[Arquivado] Analisem meu log

[epfernandes 0]

Uma das funções mais interessantes do FireFox é a capacidade que ele tem de encontrar um site sem você digitar o endereço, por exemplo, digamos que você queira o site dos correios...basta digitar correios na barra de endereços e pronto, ele vai achar sozinho.

 

Agora, ele redireciona para uma página do Yahoo.

 

Creio que seja MegaUpload Toolbar que causou isso =[

 

Meu log:

 

Logfile of HijackThis v1.99.1

Scan saved at 00:15:18, on 21/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Saitek\Software\Profiler.exe

C:\Arquivos de programas\Saitek\Software\SaiSmart.exe

C:\Arquivos de programas\Saitek\Software\SaiMfd.exe

C:\WINDOWS\CameraFixer.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Ventrilo\Ventrilo.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\CrossBones\Desktop\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbit\orbitcth.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbit\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbit\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbit\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbit\orbitmxt.dll/204

O8 - Extra context menu item: Download all links using BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

Agradeço qualquer ajuda.

[jgarcia 1]

Opa epfernandes,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[epfernandes 0]

Obrigado por sua atenção JGarcia.

 

Mas consegui me livrar desse "Hijacker" apagando a pasta oculta em "Documents and Settings\Usuário\Dados de aplicativos\Mozilla\Firefox " :thumbsup:

 

Mas , por via das dúvidas, aqui está meu log emitido pelo Combo.fix. Não sei se possuo outros arquivos infectados em meu Pc.

 

2007-07-25 15:27:05 [GMT -3:00] - ComboFix 07-07-24 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))

 

 

2007-07-25 15:26 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-23 18:45 <DIR> d-------- C:\Arquivos de programas\DsNET Corp

2007-07-21 14:13 <DIR> d-------- C:\DOCUME~1\CROSSB~1\DADOSD~1\BSplayer Pro

2007-07-21 12:40 <DIR> d-------- C:\Arquivos de programas\a-squared Anti-Malware

2007-07-21 00:41 1,152 --a------ C:\WINDOWS\system32\windrv.sys

2007-07-21 00:36 <DIR> d-------- C:\Arquivos de programas\Browser Hijack Recover

2007-07-20 22:37 <DIR> d-------- C:\DOCUME~1\CROSSB~1\DADOSD~1\ADPHONE

2007-07-20 22:37 <DIR> d-------- C:\Arquivos de programas\CallIT

2007-07-20 22:37 <DIR> d-------- C:\Arquivos de programas\arquivos comuns\Skype

2007-07-20 21:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\SecTaskMan

2007-07-20 21:14 <DIR> d-------- C:\Arquivos de programas\Security Task Manager

2007-07-20 20:31 <DIR> d-------- C:\!KillBox

2007-07-19 17:45 <DIR> d-------- C:\Arquivos de programas\Riva

2007-07-13 20:01 <DIR> d-------- C:\Arquivos de programas\Ubisoft

2007-07-12 23:04 <DIR> d-------- C:\DOCUME~1\CROSSB~1\DoctorWeb

2007-07-12 22:56 796,672 --a------ C:\WINDOWS\GPInstall.exe

2007-07-07 19:05 <DIR> d-------- C:\DOCUME~1\CROSSB~1\.mypaint

2007-07-07 19:00 <DIR> d-------- C:\Arquivos de programas\MyPaint

2007-07-05 18:18 <DIR> d-------- C:\Arquivos de programas\DivX

2007-07-01 17:56 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-07-01 17:54 <DIR> d-------- C:\NVIDIA

2007-07-01 17:40 3,994,624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-07-01 17:31 <DIR> d-------- C:\Arquivos de programas\Driver Cleaner Pro

2007-07-01 17:21 89,088 --a------ C:\WINDOWS\system32\atl71.dll

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-25 01:37:09 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80611102}.dat

2007-07-25 01:37:08 24 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-00000009-00001102-00000002-80611102}.dat

2007-07-24 23:45:38 -------- d-----w C:\Arquivos de programas\Steam

2007-07-24 19:06:40 -------- d-----w C:\DOCUME~1\CROSSB~1\DADOSD~1\uTorrent

2007-07-23 23:35:08 0 ----a-w C:\WINDOWS\system32\w32apiw.dll

2007-07-22 05:32:20 7,168 --sha-w C:\Arquivos de programas\Thumbs.db

2007-07-22 03:21:01 -------- d-----w C:\Arquivos de programas\HyperLobbyPro3

2007-07-21 18:19:30 -------- d-----w C:\DOCUME~1\CROSSB~1\DADOSD~1\Ventrilo

2007-07-21 15:12:29 -------- d-----w C:\Arquivos de programas\HP

2007-07-21 15:12:29 -------- d-----w C:\Arquivos de programas\Hewlett-Packard

2007-07-20 02:02:20 -------- d-----w C:\DOCUME~1\CROSSB~1\DADOSD~1\Orbit

2007-07-18 18:16:57 -------- d-----w C:\DOCUME~1\CROSSB~1\DADOSD~1\LimeWire

2007-07-18 18:16:51 -------- d-----w C:\Arquivos de programas\LimeWire

2007-07-05 21:19:21 3,674 ----a-w C:\WINDOWS\mozver.dat

2007-07-04 00:09:03 -------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-06-25 20:21:23 29 ----a-w C:\WINDOWS\popcinfo.dat

2007-06-24 22:17:11 199,054 ----a-w C:\Arquivos de programas\P47 Gavca.bmp

2007-06-20 17:46:41 -------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-06-19 02:09:03 -------- d-----w C:\Arquivos de programas\Atrativa Games

2007-06-16 21:48:27 -------- d-----w C:\DOCUME~1\CROSSB~1\DADOSD~1\HP

2007-06-16 21:40:01 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2007-06-15 22:19:30 45,056 ----a-w C:\WINDOWS\ssunstl.exe

2007-06-08 21:53:15 -------- d-----w C:\Arquivos de programas\Seagrand

2007-06-05 22:26:31 5,186 ----a-w C:\Arquivos de programas\SFCoficial.gif

2007-05-29 03:13:48 -------- d-----w C:\DOCUME~1\CROSSB~1\DADOSD~1\Skype

2007-05-29 02:32:52 60,856 ----a-w C:\DOCUME~1\CROSSB~1\DADOSD~1\GDIPFONTCACHEV1.DAT

2007-05-12 01:35:40 0 ----a-w C:\WINDOWS\nsreg.dat

2007-05-11 02:35:36 545,280 ----a-w C:\WINDOWS\flashax.exe

2007-05-11 02:35:36 12,288 ----a-w C:\WINDOWS\impborl.dll

2007-05-01 02:03:14 724,992 ----a-w C:\WINDOWS\iun6002.exe

2007-04-28 00:49:57 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll

2007-04-24 00:23:13 75,845 ----a-w C:\Arquivos de programas\IL-2 BEP Gadget.exe

2007-04-15 17:18:14 81,920 ----a-w C:\DOCUME~1\CROSSB~1\DADOSD~1\ezpinst.exe

2007-04-15 17:18:14 47,360 ----a-w C:\DOCUME~1\CROSSB~1\DADOSD~1\pcouffin.sys

2007-03-21 23:28:09 7,728 ----a-w C:\Arquivos de programas\crossbones.bmp

2007-03-19 02:17:18 28,530 ----a-w C:\Arquivos de programas\P47 Cross.jpg

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Profiler"="C:\Arquivos de programas\Saitek\Software\Profiler.exe" [2004-10-20 12:47]

"SaiSmart"="C:\Arquivos de programas\Saitek\Software\SaiSmart.exe" [2004-10-20 12:48]

"SaiMfd"="C:\Arquivos de programas\Saitek\Software\SaiMfd.exe" [2004-10-20 12:06]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ADPHONE"="C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE" [2007-06-21 13:03]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"LinkResolveIgnoreLinkInfo"=0 (0x0)

"NoResolveSearch"=1 (0x1)

"NoBandCustomize"=0 (0x0)

"NoToolbarCustomize"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"LinkResolveIgnoreLinkInfo"=0 (0x0)

"NoLowDiskSpaceChecks"=1 (0x1)

"NoBandCustomize"=0 (0x0)

"NoToolbarCustomize"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADPHONE]

C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aol]

"C:\Arquivos de programas\AOL\Active Virus Shield\avp.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arovax AntiSpyware]

C:\Arquivos de programas\Arovax AntiSpyware\arovaxantispyware.exe /s

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comodo Firewall]

"C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

"C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kis]

"C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

"C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Servicos]

C:\Windows\Adobe\AdobeLanc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

"c:\arquivos de programas\steam\steam.exe" -silent

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Arquivos de programas\Java\jre1.5.0_08\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

C:\WINDOWS\UpdReg.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]

"c:\arquivos de programas\zango\zango.exe"

 

R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys

R2 enodpl;enodpl;C:\WINDOWS\system32\drivers\enodpl.sys

R2 tandpl;tandpl;C:\WINDOWS\system32\drivers\tandpl.sys

R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys

R3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\pcouffin.sys

R3 SaiMini;SaiMini;C:\WINDOWS\system32\DRIVERS\SaiMini.sys

R3 SaiNtBus;SaiNtBus;C:\WINDOWS\system32\drivers\SaiNtBus.sys

S3 ctljystk;Creative SBLive! Gameport;C:\WINDOWS\system32\DRIVERS\ctljystk.sys

S3 EagleNT;EagleNT;\??\C:\WINDOWS\system32\drivers\EagleNT.sys

S3 MagicTune;MagicTune;C:\WINDOWS\system32\drivers\MTiCtwl.sys

S3 SaiH0255;SaiH0255;C:\WINDOWS\system32\DRIVERS\SaiH0255.sys

S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys

S3 SNPSTD3;USB PC Camera (SNPSTD3);C:\WINDOWS\system32\DRIVERS\snpstd3.sys

S3 UWProSys;Process monitor.;\??\C:\Arquivos de programas\CyberDefender\AntiSpyware\uwprosys.sys

S3 XTrapD12;XTrapD12;\??\C:\WINDOWS\system32\XTrapD12.sys

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df7622e0-2703-11dc-be99-0016ec62f9b1}]

Auto\command- RavMonE.exe e

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-25 15:30:19

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-25 15:31:32

[jgarcia 1]

Opa epfernandes,

 

Submeta o arquivo abaixo ao site VirusTotal:

 

C:\WINDOWS\iun6002.exe

 

Retorne com o resultado.

 

Abraços.

[epfernandes 0]

Aqui vai JGarcia: Antivirus Version Last Update ResultAhnLab-V3 2007.7.26.0 2007.07.25 no virus foundAntiVir 7.4.0.50 2007.07.25 no virus foundAuthentium 4.93.8 2007.07.25 no virus foundAvast 4.7.997.0 2007.07.26 no virus foundAVG 7.5.0.476 2007.07.25 no virus foundBitDefender 7.2 2007.07.26 no virus foundCAT-QuickHeal 9.00 2007.07.25 no virus foundClamAV 0.91 2007.07.26 no virus foundDrWeb 4.33 2007.07.26 no virus foundeSafe 7.0.15.0 2007.07.24 no virus foundeTrust-Vet 31.1.5004 2007.07.25 no virus foundEwido 4.0 2007.07.25 no virus foundFileAdvisor 1 2007.07.26 no virus foundFortinet 2.91.0.0 2007.07.25 no virus foundF-Prot 4.3.2.48 2007.07.25 no virus foundF-Secure 6.70.13030.0 2007.07.25 no virus foundIkarus T3.1.1.8 2007.07.25 no virus foundKaspersky 4.0.2.24 2007.07.26 no virus foundMcAfee 5082 2007.07.25 no virus foundMicrosoft 1.2704 2007.07.25 no virus foundNOD32v2 2421 2007.07.26 no virus foundNorman 5.80.02 2007.07.25 no virus foundPanda 9.0.0.4 2007.07.24 no virus foundSophos 4.19.0 2007.07.17 no virus foundSunbelt 2.2.907.0 2007.07.26 no virus foundSymantec 10 2007.07.26 no virus foundTheHacker 6.1.7.153 2007.07.25 no virus foundVBA32 3.12.2.1 2007.07.24 no virus foundVirusBuster 4.3.26:9 2007.07.25 no virus foundWebwasher-Gateway 6.0.1 2007.07.26 no virus foundAdditional informationFile size: 724992 bytesMD5: 9433d5ac20edcf7d39c454fe2f67b43dSHA1: b46be8abecd975d942bf28987bbda8686f079838

[jgarcia 1]

Opa epfernandes,

 

Desinstale:

-> zango

 

Utilize Adicionar / Remover programas.

 

Desinstale-o e reinicie após tê-lo feito.

 

Poste um novo log do HijackThis.

 

Abraços.

[epfernandes 0]

Olá JGarcia.Infelizmente não encontrei este arquivo "Zango". Sei que é um programa adware. Mas não sei onde procurar.Abraços

[jgarcia 1]

Infelizmente não encontrei este arquivo "Zango".

Ele não se encontra na lista de Adicionar / Remover programas?

[epfernandes 0]

Não, JGarcia...ele não se encontra. Ja desintalei este Zango à algum tempo.

[jgarcia 1]

Opa epfernandes,

 

Reinicie em Modo Seguro.

 

Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue até a seguinte subchave:

 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg

 

Localize e delete a seguinte pasta:

 

zango

 

Saia do Editor do Registro.

 

Reinicie em Modo Normal.

 

Poste um novo log do ComboFix.

 

Abraços.

[Shine 0]

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 20 dias, o mesmo foi arquivado.

 

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador com um link para este tópico e explique o motivo da reabertura.