LFABER 0 Denunciar post Postado Fevereiro 4, 2009 Ola, pe,co encarecidamente que me ajudem com este Log do HijackThis, o computador esta' muito devagar, ja' retirei alguns virus com a ajuda do Norton! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:17:00 PM, on 2/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\WINDOWS\System32\hphmon03.exe C:\WINDOWS\SM1BG.EXE C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\CallCentral\CallCentral.exe C:\WINDOWS\system32\imglog.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\DrvSvc.exe C:\WINDOWS\system32\allg.exe C:\WINDOWS\system32\tophps.exe C:\Program Files\hp center\137903\Program\BackWeb-137903.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Antivirus\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher...amp;tbid=%tb_id R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tb...0112&tmpl=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80112 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tb...0112&tmpl=1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80112 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll (file missing) O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing) O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3 O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [Logitech CallCentral] "C:\Program Files\Logitech\CallCentral\CallCentral.exe" /hide O4 - HKLM\..\Run: [GlobalFlagimglog] C:\WINDOWS\system32\imglog.exe O4 - HKLM\..\Run: [GlobalFlagimglog2] C:\WINDOWS\system32\ssmss.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [explorer] C:\WINDOWS\system32\allg.exe O4 - HKCU\..\Run: [serviço de Drivers] C:\WINDOWS\system32\DrvSvc.exe O4 - HKCU\..\Run: [internetnitro] C:\WINDOWS\system32\tophps.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user') O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pp...stemsoappro.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 11628 bytes Sou Muito Grata Desde Ja', LFABER Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 5, 2009 Boa Tarde! LFABER <@> Dê um duplo clique no ícone do Norton,situado ao lado do relógio.<@> Vá em Sistema,e clique em Auto-Protect. <@> Desmarque as seguintes opções: < 1 > Ativar Auto-Protect < 2 > Iniciar o Auto-Protect ao iniciar o Windows <@> Ainda em Sistema,clique em Bloqueio de scripts. <@> Desmarque a opção: < 1 > Ativar bloqueio de scripts <@> Baixe: < BankerFix 3.0 > <@> Salve-o no Disco Local-C! <@> Desabilite,temporariamente,o seu anti-vírus. <@> Dê um duplo-clique sobre o bankerfix.exe. <@> Ps: Execute o bankerfix.exe,apenas uma vez!Evitando,com isso,a sobrescrição de seu relatório. <@> A janela do BankerFix 3.0,abrir-se-á com a seguinte pergunta: "Instalar o Bankerfix 3.0?" <-- Traduzido! <@> Clique em Sim! <@> Uma janela informando que o BankerFix 3.0 será baixado,via internet,abrir-se-á. <@> Clique OK. <-- Aguarde! <@> Na próxima janela,clique em OK. <@> O BankerFix 3.0 será iniciado! <@> Pressione qualquer tecla,para dar continuidade ao processo. <-- Aguarde! <@> Terminado o scan,leia a mensagem na tela e aperte Enter. <@> Habilite o seu anti-vírus. <@> Retorne com o relatório,do BankerFix,que estará em: C:\LinhaDefensiva\relatorio.txt <-- <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
LFABER 0 Denunciar post Postado Fevereiro 16, 2009 Ola', DigRam, aqui vai o Segundo Log do Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:59:49 PM, on 2/16/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\hphmon03.exe C:\WINDOWS\SM1BG.EXE C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\svchost.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\CallCentral\CallCentral.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\DrvSvc.exe C:\WINDOWS\system32\tophps.exe C:\Program Files\hp center\137903\Program\BackWeb-137903.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Antivirus\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher...amp;tbid=%tb_id R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tb...0112&tmpl=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80112 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tb...0112&tmpl=1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80112 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing) O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3 O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [Logitech CallCentral] "C:\Program Files\Logitech\CallCentral\CallCentral.exe" /hide O4 - HKLM\..\Run: [GlobalFlagimglog2] C:\WINDOWS\system32\ssmss.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [serviço de Drivers] C:\WINDOWS\system32\DrvSvc.exe O4 - HKCU\..\Run: [internetnitro] C:\WINDOWS\system32\tophps.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user') O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pp...stemsoappro.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 11253 bytes Este e' um computador americano, tudo em ingl^es. Para encontrar "Sistema", fui no Painel de Controle, e entrei no System. Com rela,c~ao aos "scripts", fui em Op,c~oes da Internet= Internet Options. Desde j'a agrade,co a aten,c~ao e ajuda!! Abra,cos de LFABER Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 16, 2009 Boa Noite! LFABER <!> Restou postar,o relatório do BankerFix. ( C:\LinhaDefensiva\relatorio.txt ) <!> Se voçê está com dificuldades,ao rodar a ferramenta,tentaremos outro(s) método( s ). Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
LFABER 0 Denunciar post Postado Fevereiro 20, 2009 BOA NOITE Dig Ram BankerFix 3.0 VALKYRIE - Banker Trojan Remover Linha Defensiva | http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ ------------------------------------------------------- Date: 2009-02-16 - 13:49 ------------------------------------------------------- Version: 2009-01-21-2 | CORE: 2009-01-21-1 ======================================================= Infected file detected: C:\WINDOWS\ponto.dll Infected file successfully removed. Infected file detected: C:\WINDOWS\syst.dat Infected file successfully removed. Infected file detected: C:\WINDOWS\SYSTEM32\dllhostc.exe Infected file successfully removed. Infected file detected: C:\WINDOWS\SYSTEM32\MEGATRON.ini Infected file successfully removed. Infected file detected: C:\WINDOWS\SYSTEM32\nvsvc33.exe Infected file successfully removed. Infected file detected: C:\WINDOWS\SYSTEM32\imglog.exe Infected file successfully removed. ----- End ------------------------- Ai' esta', Muito Grata e Esperando Resposta!! LFABER Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 20, 2009 Bom Dia! LFABER <@> Baixe: < > ( ...by sUBs ) <@> Salve-o no desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Na solicitação: "Negação de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.<!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link! <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas. <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! <><><><><><><><><><><><> <@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
LFABER 0 Denunciar post Postado Fevereiro 22, 2009 Ola' Amigo DigRam, Aqui vai o Relat'orio do ComboFix; ComboFix 09-02-21.01 - Sonia Krieg 2009-02-22 11:02:35.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.44 [GMT -5:00] Running from: c:\documents and settings\Sonia Krieg\Desktop\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Updated) FW: Norton 360 *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\EPUWALcontrol.dll c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\EPUWALcontrol.inf c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\FP_AX_CAB_INSTALLER.exe c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\HPDEXAXO.dll c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\HPDEXAXO.inf c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\MsnInstC.dll c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\MsnInstC.inf c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\MsnPUpld.dll c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\MsnPUpld.inf c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\PURen-us.dll c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\swflash.inf c:\documents and settings\Sonia Krieg\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll c:\documents and settings\Sonia Krieg\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini c:\windows\IE4 Error Log.txt c:\windows\setup.exe c:\windows\system\oeminfo.ini . ((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 ))))))))))))))))))))))))))))))) . 2009-02-16 13:47 . 2009-02-16 13:49 <DIR> d-------- C:\LinhaDefensiva 2009-02-14 09:45 . 2009-02-14 09:46 <DIR> d-------- c:\documents and settings\Owner\Application Data\HPAppData 2009-02-03 22:14 . 2009-02-19 20:05 <DIR> d-------- C:\Antivirus 2009-01-29 15:28 . 2009-02-19 11:07 <DIR> d-------- c:\windows\SYSTEM32\CatRoot_10 2009-01-29 15:24 . 2009-01-29 15:28 480,876 ---hs---- c:\windows\SYSTEM32\tophps.exe 2009-01-29 14:10 . 2009-01-29 15:12 376,231 --a------ c:\windows\SYSTEM32\jumb.exe 2009-01-29 11:45 . 2009-01-30 13:09 <DIR> d---s---- c:\windows\Downloaded Program Files 2009-01-25 22:56 . 2009-01-25 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-01-25 09:24 . 2009-01-25 09:24 32,768 --a------ c:\windows\SYSTEM32\DrvSvc.exe 2009-01-24 16:45 . 2009-01-24 16:45 2 --a------ c:\windows\SYSTEM32\FelizAnoNovo.zip 2009-01-24 16:43 . 2009-01-25 09:24 24,884 --a------ c:\windows\SYSTEM32\MSNMessengerAPI.tlb 2009-01-24 15:03 . 2009-01-24 15:04 3,265,573 --a------ c:\windows\SYSTEM32\imagens.zip . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-22 15:54 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-22 15:53 --------- d-----w c:\documents and settings\Sonia Krieg\Application Data\HPAppData 2009-02-19 22:23 --------- d-----w c:\documents and settings\Sonia Krieg\Application Data\MSN6 2009-01-24 23:11 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-01-24 23:11 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-24 23:11 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-24 23:11 --------- d-----w c:\program files\Symantec 2009-01-05 03:37 --------- d-----w c:\program files\Yahoo! 2008-12-28 19:06 --------- d-----w c:\program files\Common Files\Logitech 2008-12-28 18:59 --------- d-----w c:\program files\Common Files\LogiShrd 2008-12-28 18:58 --------- d-----w c:\program files\Logitech 2008-12-27 16:15 --------- d-----w c:\documents and settings\Sonia Krieg\Application Data\Sony Corporation 2008-12-27 15:58 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-27 15:49 --------- d-----w c:\program files\Sony 2008-12-27 15:46 --------- d-----w c:\documents and settings\Sonia Krieg\Application Data\InstallShield 2008-12-26 01:16 77,824 ----a-w c:\windows\FelizAnoNovo.exe 2004-07-21 00:03 750,983 -c--a-w c:\program files\f11.jpg 2004-07-21 00:03 622,260 -c--a-w c:\program files\f10.jpg 2004-07-21 00:02 677,456 -c--a-w c:\program files\f9.jpg 2003-08-27 18:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll 2008-08-05 12:59 32,768 -csha-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080520080806\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded] @="{4433A54A-1AC8-432F-90FC-85F045CF383C}" [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}] 2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending] @="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}] 2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected] @="{476D0EA3-80F9-48B5-B70B-05E677C9C148}" [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}] 2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Serviço de Drivers"="c:\windows\system32\DrvSvc.exe" [2009-01-25 32768] "internetnitro"="c:\windows\system32\tophps.exe" [2009-01-29 480876] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-04-26 77824] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032] "HPHmon03"="c:\windows\System32\hphmon03.exe" [2003-01-30 311296] "DDCActiveMenu"="c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [2001-10-03 94208] "SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208] "RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 1470464] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-03 185872] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-20 488984] "Logitech CallCentral"="c:\program files\Logitech\CallCentral\CallCentral.exe" [2007-02-20 366616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2008-02-21 152952] "Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232] c:\documents and settings\Sonia Krieg\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-27 385024] c:\documents and settings\All Users\Start Menu\Programs\Startup\ hp center.lnk - c:\program files\hp center\137903\Program\BackWeb-137903.exe [2001-11-07 16384] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] NvQTwk [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu] -----c--- 2001-10-03 05:23 94208 c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCM] -----c--- 2001-10-03 05:21 155648 c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] -----c--- 2001-08-08 02:36 90112 c:\windows\SYSTEM32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] -----c--- 1998-05-07 19:04 52736 c:\windows\SYSTEM\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] -----c--- 2001-08-08 03:25 143360 c:\windows\SYSTEM32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a------ 2005-02-02 16:44 61440 c:\hp\KBD\kbd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] -----c--- 2001-07-04 00:13 81920 c:\windows\SYSTEM32\ps2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] -----c--- 2001-06-16 01:34 212992 c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2] -----c--- 2001-10-04 21:06 69632 c:\windows\SYSTEM32\S3tray2.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 sonypvl2;sonypvl2;c:\windows\SYSTEM32\drivers\sonypvl2.sys [2004-04-19 19478] R1 sonypvf2;sonypvf2;c:\windows\SYSTEM32\drivers\sonypvf2.sys [2004-04-19 634798] R1 sonypvt2;sonypvt2;c:\windows\SYSTEM32\drivers\sonypvt2.sys [2004-04-19 430670] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-29 99376] R3 lvdevenb;Logitech Device Enabler Filter;c:\windows\SYSTEM32\drivers\lvdevenb.sys [2008-12-28 35104] S1 sonypvd2;sonypvd2;c:\windows\SYSTEM32\drivers\sonypvd2.sys [2004-04-19 64093] S3 COH_Mon;COH_Mon;c:\windows\SYSTEM32\drivers\COH_Mon.sys [2008-01-12 23888] S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\SYSTEM32\drivers\hphius09.sys [2003-01-30 18864] S3 trid3d;trid3d;c:\windows\SYSTEM32\drivers\trid3dm.sys [2001-07-31 130332] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2003-11-20 c:\windows\Tasks\ISP signup reminder 2.job - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:12] 2003-11-20 c:\windows\Tasks\ISP signup reminder 3.job - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:12] 2003-11-20 c:\windows\Tasks\Registration reminder 2.job - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:12] 2003-11-20 c:\windows\Tasks\Registration reminder 3.job - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:12] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Zero Knowledge Freedom - c:\program files\Zero Knowledge\Freedom\AutoStarterR.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mSearch Bar = hxxp://srch-us4.hpwis.com/ uInternet Settings,ProxyOverride = localhost DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-22 11:07:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-02-22 11:11:13 ComboFix-quarantined-files.txt 2009-02-22 16:11:07 Pre-Run: 58,466,500,608 bytes free Post-Run: 58,527,621,120 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows Whistler Personal" /fastdetect /NoExecute=OptIn 230 --- E O F --- 2009-02-11 19:16:47 Muitos V'irus Por Aqui , 'E dose amigo, esse tal de MSN, Orkut e outros programinhas!! Abra,cos e Tudo de Bom!! LFABER Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 22, 2009 Boa Tarde! LFABER <@> Baixe: < Kaspersky Virus Removal Tool > <@> Salve-o em Arquivos de Programas,e instale-o aí mesmo! <@> Reinicie o computador,em Modo de Segurança! <-- Importante! <@> Dê início ao exame,clicando em "Scan". <@> A verificação é um pouco demorada. Aguarde! <@> Caso seja encontrada infecções,clique em "disinfect". <@> Terminando,clique na aba Events. <@> Desmarque a caixa de seleção "Show all events". <@> Clique em "Save to file". <@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem! <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
LFABER 0 Denunciar post Postado Março 6, 2009 Ol'a Dig Ram, Consegui salvar o Kaspersky em Program Files e reiniciei no modo de seguran,ca. N~ao tenho como dar in'icio ao SCAN, porque o Administrador de Sistema n~ao deixa que a instala,c~ao aconte,ca; " The system adminstrator has set policies to prevent this instalation". Fui em Feramentas, opc~oes da Internet. Tentei abrir caminhos e nada. Por favor me ajude. Muito Grata desde j'a!! LFABER Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Março 6, 2009 Bom Dia! LFABER <@> Baixe: < FixPolicies > <@> Salve-o no Desktop! <@> Esteja logado como Administrador! <@> Execute o arquivo FixPolicies.exe,com um duplo-clique. <@> Clique em Install. <@> Abra a pasta FixPolicies --> Clique em Fix_policies.cmd --> Enter. <@> Dê permissão ao reparo,caso seja negado por programas de proteção. <@> Aguarde o término da verificação! <@> Tente executar o Kaspersky Virus Removal Tool. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
LFABER 0 Denunciar post Postado Março 10, 2009 Ol'a DigRam, Aqui vai o novo Log do HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:34:09 AM, on 3/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\WINDOWS\System32\hphmon03.exe C:\WINDOWS\SM1BG.EXE C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\CallCentral\CallCentral.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\DrvSvc.exe C:\Program Files\hp center\137903\Program\BackWeb-137903.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Antivirus\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tb...0112&tmpl=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80112 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file) O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [Logitech CallCentral] "C:\Program Files\Logitech\CallCentral\CallCentral.exe" /hide O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [serviço de Drivers] C:\WINDOWS\system32\DrvSvc.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user') O4 - Startup: is-FN79P.lnk = C:\Documents and Settings\Sonia Krieg\My Documents\LEILA\Virus Removal Tool\is-FN79P\startup.exe O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 10421 bytes Alguns Trojans e Bankers j'a foram removidos! E, por favor, como fa,co para deletar o Kaspersky? Na pasta onde ele se encontra, n~ao consegui! Fico muito grata desde j'a!! Abra,cos e Tudo de BOM LFABER Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Março 10, 2009 Boa Tarde! LFABER E, por favor, como fa,co para deletar o Kaspersky? Na pasta onde ele se encontra, n~ao consegui! <!> Voçê não postou o relatório do Kaspersky,e já quer removê-lo? rsrsr... <><><><><><><><><><><> <@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK. <@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança ) <@> Clique em Executar --> Aguarde! <@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK. <@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório! <><><><><><><><><><><> <!> Baixe,novamente: ComboFix.exe --> Execute-o --> Poste seu relatório: ComboFix.txt Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
LFABER 0 Denunciar post Postado Abril 7, 2009 ComboFix 09-04-04.01 - Sonia Krieg 2009-04-07 13:59:55.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.41 [GMT -4:00] Running from: c:\documents and settings\Sonia Krieg\Desktop\Kombo.exe AV: Norton 360 *On-access scanning disabled* (Updated) FW: Norton 360 *disabled* * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 ))))))))))))))))))))))))))))))) . 2009-04-05 20:52 . 2009-04-07 13:55 <DIR> d-------- c:\program files\Google 2009-03-27 12:05 . 2009-03-27 12:05 <DIR> dr------- c:\program files\Norton Support 2009-03-16 18:03 . 2009-03-16 18:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B} 2009-03-16 18:02 . 2009-03-16 18:02 <DIR> d-------- c:\program files\Symantec 2009-03-16 18:02 . 2009-03-16 18:02 124,464 --a------ c:\windows\SYSTEM32\drivers\SYMEVENT.SYS 2009-03-16 18:02 . 2009-03-16 18:02 60,808 --a------ c:\windows\SYSTEM32\S32EVNT1.DLL 2009-03-16 18:02 . 2009-03-16 18:02 36,400 -ra------ c:\windows\SYSTEM32\drivers\SymIM.sys 2009-03-16 18:02 . 2009-03-16 18:02 7,386 --a------ c:\windows\SYSTEM32\drivers\SYMEVENT.CAT 2009-03-16 18:02 . 2009-03-16 18:02 805 --a------ c:\windows\SYSTEM32\drivers\SYMEVENT.INF 2009-03-16 18:00 . 2009-03-16 18:00 <DIR> d-------- c:\windows\SYSTEM32\drivers\N360 2009-03-16 18:00 . 2009-03-16 18:01 <DIR> d-------- c:\program files\Norton 360 2009-03-16 16:19 . 2009-03-16 16:19 <DIR> d-------- c:\program files\NortonInstaller 2009-03-16 16:19 . 2009-03-16 16:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCSettings 2009-03-16 16:19 . 2009-03-16 17:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-03-16 16:19 . 2009-03-16 18:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton 2009-03-16 16:15 . 2009-03-16 16:15 <DIR> d-------- c:\documents and settings\All Users\Symantec Temporary Files 2009-03-09 16:29 . 2009-03-10 08:40 5,570,592 --ahs---- c:\windows\SYSTEM32\drivers\fidbox.dat 2009-03-09 16:29 . 2009-03-10 08:40 66,356 --ahs---- c:\windows\SYSTEM32\drivers\fidbox.idx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-07 17:37 --------- d-----w c:\documents and settings\Sonia Krieg\Application Data\HPAppData 2009-03-16 22:08 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-16 22:00 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-03-16 20:24 --------- d-----w c:\documents and settings\Sonia Krieg\Application Data\Symantec 2009-03-09 20:18 35,591,440 ----a-w c:\program files\Kaspersky.exe 2009-02-28 02:30 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-19 22:23 --------- d-----w c:\documents and settings\Sonia Krieg\Application Data\MSN6 2009-02-14 14:46 --------- d-----w c:\documents and settings\Owner\Application Data\HPAppData 2004-07-21 00:03 750,983 -c--a-w c:\program files\f11.jpg 2004-07-21 00:03 622,260 -c--a-w c:\program files\f10.jpg 2004-07-21 00:02 677,456 -c--a-w c:\program files\f9.jpg 2003-08-27 18:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll 2008-08-05 12:59 32,768 -csha-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080520080806\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-02-22_11.09.25.49 ))))))))))))))))))))))))))))))))))))))))) . + 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll + 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll + 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe + 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll + 2008-04-14 00:12:05 8,461,312 -c----w c:\windows\$NtUninstallKB967715$\shell32.dll + 2008-07-09 07:38:25 231,288 -c----w c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe + 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB967715$\spuninst\updspapi.dll + 2008-08-12 18:15:10 450,560 ----a-w c:\windows\Downloaded Program Files\symdlmgr.dll - 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE - 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe + 2000-08-31 12:00:00 29,696 ----a-w c:\windows\NIRCMD.exe - 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2008-09-17 20:29:12 20,040 ----a-w c:\windows\SYSTEM32\config\systemprofile\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll + 2008-05-19 10:33:20 4,445,184 ------w c:\windows\SYSTEM32\dllcache\msi.dll + 2008-05-19 05:57:42 95,744 ------w c:\windows\SYSTEM32\dllcache\msiexec.exe - 2008-04-14 00:11:59 271,360 -c--a-w c:\windows\SYSTEM32\dllcache\msihnd.dll + 2008-05-19 10:33:20 332,800 ----a-w c:\windows\SYSTEM32\dllcache\msihnd.dll + 2008-04-17 05:43:24 2,560 ------w c:\windows\SYSTEM32\dllcache\msimsg.dll + 2008-05-19 10:33:20 18,944 ------w c:\windows\SYSTEM32\dllcache\msisip.dll + 2008-12-05 06:54:55 144,896 ------w c:\windows\SYSTEM32\dllcache\schannel.dll + 2008-06-17 19:02:19 8,461,312 ------w c:\windows\SYSTEM32\dllcache\shell32.dll - 2008-09-15 12:12:56 1,846,400 -c----w c:\windows\SYSTEM32\dllcache\win32k.sys + 2009-02-09 11:13:27 1,846,784 ------w c:\windows\SYSTEM32\dllcache\win32k.sys - 2007-06-12 03:51:12 10,834,944 -c--a-w c:\windows\SYSTEM32\dllcache\wmp.dll + 2008-11-11 22:34:42 10,838,016 ----a-w c:\windows\SYSTEM32\dllcache\wmp.dll - 2008-04-17 17:12:54 15,464 ----a-w c:\windows\SYSTEM32\drivers\GEARAspiWDM.sys + 2009-01-15 16:19:36 23,848 ----a-w c:\windows\SYSTEM32\drivers\GEARAspiWDM.sys + 2009-03-16 22:02:18 258,608 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\BHDrvx86.sys + 2009-03-16 22:02:18 482,352 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\cchpx86.sys + 2009-03-16 22:02:20 307,760 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\srtsp.sys + 2009-03-16 22:02:20 43,696 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\srtspx.sys + 2009-03-16 22:02:20 310,320 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\SymEFA.sys + 2009-03-16 22:02:21 89,776 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\symfw.sys + 2009-03-16 22:02:21 34,736 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\symids.sys + 2009-03-16 22:02:21 37,296 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\symndis.sys + 2009-03-16 22:02:21 39,984 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\symndisv.sys + 2009-03-16 22:02:21 217,392 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\symtdi.sys + 2008-04-17 16:12:54 107,368 -c--a-w c:\windows\SYSTEM32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE\x86\GEARAspi.dll + 2009-01-15 16:19:36 23,848 -c--a-w c:\windows\SYSTEM32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE\x86\GEARAspiWDM.sys - 2008-10-17 17:08:55 257,456 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT + 2009-03-12 22:40:28 257,456 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT - 2008-04-17 17:12:54 107,368 ----a-w c:\windows\SYSTEM32\GEARAspi.dll + 2008-04-17 16:12:54 107,368 ----a-w c:\windows\SYSTEM32\GEARAspi.dll + 2009-02-03 02:07:18 240,544 ----a-r c:\windows\SYSTEM32\Macromed\Flash\FlashUtil10b.exe - 2009-02-03 23:21:12 21,244,864 -c--a-w c:\windows\SYSTEM32\MRT.exe + 2009-02-25 16:55:00 24,768,960 -c--a-w c:\windows\SYSTEM32\MRT.exe - 2008-04-14 00:11:59 2,843,136 ----a-w c:\windows\SYSTEM32\msi.dll + 2008-05-19 10:33:20 4,445,184 ----a-w c:\windows\SYSTEM32\msi.dll - 2008-04-14 00:12:28 78,848 ----a-w c:\windows\SYSTEM32\msiexec.exe + 2008-05-19 05:57:42 95,744 ----a-w c:\windows\SYSTEM32\msiexec.exe - 2008-04-14 00:11:59 271,360 -c--a-w c:\windows\SYSTEM32\msihnd.dll + 2008-05-19 10:33:20 332,800 ----a-w c:\windows\SYSTEM32\msihnd.dll - 2008-04-13 15:39:43 884,736 ----a-w c:\windows\SYSTEM32\msimsg.dll + 2008-04-17 05:43:24 2,560 ----a-w c:\windows\SYSTEM32\msimsg.dll - 2008-04-14 00:11:59 15,360 ----a-w c:\windows\SYSTEM32\msisip.dll + 2008-05-19 10:33:20 18,944 ----a-w c:\windows\SYSTEM32\msisip.dll - 2008-11-03 13:55:35 53,436 ----a-w c:\windows\SYSTEM32\perfc009.dat + 2009-03-08 12:34:55 53,436 ----a-w c:\windows\SYSTEM32\perfc009.dat - 2008-11-03 13:55:35 381,692 ----a-w c:\windows\SYSTEM32\perfh009.dat + 2009-03-08 12:34:55 381,692 ----a-w c:\windows\SYSTEM32\perfh009.dat - 2008-04-14 00:12:05 144,384 ----a-w c:\windows\SYSTEM32\schannel.dll + 2008-12-05 06:54:55 144,896 ----a-w c:\windows\SYSTEM32\schannel.dll - 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\SYSTEM32\shell32.dll + 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\SYSTEM32\shell32.dll - 2008-07-09 07:38:24 17,272 ------w c:\windows\SYSTEM32\spmsg.dll + 2007-11-30 09:39:22 17,272 ------w c:\windows\SYSTEM32\spmsg.dll - 2007-08-11 00:46:18 26,488 -c--a-w c:\windows\SYSTEM32\spupdsvc.exe + 2007-07-27 13:41:38 26,488 ----a-w c:\windows\SYSTEM32\spupdsvc.exe - 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys + 2009-02-09 11:13:27 1,846,784 ----a-w c:\windows\SYSTEM32\win32k.sys - 2007-06-12 03:51:12 10,834,944 ----a-w c:\windows\SYSTEM32\wmp.dll + 2008-11-11 22:34:42 10,838,016 ----a-w c:\windows\SYSTEM32\wmp.dll + 2009-04-07 16:36:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2d8.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Serviço de Drivers"="c:\windows\system32\DrvSvc.exe" [2009-01-25 32768] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-04-26 77824] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032] "HPHmon03"="c:\windows\System32\hphmon03.exe" [2003-01-30 311296] "DDCActiveMenu"="c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [2001-10-03 94208] "RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 1470464] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-03 185872] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-20 488984] "Logitech CallCentral"="c:\program files\Logitech\CallCentral\CallCentral.exe" [2007-02-20 366616] "SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208] c:\documents and settings\Sonia Krieg\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-27 385024] c:\documents and settings\All Users\Start Menu\Programs\Startup\ hp center.lnk - c:\program files\hp center\137903\Program\BackWeb-137903.exe [2001-11-07 16384] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] NvQTwk [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu] -----c--- 2001-10-03 06:23 94208 c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCM] -----c--- 2001-10-03 06:21 155648 c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] -----c--- 2001-08-08 03:36 90112 c:\windows\SYSTEM32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] -----c--- 1998-05-07 20:04 52736 c:\windows\SYSTEM\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] -----c--- 2001-08-08 04:25 143360 c:\windows\SYSTEM32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a------ 2005-02-02 17:44 61440 c:\hp\KBD\kbd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] -----c--- 2001-07-04 01:13 81920 c:\windows\SYSTEM32\ps2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] -----c--- 2001-06-16 02:34 212992 c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2] -----c--- 2001-10-04 22:06 69632 c:\windows\SYSTEM32\S3tray2.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\WINDOWS\\SYSTEM32\\mmc.exe"= "c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 sonypvl2;sonypvl2;c:\windows\SYSTEM32\drivers\sonypvl2.sys [2004-04-19 19478] R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\drivers\N360\0300000.086\SymEFA.sys [2009-03-16 18:02:20 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\drivers\N360\0300000.086\BHDrvx86.sys [2009-03-16 18:02:18 258608] R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\drivers\N360\0300000.086\cchpx86.sys [2009-03-16 18:02:18 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090331.007\IDSXpx86.sys [2009-04-03 276344] R1 sonypvf2;sonypvf2;c:\windows\SYSTEM32\drivers\sonypvf2.sys [2004-04-19 634798] R1 sonypvt2;sonypvt2;c:\windows\SYSTEM32\drivers\sonypvt2.sys [2004-04-19 430670] R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [2009-03-16 115560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936] R3 lvdevenb;Logitech Device Enabler Filter;c:\windows\SYSTEM32\drivers\lvdevenb.sys [2008-12-28 35104] S1 sonypvd2;sonypvd2;c:\windows\SYSTEM32\drivers\sonypvd2.sys [2004-04-19 64093] S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\SYSTEM32\drivers\hphius09.sys [2003-01-30 18864] S3 trid3d;trid3d;c:\windows\SYSTEM32\drivers\trid3dm.sys [2001-07-31 130332] S3 utiznzu3;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utiznzu3.sys --> c:\windows\system32\Drivers\utiznzu3.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\PLAY.EXE \Shell\install\command - e:\install\_SETUP.exe . Contents of the 'Scheduled Tasks' folder 2003-11-20 c:\windows\Tasks\ISP signup reminder 2.job - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 20:12] 2003-11-20 c:\windows\Tasks\ISP signup reminder 3.job - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 20:12] 2003-11-20 c:\windows\Tasks\Registration reminder 2.job - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 20:12] 2003-11-20 c:\windows\Tasks\Registration reminder 3.job - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 20:12] . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe HKU-Default-Run-Symantec NetDriver Warning - c:\progra~1\SYMNET~1\SNDWarn.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mSearch Bar = hxxp://srch-us4.hpwis.com/ uInternet Settings,ProxyOverride = localhost DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-07 14:04:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1" . Completion time: 2009-04-07 14:11:33 ComboFix-quarantined-files.txt 2009-04-07 18:11:16 Pre-Run: 57,990,823,936 bytes free Post-Run: 57,931,038,720 bytes free 280 --- E O F --- 2009-03-15 00:43:45 E aqui vai um novo Log do HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:48:08 PM, on 4/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\WINDOWS\System32\hphmon03.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\CallCentral\CallCentral.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\SM1BG.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\DrvSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\hp center\137903\Program\BackWeb-137903.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Antivirus\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tb...0112&tmpl=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80112 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [Logitech CallCentral] "C:\Program Files\Logitech\CallCentral\CallCentral.exe" /hide O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [serviço de Drivers] C:\WINDOWS\system32\DrvSvc.exe O4 - HKUS\S-1-5-21-1790521817-3848448594-3852255402-1003\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun (User 'Owner') O4 - HKUS\S-1-5-21-1790521817-3848448594-3852255402-1003\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe" (User 'Owner') O4 - HKUS\S-1-5-21-1790521817-3848448594-3852255402-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Owner') O4 - HKUS\S-1-5-21-1790521817-3848448594-3852255402-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Krieg's Bakery') O4 - HKUS\S-1-5-21-1790521817-3848448594-3852255402-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest') O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user') O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe -- End of file - 9989 bytes Muito Grata por sua ajuda e esperando sua resposta!! LFABER Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 7, 2009 Boa Noite! LFABER Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... ) <@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas. <@> Salve-o,no Desktop,com o nome: CFScript.txt Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000000 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 1 (0x0) File:: E:\PLAY.EXE e:\install\_SETUP.exe <@> Ps: Não utilizem este script em outra máquina! <@> Arraste,o CFScript.txt para o ícone/interior do ComboFix. <@> Veja a demonstração! <@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix. <@> Ps: Faça o arraste,até surgir essa solicitação! ( janela ) <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Maio 8, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
