Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

EvelinSF

[Resolvido!] Não consigo instalar antivirus

Recommended Posts

Bom dia,

ontem à noite meu pc reiniciou umas 2 vezes e depois disso meu antivirus(AVG) não funciona mais. Tentei instalar novamente e não consegui, dá um erro dizendo q não é um arquivo win32 válido. O mesmo acontece com o Spybot e o AVG antirootkit.

Tentei usar o Hujackthis conforme o explicado e tb dá o mesmo erro. Não sei o que fazer!!

 

Obrigada

Evelin

 

Não sei se isso ajuda, mas: Log do F-secure Blacklight

 

04/02/08 09:34:21 [info]: BlackLight Engine 1.0.70 initialized

04/02/08 09:34:21 [info]: OS: 5.1 build 2600 (Service Pack 2)

04/02/08 09:34:25 [Note]: 7019 4

04/02/08 09:34:25 [Note]: 7005 0

04/02/08 09:34:40 [Note]: 7006 0

04/02/08 09:34:40 [Note]: 7011 1428

04/02/08 09:34:41 [Note]: 7035 0

04/02/08 09:34:44 [Note]: 7026 0

04/02/08 09:34:48 [Note]: 7026 0

04/02/08 09:34:48 [Note]: 7024 3

04/02/08 09:34:48 [info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe

04/02/08 09:34:52 [Note]: FSRAW library version 1.7.1024

04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Empty.txt

04/02/08 09:46:15 [Note]: 10002 3

04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Filters.xml

04/02/08 09:46:15 [Note]: 10002 3

04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\news.png

04/02/08 09:46:15 [Note]: 10002 3

04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\paint.png

04/02/08 09:46:15 [Note]: 10002 3

04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Profiles\Blank.txt

04/02/08 09:46:15 [Note]: 10002 3

04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Sample1.jpg

04/02/08 09:46:15 [Note]: 10002 3

04/02/08 09:46:15 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Sample2.jpg

04/02/08 09:46:15 [Note]: 10002 3

04/02/08 09:46:15 [Note]: 10002 2

04/02/08 09:46:15 [Note]: 10002 2

04/02/08 09:53:38 [Note]: 10002 2

04/02/08 09:53:38 [Note]: 10002 2

04/02/08 10:00:03 [info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe

04/02/08 10:00:03 [Note]: 10002 2

04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\102062.exe

04/02/08 10:00:26 [Note]: 10002 3

04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\125828.exe

04/02/08 10:00:26 [Note]: 10002 3

04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\128312.exe

04/02/08 10:00:26 [Note]: 10002 3

04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\136640.exe

04/02/08 10:00:26 [Note]: 10002 3

04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\173343.exe

04/02/08 10:00:26 [Note]: 10002 3

04/02/08 10:00:26 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\183718.exe

04/02/08 10:00:26 [Note]: 10002 3

04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\191046.exe

04/02/08 10:00:27 [Note]: 10002 3

04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\214125.exe

04/02/08 10:00:27 [Note]: 10002 3

04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\218484.exe

04/02/08 10:00:27 [Note]: 10002 3

04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\230015.exe

04/02/08 10:00:27 [Note]: 10002 3

04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\241187.exe

04/02/08 10:00:27 [Note]: 10002 3

04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\247921.exe

04/02/08 10:00:27 [Note]: 10002 3

04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\254640.exe

04/02/08 10:00:27 [Note]: 10002 3

04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\270671.exe

04/02/08 10:00:27 [Note]: 10002 3

04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\288046.exe

04/02/08 10:00:27 [Note]: 10002 3

04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\339140.exe

04/02/08 10:00:27 [Note]: 10002 3

04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\348421.exe

04/02/08 10:00:27 [Note]: 10002 3

04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\371734.exe

04/02/08 10:00:27 [Note]: 10002 3

04/02/08 10:00:27 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\376328.exe

04/02/08 10:00:27 [Note]: 10002 3

04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\434437.exe

04/02/08 10:00:28 [Note]: 10002 3

04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\601171.exe

04/02/08 10:00:28 [Note]: 10002 3

04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\632531.exe

04/02/08 10:00:28 [Note]: 10002 3

04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\656375.exe

04/02/08 10:00:28 [Note]: 10002 3

04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\682203.exe

04/02/08 10:00:28 [Note]: 10002 3

04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\685734.exe

04/02/08 10:00:28 [Note]: 10002 3

04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\691140.exe

04/02/08 10:00:28 [Note]: 10002 3

04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\726343.exe

04/02/08 10:00:28 [Note]: 10002 3

04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\758828.exe

04/02/08 10:00:28 [Note]: 10002 3

04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\76312.exe

04/02/08 10:00:28 [Note]: 10002 3

04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\775562.exe

04/02/08 10:00:28 [Note]: 10002 3

04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\788406.exe

04/02/08 10:00:28 [Note]: 10002 3

04/02/08 10:00:28 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\805921.exe

04/02/08 10:00:28 [Note]: 10002 3

04/02/08 10:00:29 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\821546.exe

04/02/08 10:00:29 [Note]: 10002 3

04/02/08 10:00:29 [info]: Hidden file: c:\WINDOWS\system32\drivers\downld\91625.exe

04/02/08 10:00:29 [Note]: 10002 3

04/02/08 10:00:29 [Note]: 10002 2

04/02/08 10:00:29 [Note]: 10002 2

04/02/08 10:00:29 [info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys

04/02/08 10:00:29 [Note]: 10002 2

04/02/08 10:13:00 [Note]: 7007 0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! EvelinSF

 

>@< Faça o download do EliBagla.

>@< Salve-o no Desktop!

>@< Agora,vá ao seu ícone e execute a ferramenta!

>@< Reinicie o computador,em Modo de Segurança. << Importante!

>@< Execute,novamente,o EliBagla.

>@< Reinicie em Modo Normal!

>@< Poste o relatório: infoSAT.txt que está na raíz C:\ ( Disco Local-C )

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tentei fazer o q você pediu, mas não consegui reiniciar em modo seguro, o pc reinicou qnd estava na tela ST.. .sys.

Jà reiniciou depois disso 3 vezes.

 

Agora logo qnd o pc reinicia aparece uma tela: Select file to be cracked.

 

 

Socorro!! Eu estou preciso terminar de fazer um trabalho p hj.

 

Grata

 

 

Wed Apr 02 11:41:41 2008

EliBagle v11.20 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

 

Wed Apr 02 11:43:49 2008

EliBagle v11.20 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Por favor, envienos una muestra del fichero

C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Restaurada Clave: "SafeBoot\Minimal y Network"

 

Reinicie para Completar la Limpieza.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Agora o pc reiniciou em modo de segurança.

E já consegui instalar o antivírus.

 

Muito obrigada!!

 

Wed Apr 02 13:24:27 2008

EliBagle v11.20 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Por favor, envienos una muestra del fichero

C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Restaurada Clave: "SafeBoot\Minimal y Network"

Reinicie para Completar la Limpieza.

 

Wed Apr 02 13:27:59 2008

EliBagle v11.20 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)

Por favor, envienos una muestra del fichero

C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! EvelinSF

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: Antivírus,Antispywares e Firewall.

>@< Desabilite o TeaTimer,do Spybot.

>@< Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

___________________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz o q você falou.

 

Combo fix

ComboFix 08-04-03.3 - Evelin 2008-04-03 21:52:22.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.476 [GMT -3:00]

Executando de: C:\Documents and Settings\Evelin\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

TimedOut: progfile.dat

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\packet.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SROSA

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))

.

 

2008-04-02 15:19 . 2008-04-02 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-04-02 15:18 . 2008-04-02 15:18 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-04-02 15:06 . 2007-01-18 09:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2008-04-02 14:55 . 2008-04-02 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-04-02 14:55 . 2008-04-02 14:55 <DIR> d-------- C:\Arquivos de programas\Avira

2008-04-02 14:10 . 2008-04-02 14:01 691,545 --a------ C:\WINDOWS\unins000.exe

2008-04-02 14:10 . 2008-04-02 14:10 2,543 --a------ C:\WINDOWS\unins000.dat

2008-04-02 13:41 . 2008-04-02 16:43 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-04-02 11:41 . 2008-04-02 14:36 <DIR> d-------- C:\Muestras

2008-04-02 10:23 . 2008-04-02 10:24 <DIR> d-------- C:\Hijack

2008-04-02 09:19 . 2008-04-02 09:19 <DIR> d-------- C:\Arquivos de programas\AxBx

2008-04-02 05:26 . 2008-04-02 05:32 <DIR> d-------- C:\Arquivos de programas\Dicion rio de Sin“nimos -completo-

2008-04-02 05:25 . 2008-04-02 05:25 258,048 --------- C:\WINDOWS\Setup1.exe

2008-04-02 05:25 . 2008-04-02 05:25 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-04-01 21:25 . 2008-04-01 21:25 <DIR> d-------- C:\Arquivos de programas\PDF Info

2008-04-01 21:24 . 2008-04-02 04:52 <DIR> d-------- C:\Arquivos de programas\PDF Editor 2

2008-04-01 21:24 . 2008-04-01 21:24 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe

2008-04-01 21:18 . 2008-04-01 21:18 <DIR> d-------- C:\Program Files

2008-04-01 21:09 . 2008-04-01 21:09 <DIR> d-------- C:\Arquivos de programas\PDF Password Remover v3.0

2008-04-01 21:05 . 2008-04-01 21:05 379 --a------ C:\WINDOWS\pdf2word.INI

2008-04-01 21:04 . 2008-04-01 21:04 <DIR> d-------- C:\Arquivos de programas\VeryPDF PDF2Word v3.0

2008-04-01 20:52 . 2008-04-01 20:52 <DIR> d-------- C:\Arquivos de programas\Advanced PDF Tools v2.0

2008-04-01 20:46 . 2008-04-01 20:46 <DIR> d-------- C:\Arquivos de programas\PDFTools

2008-04-01 19:18 . 2008-04-02 11:55 <DIR> d-------- C:\WINDOWS\system32\drivers\downld

2008-03-31 23:15 . 2008-03-31 23:15 <DIR> d-------- C:\Arquivos de programas\Desliga A¡!

2008-03-29 15:50 . 2008-03-29 15:51 <DIR> d-------- C:\Arquivos de programas\SpeedBit Video Accelerator

2008-03-29 15:50 . 2008-03-29 15:50 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx

2008-03-29 01:21 . 2008-03-31 19:53 <DIR> d-------- C:\Arquivos de programas\BitComet Acceleration Patch

2008-03-29 00:50 . 2008-03-29 00:50 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-03-28 23:26 . 2008-03-29 00:53 <DIR> d-------- C:\Arquivos de programas\BitComet

2008-03-28 22:01 . 2008-04-02 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-28 21:53 . 2008-04-03 21:16 <DIR> d-------- C:\Arquivos de programas\DreMule

2008-03-28 21:36 . 2008-03-28 21:36 <DIR> d-------- C:\Arquivos de programas\Oi Velox

2008-03-04 19:39 . 2008-03-04 19:39 <DIR> d-------- C:\Arquivos de programas\GenoPro

2008-03-04 19:25 . 2008-03-27 14:58 <DIR> d-------- C:\Arquivos de programas\Simple Family Tree

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-03 15:56 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Orbit

2008-04-03 15:18 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\AVG7

2008-04-02 18:19 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Lavasoft

2008-04-02 18:19 --------- d-----w C:\Arquivos de programas\Lavasoft

2008-04-02 16:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-04-02 16:35 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-04-02 08:32 --------- d-----w C:\Arquivos de programas\Dicionário de Sinônimos -completo-

2008-04-01 23:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-04-01 02:15 --------- d-----w C:\Arquivos de programas\Desliga Aí!

2008-03-30 10:12 --------- d-----w C:\Arquivos de programas\Orbitdownloader

2008-03-30 05:00 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\LimeWire

2008-03-30 04:50 --------- d-----w C:\Arquivos de programas\LimeWire

2008-03-27 00:28 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Babylon

2008-03-27 00:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

2008-03-22 13:05 --------- d-----w C:\Arquivos de programas\Oi Internet

2008-03-16 21:19 --------- d-----w C:\Arquivos de programas\Electronic Arts

2008-03-06 20:48 --------- d-----w C:\Arquivos de programas\EA GAMES

2008-03-03 16:58 --------- d-----w C:\Arquivos de programas\Babylon

2008-03-03 14:00 --------- d-----w C:\Arquivos de programas\CoolSMS

2008-02-28 21:24 --------- d-----w C:\Arquivos de programas\EGS

2007-11-14 23:30 22,328 ----a-w C:\Documents and Settings\Evelin\Dados de aplicativos\PnkBstrK.sys

2004-03-01 16:25 114,688 ----a-w C:\Arquivos de programas\internet explorer\plugins\ChimeShim.dll

.

 

------- Sigcheck -------

 

2004-08-04 03:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys

2004-08-04 03:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45 15360]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"blokfa"="C:\ARQUIV~1\BLOKFR~1\Agente.exe" [2007-06-06 08:56 660992]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-04-02 13:35 579072]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-02 15:05 249896]

"blokfsa"="bfsa.exe" [2007-03-14 11:18 390144 C:\WINDOWS\system32\bfsa.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-04-02 13:35 219136]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\BlueSoleil.lnk

backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Google Updater.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Google Updater.lnk

backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Evelin^Menu Iniciar^Programas^Inicializar^BitComet Acceleration Patch.lnk]

path=C:\Documents and Settings\Evelin\Menu Iniciar\Programas\Inicializar\BitComet Acceleration Patch.lnk

backup=C:\WINDOWS\pss\BitComet Acceleration Patch.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

--a------ 2006-05-10 10:12 90112 C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]

--a------ 2006-10-11 22:38 26112 C:\WINDOWS\system32\Ati2mdxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-09-14 21:05 344064 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

--a------ 2007-12-07 07:27 3032800 C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]

--a------ 2004-02-24 16:00 49152 C:\WINDOWS\VM_STI.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet Acceleration Patch]

--a------ 2008-03-31 19:53 1936 C:\Documents and Settings\All Users\Menu Iniciar\Programas\BitComet Acceleration Patch\BitComet Acceleration Patch.lnk

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blokfa]

---h----- 2007-06-06 08:56 660992 C:\ARQUIV~1\BLOKFR~1\Agente.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blokfsa]

---h----- 2007-03-14 11:18 390144 C:\WINDOWS\system32\bfsa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

--a------ 2004-08-04 04:45 110592 C:\WINDOWS\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 04:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2006-09-14 17:09 157592 C:\Arquivos de programas\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discador iG]

--a------ 2005-07-25 14:41 1329152 C:\Arquivos de programas\iGv6\Discador iG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]

C:\Arquivos de programas\FlashGet\FlashGet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 02:41 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iBest.baloon]

--a------ 2005-03-14 21:14 77824 C:\Arquivos de programas\Discador iBest\baloon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSNShell]

C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POPDiscador]

--a------ 2007-07-30 09:52 2040832 C:\Arquivos de programas\POPDiscador\POPDiscador.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

--a------ 2006-10-11 22:37 668160 C:\Arquivos de programas\K-Lite Codec Pack\Real\mpclauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

-ra------ 2005-07-22 04:00 81920 C:\WINDOWS\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

--a------ 2008-03-29 15:50 2283120 C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-07-12 04:00 132496 C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboConnect]

C:\ARQUIV~1\TURBOC~1\TurboConnect.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImApp.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"E:\\Warcraft3\\Warcraft III.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\IncrediMail\\bin\\ImLc.exe"=

"C:\\Jogos\\World of Warcraft\\BackgroundDownloader.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=

"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"20173:TCP"= 20173:TCP:BitComet 20173 TCP

"20173:UDP"= 20173:UDP:BitComet 20173 UDP

 

R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 11:11]

R2 sbbotdi;sbbotdi;C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys [2008-03-29 15:50]

R2 snss;snss;C:\WINDOWS\system32\snss.exe [2007-03-14 11:19]

R2 VideoAcceleratorService;VideoAcceleratorService;C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-29 15:50]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-03 21:56:13

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-04-03 21:58:21 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-04 00:58:19

Pre-Run: 8,970,559,488 bytes disponíveis

Post-Run: 8,892,600,320 bytes dispon¡veis

 

 

 

HJT

Logfile of HijackThis v1.99.1

Scan saved at 22:06:34, on 3/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\ARQUIV~1\BLOKFR~1\Agente.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\bfsa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\snss.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ibest.com.br/site/default_ck.js...odigo=001.00001

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file)

O4 - HKLM\..\Run: [blokfa] C:\ARQUIV~1\BLOKFR~1\Agente.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [blokfsa] bfsa.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Set As Messenger Live Display Picture - C:\Arquivos de programas\MSNShell\BIN\SetMSNDP.htm

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe (file missing)

O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .csm: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .csml: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cub: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cube: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .dx: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .emb: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .embl: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .gau: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mol: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mop: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .scr: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .skc: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .spt: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148

O17 - HKLM\System\CS1\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148

O17 - HKLM\System\CS2\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: snss - Unknown owner - C:\WINDOWS\system32\snss.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! EvelinSF

 

>@< Vá em Iniciar >> Executar >> Digite: services.msc >> Ok.

________________________

 

>@< Localize snss.

>@< Em Tipo de inicialização,deixe: Desativado

>@< Se estiver em Manual ou Automático,clique em Parar o serviço.

________________________

 

Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

________________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\system32\snss.exe

Folder::

C:\Muestras

Driver::

"snss"

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Veja a demonstração!

 

cpiadecfscriptxt7.gif

 

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Caso não reinicie,faça-o manualmente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Peço desculpas pela demora.

Aí estão os relátórios requisitados.

 

Combofix

 

ComboFix 08-04-03.3 - Evelin 2008-04-13 12:11:38.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.458 [GMT -3:00]

Executando de: C:\Documents and Settings\Evelin\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Evelin\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system32\snss.exe

.

TimedOut: progfile.dat

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Muestras

C:\WINDOWS\system32\snss.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SNSS

-------\Service_snss

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))

.

 

2008-04-12 17:11 . 2008-04-12 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar

2008-04-12 17:11 . 2008-04-12 17:11 <DIR> d-------- C:\Arquivos de programas\Winamp Toolbar

2008-04-12 08:21 . 2008-04-13 02:04 <DIR> d-------- C:\Documents and Settings\Evelin\Dados de aplicativos\MegauploadToolbar

2008-04-12 08:21 . 2008-04-12 08:21 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

2008-04-07 19:34 . 2008-04-07 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2008-04-06 14:55 . 2008-04-07 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-04-06 14:55 . 2008-04-06 14:55 <DIR> d-------- C:\Arquivos de programas\DVD Shrink

2008-04-04 08:53 . 2008-04-04 08:53 <DIR> d-------- C:\Arquivos de programas\Orbitdownloader

2008-04-04 08:53 . 2007-08-08 13:56 69,632 --a------ C:\WINDOWS\system32\nporbit.dll

2008-04-03 21:58 . 2008-04-03 21:58 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-04-03 21:58 . 2008-04-03 21:58 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-04-03 21:58 . 2008-04-03 21:58 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-04-03 21:58 . 2008-04-03 21:58 <DIR> d-------- C:\Documents and Settings\Evelin\Configurações locais

2008-04-02 15:19 . 2008-04-02 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-04-02 15:18 . 2008-04-02 15:18 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-04-02 15:06 . 2007-01-18 09:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2008-04-02 14:55 . 2008-04-02 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-04-02 14:55 . 2008-04-02 14:55 <DIR> d-------- C:\Arquivos de programas\Avira

2008-04-02 14:10 . 2008-04-02 14:01 691,545 --a------ C:\WINDOWS\unins000.exe

2008-04-02 14:10 . 2008-04-02 14:10 2,543 --a------ C:\WINDOWS\unins000.dat

2008-04-02 13:41 . 2008-04-02 16:43 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-04-02 10:23 . 2008-04-03 22:06 <DIR> d-------- C:\Hijack

2008-04-02 09:19 . 2008-04-02 09:19 <DIR> d-------- C:\Arquivos de programas\AxBx

2008-04-02 05:26 . 2008-04-02 05:32 <DIR> d-------- C:\Arquivos de programas\Dicion rio de Sin“nimos -completo-

2008-04-02 05:25 . 2008-04-02 05:25 258,048 --------- C:\WINDOWS\Setup1.exe

2008-04-02 05:25 . 2008-04-02 05:25 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-04-01 21:24 . 2008-04-02 04:52 <DIR> d-------- C:\Arquivos de programas\PDF Editor 2

2008-04-01 21:24 . 2008-04-01 21:24 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe

2008-04-01 21:05 . 2008-04-01 21:05 379 --a------ C:\WINDOWS\pdf2word.INI

2008-04-01 19:18 . 2008-04-02 11:55 <DIR> d-------- C:\WINDOWS\system32\drivers\downld

2008-03-31 23:15 . 2008-03-31 23:15 <DIR> d-------- C:\Arquivos de programas\Desliga A¡!

2008-03-29 15:50 . 2008-03-29 15:51 <DIR> d-------- C:\Arquivos de programas\SpeedBit Video Accelerator

2008-03-29 15:50 . 2008-03-29 15:50 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx

2008-03-29 01:21 . 2008-04-13 11:53 <DIR> d-------- C:\Arquivos de programas\BitComet Acceleration Patch

2008-03-29 00:50 . 2008-03-29 00:50 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-03-28 23:26 . 2008-03-29 00:53 <DIR> d-------- C:\Arquivos de programas\BitComet

2008-03-28 22:01 . 2008-04-02 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-03-28 21:53 . 2008-04-13 11:58 <DIR> d-------- C:\Arquivos de programas\DreMule

2008-03-28 21:36 . 2008-03-28 21:36 <DIR> d-------- C:\Arquivos de programas\Oi Velox

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-13 15:13 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Orbit

2008-04-13 15:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-04-13 14:55 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-04-13 14:54 --------- d-----w C:\Arquivos de programas\Simple Family Tree

2008-04-13 14:54 --------- d-----w C:\Arquivos de programas\POPDiscador

2008-04-13 14:50 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\AVG7

2008-04-13 00:33 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Ahead

2008-04-12 20:12 --------- d-----w C:\Arquivos de programas\Winamp

2008-04-05 18:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

2008-04-05 14:29 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Babylon

2008-04-02 18:19 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\Lavasoft

2008-04-02 18:19 --------- d-----w C:\Arquivos de programas\Lavasoft

2008-04-02 16:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-04-02 16:35 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-04-02 08:32 --------- d-----w C:\Arquivos de programas\Dicionário de Sinônimos -completo-

2008-04-01 02:15 --------- d-----w C:\Arquivos de programas\Desliga Aí!

2008-03-30 05:00 --------- d-----w C:\Documents and Settings\Evelin\Dados de aplicativos\LimeWire

2008-03-30 04:50 --------- d-----w C:\Arquivos de programas\LimeWire

2008-03-16 21:19 --------- d-----w C:\Arquivos de programas\Electronic Arts

2008-03-06 20:48 --------- d-----w C:\Arquivos de programas\EA GAMES

2008-03-04 22:39 --------- d-----w C:\Arquivos de programas\GenoPro

2008-03-03 16:58 --------- d-----w C:\Arquivos de programas\Babylon

2008-03-03 14:00 --------- d-----w C:\Arquivos de programas\CoolSMS

2008-02-28 21:24 --------- d-----w C:\Arquivos de programas\EGS

2007-11-14 23:30 22,328 ----a-w C:\Documents and Settings\Evelin\Dados de aplicativos\PnkBstrK.sys

2004-03-01 16:25 114,688 ----a-w C:\Arquivos de programas\internet explorer\plugins\ChimeShim.dll

.

 

------- Sigcheck -------

 

2004-08-04 03:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys

2004-08-04 03:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2008-03-19 19:36 1267040 --a------ C:\Arquivos de programas\Winamp Toolbar\winamptb.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Arquivos de programas\Winamp Toolbar\winamptb.dll" [2008-03-19 19:36 1267040]

 

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45 15360]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"blokfa"="C:\ARQUIV~1\BLOKFR~1\Agente.exe" [2007-06-06 08:56 660992]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-04-02 13:35 579072]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-02 15:05 249896]

"blokfsa"="bfsa.exe" [2007-03-14 11:18 390144 C:\WINDOWS\system32\bfsa.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-04-02 13:35 219136]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-04-04 08:53:35 1678536]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\BlueSoleil.lnk

backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Google Updater.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Google Updater.lnk

backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Evelin^Menu Iniciar^Programas^Inicializar^BitComet Acceleration Patch.lnk]

path=C:\Documents and Settings\Evelin\Menu Iniciar\Programas\Inicializar\BitComet Acceleration Patch.lnk

backup=C:\WINDOWS\pss\BitComet Acceleration Patch.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

--a------ 2006-05-10 10:12 90112 C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]

--a------ 2006-10-11 22:38 26112 C:\WINDOWS\system32\Ati2mdxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-09-14 21:05 344064 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

--a------ 2007-12-07 07:27 3032800 C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]

--a------ 2004-02-24 16:00 49152 C:\WINDOWS\VM_STI.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet Acceleration Patch]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\BitComet Acceleration Patch\BitComet Acceleration Patch.lnk

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blokfa]

---h----- 2007-06-06 08:56 660992 C:\ARQUIV~1\BLOKFR~1\Agente.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blokfsa]

---h----- 2007-03-14 11:18 390144 C:\WINDOWS\system32\bfsa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

--a------ 2004-08-04 04:45 110592 C:\WINDOWS\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 04:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2006-09-14 17:09 157592 C:\Arquivos de programas\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discador iG]

C:\Arquivos de programas\iGv6\Discador iG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]

C:\Arquivos de programas\FlashGet\FlashGet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 02:41 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iBest.baloon]

C:\Arquivos de programas\Discador iBest\baloon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSNShell]

C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POPDiscador]

C:\Arquivos de programas\POPDiscador\POPDiscador.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

--a------ 2006-10-11 22:37 668160 C:\Arquivos de programas\K-Lite Codec Pack\Real\mpclauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

-ra------ 2005-07-22 04:00 81920 C:\WINDOWS\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

--a------ 2008-03-29 15:50 2283120 C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-07-12 04:00 132496 C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboConnect]

C:\ARQUIV~1\TURBOC~1\TurboConnect.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=

"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"20173:TCP"= 20173:TCP:BitComet 20173 TCP

"20173:UDP"= 20173:UDP:BitComet 20173 UDP

 

R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 11:11]

R2 sbbotdi;sbbotdi;C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys [2008-03-29 15:50]

R2 VideoAcceleratorService;VideoAcceleratorService;C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-29 15:50]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-13 12:15:32

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-04-13 12:17:48 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-13 15:17:46

Pre-Run: 10,720,833,536 bytes disponíveis

Post-Run: 10,711,437,312 bytes dispon¡veis

 

 

HJT

 

Logfile of HijackThis v1.99.1

Scan saved at 12:22:09, on 13/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ibest.com.br/site/default_ck.js...odigo=001.00001

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [blokfa] C:\ARQUIV~1\BLOKFR~1\Agente.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [blokfsa] bfsa.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Set As Messenger Live Display Picture - C:\Arquivos de programas\MSNShell\BIN\SetMSNDP.htm

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe (file missing)

O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Arquivos de programas\MSNShell\Bin\MSNShell.exe (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .csm: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .csml: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cub: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cube: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .dx: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .emb: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .embl: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .gau: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mol: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mop: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .scr: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .skc: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .spt: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\Arquivos de programas\Internet Explorer\Plugins\npchime.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148

O17 - HKLM\System\CS1\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148

O17 - HKLM\System\CS2\Services\Tcpip\..\{3A4FAFA8-EF0A-4306-8350-BF3BB0566BC8}: NameServer = 200.149.55.140,200.165.132.148

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! EvelinSF

 

>@< Abra o HijackThis,e dê Fix nesta entrada:

 

O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file)

----------------------------------

>@< Clique em Iniciar >> Executar >> Digite: Combofix.exe /u >> Clique Ok.

 

runlm8.jpg

 

>@< Na solicitação,escolha o dois. ( 2 )

----------------------------------

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

----------------------------------

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Analisar >> Executar Limpeza.

>@< Terminando,clique em Registro >> Procurar erros >> Corrigir erros selecionados.

----------------------------------

>@< No mais,tudo Ok. :thumbsup:

>@< Log Limpo!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.