[Resolvido!] virus reinicia o pc

[Hermes-Junior 0]

estou com um pc com virus ja rodei o bankerfix e não achou nada ai rodei o malwarebyte e combofix e eles limparam virus so que o combofix tira o virus mais quando eu vou rodar o kaspersky removal tools ele acha 2 arquivos infectados de nome:virus IM.WORM.WIN32 SOHANAD.BE e TROJAN DOWNLOADER.WIN32.AGENT.BBJD ai quando eu boto pra desinfectar o pc reinicia sozinho e quando volta está todos os virus que o combofix tirou ai vai os logs, como la não tem internet peguei num pendrive os logs.

 

Logfile of HijackThis v1.99.1

Scan saved at 19:29:56, on 27/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\Arquivos de programas\Matrox X.tools\System\digisc.exe

C:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\MusicMatch\MusicMatch Jukebox\mm_tray.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\USB Disk Security\USBGuard.exe

C:\Documents and Settings\Studio\Desktop\Virus Removal Tool\is-H3081\is-H3081.exe

C:\ferramentas antivirus\stinger.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Studio\CONFIG~1\Temp\Rar$EX02.796\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MMTray] C:\Arquivos de programas\MusicMatch\MusicMatch Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [PowerDVD] C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe /autostart

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [uSB Antivirus] C:\Arquivos de programas\USB Disk Security\USBGuard.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - Startup: is-H3081.lnk = C:\Documents and Settings\Studio\Desktop\Virus Removal Tool\is-H3081\startup.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175264174734

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: DigiCtrl - Matrox Electronic Systems - C:\Arquivos de programas\Matrox X.tools\System\digisc.exe

O23 - Service: Digwnsacc - Matrox Electronic Systems - (no file)

O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Stippp - MCCI Corporation - C:\WINDOWS\system32\drivers\s117bus.sys

 

 

ComboFix 09-08-19.0C - Studio 27/08/2009 15:25.7.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1006.655 [GMT -3:00]

Executando de: c:\documents and settings\Studio\Desktop\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA não TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\Studio\CONFIG~1\Temp\E_4

c:\docume~1\Studio\CONFIG~1\Temp\E_4\com.run

c:\docume~1\Studio\CONFIG~1\Temp\E_4\dp1.fne

c:\docume~1\Studio\CONFIG~1\Temp\E_4\eAPI.fne

c:\docume~1\Studio\CONFIG~1\Temp\E_4\internet.fne

c:\docume~1\Studio\CONFIG~1\Temp\E_4\krnln.fnr

c:\docume~1\Studio\CONFIG~1\Temp\E_4\RegEx.fnr

c:\docume~1\Studio\CONFIG~1\Temp\E_4\shell.fne

c:\docume~1\Studio\CONFIG~1\Temp\E_4\spec.fne

c:\documents and settings\Studio\Configurações locais\temp\E_4\com.run

c:\documents and settings\Studio\Configurações locais\temp\E_4\dp1.fne

c:\documents and settings\Studio\Configurações locais\temp\E_4\eAPI.fne

c:\documents and settings\Studio\Configurações locais\temp\E_4\internet.fne

c:\documents and settings\Studio\Configurações locais\temp\E_4\krnln.fnr

c:\documents and settings\Studio\Configurações locais\temp\E_4\shell.fne

c:\documents and settings\Studio\Menu Iniciar\Programas\Inicializar\¡¡¡¡¡¡.lnk

c:\windows\system32\com.run

c:\windows\system32\dp1.fne

c:\windows\system32\eAPI.fne

c:\windows\system32\internet.fne

c:\windows\system32\krnln.fnr

c:\windows\system32\og.dll

c:\windows\system32\og.edt

c:\windows\system32\RegEx.fnr

c:\windows\system32\shell.fne

c:\windows\system32\spec.fne

c:\windows\system32\ul.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-27 to 2009-08-27 ))))))))))))))))))))))))))))

.

 

2009-08-26 21:43 . 2009-08-27 00:22 110592 ----a-w- c:\documents and settings\Studio\Dados de aplicativos\Wplugin.dll

2009-08-26 21:31 . 2009-08-27 18:28 3014688 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-08-26 21:31 . 2008-07-08 17:54 148496 ----a-w- c:\windows\system32\drivers\97478683.sys

2009-08-26 21:11 . 2009-08-26 21:11 -------- d-----w- c:\arquivos de programas\CCleaner

2009-08-26 21:09 . 2009-08-26 23:39 1607535 --sh--r- c:\windows\system32\XP-F4C47011.EXE

2009-08-26 21:09 . 2009-08-26 23:17 110592 ----a-w- c:\windows\Wplugin.dll

2009-08-26 20:17 . 2009-08-26 20:17 -------- d-----w- c:\documents and settings\Studio\Dados de aplicativos\Malwarebytes

2009-08-26 20:16 . 2009-08-26 20:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-08-26 20:15 . 2009-08-26 21:48 19968 ----a-w- c:\windows\ws2help.dll

2009-08-26 17:51 . 2008-11-13 14:29 310375 ----a-w- C:\PenClean.zip

2009-08-26 17:50 . 2009-08-26 21:53 1033728 ----a-w- C:\ccsetup222_slim.exe

2009-08-26 17:50 . 2009-08-20 18:39 3180266 ----a-r- C:\ComboFix.exe

2009-08-26 00:59 . 2009-08-26 00:59 -------- d-----w- c:\windows\_ISTMP1.DIR

2009-08-10 14:18 . 2009-08-26 22:03 -------- d-----w- c:\documents and settings\Studio\Dados de aplicativos\Lavasoft

2009-08-03 18:48 . 2009-03-24 19:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-27 18:28 . 2009-08-26 21:31 39536 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-08-25 22:51 . 2009-03-22 13:30 24820 ----a-w- c:\windows\system32\drivers\MxlW2k.sys

2009-07-20 18:23 . 2009-07-19 15:13 -------- d-----w- c:\arquivos de programas\USB Disk Security

2009-07-19 16:04 . 2009-07-19 16:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller

2009-07-19 16:04 . 2009-07-19 16:04 -------- d-----w- c:\arquivos de programas\NortonInstaller

2009-07-01 00:30 . 2007-03-30 14:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2002-07-26 20:02 . 2008-09-02 16:14 153088 ----a-w- c:\arquivos de programas\UNWISE.EXE

.

 

------- Sigcheck -------

 

[-] 2006-03-02 12:00 14336 5DE3E7B6F7624552F2F06664F110820D c:\windows\system32\svchost.exe

[-] 2006-03-02 12:00 14336 5DE3E7B6F7624552F2F06664F110820D c:\windows\system32\dllcache\svchost.exe

 

[-] 2005-03-02 18:20 577536 3ED0A4D74EFD5AAF8408095F452E2613 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2006-03-02 12:00 577536 E0FF28447D1038DE106D1F2FDF851647 c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2005-03-02 18:18 577536 7FFBCF1B94E6929DEECE06670C2407D6 c:\windows\system32\user32.dll

[-] 2005-03-02 18:18 577536 7FFBCF1B94E6929DEECE06670C2407D6 c:\windows\system32\dllcache\user32.dll

 

[-] 2006-03-02 12:00 82944 A5163442377D3C305BBFF612F80047D7 c:\windows\system32\ws2_32.dll

[-] 2006-03-02 12:00 82944 A5163442377D3C305BBFF612F80047D7 c:\windows\system32\dllcache\ws2_32.dll

 

[-] 2006-03-02 12:00 658432 398A619CE60090303042D1F8CC68F712 c:\windows\SoftwareDistribution\Download\S-1-5-18\02d6329246fed379ef723e3bce44d7eb\backup\sp2gdr\wininet.dll

[-] 2006-03-02 12:00 658432 398A619CE60090303042D1F8CC68F712 c:\windows\SoftwareDistribution\Download\S-1-5-18\02d6329246fed379ef723e3bce44d7eb\backup\sp2qfe\wininet.dll

[-] 2006-03-02 12:00 658432 398A619CE60090303042D1F8CC68F712 c:\windows\system32\wininet.dll

[-] 2006-03-02 12:00 658432 398A619CE60090303042D1F8CC68F712 c:\windows\system32\dllcache\wininet.dll

 

[-] 2006-03-02 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys

[-] 2006-03-02 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\drivers\tcpip.sys

 

[-] 2006-03-02 12:00 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 c:\windows\system32\winlogon.exe

[-] 2006-03-02 12:00 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 c:\windows\system32\dllcache\winlogon.exe

 

[-] 2006-03-02 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys

[-] 2006-03-02 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

 

[-] 2006-03-02 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys

[-] 2006-03-02 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

 

[-] 2005-03-02 18:13 2061184 AED7B3AA86AD031CF39C6E4BBA37E818 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2006-12-19 18:45 2063616 CD84579BD1EA4653A0DC4DE5B8AA943F c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe

[-] 2006-03-02 12:00 2019328 31DFE96B6B6FA4C9CA098CEAF21B29A5 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2005-03-02 18:08 2019328 98C8C29BB2BD2427819674062604668C c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe

[-] 2006-12-19 18:22 2061824 520C4341E3BA4F5099D23F758CAD8FAC c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2006-12-19 18:22 2019840 D2B82A353C6F9546B313F87E029F8608 c:\windows\system32\ntkrnlpa.exe

[-] 2006-12-19 18:22 2061824 520C4341E3BA4F5099D23F758CAD8FAC c:\windows\system32\dllcache\ntkrnlpa.exe

 

[-] 2005-03-02 18:13 2183808 6E3AB4241E058B248CB7CDC5157449C3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2006-12-19 18:45 2186240 DF77102101D135739BF39A13473FCFA6 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe

[-] 2006-03-02 12:00 2152448 91448D27F6DFAF50DD1D5FD3D8C1F3BD c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2005-03-02 18:08 2139648 7C9E84463BF6228660898395851464E0 c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

[-] 2006-12-19 18:22 2184576 081A0DD300F8623D74B2AF9EE0CF7B1A c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2006-12-19 18:22 2140160 AA58E5254D78D02C15D75416A153FCA4 c:\windows\system32\ntoskrnl.exe

[-] 2006-12-19 18:22 2184576 081A0DD300F8623D74B2AF9EE0CF7B1A c:\windows\system32\dllcache\ntoskrnl.exe

 

[-] 2006-03-02 12:00 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\explorer.exe

[-] 2006-03-02 12:00 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\system32\dllcache\explorer.exe

 

[-] 2006-03-02 12:00 108544 CC73C4430C2FC27FDE16A0A4E3678148 c:\windows\system32\services.exe

[-] 2006-03-02 12:00 108544 CC73C4430C2FC27FDE16A0A4E3678148 c:\windows\system32\dllcache\services.exe

 

[-] 2006-03-02 12:00 13312 35C6463B3C5F62D2B20C953B6E1538E9 c:\windows\system32\lsass.exe

[-] 2006-03-02 12:00 13312 35C6463B3C5F62D2B20C953B6E1538E9 c:\windows\system32\dllcache\lsass.exe

 

[-] 2006-03-02 12:00 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\system32\ctfmon.exe

[-] 2006-03-02 12:00 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\system32\dllcache\ctfmon.exe

 

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2006-03-02 12:00 57856 3971289FA7072812CAF4D053BBC6352B c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe

[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\dllcache\spoolsv.exe

 

[-] 2006-03-02 12:00 24576 4CA695EC1EE4C7CF2144DFA00EA0E1F7 c:\windows\system32\userinit.exe

[-] 2006-03-02 12:00 24576 4CA695EC1EE4C7CF2144DFA00EA0E1F7 c:\windows\system32\dllcache\userinit.exe

 

[-] 2006-03-02 12:00 296960 23DFF6DAA7565CC5802E057A6B9F585E c:\windows\system32\termsrv.dll

[-] 2006-03-02 12:00 296960 23DFF6DAA7565CC5802E057A6B9F585E c:\windows\system32\dllcache\termsrv.dll

 

[-] 2006-03-02 12:00 1022464 AD72A244955E89EBBB8FABF02F8041C6 c:\windows\system32\kernel32.dll

[-] 2006-03-02 12:00 1022464 AD72A244955E89EBBB8FABF02F8041C6 c:\windows\system32\dllcache\kernel32.dll

 

[-] 2006-03-02 12:00 17408 0F81EB414DE1D77DD315F4A3D324BC1E c:\windows\system32\powrprof.dll

[-] 2006-03-02 12:00 17408 0F81EB414DE1D77DD315F4A3D324BC1E c:\windows\system32\dllcache\powrprof.dll

 

[-] 2006-03-02 12:00 110080 602B88592E0690D0DFB5E5F44A9EF820 c:\windows\system32\imm32.dll

[-] 2006-03-02 12:00 110080 602B88592E0690D0DFB5E5F44A9EF820 c:\windows\system32\dllcache\imm32.dll

 

[-] 2006-02-21 04:06 3073024 F76CBA0EA024C61E02E77D1B45E06029 c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll

[-] 2006-03-02 12:00 3070464 1099411443B91C238D0B2D0AB721CEB2 c:\windows\system32\mshtml.dll

[-] 2006-03-02 12:00 3070464 1099411443B91C238D0B2D0AB721CEB2 c:\windows\system32\dllcache\mshtml.dll

 

[-] 2006-03-02 12:00 25088 7FC1E330386610D5EB3E7C4C7893CA93 c:\windows\system32\drivers\kbdclass.sys

 

[-] 2006-03-02 12:00 821760 FB93B504600DA3EC407ED0252EEF97AB c:\windows\system32\comres.dll

[-] 2006-03-02 12:00 821760 FB93B504600DA3EC407ED0252EEF97AB c:\windows\system32\dllcache\comres.dll

 

[-] 2006-03-02 12:00 22016 CFFC7F8E8F898BE4561887EF301F8BF3 c:\windows\system32\lpk.dll

[-] 2006-03-02 12:00 22016 CFFC7F8E8F898BE4561887EF301F8BF3 c:\windows\system32\dllcache\lpk.dll

 

[-] 2006-03-02 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys

[-] 2006-03-02 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

 

[-] 2006-03-02 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys

[-] 2006-03-02 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

 

[-] 2004-08-04 01:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\system32\dllcache\aec.sys

[-] 2004-08-04 01:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\system32\drivers\aec.sys

 

[-] 2006-03-02 12:00 924432 168C72C281EC3BE3201AC95F42A577CF c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2006-11-01 19:18 927504 8BB9FCEB8E37EEB36B4012343ACFBE18 c:\windows\system32\mfc40u.dll

[-] 2006-11-01 19:18 927504 8BB9FCEB8E37EEB36B4012343ACFBE18 c:\windows\system32\dllcache\mfc40u.dll

 

[-] 2005-04-28 19:36 396288 A38FDDA0A6FEC3ACAA8511366AACC6A3 c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[-] 2005-07-26 04:29 398336 3EBF666347F1BB6AA9F091C36020A78A c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll

[-] 2006-03-02 12:00 395776 7461E79FD81D467A03CD35091D384D2B c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2005-04-28 19:32 395776 6873FADC8A7E8A2BF7D84EDA5602B2B0 c:\windows\$NtUninstallKB902400$\rpcss.dll

[-] 2005-07-26 04:40 397824 0CBE4D5ABFDB7AD47ABBA899F0EA7D3B c:\windows\system32\rpcss.dll

[-] 2005-07-26 04:40 397824 0CBE4D5ABFDB7AD47ABBA899F0EA7D3B c:\windows\system32\dllcache\rpcss.dll

 

[-] 2006-03-02 12:00 33792 0B572FBB16E7E10D7DAB749CD390017C c:\windows\system32\msgsvc.dll

[-] 2006-03-02 12:00 33792 0B572FBB16E7E10D7DAB749CD390017C c:\windows\system32\dllcache\msgsvc.dll

 

[-] 2006-03-02 12:00 611328 021631D9D0729D9E52300CCEACE4F054 c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2006-08-25 15:49 617472 873E9E5B23D206BE443ABD3CF597C2E8 c:\windows\system32\comctl32.dll

[-] 2006-08-25 15:49 617472 873E9E5B23D206BE443ABD3CF597C2E8 c:\windows\system32\dllcache\comctl32.dll

[-] 2006-03-02 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2006-03-02 12:00 1050624 3680CF24C64348BFDC89E290790398E7 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2006-08-25 15:49 1054208 50141E3C168F02C3920891400CEC9FF4 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

[-] 2006-03-02 12:00 11904 EBD5CF43AD9526EAB9B2A15A54760EA9 c:\windows\system32\drivers\acpiec.sys

 

[-] 2006-03-02 12:00 5120 FA7EE4A359AE09930904881982D22AB8 c:\windows\system32\sfc.dll

[-] 2006-03-02 12:00 5120 FA7EE4A359AE09930904881982D22AB8 c:\windows\system32\dllcache\sfc.dll

 

[-] 2006-03-02 12:00 407040 82777C1BE8E9F0B1574DAC5BC29C7D6F c:\windows\system32\netlogon.dll

[-] 2006-03-02 12:00 407040 82777C1BE8E9F0B1574DAC5BC29C7D6F c:\windows\system32\dllcache\netlogon.dll

 

[-] 2006-03-02 12:00 382464 C1AA680B70BD0771A0850E04C3E634A5 c:\windows\system32\qmgr.dll

[-] 2006-03-02 12:00 382464 C1AA680B70BD0771A0850E04C3E634A5 c:\windows\system32\dllcache\qmgr.dll

 

[-] 2006-03-02 12:00 183808 E95230A31F912E07B19F8335D4DFF110 c:\windows\system32\scecli.dll

[-] 2006-03-02 12:00 183808 E95230A31F912E07B19F8335D4DFF110 c:\windows\system32\dllcache\scecli.dll

 

[-] 2006-03-02 12:00 55808 BD18C87A4E1EA136C44D374296B981DC c:\windows\system32\eventlog.dll

[-] 2006-03-02 12:00 55808 BD18C87A4E1EA136C44D374296B981DC c:\windows\system32\dllcache\eventlog.dll

 

[-] 2006-03-02 12:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\dllcache\asyncmac.sys

[-] 2006-03-02 12:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\drivers\asyncmac.sys

 

[-] 2006-03-02 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\system32\dllcache\ntfs.sys

[-] 2006-03-02 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\system32\drivers\ntfs.sys

 

[-] 2006-03-02 12:00 52736 2E693831AF9D63784F96018CE4E41897 c:\windows\system32\mspmsnsv.dll

[-] 2006-03-02 12:00 52736 2E693831AF9D63784F96018CE4E41897 c:\windows\system32\dllcache\mspmsnsv.dll

 

[-] 2006-03-02 12:00 129536 DA44ACE43CCA958C7917D5115FC4DDEF c:\windows\system32\xmlprov.dll

[-] 2006-03-02 12:00 129536 DA44ACE43CCA958C7917D5115FC4DDEF c:\windows\system32\dllcache\xmlprov.dll

 

[-] 2006-03-02 12:00 60416 7836E32505D817311E8F8384A18C1128 c:\windows\system32\cryptsvc.dll

[-] 2006-03-02 12:00 60416 7836E32505D817311E8F8384A18C1128 c:\windows\system32\dllcache\cryptsvc.dll

 

[-] 2006-03-02 12:00 77312 B90D6814CF36244818E8B4F0A4AC6F84 c:\windows\system32\browser.dll

[-] 2006-03-02 12:00 77312 B90D6814CF36244818E8B4F0A4AC6F84 c:\windows\system32\dllcache\browser.dll

 

[-] 2005-07-08 16:30 249344 F94EBF229DC4A2A74A4CEA0318103FD2 c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

[-] 2006-03-02 12:00 246272 573EFF2DBCAFDA95587FBB9B71F88464 c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2005-07-08 16:29 249344 B28913968868BB0A982A9AF8BDC70677 c:\windows\system32\tapisrv.dll

[-] 2005-07-08 16:29 249344 B28913968868BB0A982A9AF8BDC70677 c:\windows\system32\dllcache\tapisrv.dll

 

[-] 2006-03-02 12:00 247808 DB19E9D916B10319A17572B3E7E63FAC c:\windows\system32\mswsock.dll

[-] 2006-03-02 12:00 247808 DB19E9D916B10319A17572B3E7E63FAC c:\windows\system32\dllcache\mswsock.dll

 

[-] 2005-08-22 18:26 197632 6438135C183474E0DAF0E66D6EAC8D77 c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2006-03-02 12:00 198144 BA900E1190BA4CCD70F218A23DEC89D1 c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2005-08-22 18:34 197632 8F69BA68EFA010E92190167477037FFD c:\windows\system32\netman.dll

[-] 2005-08-22 18:34 197632 8F69BA68EFA010E92190167477037FFD c:\windows\system32\dllcache\netman.dll

 

[-] 2005-07-26 04:29 243200 C330D099CD4D1AAC0E0293C7AEE10566 c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2006-03-02 12:00 243200 74C397E17E946D61012C301186C84124 c:\windows\$NtUninstallKB902400$\es.dll

[-] 2005-07-26 04:40 243200 6EEA45E8A1417C5EB99143D1564B0403 c:\windows\system32\es.dll

[-] 2005-07-26 04:40 243200 6EEA45E8A1417C5EB99143D1564B0403 c:\windows\system32\dllcache\es.dll

 

[-] 2006-03-02 12:00 71680 C6822E1A5DAFDC1F9CCF8CB7B455AB53 c:\windows\system32\ssdpsrv.dll

[-] 2006-03-02 12:00 71680 C6822E1A5DAFDC1F9CCF8CB7B455AB53 c:\windows\system32\dllcache\ssdpsrv.dll

 

[-] 2006-03-02 12:00 185344 6E7F6BAEA10965B2065585149DC5E7E6 c:\windows\system32\upnphost.dll

[-] 2006-03-02 12:00 185344 6E7F6BAEA10965B2065585149DC5E7E6 c:\windows\system32\dllcache\upnphost.dll

 

[-] 2006-03-02 12:00 171008 0B1D7BF8EB2BC685D154CB925F3629CB c:\windows\system32\srsvc.dll

[-] 2006-03-02 12:00 171008 0B1D7BF8EB2BC685D154CB925F3629CB c:\windows\system32\dllcache\srsvc.dll

 

[-] 2006-03-02 12:00 13824 EDE207E8FFBCB3909C078DCB60E29044 c:\windows\system32\wscntfy.exe

[-] 2006-03-02 12:00 13824 EDE207E8FFBCB3909C078DCB60E29044 c:\windows\system32\dllcache\wscntfy.exe

 

[-] 2006-03-02 12:00 437248 BC0F28B3C2AB6ACDA3361721442E4CB7 c:\windows\system32\ntmssvc.dll

[-] 2006-03-02 12:00 437248 BC0F28B3C2AB6ACDA3361721442E4CB7 c:\windows\system32\dllcache\ntmssvc.dll

 

[-] 2006-03-02 12:00 89088 0E5B060277525AA68995EB492FD5CBF3 c:\windows\system32\rasauto.dll

[-] 2006-03-02 12:00 89088 0E5B060277525AA68995EB492FD5CBF3 c:\windows\system32\dllcache\rasauto.dll

 

[-] 2006-03-02 12:00 1548288 1DD4FC7EEE3A45257528A34FDF7BC689 c:\windows\system32\sfcfiles.dll

[-] 2006-03-02 12:00 1548288 1DD4FC7EEE3A45257528A34FDF7BC689 c:\windows\system32\dllcache\sfcfiles.dll

 

[-] 2006-03-02 12:00 192000 C386259AFC206462679867D3ED464C1D c:\windows\system32\schedsvc.dll

[-] 2006-03-02 12:00 192000 C386259AFC206462679867D3ED464C1D c:\windows\system32\dllcache\schedsvc.dll

 

[-] 2006-03-02 12:00 59904 D1F735C4079E58D016C1AA2227C28F47 c:\windows\system32\regsvc.dll

[-] 2006-03-02 12:00 59904 D1F735C4079E58D016C1AA2227C28F47 c:\windows\system32\dllcache\regsvc.dll

 

[-] 2006-12-19 21:48 135168 EEEF999C1F9CA4EA4E256E25301EF177 c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2006-03-02 12:00 134656 5810EFAEA004B3824B0487ECCF2EA32E c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2006-12-19 21:50 134656 A6A09C7E20A53990F941174C414A7E1B c:\windows\system32\shsvcs.dll

[-] 2006-12-19 21:50 134656 A6A09C7E20A53990F941174C414A7E1B c:\windows\system32\dllcache\shsvcs.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 1867776]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"MMTray"="c:\arquivos de programas\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [2000-12-14 102400]

"PowerDVD"="c:\arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe" [2000-02-02 253952]

"XP-F4C47011"="c:\windows\system32\XP-F4C47011.EXE" [2009-08-26 1607535]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-3 113664]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Autodesk\\3dsMax8\\3dsmax.exe"=

"c:\\Arquivos de programas\\Autodesk\\backburner\\monitor.exe"=

"c:\\Arquivos de programas\\Autodesk\\backburner\\manager.exe"=

"c:\\Arquivos de programas\\Autodesk\\backburner\\server.exe"=

 

R1 is-QP37Adrv;is-QP37Adrv;c:\windows\system32\drivers\97478683.sys [26/8/2009 18:31 148496]

R3 dgcodec;dgcodec;c:\windows\system32\drivers\dgcodec.sys [30/3/2007 13:40 3239335]

R3 dgvideo;dgvideo;c:\windows\system32\drivers\dgvideo.sys [30/3/2007 13:40 1246503]

R3 digim2ba;digim2ba;c:\windows\system32\drivers\digim2ba.sys [30/3/2007 13:40 7908]

R3 DigiPnp;DigiPnp;c:\windows\system32\drivers\digipnp.sys [30/3/2007 09:26 7266]

R3 digisclk;digisclk;c:\windows\system32\drivers\digisclk.sys [30/3/2007 13:40 9348]

R3 digismem;digismem;c:\windows\system32\drivers\digismem.sys [30/3/2007 13:40 28868]

R3 digisnif;digisnif;c:\windows\system32\drivers\DIGISNIF.sys [30/3/2007 13:40 80612]

R3 flex3dio;flex3dio;c:\windows\system32\drivers\flex3dio.sys [30/3/2007 13:40 72644]

R3 mvkG550rt;mvkG550rt;c:\windows\system32\drivers\mvkG550rt.sys [30/3/2007 09:26 2990440]

R3 MvkMiniVFX;mvkMiniVFX;c:\windows\system32\drivers\mvkminivfx.sys [30/3/2007 09:26 34955]

R3 mvkRTXio;mvkRTXio;c:\windows\system32\drivers\mvkrtxio.sys [30/3/2007 09:26 64359]

R3 mvkVideoBus;mvkVideoBus;c:\windows\system32\drivers\mvkminicuda.sys [30/3/2007 09:26 48909]

S3 {0ddf2kcce;{0ddf2kcce; [x]

S3 Anrc2htntsb;Anrc2htntsb; [x]

S3 Avc2ac6r;Avc2ac6r; [x]

S3 Digwnsacc;Digwnsacc; [x]

S3 Dvkmixy;Dvkmixy; [x]

S3 Faspppy;Faspppy; [x]

S3 Flteenpmsaia;Flteenpmsaia; [x]

S3 Iaminumeppww;Iaminumeppww;c:\windows\system32\drivers\usbd.sys [2/3/2006 09:00 4736]

S3 Mnnsps5x;Mnnsps5x;c:\windows\system32\drivers\hidclass.sys [2/3/2006 09:00 36224]

S3 Mupaurv;Mupaurv;c:\windows\system32\drivers\disk.sys [2/3/2006 09:00 36352]

S3 Mvgikfrntds;Mvgikfrntds; [x]

S3 Nerelavfmd;Nerelavfmd; [x]

S3 Netpppssm;Netpppssm;c:\windows\system32\drivers\serial.sys [2/3/2006 09:00 65920]

S3 Nvtlovcsn;Nvtlovcsn;c:\windows\system32\grpconv.exe [2/3/2006 09:00 39424]

S3 Pcmecolcdssf;Pcmecolcdssf; [x]

S3 Pcpddrt;Pcpddrt; [x]

S3 Pewupsntsu;Pewupsntsu; [x]

S3 Pfsepilcs;Pfsepilcs; [x]

S3 Qdpipa;Qdpipa;c:\windows\system32\drivers\atmepvc.sys [2/3/2006 09:00 31360]

S3 Qllopsrppw;Qllopsrppw; [x]

S3 Rdcarrtcpr;Rdcarrtcpr; [x]

S3 Rssepmip;Rssepmip; [x]

S3 Stippp;Stippp;c:\windows\system32\drivers\s117bus.sys [14/11/2008 09:50 82984]

S3 Swbideqpcdn;Swbideqpcdn; [x]

S4 Ultstnkm;Ultstnkm; [x]

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-27 15:29

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:8f,b4,ca,d9,75,73,7d,85,db,81,28,85,67,1f,ca,e0,b7,63,e1,c8,40,

7e,b3,1f,a9,a6,e8,42,02,23,40,63,3f,a0,d3,1f,3c,bd,d8,01,d0,04,f3,e1,ad,20,\

 

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:8f,b4,ca,d9,75,73,7d,85,db,81,28,85,67,1f,ca,e0,b7,63,e1,c8,40,

7e,b3,1f,a9,a6,e8,42,02,23,40,63,3f,a0,d3,1f,3c,bd,d8,01,d0,04,f3,e1,ad,20,\

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

c:\arquivos de programas\Matrox X.tools\System\digisc.exe

c:\arquivos de programas\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-08-27 15:31 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-27 18:31

ComboFix2.txt 2009-08-26 21:40

 

Pré-execução: 11 pasta(s) 38.339.768.320 bytes disponíveis

Pós execução: 11 pasta(s) 38.577.700.864 bytes disponíveis

 

309

 

Malwarebytes' Anti-Malware 1.40

Versão do banco de dados: 2551

Windows 5.1.2600 Service Pack 2

 

26/8/2009 17:42:16

mbam-log-2009-08-26 (17-42-16).txt

 

Tipo de Verificação: Completa (A:\|C:\|D:\|E:\|F:\|G:\|V:\|)

Objetos verificados: 159146

Tempo decorrido: 24 minute(s), 37 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 2

Chaves do Registro infectadas: 0

Valores do Registro infectados: 1

Ítens do Registro infectados: 3

Pastas infectadas: 1

Arquivos infectados: 23

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

C:\Documents and Settings\Studio\Dados de aplicativos\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.

C:\WINDOWS\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp-f4c47011 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas infectadas:

C:\Documents and Settings\Studio\Configurações locais\temp\E_4 (Autorun.Worm) -> Delete on reboot.

 

Arquivos infectados:

C:\Documents and Settings\Studio\Dados de aplicativos\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.

C:\WINDOWS\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.

C:\Documents and Settings\Studio\Configurações locais\temp\E_4\com.run (Autorun.Worm) -> Delete on reboot.

C:\Documents and Settings\Studio\Configurações locais\temp\E_4\dp1.fne (Autorun.Worm) -> Delete on reboot.

C:\Documents and Settings\Studio\Configurações locais\temp\E_4\eAPI.fne (Autorun.Worm) -> Delete on reboot.

C:\Documents and Settings\Studio\Configurações locais\temp\E_4\internet.fne (Autorun.Worm) -> Delete on reboot.

C:\Documents and Settings\Studio\Configurações locais\temp\E_4\krnln.fnr (Autorun.Worm) -> Delete on reboot.

C:\Documents and Settings\Studio\Configurações locais\temp\E_4\RegEx.fnr (Autorun.Worm) -> Quarantined and deleted successfully.

C:\Documents and Settings\Studio\Configurações locais\temp\E_4\shell.fne (Autorun.Worm) -> Delete on reboot.

C:\Documents and Settings\Studio\Configurações locais\temp\E_4\spec.fne (Autorun.Worm) -> Quarantined and deleted successfully.

C:\Documents and Settings\Studio\Menu Iniciar\Programas\Inicializar\¡¡¡¡¡¡.lnk (Autorun.Worm) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\XP-F4C47011.EXE (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dp1.fne (Autorun.Worm) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\eAPI.fne (Autorun.Worm) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\internet.fne (Autorun.Worm) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\og.dll (Autorun.Worm) -> Delete on reboot.

C:\WINDOWS\system32\og.EDT (Autorun.Worm) -> Delete on reboot.

C:\WINDOWS\system32\RegEx.fnr (Autorun.Worm) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\shell.fne (Autorun.Worm) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\spec.fne (Autorun.Worm) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ul.dll (Autorun.Worm) -> Delete on reboot.

C:\WINDOWS\system32\com.run (Trojan.Banker) -> Quarantined and deleted successfully.

[Silas Martins 0]

Olá,

A partir de agora não execute nenhuma ferramenta sem minha indicação, caso eu perceba que você executou qualquer ferramenta sem minha indicação me recolho no direito de arquivar o caso.

 

1º Passo

 

O seu programa HijackThis está sendo executado a partir duma localização não recomendável e assim os backups que fizermos não estarão seguros.

 

Antes de iniciarmos a resolução dos problemas do seu PC, necessitamos de corrigir a localização do HijackThis; por favor, faça o seguinte:

• Clique com o botão direito do mouse numa área vazia do seu desktop (área de trabalho).
• Escolha Nova -> Pasta -> escreva HJT e dê o Enter.
• Agora clique direito do mouse em HijackThis.exe, escolha -> cortar
• Clique direito do mouse numa área vazia e escolha colar.
• Agora, clique direito do mouse pasta HJT e escolha -> cortar.
• Clique em -> Iniciar -> O Meu Computador -> clique direito do mouse em -> Disco Local (normalmente C:\) -> Explorar.
• Clique direito do mouse numa área vazia e escolha colar.

 

2º Passo

 

Faça download do '>http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/"]Kaspersky Removal Tool. Salve em seu desktop (área de trabalho).

• Instale o programa normalmente, seguindo todas as instruções.
• Uma pasta chamada Virus Removal Tool será criada no desktop.
• Na tela principal do programa clique na opção Meu computador, Startup objects, Disk boot sectors e depois clique no botão Scan.
• Seja paciente, o scan pode demorar
• Se ele encontrar alguma infecção abrirá uma janela de alerta clique em skip.
• Após completar tudo, clique no botão Reports... e clique em Save to file.
• Dê um nome para o arquivo e salve numa pasta de sua preferência.
• Feche o resultado clicando no X da janela.
• Logo em seguida feche o programa também clicando no X da janela. Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em No. Geralmente os logs são grandes e não cabem na postagem favor upa-lo em http://www.baixa.la

Poste os logs do Kaspersky Removal Tool e hijackthis

Aguardo retorno

[Hermes-Junior 0]

problema resolvido, descobri que o que reiniciava o pc não era virus e sim um capacitor estourado na fonte ai troquei o capacitor e resolvi o problema de reinicializar ai passei o kaspersky removal tools e pronto limpou os arquivos infectados, obrigado pela ajuda.

 

pode fechar o topico

[Silas Martins 0]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.