Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

dilp

[Arquivado] virus (29a5ea88)

Recommended Posts

olá...

preciso de ajuda para remover um virus que está deixando meu cpu com 100% de uso mesmo sem nenhum programa aberto. Quando o cpu chega a 100% tudo começa a ficar lerdo e travando.

Quando reinicio ou desligo o pc aparece uma janela pedindo para finalizar tarefa de 29a5ea88. Essa janela aparece umas 4 vezes pra depois aparecer tambem uma com o nome de MCI. gostaria de saber se é realmente um virus.

ai está o log do HijackThis.

 

Logfile of HijackThis v1.99.1

Scan saved at 13:19:59, on 28/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\FixCamera.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\tsnp325.exe

C:\WINDOWS\vsnp325.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\malware\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O1 - Hosts: 127.255.255.255 www.alcohol-soft.com

O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll

O3 - Toolbar: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll

O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [GetTube Update] C:\Arquivos de programas\GetTube\liveupdate.exe /m

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll (file missing)

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia dilp!

 

>@< Faça o download do NoLop.

>@< Salve-o no Desktop!

>@< Mas não rode-o ainda!

________________________

 

>@< Configure o Windows,para que mostre os arquivos ocultos do SO.

>1< Abra: Meu Computador.

>2< Clique em Ferramentas >> Opções de Pasta.

>3< Selecione a aba: Modo de Exibição.

>4< Selecione o botão < Mostrar pastas e arquivos ocultos >

>5< Desmarque a caixa: <Ocultar arquivos protegidos do SO ( Recomendado ) >

>6< Clique em Ok.

________________________

 

>@< Reinicie o computador,em Modo de Segurança.

>@< Execute o NoLop,com um duplo clique em NoLop.exe.

>@< Clique no botão Search and Destroy.

>@< O computador será escaneado pela ferramenta.Aguarde!

>@< Caso encontre alguma infecção,clique em Ok >> Clique em Reboot.

>@< Caso não encontre infecções,saia do programa clicando em Ok.

>@< Reinicie em Modo Normal!

>@< Poste o relatório,que estará em < C:\NoLop.log >,na sua resposta + HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

ok..

baixei o programa...

 

LOG DO NoLop

 

NoLop! Log by Skate_Punk_21

 

Fix running from: C:\Documents and Settings\user\Desktop

[3/3/2008]

[10:42:20]

 

---Infection Files Found/Removed---

NO INFECTION FILES FOUND - Cleaning Aborted.

 

---Listing AppData sub directories---

 

 

 

 

LOG DO HJT

 

Logfile of HijackThis v1.99.1

Scan saved at 10:46:16, on 3/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\FixCamera.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\malware\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O1 - Hosts: 127.255.255.255 www.alcohol-soft.com

O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll

O3 - Toolbar: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll

O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

VLW!!! aguardando resposta!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde dilp!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

_________________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

oi...

ta ai o relatorio do combofix... espero q consiga resolver o problema

 

 

 

 

ComboFix 08-03-05.1 - user 2008-03-05 13:27:19.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.617 [GMT -3:00]

Executando de: C:\Documents and Settings\user\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))))

.

 

2008-03-04 17:02 . 2008-03-04 17:02 268 --ah----- C:\sqmdata07.sqm

2008-03-04 17:02 . 2008-03-04 17:02 244 --ah----- C:\sqmnoopt07.sqm

2008-03-04 11:21 . 2008-03-04 11:21 <DIR> d-------- C:\Documents and Settings\outros\Contacts

2008-03-04 11:17 . 2008-03-04 11:17 <DIR> d-------- C:\Documents and Settings\outros\Dados de aplicativos\Nero

2008-03-04 11:16 . 2007-12-26 08:26 <DIR> d--h----- C:\Documents and Settings\outros\Modelos

2008-03-04 11:16 . 2008-03-04 11:23 <DIR> dr------- C:\Documents and Settings\outros\Meus documentos

2008-03-04 11:16 . 2002-01-27 03:20 <DIR> dr------- C:\Documents and Settings\outros\Menu Iniciar

2008-03-04 11:16 . 2008-03-04 11:16 <DIR> dr------- C:\Documents and Settings\outros\Favoritos

2008-03-04 11:16 . 2008-03-04 11:17 <DIR> dr-h----- C:\Documents and Settings\outros\Dados de aplicativos

2008-03-04 11:16 . 2008-03-04 11:16 <DIR> d--h----- C:\Documents and Settings\outros\Configurações locais

2008-03-04 11:16 . 2002-01-27 03:20 <DIR> d--h----- C:\Documents and Settings\outros\Ambiente de rede

2008-03-04 11:16 . 2002-01-27 03:20 <DIR> d--h----- C:\Documents and Settings\outros\Ambiente de impressão

2008-03-03 10:42 . 2008-03-03 10:42 106 --a------ C:\delete.bat

2008-03-01 10:51 . 2008-03-01 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-03-01 10:50 . 2008-03-01 10:50 <DIR> d-------- C:\Arquivos de programas\CyberLink

2008-03-01 10:50 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-02-29 21:27 . 2008-02-29 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

2008-02-29 21:01 . 2008-02-29 21:01 1,887 --a------ C:\WINDOWS\diagwrn.xml

2008-02-29 21:01 . 2008-02-29 21:01 1,887 --a------ C:\WINDOWS\diagerr.xml

2008-02-26 16:19 . 2008-03-03 10:46 <DIR> d-------- C:\malware

2008-02-24 19:23 . 2008-02-24 19:23 <DIR> d-------- C:\Documents and Settings\user\Dados de aplicativos\Nero

2008-02-24 19:17 . 2008-02-24 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-02-24 19:17 . 2008-02-24 19:19 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-02-23 21:34 . 2008-02-29 20:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-23 21:34 . 2008-02-23 21:34 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-23 21:33 . 2008-02-23 21:34 <DIR> d-------- C:\Arquivos de programas\iTunes

2008-02-23 21:33 . 2008-02-23 21:33 <DIR> d-------- C:\Arquivos de programas\iPod

2008-02-23 21:32 . 2008-02-23 21:32 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-02-23 21:31 . 2008-02-23 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-02-23 21:31 . 2008-02-23 21:31 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2008-02-23 21:30 . 2008-02-23 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-02-23 21:30 . 2008-02-23 21:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Apple

2008-02-22 17:11 . 2008-02-22 18:05 <DIR> d-------- C:\Ptyes

2008-02-20 15:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-02-20 15:35 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-02-20 15:35 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-02-19 22:01 . 2008-02-24 00:10 <DIR> d-------- C:\Arquivos de programas\Windows Live Toolbar

2008-02-19 22:01 . 2008-02-19 22:01 <DIR> d-------- C:\Arquivos de programas\Windows Live Favorites

2008-02-19 21:42 . 2008-02-19 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-19 21:42 . 2008-02-19 21:59 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-02-19 21:42 . 2008-02-19 21:58 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-16 13:51 . 2002-02-16 13:54 <DIR> d-------- C:\Arquivos de programas\Elaborate Bytes

2008-02-16 13:49 . 2008-02-29 20:55 <DIR> d-------- C:\WINDOWS\system32\lib

2008-02-16 13:48 . 2007-02-16 14:02 <DIR> d-------- C:\Arquivos de programas\Alcohol Soft

2008-02-16 13:48 . 2008-02-24 19:56 223,128 --a--c--- C:\WINDOWS\system32\drivers\vaxscsi.sys

2008-02-16 13:46 . 2008-02-16 13:46 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-02-16 13:46 . 2008-02-23 22:40 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6397.sys

2008-02-15 20:51 . 2008-02-15 20:51 <DIR> d-------- C:\Documents and Settings\user\Dados de aplicativos\Leadertech

2008-02-15 20:51 . 2008-02-15 20:51 <DIR> d-------- C:\Arquivos de programas\GameSpy Arcade

2008-02-15 20:39 . 2008-02-15 20:39 <DIR> d-------- C:\NeverwinterNights

2008-02-15 18:35 . 2008-02-29 21:30 <DIR> d-------- C:\Arquivos de programas\eMule

2008-02-09 23:32 . 2008-02-09 23:32 <DIR> d-------- C:\CoolSMS

2008-02-07 21:05 . 2008-02-07 21:05 268 --ah----- C:\sqmdata04.sqm

2008-02-07 21:05 . 2008-02-07 21:05 244 --ah----- C:\sqmnoopt04.sqm

2008-02-06 19:33 . 2008-02-06 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WEBREG

2008-02-06 19:30 . 2008-02-06 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HP Product Assistant

2008-02-06 19:30 . 2008-02-06 19:30 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard

2008-02-06 19:29 . 2007-03-08 01:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys

2008-02-06 19:29 . 2007-03-08 01:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys

2008-02-06 19:29 . 2007-03-08 01:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

2008-02-06 19:28 . 2007-03-17 13:11 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll

2008-02-06 19:28 . 2007-03-17 13:11 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll

2008-02-06 19:28 . 2007-03-08 01:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll

2008-02-06 19:28 . 2007-03-17 13:11 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll

2008-02-06 19:28 . 2004-08-03 21:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-02-06 19:28 . 2004-08-03 21:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-02-06 19:21 . 2008-02-06 19:33 152,198 --a--c--- C:\WINDOWS\hpoins14.dat

2008-02-06 19:21 . 2007-06-05 20:07 2,000 -----c--- C:\WINDOWS\hpomdl14.dat

2008-02-06 18:18 . 2008-02-06 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-02-06 18:17 . 2007-03-30 12:07 267,864 -ra--c--- C:\WINDOWS\system32\hpzids01.dll

2008-02-06 18:17 . 2007-03-28 13:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-05 16:27 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-05 16:19 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\uTorrent

2008-03-05 15:20 --------- d-----w C:\Arquivos de programas\Intel

2008-03-03 15:46 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-01 13:50 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-01 00:30 --------- d-----w C:\Arquivos de programas\GetTube

2008-03-01 00:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-03-01 00:02 --------- d-----w C:\Arquivos de programas\Spyware Terminator

2008-02-26 15:48 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\Spyware Terminator

2008-02-24 22:17 --------- d-----w C:\Arquivos de programas\Nero

2008-02-24 01:42 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\LimeWire

2008-02-24 00:33 --------- d-----w C:\Arquivos de programas\Bonjour

2008-02-06 22:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-02-06 22:12 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-01-30 14:08 --------- d-----w C:\Arquivos de programas\Google

2008-01-30 03:52 --------- d-----w C:\Arquivos de programas\MikesGames

2008-01-23 14:56 --------- d-----w C:\Arquivos de programas\USBToolbox

2008-01-23 14:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-01-23 14:36 --------- d-----w C:\Arquivos de programas\NCSoft

2008-01-16 14:40 --------- d-----w C:\Arquivos de programas\Eudemons_Pt

2008-01-15 20:16 --------- d-----w C:\Documents and Settings\user\Dados de aplicativos\HP

2008-01-11 03:46 --------- d-----w C:\Arquivos de programas\DAP

2008-01-09 17:00 --------- d-----w C:\Arquivos de programas\ONGAME

2008-01-08 17:48 --------- d-----w C:\Arquivos de programas\speedbit_br

2008-01-08 17:45 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll

2008-01-07 22:40 --------- d-----w C:\Arquivos de programas\uTorrent

2008-01-07 22:31 2,887,680 -c--a-w C:\WINDOWS\system32\VagalumePluginWMP.dll

2008-01-07 22:19 --------- d-----w C:\Arquivos de programas\Java

2008-01-07 21:35 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-01-07 18:42 --------- d-----w C:\Arquivos de programas\LimeWire

2008-01-07 18:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2007-12-26 11:51 315,392 ----a-w C:\WINDOWS\HideWin.exe

2007-12-13 22:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e0211842-8b43-4cc4-a532-e16afba388b2}]

2007-07-31 15:33 1391640 --a------ C:\Arquivos de programas\speedbit_br\tbspee.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{E0211842-8B43-4CC4-A532-E16AFBA388B2}

{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

 

[HKEY_CLASSES_ROOT\clsid\{e0211842-8b43-4cc4-a532-e16afba388b2}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{E0211842-8B43-4CC4-A532-E16AFBA388B2}"= C:\Arquivos de programas\speedbit_br\tbspee.dll [2007-07-31 15:33 1391640]

 

[HKEY_CLASSES_ROOT\clsid\{e0211842-8b43-4cc4-a532-e16afba388b2}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-02-12 13:50 20480]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-01-22 14:01 346536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehabn.dll 2008-01-22 14:01 346536 C:\ARQUIV~1\GbPlugin\gbiehabn.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

--a------ 2008-01-08 14:45 4376328 C:\Arquivos de programas\DAP\DAP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetTube Update]

--a------ 2008-02-29 00:17 29184 C:\Arquivos de programas\GetTube\liveupdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

-ra------ 2006-10-05 10:13 114688 C:\WINDOWS\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-03-11 20:34 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

-ra------ 2006-10-05 10:11 98304 C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-01-15 03:22 267048 C:\Arquivos de programas\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

-ra------ 2006-10-05 10:10 94208 C:\WINDOWS\system32\igfxpers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-01-10 15:27 385024 C:\Arquivos de programas\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-04-10 04:28 16126464 C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]

--a------ 2007-05-10 12:18 835584 C:\WINDOWS\vsnp325.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]

--a------ 2007-04-21 08:36 270336 C:\WINDOWS\tsnp325.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\DAP\\DAP.exe"=

"C:\\Arquivos de programas\\ONGAME\\Metin2\\metin2.bin"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

 

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-02-17 13:06]

R2 RPCHED;Remote Procedure CallD (RPCE);C:\Arquivos de programas\Intel\Intell.exe [2002-02-16 13:54]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-20 23:44]

R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-05-24 17:06]

S3 XDva068;XDva068;C:\WINDOWS\system32\XDva068.sys []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-01 00:28:12 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Arquivos de programas\TuneUp Utilities 2004\SystemOptimizer.exe

"2008-02-24 00:31:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2008-03-05 15:54:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-05 13:29:22

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-03-05 13:30:20

ComboFix-quarantined-files.txt 2008-03-05 16:30:17

.

2008-02-20 17:36:09 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde dilp!

 

>@< Configure o Windows,para que mostre pastas e arquivos ocultos!

_______________________

 

>@< Vá em Iniciar >> Painel de controle >> Opções de pasta.

>@< Clique na aba: Modo de exibição

>@< Nas Configurações avançadas,vá em Pastas e arquivos ocultos.

>@< Clique em Aplicar >> Ok.

_______________________

 

>@< Vá em Iniciar >> Pesquisar.

>@< Clique em: Todos os arquivos e pasta

>@< No campo de pesquisa,coloque: svchost >> Clique em Pesquisar.

>@< Dê preferencia à pesquisa avançada,aonde teremos mais ficheiros,sendo relacionados.

>@< Dos arquivos encontrados,atente para os que estão fora do diretório System32.

>@< Procure remove-los...mas,faça antes uma cópia de segurança!

>@< Se forem para a lixeira,podem ou não,serem restaurados.

_______________________

 

>@< Abra o Gerenciador de tarefas do Windows.

>@< Na aba Processos,verifique os svchost cujo Nome de usuário, estão como NETWORK SERVICE ou LOCAL SERVICE.

>@< Dos que estão fora da pasta System32,coloque-os como prioridade Baixa.

>@< Desconfie dos que possuírem valores àcima de 14Kb,mesmo estando no diretório System32.

>@< Faça um por vez!Observe qual processo liberou a memória de uso excessivo,para posteriormente,finalizá-lo e/ou deletá-lo.

_______________________

 

>@< Muito cuidado nestas operações,para não ocorrer no erro de alterar ou finalizar processos do sistema.

 

Aguardo retorno!

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

olá

fiz o q você falou mais nao encontrei nenhum dos arquivos fora do system32, só encontrei um dentro dele que tinha 14kb.

No grenciador de tarefas todos os arquivos que você falo estavam uso 00 do cpu.

o q estava usando 52% era o iexplore.exe, 47% era o msn e 1% era o tempo ocioso de sistema.

Quando eu finalizo o msn pro exemplo, os 47% vao para o iexplore e quando eu finalizao o iexplore vai tudo para o tempo ocioso de sistema e o cpu volta a usar 1 ou 2% e fica tudo normal de novo.

Mas com certeza isso nao deve ser normal e as janelas de finalizar MIC e 29a5ea88 continuam aparecendo quando vou desligar ou reiniciar.

 

obrigado por estar me qajudando.

aguardo resposta!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite dilp!

 

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Clique em BitDefender ( Scan OnLine ).

 

<!> Leia o Tutorial.

 

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em I Agree.

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

________________________

 

>@< Poste,então: Relatório do BitDefender + Log do HijackThis,atualizado.

>@< Ps: O relatório do BitDefender,estará em: C:\Windows\BDOSCAN8\bdoscan.txt

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

oi..

t ai o log q você pediu

 

 

[General]

App = "BitDefender Online Scanner v8"

Date = 10:03:2008

Time = 02:55:32

Scan Path = A:\;C:\;D:\;

 

[Engines Info]

Virus Definitions = 986304

Engine build = "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"

Scan plugins = 16

Archive plugins = 41

Unpack plugins = 7

E-mail plugins = 6

System plugins = 5

 

[scan Statistics]

Folders = 9485

Files = 434703

Archives = 2277

Packed files = 40853

Identified viruses = 4

Infected files = 4

Warnings = 0

Suspect files = 0

Disinfected files = 0

Deleted files = 3

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 6912

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000008 = "C:\Arquivos de programas\Intel\Intell.exe Infected with: Generic.Graybird.83F97D9A"

Line00000007 = "C:\Arquivos de programas\Intel\Intell.exe Disinfection failed"

Line00000006 = "C:\Arquivos de programas\Intel\Intell.exe Delete failed"

Line00000005 = "C:\Documents and Settings\user\Meus documentos\Diego\instalações\1964_099.exe Infected with: Trojan.Generic.79287"

Line00000004 = "C:\Documents and Settings\user\Meus documentos\Diego\instalações\1964_099.exe Deleted"

Line00000003 = "C:\heap41a\reproduce.txt Infected with: Win32.Offring.A"

Line00000002 = "C:\heap41a\reproduce.txt Deleted"

Line00000001 = "C:\heap41a\script1.txt Infected with: Trojan.Autohk.A"

Line00000000 = "C:\heap41a\script1.txt Deleted"

 

 

 

 

 

 

 

 

E O DO HJT

 

 

Logfile of HijackThis v1.99.1

Scan saved at 06:21:41, on 10/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\FixCamera.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\malware\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O1 - Hosts: 127.255.255.255 www.alcohol-soft.com

O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll

O3 - Toolbar: speedbit_br Toolbar - {e0211842-8b43-4cc4-a532-e16afba388b2} - C:\Arquivos de programas\speedbit_br\tbspee.dll

O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia dilp!

 

>@< Digite no Executar: services.msc

>@< Localize o serviço: Remote Procedure CallD

>@< Dê um duplo clique e,em "Tipo de inicialização",selecione Desativado.

>@< Clique,também,em Parar.

___________________________

 

Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

___________________________

 

>@< Desabilite proteções residentes,de antivírus e antispywares.

___________________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\Arquivos de programas\Intel\Intell.exe

C:\Arquivos de programas\Intel\Intell.dll

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

Folder::

C:\Arquivos de programas\Intel

C:\heap41a

Driver::

"RPCHED"

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Veja a demonstração!

 

cpiadecfscriptxt7.gif

 

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Caso não reinicie,faça-o manualmente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.