[Resolvido!] meu pc reinicia quando instalo um antivirus

[DigRam 144]

Boa Tarde! danmex

 

<@> Baixe: < wscntfy.zip >

<@> Retire-o do zip,descompactando-o para a pasta system32.

<@> Reinicie ao concluir!

<><><><><><><><><><>

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><>

<@> Copie estas informações,sob o CODE,para o Bloco de Notas.

 

; VArestorepolicies.inf ; Created by: miekiemoes; http://miekiemoes.blogspot.com/[Version]Signature = "$CHICAGO$"[DefaultInstall]DelReg=Removepolicies[Removepolicies]HKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced",Start_ShowControlPanelHKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced",StartMenuAdminToolsHKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced",Start_ShowRunHKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced",Start_ShowSearchHKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced",Start_ShowHelpHKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced",StartMenuFavoritesHKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced",Start_ShowRecentDocsHKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced",Start_ShowMyDocsHKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced",Start_ShowMyPicsHKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced",Start_ShowMyComputerHKCU,"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced",Start_ShowMyMusicHKCU,"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer",NoToolbarCustomizeHKCU,"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer",NoDrivesHKCU,"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer",StartMenuLogoffHKCU,"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer",NoStartMenuMoreProgramsHKCU,"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer",NoSetFoldersHKCU,"Software\Microsoft\Windows\CurrentVersion\Policies\System",DisableRegistryToolsHKCU,"Software\Microsoft\Windows\CurrentVersion\Policies\System",DisableTaskMgrHKCU,"Software\Microsoft\Windows\CurrentVersion\Policies\System",DisableCMDHKCU,"Software\Microsoft\Windows\CurrentVersion\Policies\System",NoDispCPLHKCU,"Software\Policies\Microsoft\Windows\System",DisableCMDHKCU,"Software\Policies\Microsoft\Internet Explorer\Restrictions",NoBrowserOptions

<@> Em "Salvar como tipo",coloque: "Todos os arquivos"

<@> Em "Nome do arquivo",digite: VArestorepolicies.inf <-- Não esqueça o ( .inf )

<@> Salve-o no desktop.

<@> Agora,siga com sua instalação!

<@> Vá ao arquivo --> Clique direito --> Instalar. <-- Clique esquerdo!

<><><><><><><><><><>

<@> Faça um escaneamento de desinfecção,em: < BitDefender >

<@> Ps: Utilize o navegador Internet Explorer!

<@> Abrirá a página: < BitDefender OnLine Scanner >

 

<@> Clique em: < >

 

<@> Aguarde e aceite a instalação do ActiveX,para que possa ocorrer o scan.

<@> Terminando,poste o relatório: C:\Windows\BDOSCAN8\bdoscan.log <--

 

Abraços!

[danmex 0]

Bom dia DigRam

 

fiz todo procedimento,mas na hora de desinstalar o combofix nao pegou, ele ficou sem carregar (mais de meia hr) tentei por varias vezes o mesmo procedimento eh nada :(

 

mas o restante eu fiz como você pediu

 

aqui esta o log

 

 

 

 

bdoscan.log

 

 

[General]

App = "楂䑴晥湥敤⁲湏楬敮匠慣湮牥 v8"

Date = 21:09:2009

Time = 21:39:54

Scan Path = C:\;D:\;E:\;

 

[Engines Info]

Virus Definitions = 4245212

Engine build = "AVCORE v2.1 Windows/i386 11.0.0.26 (Aug 27 2009)"

Scan plugins = 17

Archive plugins = 44

Unpack plugins = 8

E-mail plugins = 6

System plugins = 4

 

[scan Statistics]

Folders = 4124

Files = 242990

Archives = 10831

Packed files = 18496

Identified viruses = 6

Infected files = 10

Warnings = 0

Suspect files = 0

Disinfected files = 0

Deleted files = 10

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 29

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000028 = "C:\Arquivos de programas\Valve\Steam.dll Infected with: Trojan.Generic.IS.581108"

Line00000027 = "C:\Arquivos de programas\Valve\Steam.dll Deleted"

Line00000026 = "C:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP3\A0000035.exe Infected with: Trojan.Generic.1065512"

Line00000025 = "C:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP3\A0000035.exe Deleted"

Line00000024 = "C:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP3\A0000045.dll Infected with: Trojan.Generic.IS.581108"

Line00000023 = "C:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP3\A0000045.dll Deleted"

Line00000022 = "C:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP6\A0000343.exe=>(Instyler o)=>(Instyler Module 9) Infected with: Trojan.Generic.IS.581108"

Line00000021 = "C:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP6\A0000343.exe=>(Instyler o)=>(Instyler Module 9) Deleted"

Line00000020 = "C:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP6\A0000343.exe=>(Instyler o) Update failed"

Line00000019 = "C:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP6\A0000346.dll Infected with: Trojan.Generic.IS.581108"

Line00000018 = "C:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP6\A0000346.dll Deleted"

Line00000017 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/ACLUI.DLL Infected with: Trojan.Generic.1618691"

Line00000016 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/ACLUI.DLL Deleted"

Line00000015 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso Update failed"

Line00000014 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/CLB.DLL Infected with: Gen:Trojan.Heur.amSfyeNTQWdi"

Line00000013 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/CLB.DLL Disinfection failed"

Line00000012 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/CLB.DLL Deleted"

Line00000011 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso Update failed"

Line00000010 = "D:\DAN ARQUIVOS\donw dan\Adobe Page Maker 7.01.rar=>Adobe Page Maker 7.01\PM7ext.exe Infected with: Gen:Trojan.Heur.YmJerXA@ughIC"

Line00000009 = "D:\DAN ARQUIVOS\donw dan\Adobe Page Maker 7.01.rar=>Adobe Page Maker 7.01\PM7ext.exe Disinfection failed"

Line00000008 = "D:\DAN ARQUIVOS\donw dan\Adobe Page Maker 7.01.rar=>Adobe Page Maker 7.01\PM7ext.exe Deleted"

Line00000007 = "D:\DAN ARQUIVOS\donw dan\Adobe Page Maker 7.01.rar Update failed"

Line00000006 = "D:\Meus documentos\My DAP Downloads\Adobe Page Maker 7.01.rar=>Adobe Page Maker 7.01\PM7ext.exe Infected with: Gen:Trojan.Heur.YmJerXA@ughIC"

Line00000005 = "D:\Meus documentos\My DAP Downloads\Adobe Page Maker 7.01.rar=>Adobe Page Maker 7.01\PM7ext.exe Disinfection failed"

Line00000004 = "D:\Meus documentos\My DAP Downloads\Adobe Page Maker 7.01.rar=>Adobe Page Maker 7.01\PM7ext.exe Deleted"

Line00000003 = "D:\Meus documentos\My DAP Downloads\Adobe Page Maker 7.01.rar Update failed"

Line00000002 = "D:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP3\A0000027.exe Detected with: Application.Findkeyxp.F"

Line00000001 = "D:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP3\A0000027.exe Disinfection failed"

Line00000000 = "D:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP3\A0000027.exe Deleted"

 

 

ABRAÇOS..

PS : me avise se eu puder excluir ou remover otros programas (e logs) q você mandou eu baixar, ou posso fazer isso so quando resolver o problema? ou alguns deles podem me ser uteis para a vida do pc?

[DigRam 144]

Bom Dia! danmex

 

fiz todo procedimento,mas na hora de desinstalar o combofix nao pegou, ele ficou sem carregar (mais de meia hr) tentei por varias vezes o mesmo procedimento eh nada

<!> Será desinstalado por outro(s) procedimento. ( ToolsCleaner )

 

PS : me avise se eu puder excluir ou remover otros programas (e logs) q você mandou eu baixar, ou posso fazer isso so quando resolver o problema? ou alguns deles podem me ser uteis para a vida do pc?

<!> Fique,somente,com a-squared e desinstale Ad-Aware.

<!> Ps: A ferramenta AVPTool indica apenas,verificações em sua unidade D:\. Instale-a em C:\ e repita seu scan,alterando sua configuração em Settings. <-- Change settings

<!> Ps: Busque habilitar,somente,a desinfecção de arquivos. ( disinfect )

<!> Terminando a configuração,dê prosseguimento ao scan.

<!> Ao concluir,poste o relatório.

<><><><><><><><><><>

<@> Baixe: < > (...par A.Rothstein & dj Quiou )

<@> Salve-o no desktop!

<@> Feche programas que estejam abertos,e execute a ferramenta.

<@> Clique no botão Recherche,para iniciar o scan. <-- Aguarde!

<@> Terminando,teremos relacionados os itens que serão removidos.

<@> Clique no botão Supression para remover os itens encontrados.

<@> Clique,à seguir,em Quitter.

<@> Poste o relatório: ( C:\TCleaner.txt ) <--

<><><><><><><><><><>

<@> Baixe: < msconfig.zip >

<@> Descompacte-o para o diretório: C:\WINDOWS\pchealth\helpctr\binaries <--

<><><><><><><><><><>

<@> Baixe: < Runscanner v. 1.8.0.0 >

<@> Salve-o no Disco local(C) ou Desktop.

<@> Descompacte-o e reserve o executável. ( RunScanner.exe )

<@> Abra o programa e,com o botão Expert mode já marcado,clique Ok.

<@> Feche todas as janelas/programas,antes de executar este utilitário.

<@> Rode-o,clicando em Scan computer. --> Aguarde!

<@> Terminando,clique no menu: "Online analysis" <-- Esteja conectado!

<@> Abrirá a página: "online malware analysis report"

<@> Copie o resultado desta análise;Report Url:,para o seu computador. ( report.aspx )

<@> Coloque-o em um zip,dispondo-o no Desktop.

<@> Mantenha a extenção ( .aspx ),ao copiá-lo!

<@> Não desejando a verificação OnLine,salve-o como Arquivo RUN.

<@> Execute-o e,ao terminar,clique em "Save Run File" --> Coloque-o em um zip,dispondo-o na área de trabalho.

<@> Vá,agora,à este endereço: < Badongo >

<@> Faça upload do report.aspx.zip ou runscanner.run,que estão no desktop,para esse servidor. <-- Badongo!

<@> Copie o(s) endereço(s),que lhe serão fornecidos,para este Tópico. ( Report Url: ) ou ( Arquivo RUN )

 

Abraços!

[danmex 0]

Bom dia DigRam..

Bom esse foi o processo mais dificil que ja fiz, nao sei se fiz correto

mas vo postar o que consegui fazer

 

aqui vão os relatorios..

 

relátorio do AVPTOOL

 

Scan

----

Scanned: 52857

Detected: 0

Untreated: 0

Start time: 22/9/2009 19:35:53

Duration: 00:23:24

Finish time: 22/9/2009 19:59:17

 

 

Detected

--------

Status Object

------ ------

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

All objects 52857 0 0 0 0 615 428 0 0

(C:) Disco local 52857 0 0 0 0 615 428 0 0

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Disinfect, do not delete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology Yes

Enable iSwift technology Yes

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

 

 

 

 

 

 

TCleaner.txt

 

[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

 

--> Recherche:

 

C:\HijackThis.exe: trouvé !

C:\hijackthis.log: trouvé !

C:\FindyKill.txt: trouvé !

C:\Qoobox: trouvé !

C:\FindyKill: trouvé !

C:\Documents and Settings\and\Desktop\ComboFix.exe: trouvé !

C:\Qoobox\Quarantine\catchme.log: trouvé !

 

---------------------------------

--> Suppression:

 

C:\HijackThis.exe: supprimé !

C:\Documents and Settings\and\Desktop\ComboFix.exe: supprimé !

C:\hijackthis.log: supprimé !

C:\FindyKill.txt: supprimé !

C:\Qoobox\Quarantine\catchme.log: supprimé !

C:\Qoobox: supprimé !

C:\FindyKill: supprimé !

 

 

eh aqui estão os 2 endereços que você pediu (essa parte eu nao sei se fiz correto =/)

 

report.aspx.zip

http://www.badongo.com/file/17373091

 

 

runscanner0.zip

http://www.badongo.com/file/17373132

 

OBS: por via das duvidas vo postar um log do runscanner

 

runscanner.log

 

Runscanner logfile

 

* = signed file

- = file not found

 

General info

------------

Computer name : CASA

Creation time : 23/9/2009 02:50:43

Hosts <> 127.0.0.1 : 0

Hosts file location : %SystemRoot%\System32\drivers\etc

IE version : 6.0.2900.5512

OS : Microsoft Windows XP

OS Build : 2600

OS SP : Service Pack 3

RunScanner Version : 1.9.0.9

User Language : Português (Brasil)

User rights : Administrator

Windows folder : C:\WINDOWS

 

Running processes

-----------------

* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)

* C:\WINDOWS\system32\services.exe (Microsoft Corporation)

C:\Arquivos de programas\a-squared Free\a2service.exe (Emsi Software GmbH)

* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)

* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

* C:\WINDOWS\system32\RUNDLL32.EXE (Microsoft Corporation)

* C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* c:\windows\System32\smss.exe (Microsoft Corporation)

* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)

C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

* C:\Documents and Settings\and\Desktop\RunScanner.exe (Runscanner.net)

* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)

* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

* C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

 

Unrated items

-------------

002 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)

002 C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

002 C:\WINDOWS\system32\NvCpl.dll (NVIDIA Corporation)

002 C:\WINDOWS\system32\NvMcTray.dll (NVIDIA Corporation)

002 C:\WINDOWS\system32\nwiz.exe

002 C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

003 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

004 C:\ARQUIV~1\VIRUSR~1\is-UBM6P\startup.exe

010 C:\Arquivos de programas\a-squared Free\a2service.exe (a-squared Free Service)

010 C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Display Driver Service)

011 * C:\WINDOWS\system32\DRIVERS\65670948.sys (is-UBM6Pdrv)

011 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (nv)

011 C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Service for Realtek AC97 Audio (WDM))

011 C:\WINDOWS\System32\Drivers\TP6800.sys (USB Video Camera)

011 C:\WINDOWS\system32\DRIVERS\ViPrt.sys (VIA SATA IDE Device Driver)

011 C:\WINDOWS\system32\DRIVERS\ViBus.sys (ViBus)

035 C:\WINDOWS\system32\ieudinit.exe (Microsoft Corporation) <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}

042 C:\WINDOWS\bdoscandel.exe {85d1f590-48f4-11d9-9669-0800200c9a66}

042 C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}

052 GUID / CLSID not found {5C255C8A-E604-49b4-9D64-90988571CECB}

061 C:\Arquivos de programas\a-squared Free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF}

061 C:\WINDOWS\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}

061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}

061 C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}

061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}

061 C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) {FFB699E0-306A-11d3-8BD1-00104B6F7516}

061 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

069 C:\WINDOWS\system32\hpzsnt10.dll (HP)

104 C:\WINDOWS\DOWNLO~1\oscan82.ocx (BitDefender) {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

105 E&xportar para o Microsoft Excel : res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

120 NameServer {300EDF33-DB30-43FA-AC3E-CF080FC6BB5F} : 200.165.132.154

170 {066e2da5-a482-11de-8e1e-0016ec4b124b} : F:\chyw.exe

173 GUID / CLSID not found

173 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

221 GUID / CLSID not found

221 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

223 C:\Arquivos de programas\a-squared Free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF}

225 C:\Arquivos de programas\a-squared Free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF}

225 C:\Arquivos de programas\a-squared Free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF}

225 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

225 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

227 GUID / CLSID not found

227 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

229 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}

229 C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}

251 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

 

Missing files

-------------

011 C:\WINDOWS\system32\drivers\Abiosdsk.sys

011 C:\WINDOWS\system32\drivers\abp480n5.sys

011 C:\WINDOWS\system32\drivers\adpu160m.sys

011 C:\WINDOWS\system32\drivers\Aha154x.sys

011 C:\WINDOWS\system32\drivers\aic78u2.sys

011 C:\WINDOWS\system32\drivers\aic78xx.sys

011 C:\WINDOWS\system32\drivers\AliIde.sys

011 C:\WINDOWS\system32\drivers\amsint.sys

011 C:\WINDOWS\system32\drivers\asc.sys

011 C:\WINDOWS\system32\drivers\asc3350p.sys

011 C:\WINDOWS\system32\drivers\asc3550.sys

011 C:\WINDOWS\system32\drivers\Atdisk.sys

011 C:\ComboFix\catchme.sys

011 C:\WINDOWS\system32\drivers\cd20xrnt.sys

011 C:\WINDOWS\system32\drivers\Changer.sys

011 C:\WINDOWS\system32\drivers\CmdIde.sys

011 C:\WINDOWS\system32\drivers\Cpqarray.sys

011 C:\WINDOWS\system32\drivers\dac2w2k.sys

011 C:\WINDOWS\system32\drivers\dac960nt.sys

011 C:\WINDOWS\system32\drivers\dpti2o.sys

011 C:\WINDOWS\system32\drivers\hpn.sys

011 C:\WINDOWS\system32\drivers\i2omgmt.sys

011 C:\WINDOWS\system32\drivers\i2omp.sys

011 C:\WINDOWS\system32\drivers\ini910u.sys

011 C:\WINDOWS\system32\drivers\IntelIde.sys

011 C:\WINDOWS\system32\drivers\lbrtfdc.sys

011 C:\WINDOWS\system32\drivers\mraid35x.sys

011 C:\WINDOWS\system32\drivers\PCIDump.sys

011 C:\WINDOWS\system32\drivers\PDCOMP.sys

011 C:\WINDOWS\system32\drivers\PDFRAME.sys

011 C:\WINDOWS\system32\drivers\PDRELI.sys

011 C:\WINDOWS\system32\drivers\PDRFRAME.sys

011 C:\WINDOWS\system32\drivers\perc2.sys

011 C:\WINDOWS\system32\drivers\perc2hib.sys

011 C:\WINDOWS\system32\drivers\ql1080.sys

011 C:\WINDOWS\system32\drivers\Ql10wnt.sys

011 C:\WINDOWS\system32\drivers\ql12160.sys

011 C:\WINDOWS\system32\drivers\ql1240.sys

011 C:\WINDOWS\system32\drivers\ql1280.sys

011 C:\WINDOWS\system32\drivers\Simbad.sys

011 C:\WINDOWS\system32\drivers\Sparrow.sys

011 C:\WINDOWS\system32\drivers\sym_hi.sys

011 C:\WINDOWS\system32\drivers\sym_u3.sys

011 C:\WINDOWS\system32\drivers\symc810.sys

011 C:\WINDOWS\system32\drivers\symc8xx.sys

011 C:\WINDOWS\system32\drivers\TosIde.sys

011 C:\WINDOWS\system32\drivers\ultra.sys

011 C:\WINDOWS\system32\drivers\WDICA.sys

052 C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

061 deskpan.dll

214

 

Obrigado e Abraços

[DigRam 144]

Bom Dia! danmex

 

Bom esse foi o processo mais dificil que ja fiz, nao sei se fiz correto

mas vo postar o que consegui fazer

<!> Até agora,voçê foi o 2° usuário à cumprir corretamente,a postagem do arquivo RUN.

<!> Vai aqui o link,para efeito de pesquisas,ao report.aspx: < http://www.runscanner.net/report.aspx?report=f0b491a3-6cee-4533-b87e-20d539c5c38b >

 

OBS: por via das duvidas vo postar um log do runscanner

<!> :thumbsup: :thumbsup: Os emoticons já dizem tudo!! Pois permitiu-me editar procedimentos seguros de remoções. Aonde,tudo que estiver assinalado em vermelho,será removido.

<!> Já os que estão destacados na cor laranja,pedem seus arquivos. Principalmente,os que fazem parte do sistema. ( Windows )

<!> Ps: O fileinfector,corrompeu serviços essenciais,que deverão ser reparados. ( BITS/WUAUSERV )

<><><><><><><><><><>

<@> Reinicie em Modo de Segurança.

<@> Escolha,para algumas alterações,a conta Administrador.

<@> Vá em Iniciar --> Executar --> Digite: regedit --> OK.

<@> Estando no "Editor do Registro",navegue até a chave: HKey_Local_Machine --> System --> CurrentControlSet --> Services

<@> Altere as permissões,para Administrador,em "Bits" e "Wuauserv".

<@> Permita "Controle total" e "Leitura",para os mesmos,incluindo a subchave "Parâmetros".

<@> Altere os valores: "%fystemroot%" para "%SystemRoot%"

<@> Salve essas alterações e reinicie o computador!

 

Item: 010 HKLM\SYSTEM\CurrentControlSet\Services (Services)

Description: Serviço de transferência inteligente de plano de fundo

Path: %fystemRoot%\system32\svchost.exe

MD5: File not found

FileDescription: svchost.exe

Registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS

Certificate: File not found

 

Item: 010 HKLM\SYSTEM\CurrentControlSet\Services (Services)

Description: Atualizações Automáticas

Path: %fystemroot%\system32\svchost.exe

MD5: File not found

FileDescription: svchost.exe

Registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv

Certificate: File not found

.....................................

.....................................

<@> Àcima,temos indicações das corrupções sofridas por BITS e WUAUSERV.

<@> Caso não tenha êxito,no reparo,pode incluí-los nas remoções.

<><><><><><><><><><>

<@> Execute,novamente,RunScanner.

<@> Clique,com o direito do Mouse,nas linhas destacadas em vermelho.

<@> Clique em: Mark/unmark item Space

<@> Clique na aba: Item fixer --> Fix selected items.

<@> Na mensagem,dê o OK.

<@> Em Information,confirme!

<@> Clique em Unrated items,para confirmar-mos as remoções efetuadas.

<@> Ps: Se optar pela remoção das linhas que indicam serviços/drivers,tenha em mãos o CD do Windows,para o devido reparo.

<@> Poste,após os procedimentos: runscanner.run <-- Arquivo RUN.

 

Abraços!

[danmex 0]

Bom dia DigRam..

primeiramente gostaria de lhe informar que esse processo aqui :

 

"<@> Reinicie em Modo de Segurança.

<@> Escolha,para algumas alterações,a conta Administrador.

<@> Vá em Iniciar --> Executar --> Digite: regedit --> OK.

<@> Estando no "Editor do Registro",navegue até a chave: HKey_Local_Machine --> System --> CurrentControlSet --> Services

<@> Altere as permissões,para Administrador,em "Bits" e "Wuauserv".

<@> Permita "Controle total" e "Leitura",para os mesmos,incluindo a subchave "Parâmetros".

<@> Altere os valores: "%fystemroot%" para "%SystemRoot%"

<@> Salve essas alterações e reinicie o computador!"

 

 

entrei no modo seguro > administrador..

fui conferir no meu pc eh ja estava tudo OK

estava tudo marcado ja, e o ""%SystemRoot%" ja estava la tambem..

 

EH AQUI está a URL que você pediu

 

runscanner.run

 

http://www.badongo.com/file/17395260

 

 

 

eh aqui vai o log..

 

Runscanner logfile

 

* = signed file

- = file not found

 

General info

------------

Computer name : CASA

Creation time : 24/9/2009 03:03:40

Hosts <> 127.0.0.1 : 0

Hosts file location : %SystemRoot%\System32\drivers\etc

IE version : 7.0.5730.13

OS : Microsoft Windows XP

OS Build : 2600

OS SP : Service Pack 3

RunScanner Version : 1.9.0.9

User Language : Português (Brasil)

User rights : Administrator

Windows folder : C:\WINDOWS

 

Running processes

-----------------

* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)

* C:\WINDOWS\system32\services.exe (Microsoft Corporation)

C:\Arquivos de programas\a-squared Free\a2service.exe (Emsi Software GmbH)

* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)

* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

* C:\WINDOWS\system32\RUNDLL32.EXE (Microsoft Corporation)

* C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)

* c:\windows\System32\smss.exe (Microsoft Corporation)

* C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)

C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

* C:\Documents and Settings\and\Desktop\RunScanner.exe (Runscanner.net)

* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)

* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

* C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation)

 

Unrated items

-------------

002 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)

002 C:\WINDOWS\system32\NvCpl.dll (NVIDIA Corporation)

002 C:\WINDOWS\system32\NvMcTray.dll (NVIDIA Corporation)

002 C:\WINDOWS\system32\nwiz.exe

002 C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

003 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

004 C:\ARQUIV~1\VIRUSR~1\is-UBM6P\startup.exe

010 C:\Arquivos de programas\a-squared Free\a2service.exe (a-squared Free Service)

010 C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Display Driver Service)

011 * C:\WINDOWS\system32\DRIVERS\65670948.sys (is-UBM6Pdrv)

011 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (nv)

011 C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Service for Realtek AC97 Audio (WDM))

011 C:\WINDOWS\System32\Drivers\TP6800.sys (USB Video Camera)

011 C:\WINDOWS\system32\DRIVERS\ViPrt.sys (VIA SATA IDE Device Driver)

011 C:\WINDOWS\system32\DRIVERS\ViBus.sys (ViBus)

042 C:\WINDOWS\bdoscandel.exe {85d1f590-48f4-11d9-9669-0800200c9a66}

042 C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}

061 C:\Arquivos de programas\a-squared Free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF}

061 C:\WINDOWS\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}

061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}

061 C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}

061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}

061 C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) {FFB699E0-306A-11d3-8BD1-00104B6F7516}

061 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

069 C:\WINDOWS\system32\hpzsnt10.dll (HP)

104 C:\WINDOWS\DOWNLO~1\oscan82.ocx (BitDefender) {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

105 E&xportar para o Microsoft Excel : res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

120 NameServer {300EDF33-DB30-43FA-AC3E-CF080FC6BB5F} : 200.165.132.154

170 {066e2da5-a482-11de-8e1e-0016ec4b124b} : F:\chyw.exe

173 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

221 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

223 C:\Arquivos de programas\a-squared Free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF}

225 C:\Arquivos de programas\a-squared Free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF}

225 C:\Arquivos de programas\a-squared Free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF}

225 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

225 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

227 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

229 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}

229 C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}

251 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

 

Missing files

-------------

011 C:\WINDOWS\system32\drivers\Abiosdsk.sys

011 C:\WINDOWS\system32\drivers\abp480n5.sys

011 C:\WINDOWS\system32\drivers\adpu160m.sys

011 C:\WINDOWS\system32\drivers\Aha154x.sys

011 C:\WINDOWS\system32\drivers\aic78u2.sys

011 C:\WINDOWS\system32\drivers\aic78xx.sys

011 C:\WINDOWS\system32\drivers\AliIde.sys

011 C:\WINDOWS\system32\drivers\amsint.sys

011 C:\WINDOWS\system32\drivers\asc.sys

011 C:\WINDOWS\system32\drivers\asc3350p.sys

011 C:\WINDOWS\system32\drivers\asc3550.sys

011 C:\WINDOWS\system32\drivers\Atdisk.sys

011 C:\WINDOWS\system32\drivers\cd20xrnt.sys

011 C:\WINDOWS\system32\drivers\CmdIde.sys

011 C:\WINDOWS\system32\drivers\Cpqarray.sys

011 C:\WINDOWS\system32\drivers\dac2w2k.sys

011 C:\WINDOWS\system32\drivers\dac960nt.sys

011 C:\WINDOWS\system32\drivers\dpti2o.sys

011 C:\WINDOWS\system32\drivers\hpn.sys

011 C:\WINDOWS\system32\drivers\i2omp.sys

011 C:\WINDOWS\system32\drivers\ini910u.sys

011 C:\WINDOWS\system32\drivers\IntelIde.sys

011 C:\WINDOWS\system32\drivers\mraid35x.sys

011 C:\WINDOWS\system32\drivers\perc2.sys

011 C:\WINDOWS\system32\drivers\perc2hib.sys

011 C:\WINDOWS\system32\drivers\ql1080.sys

011 C:\WINDOWS\system32\drivers\Ql10wnt.sys

011 C:\WINDOWS\system32\drivers\ql12160.sys

011 C:\WINDOWS\system32\drivers\ql1240.sys

011 C:\WINDOWS\system32\drivers\ql1280.sys

011 C:\WINDOWS\system32\drivers\Simbad.sys

011 C:\WINDOWS\system32\drivers\Sparrow.sys

011 C:\WINDOWS\system32\drivers\sym_hi.sys

011 C:\WINDOWS\system32\drivers\sym_u3.sys

011 C:\WINDOWS\system32\drivers\symc810.sys

011 C:\WINDOWS\system32\drivers\symc8xx.sys

011 C:\WINDOWS\system32\drivers\TosIde.sys

011 C:\WINDOWS\system32\drivers\ultra.sys

 

 

ABraços ;)

[DigRam 144]

Bom Dia! danmex

 

entrei no modo seguro > administrador..

fui conferir no meu pc eh ja estava tudo OK

estava tudo marcado ja, e o ""%SystemRoot%" ja estava la tambem..

<!> Sim! Está tudo Ok,aonde o relatório infectado foi corrigido. Investigarei o fato e,posteriormente,lhe comunico por MP.

<!> Editei no Post anterior,a remoção do Item 170 que será feita por runscanner.

<!> Ps: Não há necessidade de postar relatório,após essa remoção.

<!> Provavelmente,seus problemas com o infector tiveram origem em um pendrive infectado.

<!> Ps: Recomendo a formatação ou descarte dessa unidade removível.

<><><><><><><><><><><>

<@> Baixe: < UsbFix > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-a em Arquivos de programas!

<@> Desabilite seu antivírus!

<@> Instale e execute a ferramenta,com um duplo-clique em: < >

<@> Nas opções da língua,escolha "PT-BR" --> Enter.

<@> Escolha a opção 2: 2. Suppression des fichiers infectieux --> Aperte Enter.

 

< >

 

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

 

< >

 

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado.

 

Abraços!

[danmex 0]

bom dia digRam

 

aqui vao os relatorios

 

usbfix.txt

 

############################## | UsbFix V6.036 |

 

User : and (Administradores) # CASA

Update on 21/09/2009 by Chiquitine29, C_XX & Chimay8

Start at: 12:42:41 | 24/9/2009

Website : http://pagesperso-orange.fr/NosTools/index.html

 

Intel® Pentium® 4 CPU 3.00GHz

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 7.0.5730.13

Windows Firewall Status : Disabled

 

C:\ -> Disco fixo local # 14,65 Go (2,5 Go free) # NTFS

D:\ -> Disco fixo local # 134,39 Go (71 Go free) [documentos] # NTFS

E:\ -> Disco CD-ROM

 

############################## | Processos activos |

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\logonui.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\rundll32.exe

 

################## | Ficheiros # pastas infeciosos |

 

 

################## | Registro # Chaves Run infectieuses |

 

Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoResolveSearch"

 

################## | Registro # Mountpoints2 |

 

Supprimido ! HKCU\...\Explorer\MountPoints2\{066e2da5-a482-11de-8e1e-0016ec4b124b}\Shell\AutoRun\Command

 

################## | Listing |

 

[14/09/2009 22:34|--a------|0] C:\AUTOEXEC.BAT

[17/09/2009 22:14|-rahs----|281] C:\boot.ini

[14/04/2008 04:00|-rahs----|4952] C:\Bootfont.bin

[14/09/2009 22:34|--a------|0] C:\CONFIG.SYS

[24/09/2009 02:22|--a------|1777] C:\hpfr3840.log

[14/09/2009 22:34|-rahs----|0] C:\IO.SYS

[14/09/2009 22:34|-rahs----|0] C:\MSDOS.SYS

[14/04/2008 04:00|-rahs----|47564] C:\NTDETECT.COM

[14/04/2008 04:00|-rahs----|251696] C:\ntldr

[23/09/2009 02:27|--a------|131072] C:\ntldr.srm

[?|?|?] C:\pagefile.sys

[24/09/2009 02:16|--a------|14127] C:\SAFEBOOT_REPAIR.TXT

[22/09/2009 20:09|--a------|637] C:\TCleaner.txt

[24/09/2009 12:44|--a------|2448] C:\UsbFix.txt

[22/09/2009 12:22|--a--c---|169472] D:\aquanorte.doc

[11/07/2009 09:55|--a--c---|81] D:\ass. philips.txt

 

################## | Vaccinação |

 

# C:\autorun.inf -> Folder created by UsbFix.

# D:\autorun.inf -> Folder created by UsbFix.

 

################## | ! Fim do relatório # UsbFix V6.036 ! |

 

 

 

 

 

hijackthis.log

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:52:06, on 24/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\and\CONFIG~1\Temp\Rar$EX00.953\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: is-UBM6P.lnk = C:\Arquivos de programas\Virus Removal Tool\is-UBM6P\startup.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{300EDF33-DB30-43FA-AC3E-CF080FC6BB5F}: NameServer = 200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5243 bytes

 

 

ABRAÇos

[DigRam 144]

Boa Tarde! danmex

 

<@> Abra a pasta Virus Removal Tool. ( Ps: Estará no desktop! )

<@> Duplo-clique sobre o arquivo: unins000.exe <--

<@> Clique em OK duas vezes.

<@> O computador será reiniciado.

<><><><><><><><><><>

<@> Para desinstalar o UsbFix,basta escolher a opção 5,durante seu procedimento.

<><><><><><><><><><>

<@> Voçê está sem antivírus!

<@> Baixe: < Avira > ( Avira AntiVir Personal - FREE Antivirus )

<@> Instale o programa --> Atualize-o! --> Configure-o --> Execute-o!

<@> Temos aqui,um bom Tutorial: < Tutorial do Avira Antivir 9 free >

<@> Caso queira,poste o relatório!

<><><><><><><><><><>

<@> Estando tudo Ok,crie um ponto limpo na Restauração do Sistema.

<@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok.

<@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok.

<@> Para maiores detalhes,leia o Tutorial: < Link >

<><><><><><><><><><>

<!> Seu log está limpo! :bye:

<!> Tudo Ok?

 

Abraços!

[danmex 0]

Boa Noite DigRAm

 

Bom primeiramente gostaria so de agradecer ao site,que e maravilhoso muito util, eh q tem varias pessoas responsaveis, administrando ele.. E Principalmente a voce DIGRAM, obrigado por tudo,por sua paciencia,por explicar passso a passo oq deveria fazer.. estou muito satisfeito..

 

Muito Obrigado

o PC está otimo

 

Abraços...

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.