LityAlves 0 Denunciar post Postado Agosto 6, 2009 Não consigo abrir as seguintes coisas: user acconts, serch,system restore, defragmenter entre outros. Estou tendo uma série de problemas c/ o pc e quando resolvi tentar restaurar descobri que quase nada está funcionando. Segue abaixo o Log do Hijackthis... Desde de já muitissimo obrigada! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:14:59, on 6/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\PROGRA~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Marcelo\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iconcache] c:\windows\vcp_temp\iconcache\icon.bat O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" -mini O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [] O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com O17 - HKLM\System\CCS\Services\Tcpip\..\{6FF0B388-BFB8-4970-AB94-FDE8B194488F}: NameServer = 200.205.125.58,200.205.125.57 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: __GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Marcelo\LOCALS~1\Temp\hpdj.exe (file missing) O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing) -- End of file - 9683 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 6, 2009 :thumbsup: Olá LityAlves! Seja bem-vinda ao Fórum Imasters. :seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Policies\Explorer\Run: [] O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') ________________________________________________________________ :seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: Faça o download do ComboFix 1) Desabilite o seu anti-vírus temporariamente; 2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos); 3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Clique em “SIM” para continuar. 4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console antes de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura. Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente. Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA. Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADO COM SUCESSO”. Clique sobre “SIM” para continuar a varredura. 5) O ComboFix iniciará o AUTOSCAN (aguarde). ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco). Ao término do processo a máquina será reiniciada para a emissão do relatório. 6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log dele estará em C:\ComboFix.txt. 7) Reabilite o seu anti-vírus; OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO ou caso os virus ou malwares bloqueiem a execução do Combofix, baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Neste caso, nomeie-o como Kombofix durante o salvamento e não após salvá-lo! Em último caso, se não for possível executar o Combofix no Modo Normal do Windows, tente utilizar o ComboFix em MODO SEGURO (reiniciando o computador e pressionando a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento; OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB. * Se por algum motivo você precisar parar ou sair do ComboFix, tecle "N". * Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar"; Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
LityAlves 0 Denunciar post Postado Agosto 6, 2009 O relatório do Notepad do Combofix é gigantesco, eu posto ele todo ou só a parte de Relatório Find3M ? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:42:21, on 6/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe C:\PROGRA~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\carpserv.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\NOTEPAD.EXE C:\Documents and Settings\Marcelo\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [srmclean] "C:\Cpqs\Scom\srmclean.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Display Settings] "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" /s O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe" O4 - HKLM\..\Run: [CARPService] "carpserv.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe" O4 - HKLM\..\Run: [MsmqIntCert] "regsvr32" /s mqrt.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com O17 - HKLM\System\CCS\Services\Tcpip\..\{6FF0B388-BFB8-4970-AB94-FDE8B194488F}: NameServer = 200.205.125.58,200.205.125.57 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: __GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Marcelo\LOCALS~1\Temp\hpdj.exe (file missing) O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing) O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- End of file - 9176 bytes Compartilhar este post Link para o post Compartilhar em outros sites
LityAlves 0 Denunciar post Postado Agosto 6, 2009 . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-06 19:21 . 2007-04-19 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\GbPlugin 2009-08-06 06:29 . 2006-08-16 06:51 48352 -c--a-w- c:\documents and settings\Marcelo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-06 06:24 . 2006-08-18 04:09 12 -c--a-w- c:\windows\bthservsdp.dat 2009-08-04 04:12 . 2007-10-03 02:18 -------- d-----w- c:\program files\iTunes 2009-08-04 03:21 . 2008-03-21 01:30 -------- d-----w- c:\program files\Common Files\Apple 2009-08-03 23:33 . 2008-03-04 06:35 -------- d-----w- c:\program files\Windows Live 2009-08-03 23:32 . 2008-03-04 06:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller 2009-07-31 20:00 . 2009-06-26 06:36 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-29 19:29 . 2009-06-03 22:40 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-22 20:17 . 2006-11-13 12:13 -------- d-----w- c:\program files\Google 2009-07-21 06:31 . 2009-06-17 01:33 -------- d-----w- c:\documents and settings\Marcelo\Application Data\U3 2009-07-19 05:19 . 2008-04-13 03:55 -------- d-----w- c:\program files\Messenger Plus! Live 2009-07-03 17:09 . 2006-06-23 14:33 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 06:35 . 2009-03-11 21:14 -------- d-----w- c:\program files\Microsoft 2009-06-24 21:21 . 2009-06-23 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-06-23 02:17 . 2009-06-23 02:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR 2009-06-23 02:16 . 2009-06-03 22:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-23 02:16 . 2009-06-03 22:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-21 05:02 . 2007-11-11 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-06-21 04:39 . 2009-06-21 04:39 -------- d-----w- c:\documents and settings\Marcelo\Application Data\Auslogics 2009-06-21 04:11 . 2003-03-24 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-20 03:02 . 2009-06-03 22:39 -------- d-----w- c:\documents and settings\Marcelo\Application Data\AVGTOOLBAR 2009-06-19 04:13 . 2009-06-19 04:13 1024 ----a-w- c:\documents and settings\All Users\Application Data\BVRP Software\Motorola Phone Tools\faxres.cmd 2009-06-17 05:30 . 2009-06-17 05:21 -------- d-----w- c:\program files\Motorola Phone Tools 2009-06-17 05:26 . 2009-06-17 05:24 -------- d-----w- c:\program files\Avanquest update 2009-06-17 05:24 . 2007-08-12 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2009-06-17 05:20 . 2009-06-17 05:20 -------- d-----w- c:\documents and settings\Marcelo\Application Data\InstallShield 2009-06-16 18:56 . 2009-05-01 03:38 -------- d-----w- c:\program files\Auslogics 2009-06-16 14:36 . 2002-08-29 02:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2002-08-29 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-14 19:07 . 2009-06-24 21:21 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll 2009-06-03 22:40 . 2009-06-03 22:40 108552 -c--a-w- c:\windows\system32\drivers\avgtdix.sys 2009-06-03 19:09 . 2002-08-29 02:00 1291264 ----a-w- c:\windows\system32\quartz.dll 2008-10-19 09:58 . 2008-10-19 09:58 49152 -c--a-w- c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll 2008-04-14 00:12 . 2006-08-16 05:33 60416 -csha-w- c:\windows\ServicePackFiles\i386\msimn.exe 2008-10-25 06:37 . 2008-10-22 23:13 428064 -csha-w- c:\windows\system32\drivers\fidbox.dat 2008-10-25 06:37 . 2008-10-22 23:13 12832 -csha-w- c:\windows\system32\drivers\fidbox2.dat Se precisar eu envio o relatório completo... Muito obrigada por ter respondido tão rápido o SEarch, restore system e users accouts voltou a funcionar. Mas antes de rodar o combofix, o sweeper tinha encontrado 8 spycookies e 2 vírus, as eu não conseguia terminar de rodar o programa pois o pc desligava sozinho. Agora estou rodando o AVG, qual anti vírus gratuíto você me indica? Mais uma vez obrigada e desculpe por abusar da sua ajuda! Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 7, 2009 O relatório do Notepad do Combofix é gigantesco, eu posto ele todo ou só a parte de Relatório Find3M ? :seta: É preciso que você poste ele todo, se não couber em uma só resposta, divida ele em partes e poste em mais de uma resposta. Agora estou rodando o AVG, qual anti vírus gratuíto você me indica? Depois que terminarmos a limpeza do seu PC sugiro que você desinstale o Avg e baixe o Avira Antivir Personal 9 Free. Para instalar, configurar e usar corretamente o Avira antivir é só seguir as dicas destes tutoriais: Tutorial do Avira Antivir 9 free (instalação e configuração) Tutorial do Avira Antivir 9 free (como usá-lo corretamente) Compartilhar este post Link para o post Compartilhar em outros sites
LityAlves 0 Denunciar post Postado Agosto 7, 2009 ComboFix 09-08-06.01 - Lity Freitas 06/08/2009 17:06.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1033.18.447.216 [GMT -3:00] Executando de: c:\documents and settings\Marcelo\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DBI.EXE c:\documents and settings\Marcelo\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll c:\documents and settings\Marcelo\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini c:\recycler\S-1-5-21-2982670786-4294125874-545246935-500 c:\recycler\S-1-5-21-515967899-854245398-1060284298-500 c:\windows\Installer\1042f60.msp c:\windows\Installer\1042f64.msp c:\windows\Installer\1042f68.msp c:\windows\Installer\1042f6c.msp c:\windows\Installer\115bba8.msp c:\windows\Installer\115bbac.msp c:\windows\Installer\11f617f.msp c:\windows\Installer\11f6183.msp c:\windows\Installer\1205b4f.msp c:\windows\Installer\1205b53.msp c:\windows\Installer\123bbcb.msp c:\windows\Installer\1254696.msi c:\windows\Installer\1487a5e.msp c:\windows\Installer\1487a62.msp c:\windows\Installer\1487a66.msp c:\windows\Installer\1487a6a.msp c:\windows\Installer\17a672.msp c:\windows\Installer\17a676.msp c:\windows\Installer\1885957.msp c:\windows\Installer\188595b.msp c:\windows\Installer\18e6cf8.msi c:\windows\Installer\1a10cb0.msp c:\windows\Installer\1a10cb4.msp c:\windows\Installer\1c389ad.msp c:\windows\Installer\1c389b1.msp c:\windows\Installer\1d3759.msp c:\windows\Installer\1d375d.msp c:\windows\Installer\1e80ce7.msp c:\windows\Installer\1e80ceb.msp c:\windows\Installer\20e5cfe.msp c:\windows\Installer\20e5d02.msp c:\windows\Installer\27867e.msp c:\windows\Installer\278682.msp c:\windows\Installer\278686.msp c:\windows\Installer\27868a.msp c:\windows\Installer\278696.msp c:\windows\Installer\27869a.msp c:\windows\Installer\27869e.msp c:\windows\Installer\2786a2.msp c:\windows\Installer\2b4575.msi c:\windows\Installer\2e6c8c.msp c:\windows\Installer\2e6c90.msp c:\windows\Installer\311db.msp c:\windows\Installer\311df.msp c:\windows\Installer\3e0173.msp c:\windows\Installer\3e0177.msp c:\windows\Installer\405468.msp c:\windows\Installer\40546c.msp c:\windows\Installer\4208e.msp c:\windows\Installer\42092.msp c:\windows\Installer\4305a3.msp c:\windows\Installer\4305a7.msp c:\windows\Installer\48002.msp c:\windows\Installer\48006.msp c:\windows\Installer\4ac60e.msi c:\windows\Installer\4d5f3.msi c:\windows\Installer\4f0d3.msp c:\windows\Installer\4f0d7.msp c:\windows\Installer\50e635.msi c:\windows\Installer\510fb.msp c:\windows\Installer\510ff.msp c:\windows\Installer\52def5.msp c:\windows\Installer\52def9.msp c:\windows\Installer\52defd.msp c:\windows\Installer\52df01.msp c:\windows\Installer\548d7.msp c:\windows\Installer\548db.msp c:\windows\Installer\5a457.msp c:\windows\Installer\5a45b.msp c:\windows\Installer\5cadf3.msp c:\windows\Installer\5cadf7.msp c:\windows\Installer\60bee6.msp c:\windows\Installer\60beea.msp c:\windows\Installer\6d01ac.msp c:\windows\Installer\6d01b0.msp c:\windows\Installer\6fe1bb.msp c:\windows\Installer\6fe1bf.msp c:\windows\Installer\70908d.msp c:\windows\Installer\709091.msp c:\windows\Installer\71f03.msp c:\windows\Installer\7200db.msp c:\windows\Installer\7200df.msp c:\windows\Installer\76a6e.msp c:\windows\Installer\7a9b47.msi c:\windows\Installer\7e7afa.msp c:\windows\Installer\7e7afe.msp c:\windows\Installer\81ddee.msp c:\windows\Installer\81ddf2.msp c:\windows\Installer\82c1c.msp c:\windows\Installer\82c20.msp c:\windows\Installer\82c24.msp c:\windows\Installer\82c28.msp c:\windows\Installer\8d5c49.msp c:\windows\Installer\8d5c4d.msp c:\windows\Installer\8da8ff.msp c:\windows\Installer\8da903.msp c:\windows\Installer\9c9921.msp c:\windows\Installer\9c9925.msp c:\windows\Installer\9d478.msp c:\windows\Installer\9d47c.msp c:\windows\Installer\9dea87.msp c:\windows\Installer\9dea8b.msp c:\windows\Installer\9dff4c.msi c:\windows\Installer\9e048.msp c:\windows\Installer\9e04c.msp c:\windows\Installer\ae32db.msi c:\windows\Installer\b6371d.msp c:\windows\Installer\b63721.msp c:\windows\Installer\c15e6.msp c:\windows\Installer\c15ea.msp c:\windows\Installer\c4899.msp c:\windows\Installer\c489d.msp c:\windows\Installer\cbaa6.msi c:\windows\Installer\d110ab.msp c:\windows\Installer\d110af.msp c:\windows\Installer\dc7d8.msp c:\windows\Installer\dc7dc.msp c:\windows\Installer\e4e684.msp c:\windows\Installer\e4e688.msp c:\windows\Installer\e7aab9.msp c:\windows\Installer\e7aabd.msp c:\windows\ponto.DLL c:\windows\system\kl.dll c:\windows\system\msn.dat c:\windows\system\msn.dll c:\windows\system\msnmsg.exe c:\windows\system\svchost.dat c:\windows\system32\MEGATRON.ini . (((((((((((((((( Arquivos/Ficheiros criados de 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))) . 2009-08-06 06:20 . 2009-08-06 06:20 -------- d-----w- c:\program files\MSSOAP 2009-08-06 06:18 . 2009-05-13 18:39 1563008 ----a-w- c:\windows\WRSetup.dll 2009-08-06 06:18 . 2009-08-06 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot 2009-08-06 06:18 . 2009-08-06 06:18 -------- d-----w- c:\program files\Webroot 2009-08-06 06:18 . 2009-08-06 06:18 -------- d-----w- c:\documents and settings\Marcelo\Application Data\Webroot 2009-08-06 06:12 . 2009-08-06 06:12 164 ----a-w- c:\windows\install.dat 2009-08-04 17:13 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe 2009-08-04 16:38 . 2008-09-10 01:14 1307648 ------w- c:\windows\system32\dllcache\msxml6.dll 2009-08-04 16:38 . 2008-04-14 01:57 79872 ------w- c:\windows\system32\dllcache\msxml6r.dll 2009-08-04 16:38 . 2008-04-14 08:42 10752 ------w- c:\windows\system32\smtpapi.dll 2009-08-04 16:38 . 2008-04-14 08:42 9728 ------w- c:\windows\system32\rwnh.dll 2009-08-04 16:38 . 2008-04-14 08:41 81920 ------w- c:\windows\system32\ieencode.dll 2009-08-04 05:08 . 2008-06-17 19:02 8461312 ----a-w- c:\windows\system32\dllcache\shell32.dll 2009-08-04 05:02 . 2009-08-04 05:02 -------- d-----w- c:\program files\Wallpapers 2009-08-04 05:01 . 2009-08-04 05:01 -------- d-----w- c:\program files\Fonts 2009-08-04 05:01 . 2009-08-04 05:28 -------- d-----w- c:\windows\VCP_TEMP 2009-08-04 04:55 . 2008-11-12 02:22 20480 ----a-w- c:\windows\system32\scrnrdr.exe 2009-08-04 03:21 . 2009-08-04 03:21 -------- d-----w- c:\program files\iPod 2009-08-04 03:20 . 2009-08-04 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-08-04 03:15 . 2009-08-04 03:16 -------- d-----w- c:\program files\QuickTime 2009-08-03 06:29 . 2009-03-11 05:52 38208 ----a-w- c:\documents and settings\Marcelo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-07-25 06:17 . 2009-08-06 03:00 -------- d-----w- c:\program files\PokerStars 2009-07-25 06:00 . 2009-03-24 17:43 43008 ----a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll 2009-07-25 06:00 . 2009-03-24 17:43 43008 ----a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-07-25 06:00 . 2009-03-24 17:43 338432 -c--a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-07-25 06:00 . 2009-03-24 17:43 235520 -c--a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll 2009-07-25 06:00 . 2009-03-24 17:42 345088 ----a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-07-25 06:00 . 2009-03-24 17:42 235008 ----a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll 2009-07-22 20:22 . 2009-07-22 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-07-22 20:17 . 2009-07-22 20:17 -------- d-----w- c:\documents and settings\Marcelo\Local Settings\Application Data\Temp 2009-07-22 20:17 . 2009-07-22 20:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-07-13 17:22 . 2009-07-13 17:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-06 19:21 . 2007-04-19 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\GbPlugin 2009-08-06 06:29 . 2006-08-16 06:51 48352 -c--a-w- c:\documents and settings\Marcelo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-06 06:24 . 2006-08-18 04:09 12 -c--a-w- c:\windows\bthservsdp.dat 2009-08-04 04:12 . 2007-10-03 02:18 -------- d-----w- c:\program files\iTunes 2009-08-04 03:21 . 2008-03-21 01:30 -------- d-----w- c:\program files\Common Files\Apple 2009-08-03 23:33 . 2008-03-04 06:35 -------- d-----w- c:\program files\Windows Live 2009-08-03 23:32 . 2008-03-04 06:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller 2009-07-31 20:00 . 2009-06-26 06:36 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-29 19:29 . 2009-06-03 22:40 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-22 20:17 . 2006-11-13 12:13 -------- d-----w- c:\program files\Google 2009-07-21 06:31 . 2009-06-17 01:33 -------- d-----w- c:\documents and settings\Marcelo\Application Data\U3 2009-07-19 05:19 . 2008-04-13 03:55 -------- d-----w- c:\program files\Messenger Plus! Live 2009-07-03 17:09 . 2006-06-23 14:33 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 06:35 . 2009-03-11 21:14 -------- d-----w- c:\program files\Microsoft 2009-06-24 21:21 . 2009-06-23 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-06-23 02:17 . 2009-06-23 02:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR 2009-06-23 02:16 . 2009-06-03 22:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-23 02:16 . 2009-06-03 22:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-21 05:02 . 2007-11-11 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-06-21 04:39 . 2009-06-21 04:39 -------- d-----w- c:\documents and settings\Marcelo\Application Data\Auslogics 2009-06-21 04:11 . 2003-03-24 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-20 03:02 . 2009-06-03 22:39 -------- d-----w- c:\documents and settings\Marcelo\Application Data\AVGTOOLBAR 2009-06-19 04:13 . 2009-06-19 04:13 1024 ----a-w- c:\documents and settings\All Users\Application Data\BVRP Software\Motorola Phone Tools\faxres.cmd 2009-06-17 05:30 . 2009-06-17 05:21 -------- d-----w- c:\program files\Motorola Phone Tools 2009-06-17 05:26 . 2009-06-17 05:24 -------- d-----w- c:\program files\Avanquest update 2009-06-17 05:24 . 2007-08-12 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2009-06-17 05:20 . 2009-06-17 05:20 -------- d-----w- c:\documents and settings\Marcelo\Application Data\InstallShield 2009-06-16 18:56 . 2009-05-01 03:38 -------- d-----w- c:\program files\Auslogics 2009-06-16 14:36 . 2002-08-29 02:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2002-08-29 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-14 19:07 . 2009-06-24 21:21 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll 2009-06-03 22:40 . 2009-06-03 22:40 108552 -c--a-w- c:\windows\system32\drivers\avgtdix.sys 2009-06-03 19:09 . 2002-08-29 02:00 1291264 ----a-w- c:\windows\system32\quartz.dll 2008-10-19 09:58 . 2008-10-19 09:58 49152 -c--a-w- c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll 2008-04-14 00:12 . 2006-08-16 05:33 60416 -csha-w- c:\windows\ServicePackFiles\i386\msimn.exe 2008-10-25 06:37 . 2008-10-22 23:13 428064 -csha-w- c:\windows\system32\drivers\fidbox.dat 2008-10-25 06:37 . 2008-10-22 23:13 12832 -csha-w- c:\windows\system32\drivers\fidbox2.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-14 19:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId] @="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}" [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}] 2009-05-13 18:34 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 188416] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-02-27 180316] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840] "CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2003-05-21 4608] "MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2009-03-10 20:03 421168 ----a-w- c:\progra~1\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb] 2009-03-10 20:03 421168 ----a-w- c:\program files\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-23 02:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^Marcelo^Start Menu^Programs^Startup^Light Mule.lnk] path=c:\documents and settings\Marcelo\Start Menu\Programs\Startup\Light Mule.lnk backup=c:\windows\pss\Light Mule.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\mshta.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Brazilian\\setup.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Secured eMule\\light_mule.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires\\age3y.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [21/3/2009 00:18 26320] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [21/4/2009 18:27 29808] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/6/2009 19:40 335752] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/6/2009 19:40 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/6/2009 19:39 298776] R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [18/4/2007 22:35 52560] R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [6/8/2009 03:23 1205760] R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\aliirda.sys [24/3/2003 17:42 26112] R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [24/3/2003 17:45 292352] R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [24/3/2003 17:45 273536] R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [24/3/2003 17:42 16512] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/7/2009 17:17 133104] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 12:28 24592] S3 ZSMC302;LG webpro2 Camera;c:\windows\system32\drivers\usbvm302.sys [28/9/2006 19:02 91271] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Conteúdo da pasta 'Tarefas Agendadas' 2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:34] 2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 20:16] 2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 20:16] 2009-08-06 c:\windows\Tasks\User_Feed_Synchronization-{D3A41332-C717-4D5B-BC4F-12F89911049E}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 07:31] 2009-08-06 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-02 01:18] 2009-08-06 c:\windows\Tasks\wrSpySweeper_LCE6D72E7D0F7416799491E87B2826FC0.job - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-08-06 18:39] 2009-08-06 c:\windows\Tasks\wrSpySweeper_LCE6D72E7D0F7416799491E87B2826FC0.job - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-08-06 18:39] . - - - - ORFÃOS REMOVIDOS - - - - HKLM-Run-cleanup - (no file) . ------- Scan Suplementar ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local TCP: {6FF0B388-BFB8-4970-AB94-FDE8B194488F} = 200.205.125.58,200.205.125.57 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll FF - component: c:\program files\Mozilla Firefox\components\SiteVacuumXPCOM.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . . ------- Associação de arquivos/ficheiros ------- . inifile=%SystemRoot%\System32\NOTEPAD.EXE %1" . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-06 17:23 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(1972) c:\progra~1\GBPLUGIN\gbieh.dll c:\windows\system32\klogon.dll . Tempo para conclusão: 2009-08-06 17:32 ComboFix-quarantined-files.txt 2009-08-06 20:32 Pré-execução: 27.389.456.384 bytes free Pós execução: 27.564.408.832 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /bootlogo /NoExecute=OptOut 385 --- E O F --- 2009-08-06 02:07 Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 7, 2009 :thumbsup: Vários problemas foram removidos pelo Combofix. :seta: Faça o download do Bankerfix. Dê um duplo clique no instalador dele > clique em Sim > clique em Ok > clique em Ok novamente > pressione a tecla Enter > os navegadores (Internet Explorer, Firefox, etc.) serão fechados temporariamente > aguarde a conclusão do escaneamento. ____________________________________________________________________________ Faça também o seguinte: :seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: - Faça o download do Malwarebytes Anti-Malware. * Faça a instalação dando um duplo clique em "mbam-setup.exe"; *Selecione a linguagem Português (Brasil) *Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware" *Se alguma atualização existir, o download será automático *Não faça ainda scan!!! *Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). * Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal *Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa" *Clique no botão: "Verificar" * Marque todas as partes do computador que você deseja escanear e clique no botão: Iniciar verificação *Ao término do scan, clique em "OK" > "Mostrar Resultados" *Selecione todas as entradas e clique em "Remover Selecionados" *Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM" *Um log será apresentado com o resultado das ações *Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC. *Ao término do processo, reinicie o PC em Modo Normal. * Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo. *Execute novamente o programa Malwarebytes Anti-malware e clique na aba Logs, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o. Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com o Relatorio.txt que se encontrará em C:\LinhaDefensiva e um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir estes procedimentos acima. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
LityAlves 0 Denunciar post Postado Agosto 7, 2009 Vou fazer estes procedimentos e depois posto os logs, mas tbm queria aproveitar para dizer que o pc ficou muuuuuito lento, hj levei quase meia hora pra entrar aqui no fórum (entre inicializar e abrir o navegador)... Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 7, 2009 Vou fazer estes procedimentos e depois posto os logs :) Ok, ficamos na espera. mas tbm queria aproveitar para dizer que o pc ficou muuuuuito lento, hj levei quase meia hora pra entrar aqui no fórum (entre inicializar e abrir o navegador)... Esta lentidão pode ser causada pelos malwares que estão em seu PC. Veja que o Combofix já removeu uma porção deles e certamente ainda há outros em seu computador. Compartilhar este post Link para o post Compartilhar em outros sites
LityAlves 0 Denunciar post Postado Agosto 7, 2009 BankerFix 3.1 VALKYRIE - Removedor de Bankers Linha Defensiva | http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ ------------------------------------------------------- Data: 2009-08-07 - 17:15 ------------------------------------------------------- Lista de Definição: 2009-07-24-2 | CORE: 2009-07-24-1 ======================================================= Arquivo infectado detectado: C:\WINDOWS\plugin.fax Arquivo infectado removido com sucesso! ----- Fim ------------------------- ------------------------------------------------------------------------------------------------------------------ Malwarebytes' Anti-Malware 1.40 Versão do banco de dados: 2575 Windows 5.1.2600 Service Pack 3 (Safe Mode) 7/8/2009 18:53:03 mbam-log-2009-08-07 (18-53-03).txt Tipo de Verificação: Completa (A:\|C:\|D:\|) Objetos verificados: 176611 Tempo decorrido: 1 hour(s), 19 minute(s), 57 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 1 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 3 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__gbpluginbb (Trojan.Vundo) -> Quarantined and deleted successfully. Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP859\A0258899.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\rar.exe (Malware.NSPack) -> Quarantined and deleted successfully. C:\PROGRAM FILES\GbPlugin\gbieh.dll (Trojan.Vundo) -> Delete on reboot. ------------------------------------------------------------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:19:17, on 7/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\PROGRA~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Marcelo\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [srmclean] "C:\Cpqs\Scom\srmclean.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Display Settings] "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" /s O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [CARPService] "carpserv.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe" O4 - HKLM\..\Run: [MsmqIntCert] "regsvr32" /s mqrt.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com O17 - HKLM\System\CCS\Services\Tcpip\..\{6FF0B388-BFB8-4970-AB94-FDE8B194488F}: NameServer = 200.205.125.58,200.205.125.57 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Marcelo\LOCALS~1\Temp\hpdj.exe (file missing) O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing) -- End of file - 9379 bytes ------------------------------------------------------------------------------------------------------------------ E agora qual o próximo passo ? Trocar o antivirus? Obrigada! Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 7, 2009 :thumbsup: Vários outros problemas foram removidos de seu Pc. :seta: * Baixe o VundoFix: http://www.atribune.org/ccount/click.php?id=4 * Dê duplo-clique sobre VundoFix.exe para iniciá-lo; * Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente; * Terminado o scan clique em Remove Vundo; * Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal); * Para completar o scan será necessário reinicializar a máquina. Clique em OK. ____________________________________________________________________ :seta: Siga também, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online: Tutorial do antivirus Nod32 Online Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador: C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt Na sua próxima resposta poste este log do Nod32 Online juntamente com o log do VundoFix (C:\vundofix.txt) e um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
DaniieL™ 0 Denunciar post Postado Agosto 9, 2009 meu pc ta cheio de viirus :s Win32;Sality / rootkit / Win32 conf [Wrm] nao sei como tira-los preciso de ajuda profissional tenhu avast home / spybot search and destroy / hijackthis ta brabo aqui do nada aparece issu: "O Generic Host Process for Win32 Services encontrou um problema e precisa ser fechado" daew eu aperto fechar o pc trava aew tem q reinicia :s sem falar q tem mais problema alem do pc ficar mais lento =/ espero q tenha solução. analisem meu log do hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:54:04, on 9/8/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Administrador\Bluebirds\BlueBirds.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\dwwin.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/ O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bluebirds] C:\Documents and Settings\Administrador\Bluebirds\BlueBirds.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/ O17 - HKLM\System\CCS\Services\Tcpip\..\{AA5809A3-A12E-42DA-82F4-8B801021B459}: NameServer = 200.184.26.9 200.184.26.14 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7202 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 9, 2009 :thumbsup: Olá w.storm! Seja bem-vindo ao Fórum Imasters. Podemos te ajudar na solução do seu problema, mas só que você postou o seu log em um tópico de uma outra pessoa e é preciso criar um novo tópico com o seu log para que possamos analizá-lo. Clique no link abaixo: http://forum.imasters.com.br/index.php?/forum/77-seguranca-malwares/ Clique no botão Novo tópico > escreva um título com informações resumidas sobre o problema do seu PC > na parte maior do tópico poste o log do Hijackthis e descreva detalhadamente os problemas que estão acontecendo no seu PC > aí é só aguardar que um analista irá lhe passar os procedimentos para a solução deste problema. Compartilhar este post Link para o post Compartilhar em outros sites
LityAlves 0 Denunciar post Postado Agosto 12, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:30:01, on 11/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\PROGRA~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\carpserv.exe C:\WINDOWS\system32\mqtgsvc.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\WINDOWS\System32\NOTEPAD.EXE C:\Documents and Settings\Marcelo\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [srmclean] "C:\Cpqs\Scom\srmclean.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Display Settings] "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" /s O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [CARPService] "carpserv.exe" O4 - HKLM\..\Run: [MsmqIntCert] "regsvr32" /s mqrt.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6FF0B388-BFB8-4970-AB94-FDE8B194488F}: NameServer = 200.205.125.58,200.205.125.57 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Marcelo\LOCALS~1\Temp\hpdj.exe (file missing) O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing) -- End of file - 9283 bytes ----------------------------------------------------------------------------------------------------------------- O nod32 eu fiz o scan online e no fim apareceu NO TREATHS FOUND, mas não consegui achar o log no meu pc. E o Anti virus eu troco agora? Todos esses problemas eram os virus e malwares? como eu peguei tantos no pc, eu nunca abro anexos de emails nem páginas suspeitas. Há, vou ver se a lentidão do pc melhorou e aí te aviso, ele só fica lento quando eu ligo... Obrigada! Obrigada! Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 15, 2009 O nod32 eu fiz o scan online e no fim apareceu NO TREATHS FOUND, mas não consegui achar o log no meu pc. Tudo bem, o importante é que ele não achou mais nada de errado em seu PC. _______________________________________________________ :seta: Mas você se esqueceu de executar o Vundofix. Execute ele seguindo aquelas dicas que te passei na resposta anterior: * Baixe o VundoFix:http://www.atribune.org/ccount/click.php?id=4 * Dê duplo-clique sobre VundoFix.exe para iniciá-lo; * Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente; * Terminado o scan clique em Remove Vundo; * Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal); * Para completar o scan será necessário reinicializar a máquina. Clique em OK. _______________________________________________________ Todos esses problemas eram os virus e malwares? Sim, foram removidos bankers (malwares que roubam senhas de banco e outras informações pessoais da vítima), trojans (cavalos de tróia) e outros tipos de malware que estavam em seu PC. _______________________________________________________ :seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial: Escolhendo Programas que Iniciam com o PC De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows. _______________________________________________________ E o Anti virus eu troco agora? Sim, desinstale o Avg e o Avast que estão no seu PC atualmente e instale e configure o Avira Antivir seguindo aqueles tutoriais dele que te passei anteriormente. Depois de instalar e configurar o Avira Antivir seguindo as dicas daqueles tutoriais, atualize-o (faça um update) e reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, clique com o botão direito do mouse sobre o símbolo do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Scan system now > e aguarde a conclusão do escaneamento. _______________________________________________________________ :seta: Quando você tiver removido os virus que o Avira Antivir encontrar, reinicie o computador normalmente. Clique com o botão direito do mouse sobre o ícone do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Reports > dê um duplo clique com o botão esquerdo do mouse sobre o log mais recente e clique no botão Report file > Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar) > Depois disso é só voltar aqui no fórum e postar este log do Avira Antivir juntamente com o log do Vundofix que estará em C:\vundofix.txt e um novo log do Hijackthis para que eles possam ser analizados. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
LityAlves 0 Denunciar post Postado Agosto 21, 2009 Quando você falou pra passar o Vundo eu scaneei e não havia encontrado nada, dessa vez eu escaneei e no meio do processo meu pc travou, vou tentar de novo... Report file date: Friday, August 21, 2009 17:46 Scanning for 1650870 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : LITIERI-ALVES Version information: BUILD.DAT : 9.0.0.407 17961 Bytes 29/7/2009 10:34:00 AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/7/2009 17:36:14 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 14:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 15:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 14:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 16:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/6/2009 13:21:42 ANTIVIR2.VDF : 7.1.5.88 2668032 Bytes 10/8/2009 04:28:21 ANTIVIR3.VDF : 7.1.5.143 448000 Bytes 20/8/2009 04:28:24 Engineversion : 8.2.1.3 AEVDF.DLL : 8.1.1.1 106868 Bytes 28/7/2009 17:31:50 AESCRIPT.DLL : 8.1.2.25 459130 Bytes 21/8/2009 04:28:34 AESCN.DLL : 8.1.2.4 127348 Bytes 23/7/2009 13:59:39 AERDL.DLL : 8.1.2.4 430452 Bytes 23/7/2009 13:59:39 AEPACK.DLL : 8.1.3.18 401783 Bytes 28/7/2009 17:31:50 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/7/2009 13:59:39 AEHEUR.DLL : 8.1.0.155 1921400 Bytes 21/8/2009 04:28:33 AEHELP.DLL : 8.1.6.0 233846 Bytes 21/8/2009 04:28:28 AEGEN.DLL : 8.1.1.57 356725 Bytes 21/8/2009 04:28:25 AEEMU.DLL : 8.1.0.9 393588 Bytes 9/10/2008 18:32:40 AECORE.DLL : 8.1.7.6 184694 Bytes 23/7/2009 13:59:39 AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2008 18:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 5/12/2008 14:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 20/1/2009 18:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 14:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/3/2009 19:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 14:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 19:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 12:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 14:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/5/2009 19:39:58 RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/4/2009 14:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: repair Secondary action....................: quarantine Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Friday, August 21, 2009 17:46 Starting search for hidden objects. '55579' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'mqtgsvc.exe' - '1' Module(s) have been scanned Scan process 'mqsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SeaPort.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'msdtc.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'HPWirelessMgr.exe' - '1' Module(s) have been scanned Scan process 'HPConfig.exe' - '1' Module(s) have been scanned Scan process 'hptskmgr.exe' - '1' Module(s) have been scanned Scan process 'E_S40RP7.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'VisualToolTip.exe' - '1' Module(s) have been scanned Scan process 'ViOrb.exe' - '1' Module(s) have been scanned Scan process 'ViStart.exe' - '1' Module(s) have been scanned Scan process 'LClock.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'DrvIcon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'carpserv.exe' - '1' Module(s) have been scanned Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'gbpsv.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 43 processes with 43 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '62' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\SwSetup\works7\REDIST\IE6\TEMPFILE.CAB [0] Archive type: CAB (Microsoft) --> msoe.hlp [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP897\A0271226.exe [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was moved to '4ac11b34.qua'! C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP909\A0271771.exe [DETECTION] Contains recognition pattern of the APPL/PsKill.E application [NOTE] The file was moved to '4ac11b64.qua'! C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP910\A0272314.exe [DETECTION] Contains recognition pattern of the APPL/PsKill.E application [NOTE] The file was moved to '4ac11b92.qua'! C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP911\A0272380.exe [DETECTION] Contains recognition pattern of the APPL/PsKill.E application [NOTE] The file was moved to '4ac11b9b.qua'! C:\temp\FixEngine\{5EF6B690-42BB-4F02-8454-504C510FEDC2}\ddeinstall.fab [0] Archive type: CAB (Microsoft) --> DDEInstall.msi [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed C:\WINDOWS\system32\pskill.exe [DETECTION] Contains recognition pattern of the APPL/PsKill.E application [NOTE] The file was moved to '4afa2345.qua'! End of the scan: Friday, August 21, 2009 19:46 Used time: 2:00:03 Hour(s) The scan has been done completely. 8602 Scanned directories 325911 Files were scanned 5 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 5 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 325904 Files not concerned 3304 Archives were scanned 6 Warnings 7 Notes 55579 Objects were scanned with rootkit scan 0 Hidden objects were found Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 21, 2009 :thumbsup: Mais alguns problemas foram removidos pelo Avira. Como está o seu PC atualmente? Compartilhar este post Link para o post Compartilhar em outros sites
LityAlves 0 Denunciar post Postado Agosto 29, 2009 Acho que agora tá bom, quais os programas que posso desativar a inicialização ? Obrigada! Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 29, 2009 :seta: Baixe o programa ToolsCleaner: http://pc-system.fr/TC/ToolsCleaner2.exe Salve-o no Desktop (área de trabalho); Feche programas que estejam abertos e execute a ferramenta. Clique no botão Recherche para iniciar o scan. <-- Aguarde! Terminando, teremos relacionados os itens que serão removidos. Clique no botão Supression para remover os itens encontrados. Clique, à seguir, em Quitter. Será criado um relatório que estará em C:\TCleaner.txt ______________________________________ :seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado: MV RegClean MV AntiSpy SpywareBlaster Siga também as dicas deste tutorial: Dicas para deixar seu computador mais rápido e eficiente ______________________________________ :!: O Java está desatualizado em seu PC. Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: Baixe > JavaRa Descompacte-o e dê um duplo-clique no JavaRa.exe. Selecione a língua inglesa (English) ou outro idioma de sua preferência e clique no botão Select. Depois clique em Search For Updates. Selecione a opção Update Using jucheck.exe. Clique então no botão Search. Se o Java estiver atualizado em seu PC, você receberá um aviso de que tem a última versão. Caso contrário, siga as instruções que o programa vai te passar para que a nova versão do Java seja baixada e instalada. Feche temporariamente os seus navegadores (Internet Explorer, Firefox, etc). Depois clique no botão Remove Older Versions, confirme clicando no botão Sim e clique em Ok e clique em Ok novamente para que as versões antigas do Java que existirem no PC sejam desinstaladas. ______________________________________ :seta: Para evitar que os virus voltem, desative e ative novamente a restauração do sistema. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok. Depois disso, volte no mesmo local: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Desmarque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok. ______________________________________ :seta: Depois disto poste o log que estará em C:\TCleaner.txt juntamente com um novo log do Hijackthis e nos diga como está o seu PC após todos estes procedimentos. Compartilhar este post Link para o post Compartilhar em outros sites
LityAlves 0 Denunciar post Postado Setembro 5, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:05:42, on 5/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\PROGRA~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Vista Drive Icon\DrvIcon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LClock\lclock.exe C:\Program Files\ViStart\ViStart.exe C:\Program Files\ViOrb\ViOrb.exe C:\Program Files\VisualTooltip\VisualToolTip.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Marcelo\Desktop\Anti - Vírus\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [srmclean] "C:\Cpqs\Scom\srmclean.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Display Settings] "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" /s O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [CARPService] "carpserv.exe" O4 - HKLM\..\Run: [MsmqIntCert] "regsvr32" /s mqrt.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\launcher.exe O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6FF0B388-BFB8-4970-AB94-FDE8B194488F}: NameServer = 200.205.125.58,200.205.125.57 O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google Inc. - (no file) O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: hpdj - Hewlett-Packard - (no file) O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 9101 bytes --------------------------------------------------------------------------------------------------------------- [ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\VundoFix.txt: trouvé ! C:\Combofix.txt: trouvé ! C:\Vundofix backups: trouvé ! C:\Qoobox: trouvé ! C:\Documents and Settings\Marcelo\Desktop\ComboFix.exe: trouvé ! C:\Documents and Settings\Marcelo\Desktop\vundoFix.exe: trouvé ! C:\Documents and Settings\Marcelo\Desktop\HijackThis.exe: trouvé ! C:\Documents and Settings\Marcelo\Desktop\Anti - Vírus\hijackthis.log: trouvé ! C:\Documents and Settings\Marcelo\My Documents\ComboFix.exe: trouvé ! C:\Documents and Settings\Marcelo\My Documents\Utilidades\hijackthis.log: trouvé ! C:\Qoobox\Quarantine\catchme.log: trouvé ! --------------------------------- --> Suppression: C:\Documents and Settings\Marcelo\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !! C:\Documents and Settings\Marcelo\Desktop\vundoFix.exe: supprimé ! C:\Documents and Settings\Marcelo\Desktop\HijackThis.exe: supprimé ! C:\Documents and Settings\Marcelo\My Documents\ComboFix.exe: ERREUR DE SUPPRESSION !! C:\VundoFix.txt: supprimé ! C:\Combofix.txt: supprimé ! C:\Documents and Settings\Marcelo\Desktop\Anti - Vírus\hijackthis.log: supprimé ! C:\Documents and Settings\Marcelo\My Documents\Utilidades\hijackthis.log: supprimé ! C:\Qoobox\Quarantine\catchme.log: supprimé ! C:\Vundofix backups: supprimé ! C:\Qoobox: supprimé ! --------------------------------------------------------------------------------------------- Depois desses relatórios acho que podemos considerar o meu PC curado!!! Tem mais algum programa que posso tirar da inicialização ? usei os programas que me indicou e só o de registros encontrou alguma coisa, na verdade 2019 chaves de registro que eu já deletei, erra coisa antiga que não acabava mais, agora vou passar um disk clean up e desfragmentar! No aguardo... Compartilhar este post Link para o post Compartilhar em outros sites
