Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Danyella

[Arquivado] Pc com worm, adware, trojan

Recommended Posts

Ola pessoal!

 

O spyware Doctor detectou no meu pc o worm.viking, worm.black worm, Adware.agent.Bn,Trojan Proxy.Ranky.gl, e Email_worm Zehelatin ele nao os deletou pq nao 'e registrado. Vi no windows e windows sistem alguns arquivos que pertencem a estas pragas como : system.txt, vcmgcd32.dll, llfggcd32.dll, rundll.16.exe,

logo1_exe, todos estao vazios pois os coloquei no virus total. Acho estranho pois tenho o f-secure internet suite e nao detecna nada, deleteio-o e reinstalei-o e nada. Ai esta o log com todos os progaramas visiveis e a ms configuracao todos os topicos marcados.

 

Logfile of HijackThis v1.99.1

Scan saved at 4:52:44 PM, on 1/21/08

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\COMMON\FSMA32.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\COMMON\FSMB32.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\COMMON\FCH32.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSPC\FSHTTPS\FSHTTPS.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\BACKWEB\9867844\PROGRAM\FSBWSYS.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\BACKWEB\9867844\PROGRAM\FSPEX.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\COMMON\FAMEH32.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\ANTI-VIRUS\FSGK32.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\ANTI-VIRUS\FSRW.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\FWES\PROGRAM\FSDFWD.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSPC\FSPC.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\ANTI-VIRUS\FSSM32.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\ANTI-VIRUS\FSAV32.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\COMMON\FSM32.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSGUI\ISPNEWS.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\CREATIVE\COLORIF\PROGRAM\HGCCTL95.EXE

C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

C:\WINDOWS\SYSTEM\E_S4I2H1.EXE

C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\TASKMON.EXE

C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSGUI\FSGUIDLL.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\ANTI-SPYWARE\FSAW.EXE

C:\HIJACK THIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GBIEH.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [F-Secure Manager] "C:\PROGRAM FILES\COGECO SECURITY SERVICES\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\PROGRAM FILES\COGECO SECURITY SERVICES\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [Colorific Control Panel] C:\PROGRA~1\CREATIVE\COLORIF\PROGRAM\HGCCTL95.EXE

O4 - HKLM\..\Run: [3Deep Control Panel] C:\PROGRA~1\CREATIVE\3DEEP\PROGRAM\3DeepCTL.EXE

O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON

O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\SYSTEM\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r

O4 - HKLM\..\RunServices: [GbpSv] C:\PROGRAM FILES\GBPLUGIN\GBPSV.EXE

O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\PROGRAM FILES\COGECO SECURITY SERVICES\Common\FSMA32.EXE

O4 - HKLM\..\RunServices: [bCDetect] C:\WINDOWS\SYSTEM\BCDetect.exe defer

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run

O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O4 - Global Startup: COGECO Security Services.lnk = C:\Program Files\COGECO Security Services\backweb\9867844\Program\fspex.exe

O8 - Extra context menu item: &Block this popup - C:\PROGRAM FILES\COGECO SECURITY SERVICES\Anti-Spyware\blockpopups.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_14\BIN\SSV.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_14\BIN\SSV.DLL

O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSPC\FSPCMSIE.DLL

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSPC\FSPCMSIE.DLL

O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSPC\FSPCMSIE.DLL

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\PROGRAM FILES\COGECO SECURITY SERVICES\ANTI-SPYWARE\IESHIELD.DLL

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\PROGRAM FILES\COGECO SECURITY SERVICES\ANTI-SPYWARE\IESHIELD.DLL

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

 

 

Obrigada pela atencao

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Danyella,

 

Seja Bem-Vindo ao iMasters Fóruns ! ^_^

 

Faça uma varredura com o Kaspersky Online Scanner:

 

  • 1. Acesse o site:
     
http://www.kaspersky.com/virusscanner
 
2. Clique no botão kasperdx9.jpg
 
3. Clique em "Accept" e responda "Sim" para instalar o controle ActiveX;
 
4. O programa fará logo em seguida o download da última definição de arquivos;
 
5. Depois que os arquivos forem baixados clique em "Next";
 
6. Localize o botão "Scan Settings" e configure para:

Scan using the following Anti-Virus database:
* Extended
 
Scan Options:
* Scan Archives
* Scan Mail Bases

7. Clique em "OK", em seguida clique em "My Computer" para iniciar a varredura;
 
8. Por favor! Tenha paciência, pois o processo em si é demorado. Tanto para atualizar a base de dados, quanto para fazer a própria varredura;
 
9. Quando a varredura estiver concluída, será exibido se o seu sistema está infectado. Ele não oferece uma opção para limpar/desinfectar. Nós só queremos um relatório do mesmo;
 
10. Clique no botão "Save as Text" para salvar o arquivo na sua Área de trabalho e em seguida poste o resultado na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola !

 

Desculpe-me a demora eu estava tentando fazer o scan online mas nao conseguia. O que você indicou nao faz o scan online. Assim mesmo fiz o Download dele e nao detector nada apenas todos os files do systema estavam " Ichecker ". Consegui fazer o scan online com o Bitdefender nao consegui salvar o log pois ele travou no final e tive de resetar. mas a informacoes foram estas:

 

Objetos : 67287 folder: 1672 Boot sector: 4 Archives : 650 Packed file: 1663

 

Resultado: Indentifield virus 2 Infectted files:2 supect files:0 Desinfected files:0 Delected: 1

 

Depois Passei-o novamente : 1 virus, file infectado que nao consegue desinfetar ou deletar. Desta vez consegui ver onde esta ele.

C:Program File\ Cogeco Security Services\FWE\ program\ fsdfwd.exe detectado com: AdwareGator.AC

Coloquei o fsdwd.exe no virus total e no jotti e alguns anti-virus de ambos os detectou.Ele esta dentro de um aplicativo que pertence ao F-Secure, Cogeco 'e o provedor de internet que nos deu o Internet Security suite. Estou enviando o HJ que fiz depois de passar o scan online.

 

Logfile of HijackThis v1.99.1

Scan saved at 9:50:10 PM, on 1/24/08

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\COMMON\FSMA32.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\COMMON\FSMB32.EXE

C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\COMMON\FCH32.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSPC\FSHTTPS\FSHTTPS.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\BACKWEB\9867844\PROGRAM\FSBWSYS.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\BACKWEB\9867844\PROGRAM\FSPEX.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\COMMON\FAMEH32.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\ANTI-VIRUS\FSGK32.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\ANTI-VIRUS\FSRW.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\FWES\PROGRAM\FSDFWD.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSPC\FSPC.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\COGECO SECURITY SERVICES\ANTI-VIRUS\FSSM32.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\ANTI-VIRUS\FSAV32.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\COMMON\FSM32.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSGUI\ISPNEWS.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\E_S4I2H1.EXE

C:\WINDOWS\TASKMON.EXE

C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSGUI\FSGUIDLL.EXE

C:\PROGRAM FILES\COGECO SECURITY SERVICES\ANTI-SPYWARE\FSAW.EXE

C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0 SOS\AVP.EXE

C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0 SOS\AVP.EXE

C:\HIJACK THIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GBIEH.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [F-Secure Manager] "C:\PROGRAM FILES\COGECO SECURITY SERVICES\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\PROGRAM FILES\COGECO SECURITY SERVICES\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [3Deep Control Panel] C:\PROGRA~1\CREATIVE\3DEEP\PROGRAM\3DeepCTL.EXE

O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON

O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\SYSTEM\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r

O4 - HKLM\..\Run: [AVP] "C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0 SOS\AVP.EXE"

O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\PROGRAM FILES\COGECO SECURITY SERVICES\Common\FSMA32.EXE

O4 - HKLM\..\RunServices: [GbpSv] C:\PROGRAM FILES\GBPLUGIN\GBPSV.EXE

O4 - HKLM\..\RunServices: [bCDetect] C:\WINDOWS\SYSTEM\BCDetect.exe defer

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [AVP] "C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0 SOS\AVP.EXE" -r

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O4 - Global Startup: COGECO Security Services.lnk = C:\Program Files\COGECO Security Services\backweb\9867844\Program\fspex.exe

O8 - Extra context menu item: &Block this popup - C:\PROGRAM FILES\COGECO SECURITY SERVICES\Anti-Spyware\blockpopups.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_14\BIN\SSV.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_14\BIN\SSV.DLL

O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSPC\FSPCMSIE.DLL

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSPC\FSPCMSIE.DLL

O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\PROGRAM FILES\COGECO SECURITY SERVICES\FSPC\FSPCMSIE.DLL

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\PROGRAM FILES\COGECO SECURITY SERVICES\ANTI-SPYWARE\IESHIELD.DLL

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\PROGRAM FILES\COGECO SECURITY SERVICES\ANTI-SPYWARE\IESHIELD.DLL

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

 

 

Obrigada pela atencao

Compartilhar este post


Link para o post
Compartilhar em outros sites

:!: Desative seu antivirus, antispywares e firewall, para não causar conflitos.

 

Faça o download do ComboFix (by SUBs)

Salve-o na sua área de trabalho.

 

 

1. Feche todas as janelas e programas. Rode o ComboFix.

 

2. Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix.

 

3. É um pouco demorado, por favor seja paciente.

 

Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

 

Quando a ferramenta terminar de rodar, gerará um log. Cole o arquivo C:\ComboFix.txt na sua próxima resposta, juntamente com um novo log do HijackThis.

 


  • Importante:
     
  • É preciso estar logado no sistema com privilégios de administrador.
     
     
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
     
     
  • Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
     
    Nesse caso, apague também as pastas C:\Combofix e C:\Qoobox, caso as encontre.
     
     
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.