09 299008 ----a-w- c:\program files\DSLink180U\Adsl\dslstat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
1998-11-30 20:04 497376 ----a-w- c:\windows\p_981116.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
2007-06-10 22:02 40960 ----a-w- c:\arquivos de programas\Free Download Manager\FUM\fumoei.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 17:18 241664 ----a-w- c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 05:41 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 01:55 54832 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 16:26 484904 ----a-w- c:\arquivos de programas\Arquivos comuns\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-02-10 20:00 1937408 ------w- c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 13:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 13:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-08-12 05:43 7630848 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-08-12 05:43 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-12 05:43 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
2004-01-30 11:33 180224 ----a-r- c:\windows\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 18:10 56928 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 15:03 36975 ----a-w- c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-03-09 23:40 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2003-11-19 16:03 45056 ------w- c:\arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"1155:TCP"= 1155:TCP:VSCyber
"3050:TCP"= 3050:TCP:Firebird
"5900:TCP"= 5900:TCP:VSCyberVNC

R2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 WRSWanDD;WinPoET PPPoE Adapter;c:\windows\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 65604]
R3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S2 aswFsBlk;aswFsBlk; [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2007-12-12 65536]
S2 GbpSv;Gbp Service;c:\arquivos de programas\GbPlugin\GbpSv.exe [2007-08-15 45512]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2007-12-12 1531989]
S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys [2008-02-06 260992]
S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys [2008-02-06 337408]
S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys [2008-02-06 14976]
S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys [2008-02-06 380672]
S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys [2008-02-06 343680]
S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys [2008-02-06 24960]
S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys [2008-02-06 344064]
S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys [2008-02-06 337408]
S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys [2008-02-15 17408]
S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys [2007-08-14 12672]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 16:23 452136 ----a-w- c:\arquivos de programas\Arquivos comuns\LightScribe\LSRunOnce.exe
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-03-09 23:40]

2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-03-09 23:40]

2010-07-19 c:\windows\Tasks\User_Feed_Synchronization-{7D2092C5-5C1A-4618-91B0-046DC46E8589}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
.
------- Scan Suplementar -------
.
uDefault_Search_URL = hxxp://search.msn.com
uInternet Settings,ProxyOverride = <local>
IE: &MSN Busca - c:\arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm
IE: Abrir em uma nova guia do plano de fundo - c:\arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?6a8ff442109c48a891508d583b64eaee
IE: Abrir em uma nova guia do primeiro plano - c:\arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?6a8ff442109c48a891508d583b64eaee
IE: Download all with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\arquivos de programas\Free Download Manager\FUM\fumiebtn.dll
FF - ProfilePath - c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\Mozilla\Firefox\Profiles\18oaleja.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJPI150_06.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-19 21:14
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
c:\arquivos de programas\GbPlugin\gbiehabn.dll

- - - - - - - > 'explorer.exe'(3668)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-07-19 21:20:36 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-07-20 00:20

Pré-execução: 9.929.601.024 bytes disponíveis
Pós execução: 9.921.536.000 bytes disponíveis

- - End Of File - - 58ED83A8915AFE834ED1C28F30C4C731
  • 0

#8 Power Max

Power Max
  • Moderadores
  • 2.910 posts

Postado 26 julho 2010 - 16:47

Desculpe-me pela demora na resposta, é que estou muito ocupado estes dias.
___________________________

Vários problemas foram removidos do seu PC.

:seta: Siga, por gentileza, as dicas destes tutoriais:

Tutorial do Kaspersky Virus Removal Tool

Tutorial do Norton Security Scan and Clean

Tutorial do Dr. Web CureIt
______________________________

:seta: Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis, o log do Dr. Web CureIt, o log do Norton Security Scan and Clean e nos diga como está o seu Pc depois disto.

Ficamos no aguardo.
  • 0

#9 Mário Monteiro

Mário Monteiro

    Admin iMasters

  • Administradores
  • 33.323 posts

Postado 27 agosto 2010 - 15:26

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
  • 0




Publicidade

/ins>