[Arquivado] PC não reinicia, não faz troca de usuário...

[Miyazawa Chrys 0]

Bem gente é o seguinte....

 

Não creio que seja uma infecção, mas eu realmente não achei um lugar melhor pra postar isso....

 

Comprei um PC Amazon, Pentium D Dual Core, 160HD, 512Ram...jóinha... ele veio com Linux Metasys instalado.

Eu nunca na minha vida havia usado linux e não conseguia nem ativar a placa de rede... xD~

Quando eu tentava reiniciar o pc pra ver se alguma configuração que eu havia feito tinha dado certo, ele não reiniciava...

Pensei que fosse por alguma coisa no Linux, então eu formatei...coloquei Windows, mas continuou sem reiniciar...

Quando coloco pra reiniciar, ele tenta, mas não sei o que acontece, ele não chega nem a carregar a bios, e fica no modo standby o monitor, mas ele continua ligado...Ele tb reconhece apenas 130 de HD u.u""

Depois que se passaram uns 2 dias dessa minha formatação, o pc depois que tento reiniciar, ou desligar e tentar ligar em seguida, já não liga, fica no modo standby...ai é preciso tirar tudo da tomada e esperar pelo menos uma hora pra religar ele... :closedeyes: (se eu não tirar da tomada não adianta esperar 1 hora que ele não liga do mesmo jeito :mellow: )

 

O meu Log é esse:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:22:35, on 22/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\AppServ\mysql\bin\mysqld-nt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Winamp Remote\bin\Orb.exe

C:\WINDOWS\system32\wscntfy.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [itch ford four knob] C:\Documents and Settings\All Users\Dados de aplicativos\third lies itch ford\Five readme.exe

O4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe"

O4 - HKCU\..\Run: [waitref] C:\DOCUME~1\RAGNAG~1\DADOSD~1\STUPID~1\Owns Poke Dupe.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Orb] "C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{528EDEFF-B34A-4511-B219-684AF04DB56B}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe

O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

 

--

End of file - 7534 bytes

 

Mas pra mim é problema de hardware.....

 

Ah! já que postei o log podem verificar pra mim o probleminha das popups CID tb?

 

desde já agradeço!!!!

[jgarcia 1]

Opa Miyazawa Chrys,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[Miyazawa Chrys 0]

Só uma coisinha amigo, você disse que o pc vai reiniciar sozinho, mas o meu pc não reinicia '-'

Achei por acaso sua resposta no google :P, pois estava esperando um aviso por e-mail dizendo que o tópico havia sido respondido hehe.

@edit log desse seu programa:

 

ComboFix 08-02-17.2 - RagnaGodz 2008-02-17 11:09:08.1 - NTFSx86

Executando de: C:\Documents and Settings\RagnaGodz\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

C:\Documents and Settings\RagnaGodz\Dados de aplicativos\inst.exe

 

----- BITS: Possible infected sites -----

 

hxxp://au.download.windowsupdate.cõj

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))

.

 

2008-02-16 21:19 . 2007-08-18 04:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm

2008-02-16 21:18 . 2008-02-16 21:19 <DIR> d-------- C:\Arquivos de programas\XP Codec Pack

2008-02-16 19:41 . 2008-02-16 19:41 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter

2008-02-16 19:31 . 2008-02-16 19:31 <DIR> d-------- C:\WINDOWS\Mozilla

2008-02-16 19:12 . 2008-02-16 22:02 <DIR> d-------- C:\Arquivos de programas\MediaCoder

2008-02-15 22:33 . 2008-02-15 22:33 <DIR> d-------- C:\Documents and Settings\RagnaGodz\Dados de aplicativos\Nero

2008-02-15 22:30 . 2008-02-15 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-02-15 22:30 . 2008-02-15 22:30 <DIR> d-------- C:\Arquivos de programas\Nero

2008-02-15 22:30 . 2008-02-15 22:31 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-02-15 10:58 . 2008-02-15 10:58 192,536 --a------ C:\Documents and Settings\RagnaGodz\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-02-07 15:05 . 2008-02-07 15:05 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\NSV

2008-02-07 13:53 . 2007-07-30 18:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-02-07 13:53 . 2007-07-30 18:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-02-06 21:31 . 2008-02-16 20:46 <DIR> d-------- C:\Arquivos de programas\ACE Mega CoDecS Pack

2008-02-04 19:29 . 2008-02-04 19:29 <DIR> d--hs---- C:\Documents and Settings\RagnaGodz\UserData

2008-02-03 22:25 . 2008-02-17 09:20 <DIR> d-------- C:\Documents and Settings\RagnaGodz\Tracing

2008-02-03 18:37 . 2008-02-03 18:37 <DIR> d-------- C:\Documents and Settings\RagnaGodz\Dados de aplicativos\Virtus

2008-02-03 18:36 . 2008-02-03 18:36 <DIR> d-------- C:\Arquivos de programas\Virtus

2008-02-03 16:26 . 2008-02-03 17:24 <DIR> d-------- C:\Arquivos de programas\Microke Special Edition

2008-02-03 16:09 . 2008-02-04 11:13 <DIR> d-------- C:\Arquivos de programas\Save

2008-02-02 15:21 . 2008-02-02 15:21 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2008-02-02 15:19 . 2008-02-02 15:20 <DIR> d-------- C:\8bc9ae267d4280012693b261

2008-02-02 15:18 . 2008-02-02 15:18 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-02-02 15:18 . 2008-02-02 15:20 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-02-02 11:59 . 2008-02-03 14:31 <DIR> d-------- C:\Documents and Settings\RagnaGodz\Contacts

2008-02-01 13:51 . 2008-02-01 13:51 <DIR> d-------- C:\Arquivos de programas\Lavalys

2008-01-29 22:19 . 2008-01-29 22:19 <DIR> d-------- C:\Arquivos de programas\Convar

2008-01-29 22:19 . 2003-07-18 12:58 516,784 -ra------ C:\WINDOWS\system32\XceedCry.dll

2008-01-29 22:19 . 2002-02-28 08:46 217,088 --a------ C:\WINDOWS\system32\DartSock.dll

2008-01-29 22:19 . 2002-02-21 09:12 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll

2008-01-29 22:19 . 1998-06-13 21:53 44,544 --a------ C:\WINDOWS\system32\Gif89.dll

2008-01-29 22:19 . 2002-04-12 12:19 28,672 --a------ C:\WINDOWS\system32\DartWeb.oca

2008-01-29 22:04 . 2008-01-29 22:04 <DIR> d-------- C:\DriveKey

2008-01-26 15:31 . 2008-01-26 15:31 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-01-26 09:20 . 2007-07-09 10:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-01-26 00:01 . 2008-02-12 19:11 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-01-25 15:01 . 2008-02-14 23:49 <DIR> d-------- C:\Documents and Settings\RagnaGodz\Dados de aplicativos\Vso

2008-01-25 15:01 . 2008-01-25 15:01 <DIR> d-------- C:\Arquivos de programas\VSO

2008-01-25 15:01 . 2004-05-04 10:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll

2008-01-25 15:01 . 2006-09-29 10:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll

2008-01-25 15:01 . 2006-09-29 10:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll

2008-01-25 15:01 . 2006-09-29 10:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll

2008-01-25 15:01 . 2007-03-18 19:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll

2008-01-25 15:01 . 2008-01-25 15:01 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

2008-01-25 15:01 . 2008-01-25 15:01 47,360 --a------ C:\Documents and Settings\RagnaGodz\Dados de aplicativos\pcouffin.sys

2008-01-22 22:22 . 2008-01-22 22:22 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-01-22 22:17 . 2008-01-22 22:18 <DIR> d-------- C:\LinhaDefensiva

2008-01-21 03:28 . 2007-07-11 17:44 179,352 --a------ C:\wubildr

2008-01-21 03:28 . 2007-07-14 19:17 8,192 --a------ C:\wubildr.mbr

2008-01-20 21:24 . 2008-01-23 11:26 <DIR> d-------- C:\wubi

2008-01-20 21:24 . 2008-01-20 21:24 90,786 --a------ C:\WINDOWS\wubi-uninstall.exe

2008-01-18 13:46 . 2008-02-16 20:46 <DIR> d-------- C:\WINDOWS\system32\QuickTime

2008-01-18 13:45 . 2008-01-18 13:45 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-01-18 12:43 . 2008-01-18 12:51 <DIR> d-------- C:\Arquivos de programas\SpeedBit Video Accelerator

2008-01-18 12:39 . 2008-02-10 20:33 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-01-18 12:38 . 2008-01-18 14:31 <DIR> d-------- C:\Arquivos de programas\DAP

2008-01-18 12:38 . 2008-01-18 12:38 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx

2008-01-18 12:38 . 2008-01-18 12:38 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx

2008-01-18 12:38 . 2008-01-18 12:38 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-17 11:32 --------- d-----w C:\Documents and Settings\RagnaGodz\Dados de aplicativos\AVG7

2008-02-16 23:59 --------- d-----w C:\Arquivos de programas\EasyPHP1-8

2008-02-16 23:59 --------- d-----w C:\Arquivos de programas\EasyPHP1-7

2008-02-16 23:58 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-16 01:17 --------- d-----w C:\Arquivos de programas\Ahead

2008-02-11 22:32 --------- d-----w C:\Arquivos de programas\eMule

2008-02-04 01:24 --------- d-----w C:\Arquivos de programas\Windows Live

2008-02-04 01:24 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-02-02 14:46 --------- d-----w C:\Arquivos de programas\Winamp Remote

2008-01-28 14:17 --------- d-----w C:\Documents and Settings\RagnaGodz\Dados de aplicativos\Stupid Flap Live

2008-01-28 14:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\third lies itch ford

2008-01-26 18:42 --------- d-----w C:\Arquivos de programas\EasyPHP 2.0b1

2008-01-20 04:34 65,536 ----a-w C:\WINDOWS\IFinst27.exe

2008-01-18 16:47 --------- d-----w C:\Arquivos de programas\Macromedia

2008-01-18 16:47 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-01-16 14:45 --------- d-----w C:\Arquivos de programas\Intuisphere

2008-01-15 18:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-01-15 00:38 --------- d-----w C:\Arquivos de programas\URUSoft

2008-01-12 00:38 --------- d-----w C:\Documents and Settings\RagnaGodz\Dados de aplicativos\BitTorrent

2008-01-09 17:19 --------- d-----w C:\Documents and Settings\RagnaGodz\Dados de aplicativos\SmartFTP

2008-01-09 17:18 --------- d-----w C:\Arquivos de programas\SmartFTP Client 2.5 Setup Files

2008-01-09 17:18 --------- d-----w C:\Arquivos de programas\SmartFTP Client

2008-01-07 02:06 936 ----a-w C:\logMX500.dat

2008-01-06 17:20 --------- d-----w C:\Arquivos de programas\LG Electronics

2008-01-06 17:17 --------- d-----w C:\Arquivos de programas\LG Link

2008-01-05 23:04 --------- d-----w C:\Documents and Settings\RagnaGodz\Dados de aplicativos\Winamp

2008-01-05 20:47 --------- d-----w C:\Arquivos de programas\SHOUTcast

2008-01-05 16:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-01-05 16:46 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-01-05 14:51 --------- d-----w C:\Arquivos de programas\Winamp

2008-01-05 14:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\OrbNetworks

2008-01-03 15:40 --------- d-----w C:\Documents and Settings\RagnaGodz\Dados de aplicativos\HP

2007-12-27 19:11 --------- d-----w C:\Arquivos de programas\Gravity

2007-12-26 14:02 --------- d-----w C:\Arquivos de programas\Windows Journal Viewer

2007-12-23 19:46 --------- d-----w C:\Arquivos de programas\DivX

2007-12-23 19:45 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-12-22 13:55 --------- d-----w C:\Documents and Settings\RagnaGodz\Dados de aplicativos\Grisoft

2007-12-22 13:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2007-12-20 01:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-12-20 01:20 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2007-12-20 00:37 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2007-12-17 00:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Borland Shared

2007-12-13 21:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2007-12-07 02:09 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 11:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2007-12-03 20:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll

2007-11-21 23:59 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2007-11-21 23:59 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46 1460560]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

"waitref"="C:\DOCUME~1\RAGNAG~1\DADOSD~1\STUPID~1\Owns Poke Dupe.exe" [ ]

"WhenUSave"="C:\Arquivos de programas\Save\Save.exe" [ ]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 18:10 1688872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-31 08:02 579072]

"VTTimer"="VTTimer.exe" [2005-03-07 16:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-10-31 17:15 163840 C:\WINDOWS\system32\VTTrayp.exe]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 06:25 6731312]

"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-03 23:45 143872]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-12-20 12:16 37376]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 13:57 153136]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 13:21 2213160]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-24 09:38 219136]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 Chrys 83360]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^RagnaGodz^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\RagnaGodz\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

C:\Arquivos de programas\DNA\btdna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 01:41 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Itch ford four knob]

C:\Documents and Settings\All Users\Dados de aplicativos\third lies itch ford\Five readme.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

--a------ 2008-01-07 17:02 495616 C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

-ra------ 2006-06-20 18:42 577536 C:\WINDOWS\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

--a------ 2008-01-18 12:43 2283120 C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 00:11 132496 C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\waitref]

C:\DOCUME~1\RAGNAG~1\DADOSD~1\STUPID~1\Owns Poke Dupe.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-12-20 12:16 37376 C:\Arquivos de programas\Winamp\winampa.exe

 

R2 sbbotdi;sbbotdi;C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys [2008-01-18 12:43]

R2 VideoAcceleratorService;VideoAcceleratorService;C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -start []

S3 CCCP106;D-Link CIF Webcam;C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-05-15 13:30]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-02-17 14:00:01 C:\WINDOWS\Tasks\B80757359068D665.job"

- c:\docume~1\ragnag~1\dadosd~1\stupid~1\Sixth ace ooze.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-17 11:14:51

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-02-17 11:17:28

ComboFix-quarantined-files.txt 2008-02-17 14:17:19

.

2008-02-12 23:32:21 --- E O F ---

 

Pronto os 2 logs:

 

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

,

,,,,,,

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:20 Chrys, on 17/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System0

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\HPZipm12.exen

C:\Arquivos de programas\Arquivos co

un \00000000000000000000000000000000000

 

Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [waitref] C:\DOCUME~1\RAGNAG~1\DADOSD~1\STUPID~1\Owns Poke Dupe.exe

O4 - HKCU\..\Run: [WhenUSave] "C:\Arquivos de programas\Save\Save.exe"

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202402784608

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{528EDEFF-B34A-4511-B219-684AF04DB56B}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

 

--

End of file - 8286 bytes

 

 

Não sei se é um bump essa minha resposta agora, já que faz um tempinho que você respondeu a minha pergunta...se for sorry!!

[jgarcia 1]

Opa Miyazawa Chrys,

 

Vamos lá.

 

1ª Etapa

 

Desinstale:

-> Save

 

Utilize Adicionar / Remover programas.

 

Obs.: Desinstale e reinicie após tê-lo feito.

 

2ª Etapa

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

c:\docume~1\ragnag~1\dadosd~1\stupid~1\Sixth ace ooze.exe

C:\DOCUME~1\RAGNAG~1\DADOSD~1\STUPID~1\Owns Poke Dupe.exe

C:\Documents and Settings\All Users\Dados de aplicativos\third lies itch ford\Five readme.exe

C:\WINDOWS\Tasks\B80757359068D665.job

C:\WINDOWS\IFinst27.exe

Folder::

c:\docume~1\ragnag~1\dadosd~1\stupid~1

C:\Documents and Settings\All Users\Dados de aplicativos\third lies itch ford

C:\Arquivos de programas\Save

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Itch ford four knob]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\waitref]

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.
  

Abraços.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.