Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Oi. Eu tenho instalado o Avira AntiVir e hoje ele detectou 27 infecções. Segue abaixo o relatório de scan:
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Giovanna\Dados de aplicativos\tmp3B.tmp.exe
[DETECTION] Contains detection pattern of the HEUR-DBLEXT/Crypted virus
[iNFO] The file was moved to '47713ce3.qua'!
C:\Documents and Settings\Giovanna\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\25\9180419-1d368d16
[0] Archive type: ZIP
--> BnnnnBaa.class
[DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
--> VaannnaaBaa.class
[DETECTION] Is the Trojan horse TR/ClassLoader
[iNFO] The file was moved to '47393ce6.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016801.exe
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[iNFO] The file was moved to '473148c1.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016860.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '4731490a.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016861.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '4731490d.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016862.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '4731490f.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016863.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '47314911.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016864.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '47314914.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016865.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '47314916.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016866.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '47314919.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016867.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '4731491b.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016868.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '4731491d.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016869.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '4731491f.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016870.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '47314921.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016871.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '47314922.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016872.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '47314924.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016873.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '47314926.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016874.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '47314928.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016875.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '4731492a.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016876.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '4731492c.qua'!
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP54\A0016877.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[iNFO] The file was moved to '4731492d.qua'!
C:\VundoFix Backups\tmp3A.tmp.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[iNFO] The file was moved to '47714974.qua'!
C:\VundoFix Backups\tmp45.tmp.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[iNFO] The file was moved to '4771497b.qua'!
C:\!KillBox\vturrpp.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was moved to '47764984.qua'!
C:\!KillBox\noisd32.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[iNFO] The file was moved to '476a4981.qua'!
C:\WinLogon\NOISD32.DLL
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[iNFO] The file was moved to '474a4968.qua'!
C:\Muestras\VTURRPP.DLL.Muestra EliStartPage v14.47
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was moved to '47564979.qua'!
C:\Muestras\NOISD32.DLL.Muestra EliStartPage v14.47
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[iNFO] The file was moved to '474a497a.qua'!
Já tive meu PC infectado por essa coisa chata do Vundo. Não sinto a diferença no meu PC como sentia da primeira vez. A única coisa, que verifiquei hoje depois do scan, é que não consigo restaurar o sistema.
Já desabilitei a Restauração do Sistema e rodei o HijackThis.
Segue o Logfile do HijackThis para sua análise:
Logfile of HijackThis v1.99.1
Scan saved at 18:25:22, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\VM_STI.EXE
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe
C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pgdp.net/c/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1184885418234
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {F4E59691-8BC1-446B-9F89-B4C8621D2079} (RegisterBeTwin2000 Control) - http://216.7.10.149/BeTwin2000Registration...BeTwinAdmin.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{879230FE-1C97-4388-8AA7-3D261EC290D2}: NameServer = 200.204.0.10,200.204.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)
O23 - Service: RDPSSW32 - Unknown owner - C:\WINDOWS\System32\RDPSSW32.EXE
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
Giovanna
Boa tarde, DigRam!
Desinstalei o Avast e segui os procedimentos recomendados.
Seguem abaixo os relatórios do a-squared Free 3.0 e um atualizado do HijackThis:
a-squared Free - Versão 3.0
Last update: 4/10/2007 14:38:28
Configurações da análise:
Objetos: Memória, Rastros, Cookies, C:\
Análise de arquivos: Ligado
Heurística: Ligado
Análise de ADS: Ligado
Início da análise: 4/10/2007 14:43:09
Value: HKEY_CLASSES_ROOT\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Blubster
Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detectado: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detectado: Trace.Registry.MyWebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\realvnc detectado: Trace.Registry.VNC
Key: HKEY_LOCAL_MACHINE\software\realvnc\winvnc4 detectado: Trace.Registry.VNCServer
C:\Documents and Settings\Giovanna\Configurações locais\Temp\nsg2C.tmp detectado: Riskware.RiskTool.Win32.Processor.20
C:\Documents and Settings\Giovanna\Meus documentos\essenciais\LogMeIn.exe detectado: Riskware.RemoteAdmin.Win32.RemotelyAnywhere.a
C:\Documents and Settings\Giovanna\Meus documentos\essenciais\vnc-4_1_2-x86_win32.exe detectado: Riskware.RemoteAdmin.Win32.WinVNC.4
C:\Documents and Settings\Giovanna\Meus documentos\clean.zip/pskill.exe detectado: Riskware.RiskTool.Win32.PsKill.k
Analisado
Arquivos: 116919
Objetos: 143234
Cookies: 1
Processos: 10
Encontrado
Arquivos: 4
Objetos: 14
Cookies: 0
Processos: 0
Chaves do registro: 0
Fim da análise: 4/10/2007 15:46:44
Duração da análise: 01:03:35
Logfile of HijackThis v1.99.1
Scan saved at 15:51:46, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\VM_STI.EXE
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RDPSSW32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe
C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pgdp.net/c/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1184885418234
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {F4E59691-8BC1-446B-9F89-B4C8621D2079} (RegisterBeTwin2000 Control) - http://216.7.10.149/BeTwin2000Registration...BeTwinAdmin.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{879230FE-1C97-4388-8AA7-3D261EC290D2}: NameServer = 200.204.0.10,200.204.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)
O23 - Service: RDPSSW32 - Unknown owner - C:\WINDOWS\System32\RDPSSW32.EXE
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
Obrigada pelo tempo e pela atenção.
Giovanna
Boa Noite GCW!
>@< Abra o HijackThis e,com todas as janelas fechadas,dê Fix nestas entradas:
>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pgdp.net/c/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
>@< Foi voçê quem estabeleceu,esta página inicial? < http://www.pgdp.net/c/ >
>@< Se for o caso,não dê Fix.
________________________
>@< Vá,agora,à quarentena do a-squared.
>@< Selecione todo o conteúdo e,clique em Eliminar.
________________________
>@< Faça o download do ComboFix.
>@< Baixe-o para o Desktop!
>@< Feche todas as janelas e execute a ferramenta!
>@< Abrirá a janela Auto Scan. Aguarde!
>@< Digite a opção para continuar < Enter >
>@< Aguarde a conclusão!
>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.
Abraços!
Bom dia, DigRam!
Dei o Fix do HijackThis nas entradas citadas, com exceção da página inicial, realmente definida por mim. Já limpei, também, a quarentena do a-squared.
Seguem abaixo os relatórios do ComboFix e do HJT já atualizado:
ComboFix 07-10-05.3 - Giovanna 2007-10-05 11:26:39.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.236 [GMT -3:00]
Executando de: C:\Documents and Settings\Giovanna\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\dn172a1b0e.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\nm
((((((((((((((((((((((( Ficheiros criados de 2007-09-05 to 2007-10-05 ))))))))))))))))))))))))))))))))
.
2007-10-05 11:25 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 14:35 <DIR> d-------- C:\Arquivos de programas\a-squared Free
2007-10-01 18:23 <DIR> d-------- C:\hijackthis
2007-10-01 17:18 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Talkback2007-10-01 16:40 97,302 --a------ C:\ELITRIIP.11102007.EXE
2007-10-01 16:31 <DIR> d-------- C:\Documents and Settings\Giovanna\Dados de aplicativos\Prevx
2007-09-30 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira
2007-09-30 11:49 <DIR> d-------- C:\Arquivos de programas\Avira
2007-09-29 18:13 <DIR> d-------- C:\Arquivos de programas\Alwil Software2007-09-09 18:54 323,584 --a------ C:\WINDOWS\system32\swt-win32-3232.dll
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-01 16:28 77312 --a------ C:\WINDOWS\ua2.dll
2007-09-03 13:25 --------- d-------- C:\Arquivos de programas\Magentic
2007-08-25 11:27 --------- d-------- C:\Arquivos de programas\Data Manager
2007-08-23 12:15 --------- d-------- C:\Documents and Settings\Giovanna\Dados de aplicativos\Skype
2007-08-23 12:13 --------- d-------- C:\Arquivos de programas\Skype
2007-08-23 12:13 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Skype
2007-08-18 13:48 --------- d-------- C:\Arquivos de programas\SIU
2007-08-18 12:30 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage
2007-08-16 00:22 --------- d-------- C:\Documents and Settings\Giovanna\Dados de aplicativos\Hamachi
2007-08-16 00:21 25544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-08-15 12:46 --------- d-------- C:\Arquivos de programas\MSXML 6.0
2007-08-12 14:33 --------- d-------- C:\Arquivos de programas\CashPreview
2007-08-09 15:32 --------- d-------- C:\Arquivos de programas\ConvenosInstalling
2007-08-08 12:33 --------- d-------- C:\Arquivos de programas\CaraQ
2007-08-04 23:18 --------- d-------- C:\Arquivos de programas\Maxthon Access
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-21 17:12 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-07-10 10:34 745547 --a------ C:\WINDOWS\system32\Magentic Screensaver.scr
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias & legítimas por defeito não são mostradas.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 C:\WINDOWS\AGRSMMSG.exe]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2005-06-07 09:27]
"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-03-06 17:41]
"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:45]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 01:29 128512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeTwinAssistant]
"C:\Arquivos de programas\BeTwin\BeTwinAssistant.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeTwinCfgwiz]
"C:\Arquivos de programas\BeTwin\BeTwin.exe" /cfgwiz
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeTwinMessages]
"C:\Arquivos de programas\BeTwin\BeTwinMessages.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Arquivos de programas\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniTray]
C:\ARQUIV~1\Trlokom\ENTERP~1\APPLIC~1\omnitray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TerraVOIP]
C:\Arquivos de programas\TerraVOIP\TerraVOIP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys
R2 RDPSSW32;RDPSSW32;C:\WINDOWS\System32\RDPSSW32.EXE
S3 ca82900f-2e45-44cb-b770-14dbbe5f1e1f;ca82900f-2e45-44cb-b770-14dbbe5f1e1f;\??\D:\Player\cds300.dll
S3 NativeTS;Microsoft Terminal Services;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 NTSIM;NTSIM;\??\C:\WINDOWS\system32\ntsim.sys
S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa6aa9ba-34e7-11dc-b495-005056c00008}]
AutoRun\command- E:\autorun.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-05 11:31:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
.
Tempo para conclusão: 2007-10-05 11:33:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-05 11:33
.
--- E O F ---
Logfile of HijackThis v1.99.1Scan saved at 11:34:16, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\VM_STI.EXE
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RDPSSW32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe
C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pgdp.net/c/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1184885418234
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {F4E59691-8BC1-446B-9F89-B4C8621D2079} (RegisterBeTwin2000 Control) - http://216.7.10.149/BeTwin2000Registration...BeTwinAdmin.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D0B1249-858C-4828-B015-13B27B2F070D}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{879230FE-1C97-4388-8AA7-3D261EC290D2}: NameServer = 200.204.0.10,200.204.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D0B1249-858C-4828-B015-13B27B2F070D}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D0B1249-858C-4828-B015-13B27B2F070D}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)
O23 - Service: RDPSSW32 - Unknown owner - C:\WINDOWS\System32\RDPSSW32.EXE
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
Abraços e obrigada
Giovanna
Boa Noite GCW!
>@< Faça o download do CCleaner.
>@< Baixe-o para o Desktop!
>@< Abra o programa e clique em Executar cleaner.
>@< Terminando,clique em Erros >> Procurar erros >> Corrigir erros.
____________________
Já tive meu PC infectado por essa coisa chata do Vundo. Não sinto a diferença no meu PC como sentia da primeira vez. A única coisa, que verifiquei hoje depois do scan, é que não consigo restaurar o sistema.
>@< Vá em Iniciar >> Executar.
>@< Digite: rundll32.exe advpack.dll,LaunchINFSection %Windir%\Inf\sr.inf
>@< Dê o Ok.
>@< Aguarde! Quando houver uma solicitação,do sistema,dê o seguinte caminho: %Windir%\ServicePackFiles
>@< Aceite,também,a solicitação para Reiniciar o computador.
>@< Tente,agora,utilizar a Restauração do Sistema!
____________________
>@< Faça um escaneamento OnLine,pelo Panda.
>@< Na página,clique no botão Scan you PC.
>@< Clique em Next.
>@< Digite o seu E-Mail.
>@< Clique em Send.
>@< Finalize clicando em All PC. ( All My Computer )
>@< Aguarde!Pois vai demorar um pouco para concluir o scan.
>@< Terminando,copie o relatório e poste,na sua resposta + HJT,atualizado.
>@< Ps: Cabe lhe esclarecer,que o Log do HijackThis está limpo e,não há traços do Vundo.
Abraços!
Bom dia, DigRam!
A Restauração do Sistema já está funcionando normalmente.
Porém, o Panda não consegue finalizar o scan.
Quando acaba a transferência, ele mostra a seguinte mensagem:
Erro durante o processo de instalação
Deu-se um erro aquando do download do Panda ActiveScan. Repita o processo, de novo. Se se produzir um novo erro, reinicie o seu PC e tente de novo
As causas possíveis deste erro são:
O controle ActiveX da aplicação não está a ser descarregado.
Problemas com a ligação à Internet.
Pode dever-se a um erro, no momento do download ou a um erro na instalação devido à falta de espaço no seu disco duro, privilegios,...
Já tentei reiniciar, mas a mensagem não muda.
De qualquer forma, envio o último log do HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 11:31:34, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RDPSSW32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe
C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\INCRED~1\bin\IMApp.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pgdp.net/c/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1184885418234
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {F4E59691-8BC1-446B-9F89-B4C8621D2079} (RegisterBeTwin2000 Control) - http://216.7.10.149/BeTwin2000Registration...BeTwinAdmin.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D0B1249-858C-4828-B015-13B27B2F070D}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{879230FE-1C97-4388-8AA7-3D261EC290D2}: NameServer = 200.204.0.10,200.204.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D0B1249-858C-4828-B015-13B27B2F070D}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)
O23 - Service: RDPSSW32 - Unknown owner - C:\WINDOWS\System32\RDPSSW32.EXE
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
Boa Tarde GCW!
>@< Apague a pasta: C:\QooBox\Quarantine << Pertence ao ComboFix.
_________________
>@< Desabilite a proteção residente,do Avira,e tente o scan pelo Panda.
>@< Caso não funcione,faça o escaneamento em Kaspersky e poste o relatório.
_________________
>@< Se,também,não tiver sucesso,faça um scan com o seu AntiVírus e poste o relatório.
>@< Não há necessidade de postar um nôvo Log,do HijackThis,pois o mesmo está limpo!
Abraços!
Boa tarde, DigRam!
Apaguei a pasta do ComboFix.
Realmente, o Panda não consegue finalizar o scan, mesmo depois de eu desabilitar o Avira.
Porém, obtive sucesso com o Kaspersky. Segue abaixo o relatório:
KASPERSKY ONLINE SCANNER REPORT
Monday, October 08, 2007 1:42:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 8/10/2007
Kaspersky Anti-Virus database records: 429153
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 38975
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 02:45:13
Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_31c.dat Object is locked skipped
C:\WINDOWS\Temp\vmware-vmount.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4E850136-C3F0-4C25-9AF9-EB3458A7E806}.bin Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\VMware\vmnetdhcp.leases Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Giovanna\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Histórico\History.IE5\MSHist012007100820071009\index.dat Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\11.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\giovannacw@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\giovannacw@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Temp\~DF512B.tmp Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Temp\~DF514E.tmp Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Temp\~DF6215.tmp Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Temp\~DF3FE1.tmp Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Temp\~DF404A.tmp Object is locked skipped
C:\Documents and Settings\Giovanna\Configurações locais\Temp\AcrD596.tmp Object is locked skipped
C:\Documents and Settings\Giovanna\Meus documentos\DP Mentoring\Elkan Lubliner, 3 of 3.doc Object is locked skipped
C:\Documents and Settings\Giovanna\Meus documentos\DP Mentoring\original messages.doc Object is locked skipped
C:\Documents and Settings\Giovanna\Meus documentos\DP Mentoring\~WRL0004.tmp Object is locked skipped
C:\Documents and Settings\Giovanna\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Giovanna\Dados de aplicativos\Microsoft\Modelos\Normal.dot Object is locked skipped
C:\Documents and Settings\Giovanna\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\history.dat Object is locked skipped
C:\Documents and Settings\Giovanna\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\cert8.db Object is locked skipped
C:\Documents and Settings\Giovanna\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\key3.db Object is locked skipped
C:\Documents and Settings\Giovanna\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\parent.lock Object is locked skipped
C:\Documents and Settings\Giovanna\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Giovanna\Dados de aplicativos\Mozilla\Firefox\Profiles\ltp2qmka.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Giovanna\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\_restore{FECDDAEB-699E-4409-ADF8-21D9AE643938}\RP2\change.log Object is locked skipped
Scan process completed.
Bom Dia GCW!
>@< O relatório do Kaspersky,está apontando para um computador limpo!
>@< Crie um Ponto de Restauração...,LIMPO! < Docs >
____________________
>@< Procure navegar com segurança: < Dicas de Segurança >
@@@@@@@@@@@@@@@@@@@@
>@< Bom trabalho!
>@< Log Limpo!
Abraços! :thumbsup:
Que bom, DigRam! :clap:Muito obrigada mesmo pelo tempo e pela ajuda dispensados!Abraços e tudo de bom,Giovanna
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto é preciso enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Bom Dia GCW!
>@< Apague as pastas,em destaque:
C:\VundoFix Backups
C:\!KillBox << A pasta!
C:\Muestras
>@< Limpe a quarentena do AntiVir!
>@< Voçê possui 2 Antivírus,e isso não é traduzido por um ganho,na proteção.
>@< Faça a opção por um deles! ( Sugiro que fique com o AntiVir.... )
_____________________
>@< Faça o download do a-squared Free 3.0
>@< Abra o programa e clique em: Atualizar agora >> Aguarde!
>@< Terminando,clique em: Analisar agora.
>@< Procure fazer,esta análise,em Modo de Segurança!
>@< Escolha a opção: A fundo.
>@< Clique em Analisar!
>@< Terminando,envie os ítens encontrados para a quarentena. Aonde,daí,serão eliminados ou restaurados.
>@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado.
Abraços!