Dom Luiz 0 Denunciar post Postado Setembro 18, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:12:22, on 18/9/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe C:\WINDOWS\system32\dotnet.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\drbplg.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\msnsky.exe C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe C:\Arquivos de programas\RALINK\Common\RaUI.exe C:\WINDOWS\system32\wuauclt.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\ARQUIV~1\Crawler\Toolbar\CToolbar.exe C:\Arquivos de programas\Java\jre6\bin\java.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\ARQUIV~1\SPEEDB~1\vaproxy.pac R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [systech] C:\WINDOWS\system32\dotnet.exe -runservice O4 - HKLM\..\Run: [] C:\WINDOWS\system32\drbplg.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skinClock] D:\Meus Documentos\DRIVERS\571AAC\Atomic Alarm Clock v5.5\Crack\AtomicAlarmClock.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [selftops] C:\WINDOWS\system32\medcto.exe O4 - HKCU\..\Run: [agentsvrs.exe] C:\Arquivos de programas\Internet Explorer\agentsvrs.exe O4 - HKCU\..\Run: [xpnetdiaj.exe] C:\Arquivos de programas\Internet Explorer\xpnetdiaj.exe O4 - HKCU\..\Run: [star1] C:\WINDOWS\system32\Winrun.exe O4 - HKCU\..\Run: [star2] C:\WINDOWS\system32\ischot.exe O4 - HKCU\..\Run: [star3] C:\WINDOWS\system32\Xred1.exe O4 - HKCU\..\Run: [star4] C:\WINDOWS\system32\Zred2.exe O4 - HKCU\..\Run: [star6] C:\WINDOWS\system32\MscheldB.exe O4 - HKCU\..\Run: [star7] C:\WINDOWS\system32\Mscheldncx.exe O4 - HKCU\..\Run: [star8] C:\WINDOWS\system32\svscheld.exe O4 - HKCU\..\Run: [msnsky.exe] C:\WINDOWS\system32\msnsky.exe O4 - HKCU\..\Run: [nod32kut.exe] C:\WINDOWS\system32\nod32kut.exe O4 - HKCU\..\Run: [C:\WINDOWS\system32\goodtour1.exe] C:\WINDOWS\system32\goodtour1.exe O4 - HKCU\..\Run: [C:\WINDOWS\system32\goodtour2.exe] C:\WINDOWS\system32\goodtour2.exe O4 - HKCU\..\Run: [C:\WINDOWS\system32\goodtour3.exe] C:\WINDOWS\system32\goodtour3.exe O4 - HKCU\..\Run: [guetsbooks] C:\WINDOWS\system32\flammentos.exe O4 - HKCU\..\Run: [gebariastoTnT] C:\Arquivos de programas\Internet Explorer\javawins.exe O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/PopularScreenSaversInitialSetup1.0.1.1.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe -- End of file - 8665 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Setembro 19, 2009 Boa tarde! Dom Luiz. 1) Etapa. • Baixe: < '>http://eric.71.mespages.googlepages.com/ToolBarSD.exe"]ToolBar S&D > • Salve-o no Disco Local-C, em uma pasta própria. • Reinicie o computador, em Modo de Segurança. <-- Importante! • Execute o programa, e à seguir, aperte o "p" --> Enter --> Ok. • Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde! • Terminando, poste o relatório. ( C:\ToolBar SD\TB_1.txt ) 2) Etapa. Baixe o Malwarebytes dê um destes locais abaixo: Link 1 Link 2 -- Salve o programa no seu Desktop (área de trabalho) • Dê um duplo clique no programa para executá-lo. • Atualize o programa Malwarebytes. • Escolha a Verificação Completa (Tenha paciência, é um pouco demorado) • Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta. • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log. • Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante). • O log do programa será aberto automaticamente para você. 3) Etapa. • Baixe: < ComboFix.exe > • Salve-o no Desktop! • Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) • Feche todas as janelas e execute a ferramenta! • Na solicitação: "Negação de garantia de software" --> Clique em Sim! • Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.-- Salve-a no desktop,renomeada como: Kombo.exe -- Ps: Nomeie durante o salvamento,e não após salvá-la! -- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. -- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! -- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas. • Abrir-se-á a janela Auto Scan. --> Aguarde! • Àfim de completar as remoções,o ComboFix poderá reiniciar o computador. • Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter. • Aguarde a conclusão! • Durante o scan,evite manusear o mouse ou teclado! <-- Importante! • Para parar ou sair do ComboFix,tecle "N" --> Enter. ---------------------- • Terminando,poste os relatórios: C:\ComboFix.txt Na sua próxima resposta, poste o(s) log(s) do(s) programa(s): Hijackthis ToolBar S&D Malwarebytes ComboFix Abraços Compartilhar este post Link para o post Compartilhar em outros sites
Dom Luiz 0 Denunciar post Postado Setembro 20, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:49:08, on 19/9/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe C:\WINDOWS\system32\dotnet.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\TUProgSt.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\Arquivos de programas\RALINK\Common\RaUI.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\ADMIN.GT-01\Configurações locais\Temporary Internet Files\Content.IE5\5SKVRACG\SetupOneCare[1].exe d:\011687b31ce0f82a2c08\ocsetup.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\ARQUIV~1\SPEEDB~1\vaproxy.pac R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [systech] C:\WINDOWS\system32\dotnet.exe -runservice O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skinClock] D:\Meus Documentos\DRIVERS\571AAC\Atomic Alarm Clock v5.5\Crack\AtomicAlarmClock.exe O4 - HKCU\..\Run: [guetsbooks] C:\WINDOWS\system32\flammentos.exe O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKCU\..\Run: [msnmsgr] ~"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe -- End of file - 6201 bytes a ola ai esta os popst que você me pedio Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:49:08, on 19/9/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe C:\WINDOWS\system32\dotnet.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\TUProgSt.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\Arquivos de programas\RALINK\Common\RaUI.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\ADMIN.GT-01\Configurações locais\Temporary Internet Files\Content.IE5\5SKVRACG\SetupOneCare[1].exe d:\011687b31ce0f82a2c08\ocsetup.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\ARQUIV~1\SPEEDB~1\vaproxy.pac R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [systech] C:\WINDOWS\system32\dotnet.exe -runservice O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skinClock] D:\Meus Documentos\DRIVERS\571AAC\Atomic Alarm Clock v5.5\Crack\AtomicAlarmClock.exe O4 - HKCU\..\Run: [guetsbooks] C:\WINDOWS\system32\flammentos.exe O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKCU\..\Run: [msnmsgr] ~"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe -- End of file - 6201 bytes ----------------------- -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2160 @ 1.80GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : ADMIN ( Administrator ) BOOT : Fail-safe boot Antivirus : avast! antivirus 4.8.1335 [VPS 090919-0] 4.8.1335 (Activated) C:\ (Local Disk) - NTFS - Total:72 Go (Free:23 Go) D:\ (Local Disk) - NTFS - Total:76 Go (Free:73 Go) F:\ (CD or DVD) G:\ (USB) H:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [2] ( s b 19/09/2009|19:13 ) -----------\\ REMOVIDOS Deletado! - C:\Arquivos de programas\AskBarDis\bar Deletado! - C:\Arquivos de programas\AskBarDis\PopSwatter Deletado! - C:\Arquivos de programas\AskBarDis\unins000.dat Deletado! - C:\Arquivos de programas\AskBarDis\unins000.exe Deletado! - C:\DOCUME~1\ADMIN~1.GT-\Cookies\admin@crawler[2].txt Deletado! - C:\DOCUME~1\ADMIN~1.GT-\Cookies\admin@www.crawler[2].txt Deletado! - C:\DOCUME~1\ADMIN~1.GT-\Cookies\admin@mywebsearch[1].txt Deletado! - C:\WINDOWS\iun6002.exe Deletado! - C:\Arquivos de programas\Mozilla Firefox\searchplugins\crawlersrch.xml Deletado! - C:\Arquivos de programas\AskBarDis -----------\\ Procura por Arquivos / Ficheiros ... -----------\\ Extensions (ADMIN) - {7CEA821D-3DAB-4238-B424-BF7324531750} => s3fox (ADMIN.GT-01) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user (ADMIN.GT-01) - {EEE6C361-6118-11DC-9C72-001320C79847} => sweetim-toolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.google.com.br/" "Url"="http://go.microsoft.com/fwlink/?LinkId=75723" "Url"="http://go.microsoft.com/fwlink/?LinkId=75724" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" "CustomizeSearch"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "SearchAssistant"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" --------------------\\ Procurando por outras infecções --------------------\\ Cracks & Keygens .. C:\DOCUME~1\ADMIN~1.GT-\Meus documentos\LimeWire\Incomplete\Driver Genius Pro 2008 v8.0.316+Keygen-HeartBug C:\DOCUME~1\ADMIN~1.GT-\Meus documentos\LimeWire\Incomplete\Driver Genius Pro 2008 v8.0.316+Keygen-HeartBug.fastresume C:\DOCUME~1\ADMIN~1.GT-\Meus documentos\LimeWire\Incomplete\Driver Genius Pro 2008 v8.0.316+Keygen-HeartBug.torrent C:\DOCUME~1\ADMIN~1.GT-\Meus documentos\LimeWire\Incomplete\Driver Genius Pro 2008 v8.0.316+Keygen-HeartBug\Keygen C:\DOCUME~1\ADMIN~1.GT-\Meus documentos\LimeWire\Incomplete\Driver Genius Pro 2008 v8.0.316+Keygen-HeartBug\setup.exe C:\DOCUME~1\ADMIN~1.GT-\Meus documentos\LimeWire\Incomplete\Driver Genius Pro 2008 v8.0.316+Keygen-HeartBug\Keygen\keygen.exe C:\DOCUME~1\ADMIN~1.GT-\Meus documentos\luiz carlos\Malwarebytes Anti-Malware v1.36\keygen C:\DOCUME~1\ADMIN~1.GT-\Meus documentos\luiz carlos\Malwarebytes Anti-Malware v1.36\keygen\crd.exe C:\DOCUME~1\ADMIN~1.GT-\Meus documentos\luiz carlos\Malwarebytes Anti-Malware v1.36\keygen\file_id.diz C:\DOCUME~1\ADMIN~1.GT-\Meus documentos\luiz carlos\Malwarebytes Anti-Malware v1.36\keygen\kg.exe C:\DOCUME~1\ADMIN~1.GT-\Meus documentos\luiz carlos\TuneUpUtilities20098.0.3000.20.Serials\Crack C:\DOCUME~1\ADMIN~1.GT-\Meus documentos\luiz carlos\TuneUpUtilities20098.0.3000.20.Serials\Crack\Serial.txt C:\DOCUME~1\ADMIN~1.GT-\Recent\Crack.lnk C:\DOCUME~1\ADMIN~1.GT-\Recent\keygen.lnk 1 - "C:\ToolBar SD\TB_1.txt" - s b 19/09/2009|18:54 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - s b 19/09/2009|19:16 - Option : [2] -----------\\ Verificação completa em 19:16:53,01 -------------------------- não localizei o log do combo fix Compartilhar este post Link para o post Compartilhar em outros sites
Dom Luiz 0 Denunciar post Postado Setembro 20, 2009 o post do malwere Malwarebytes' Anti-Malware 1.41 Versão do banco de dados: 2775 Windows 5.1.2600 Service Pack 2 19/9/2009 17:08:46 mbam-log-2009-09-19 (17-08-46).txt Tipo de Verificação: Rápida Objetos verificados: 109967 Tempo decorrido: 17 minute(s), 59 second(s) Processos da Memória infectados: 1 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 42 Valores do Registro infectados: 9 Ítens do Registro infectados: 4 Pastas infectadas: 0 Arquivos infectados: 12 Processos da Memória infectados: C:\WINDOWS\system32\drbplg.exe (Trojan.Agent) -> Unloaded process successfully. Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{973bacd3-19bb-48fe-ac86-487e4f4a8f0f} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Explorer (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valores do Registro infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\(default) (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Agentsvrs.exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gebariastoTnT (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xpnetdiaj.exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully. Ítens do Registro infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\Arquivos de programas\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drbplg.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\javaplugs.cpl (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\KB903320.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\KB923321.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\javaplugt.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Arquivos de programas\Internet Explorer\javawisx.exe (Trojan.Banker) -> Quarantined and deleted successfully. C:\autorun.inf (SuspectAutorun.Rootdrive.H) -> Quarantined and deleted successfully. C:\WINDOWS\winmem.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully. C:\WINDOWS\control.ctr (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\zUptPitu.dt (Malware.Trace) -> Quarantined and deleted successfully. Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Setembro 20, 2009 O log do comboFix se encontra em C:\ComboFix.txt, por favor poste-o na sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Dom Luiz 0 Denunciar post Postado Outubro 14, 2009 eu não consigo rodar o combofix, quando ele começa a rodar o pc aparece uma tela azul, eu tentei rodar ele no modo de segurança mas não gerou o log oque eu faço Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Outubro 15, 2009 Faça o download de DDS e salve no desktop: http://download.bleepingcomputer.com/sUBs/dds.scr • Temporariamente desative os seus programas de proteção. • Duplo clique em dds.scr. • Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde! • Quando terminar, o DDS.txt irá abrir. • Surgirá também uma nova caixa "D.D.S - Optional_Scan", clique em Não. • Salve o resultado e cole-o na sua próxima resposta Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Novembro 17, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites