[Arquivado] Central Segurança não inicia

[brunohenriquesc 0]

Boa Tarde,

 

http://www.virustotal.com/pt/analisis/ea25afa088e47cb1bfa985f110927e88326f75b060d0c58405c211d5416b4dff-1263746994

--não conheço aquela porta

 

o pc continua lento e travando com muitas coisas abertas..

 

ComboFix

ComboFix 10-01-27.02 - luis 27/01/2010  17:08:50.3.2 - x86Microsoft Windows XP Professional  5.1.2600.3.1252.55.1046.18.1279.983 [GMT -2:00]Executando de: c:\documents and settings\luis\Desktop\ComboFix.exeComandos utilizados :: c:\documents and settings\luis\Desktop\CFScript.txtAV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FILE ::"c:\docume~1\luis\CONFIG~1\Temp\00000bc9.nmc\nse\bin\nsak.sys".[i] ADS - drivers: deleted 204 bytes in 1 streams. [/i](((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))..(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_NSAK-------\Service_nsak((((((((((((((((   Arquivos/Ficheiros criados de 2009-12-27 to 2010-01-27  )))))))))))))))))))))))))))).2010-01-27 02:55 . 2010-01-27 03:02	--------	d-----w-	c:\arquivos de programas\Unlocker2010-01-27 00:39 . 2010-01-27 00:39	--------	d-----w-	c:\documents and settings\luis\Dados de aplicativos\PLO2010-01-26 21:27 . 2010-01-26 21:27	--------	d-----w-	c:\arquivos de programas\PhotoFiltre2010-01-26 18:47 . 2010-01-26 18:48	--------	d-----r-	c:\documents and settings\LocalService\Meus documentos2010-01-26 17:53 . 2010-01-26 17:53	2560	----a-w-	c:\windows\system32\drivers\mchInjDrv.sys2010-01-26 17:51 . 2010-01-26 18:50	--------	d---a-w-	c:\documents and settings\All Users\Dados de aplicativos\TEMP2010-01-26 17:49 . 2010-01-26 17:50	--------	d-----w-	c:\documents and settings\luis\Dados de aplicativos\PhotoFiltre2010-01-25 17:55 . 2010-01-25 17:55	--------	d-----w-	c:\documents and settings\luis\Dados de aplicativos\Malwarebytes2010-01-25 17:55 . 2010-01-25 17:55	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes2010-01-25 14:22 . 2010-01-18 23:42	19024	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys2010-01-25 14:22 . 2010-01-19 13:13	162640	----a-w-	c:\windows\system32\drivers\aswSP.sys2010-01-25 14:22 . 2010-01-18 23:43	23248	----a-w-	c:\windows\system32\drivers\aswRdr.sys2010-01-25 14:22 . 2010-01-18 23:46	46544	----a-w-	c:\windows\system32\drivers\aswTdi.sys2010-01-25 14:22 . 2010-01-18 23:43	100304	----a-w-	c:\windows\system32\drivers\aswmon2.sys2010-01-25 14:22 . 2010-01-18 23:42	94672	----a-w-	c:\windows\system32\drivers\aswmon.sys2010-01-25 14:22 . 2010-01-18 23:42	28240	----a-w-	c:\windows\system32\drivers\aavmker4.sys2010-01-25 14:22 . 2010-01-18 23:57	38848	----a-w-	c:\windows\system32\avastSS.scr2010-01-25 14:22 . 2010-01-18 23:56	152672	----a-w-	c:\windows\system32\aswBoot.exe2010-01-25 14:21 . 2010-01-25 14:21	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Alwil Software2010-01-25 14:00 . 2010-01-27 02:51	--------	d-----w-	C:\HiJackThis2010-01-25 01:27 . 2010-01-25 01:28	--------	d-----w-	c:\documents and settings\luis\Dados de aplicativos\sqlitestudio2010-01-25 01:25 . 2010-01-25 23:45	--------	d-----w-	c:\arquivos de programas\Tibia2010-01-23 01:04 . 2010-01-23 01:04	--------	d-----w-	c:\documents and settings\luis\Dados de aplicativos\fretsonfire2010-01-21 14:31 . 2005-12-03 10:57	311296	----a-w-	c:\windows\system32\DZACTX.DLL2010-01-21 14:31 . 2005-12-03 10:57	278528	----a-w-	c:\windows\system32\DUZACTX.DLL2010-01-21 14:31 . 1996-05-30 06:50	302592	----a-w-	c:\windows\system32\Gswag32.dll2010-01-21 14:31 . 1996-05-20 06:50	83968	----a-w-	c:\windows\system32\Gswdll32.dll2010-01-21 14:31 . 1996-05-20 06:50	392192	----a-w-	c:\windows\system32\Gsw32.exe2010-01-13 12:07 . 2001-09-06 01:50	5632	----a-w-	c:\windows\system32\ptpusb.dll2010-01-13 12:06 . 2008-04-13 21:20	159232	----a-w-	c:\windows\system32\ptpusd.dll2010-01-10 15:05 . 2000-06-26 13:45	106496	----a-w-	c:\windows\system32\TwnLib20.dll2010-01-10 15:05 . 2004-07-26 19:16	471040	------w-	c:\windows\system32\ImagXRA7.dll2010-01-10 15:05 . 2004-07-26 19:16	262144	------w-	c:\windows\system32\ImagXR7.dll2010-01-10 15:05 . 2004-07-26 19:16	476320	------w-	c:\windows\system32\ImagXpr7.dll2010-01-10 15:05 . 2004-07-26 19:16	1568768	------w-	c:\windows\system32\ImagX7.dll2010-01-10 15:05 . 2001-07-09 13:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe2010-01-10 15:04 . 2010-01-10 15:04	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Ahead2010-01-10 15:04 . 2010-01-10 15:05	--------	d-----w-	c:\arquivos de programas\Ahead2010-01-05 23:40 . 2010-01-05 23:40	--------	d--h--w-	c:\windows\PIF.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-01-27 16:31 . 2009-12-08 20:01	--------	d-----w-	c:\arquivos de programas\Mozilla Thunderbird2010-01-27 01:01 . 2009-12-08 19:19	--------	d-----w-	c:\documents and settings\luis\Dados de aplicativos\Tibia2010-01-25 17:25 . 2008-04-14 12:00	48628	----a-w-	c:\windows\system32\perfc016.dat2010-01-25 17:25 . 2008-04-14 12:00	344380	----a-w-	c:\windows\system32\perfh016.dat2010-01-25 14:21 . 2009-12-08 20:41	--------	d-----w-	c:\arquivos de programas\Alwil Software2010-01-14 19:13 . 2009-12-08 21:02	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\GbPlugin2010-01-14 19:12 . 2009-12-08 21:02	--------	d-----w-	c:\arquivos de programas\GbPlugin2010-01-06 14:25 . 2010-01-12 00:08	180032	----a-w-	c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1046.dat2009-12-30 12:59 . 2009-12-08 21:02	30752	----a-w-	c:\windows\system32\drivers\gbpkm.sys2009-12-22 19:40 . 2009-12-08 18:59	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat2009-12-21 19:08 . 2008-04-14 12:00	916480	------w-	c:\windows\system32\wininet.dll2009-12-18 00:39 . 2009-12-18 00:31	--------	d-----w-	c:\documents and settings\luis\Dados de aplicativos\DAEMON Tools Lite2009-12-18 00:32 . 2009-12-18 00:32	691696	----a-w-	c:\windows\system32\drivers\sptd.sys2009-12-18 00:31 . 2009-12-18 00:31	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite2009-12-14 23:24 . 2009-12-14 23:24	--------	d-----w-	c:\documents and settings\luis\Dados de aplicativos\TeamViewer2009-12-14 22:22 . 2009-12-08 20:43	--------	d-----w-	c:\arquivos de programas\Windows Live2009-12-11 22:34 . 2009-12-11 21:53	--------	d-----w-	c:\arquivos de programas\Total Video Player2009-12-10 18:57 . 2009-12-10 18:57	--------	d-----w-	c:\arquivos de programas\MSECache2009-12-10 18:27 . 2009-12-10 18:27	--------	d-----w-	c:\documents and settings\luis\Dados de aplicativos\Foxit2009-12-10 18:27 . 2009-12-10 18:27	--------	d-----w-	c:\arquivos de programas\Foxit Software2009-12-10 12:50 . 2009-12-10 12:50	--------	d-----w-	c:\arquivos de programas\MSXML 4.02009-12-08 22:45 . 2009-12-08 19:20	--------	d--h--w-	c:\arquivos de programas\InstallShield Installation Information2009-12-08 22:33 . 2009-12-08 22:33	--------	d-----w-	c:\documents and settings\luis\Dados de aplicativos\Media Player Classic2009-12-08 22:32 . 2009-12-08 22:32	--------	d-----w-	c:\arquivos de programas\Real Alternative2009-12-08 20:58 . 2009-12-08 20:58	411368	----a-w-	c:\windows\system32\deploytk.dll2009-12-08 20:58 . 2009-12-08 20:58	--------	d-----w-	c:\arquivos de programas\Java2009-12-08 20:57 . 2009-12-08 20:57	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!2009-12-08 20:56 . 2009-12-08 20:56	--------	d-----w-	c:\arquivos de programas\Messenger Plus! Live2009-12-08 20:32 . 2009-12-08 20:32	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Windows Live2009-12-08 20:01 . 2009-12-08 20:01	--------	d-----w-	c:\documents and settings\luis\Dados de aplicativos\Thunderbird2009-12-08 19:50 . 2009-12-08 19:50	0	----a-w-	c:\windows\nsreg.dat2009-12-08 19:36 . 2009-12-08 19:36	--------	d-----w-	c:\arquivos de programas\Telefonica2009-12-08 19:34 . 2009-12-08 19:26	119860	----a-w-	c:\windows\hpoins11.dat2009-12-08 19:34 . 2009-12-08 19:34	--------	d-----w-	c:\documents and settings\luis\Dados de aplicativos\HP2009-12-08 19:34 . 2009-12-08 19:34	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\HP2009-12-08 19:33 . 2009-12-08 19:33	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\HP2009-12-08 19:33 . 2009-12-08 19:28	--------	d-----w-	c:\arquivos de programas\HP2009-12-08 19:32 . 2009-12-08 19:31	--------	d-----w-	c:\arquivos de programas\Hewlett-Packard2009-12-08 19:31 . 2009-12-08 19:31	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Hewlett-Packard2009-12-08 19:24 . 2009-12-08 19:24	--------	d-----w-	c:\arquivos de programas\Microsoft.NET2009-12-08 19:20 . 2009-12-08 19:20	--------	d-----w-	c:\arquivos de programas\Analog Devices2009-12-08 19:20 . 2009-12-08 19:20	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\InstallShield2009-12-08 19:00 . 2009-12-08 19:00	--------	d-----w-	c:\arquivos de programas\microsoft frontpage2009-12-08 18:58 . 2009-12-08 18:58	--------	d-----w-	c:\arquivos de programas\Serviços on-line2009-12-08 18:58 . 2009-12-08 18:58	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Serviços2009-12-08 18:56 . 2009-12-08 18:56	21844	----a-w-	c:\windows\system32\emptyregdb.dat2009-11-25 13:19 . 2009-12-11 00:51	56816	----a-w-	c:\windows\system32\drivers\avgntflt.sys2009-11-21 15:58 . 2008-04-14 12:00	471552	----a-w-	c:\windows\AppPatch\aclayers.dll.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]2009-12-30 12:58	318240	----a-w-	c:\arquivos de programas\GbPlugin\gbieh.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="c:\\Arquivos de programas\\Messenger\\msmsgs.exe"="c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="c:\\Documents and Settings\\luis\\Meus documentos\\Outros Arquivos\\Projeto PO\\EldinWorld 8.1 XML\\EldinWorld.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3890:TCP"= 3890:TCP:wsafcR0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [8/12/2009 19:02 30752]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25/1/2010 12:22 162640]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/1/2010 12:22 19024]R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [8/12/2009 19:02 54048]R3 slnt;RTL8139D PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [8/12/2009 17:10 18004]S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/12/2009 22:32 691696]..------- Scan Suplementar -------.uStart Page = hxxp://www.google.com.br/IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\luis\Dados de aplicativos\Mozilla\Firefox\Profiles\beya39fy.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.brFF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll---- FIREFOX POLICIES ----c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");.**************************************************************************Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucessoarquivos/ficheiros ocultos: **************************************************************************.--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------- - - - - - - > 'winlogon.exe'(660)c:\arquivos de programas\GbPlugin\gbieh.dll- - - - - - - > 'explorer.exe'(3452)c:\windows\system32\WININET.dllc:\arquivos de programas\GbPlugin\gbieh.dllc:\windows\system32\webcheck.dll.------------------------ Outros Processos em Execução ------------------------.c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exec:\arquivos de programas\Java\jre6\bin\jqs.exec:\windows\system32\HPZipm12.exec:\windows\system32\wscntfy.exe.**************************************************************************.Tempo para conclusão: 2010-01-27  17:18:06 - Máquina reiniciouComboFix-quarantined-files.txt  2010-01-27 19:18Pré-execução: 6 pasta(s) 150.242.533.376 bytes disponíveisPós execução: 7 pasta(s) 150.197.260.288 bytes disponíveis- - End Of File - - 346F9A4A2F07D20A9B759302172A5920

 

HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:28:38, on 27/1/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exeC:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\HiJackThis\HiJackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /noguiO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{7F39894E-231A-41C9-8B31-B5F899F4F7E2}: NameServer = 200.204.0.10 200.204.0.138O20 - Winlogon Notify:  GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dllO23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exeO23 - Service: Gbp Service (GbpSv) -   - C:\ARQUIV~1\GbPlugin\GbpSv.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe--End of file - 4111 bytes

 

 

Obg!

[Power Max 54]

:seta: Exclua o CFScript.txt que se encontra na sua área de trabalho.

 

Selecione e copie o texto destacado em vermelho abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3890:TCP"=-

File::

c:\windows\system32\drivers\mchInjDrv.sys

Driver::

mchInjDrv

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso ele não reinicie automaticamente depois de um tempo, reinicie-o manualmente.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

_________________________________

 

:seta: Acesse o site http://www.virustotal.com/ '>Virus Total e envie este arquivo destacado em vermelho abaixo para ser analisado:

 

c:\\Documents and Settings\\luis\\Meus documentos\\Outros Arquivos\\Projeto PO\\EldinWorld 8.1 XML\\EldinWorld.exe

 

Se aparecer uma mensagem dizendo que o arquivo já foi analisado, peça para analisar novamente. Aguarde a conclusão da análise e copie o link que aparecerá na barra de endereços do seu navegador e poste este link na sua próxima resposta.

 

Caso não seja possível visualizar o arquivo acima, faça o seguinte:

 

# Vá no menu: Iniciar > Painel de Controle > Opções de Pasta

# Selecione a aba Modo de exibição

# Selecione o botão Mostrar pastas e arquivos ocultos

# Desmarque a caixa Ocultar arquivos protegidos do sistema operacional (recomendado)

# Clique em OK

 

Aí depois disto tente novamente enviar o arquivo para análise no site Virus Total.

 

Se o site Virus Total estiver muito congestionado ou com algum problema, envie o arquivo para ser analisado nestes sites abaixo:

 

http://virscan.org/

http://virusscan.jotti.org/

http://www.viruschief.com/

____________________________________

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo BitDefender Online:

 

Tutorial do antivírus BitDefender Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Windows\BDOSCAN8\bdoscan.log

 

Na sua próxima resposta poste este log do BitDefender Online juntamente com um novo log do Hijackthis, o log que estará em C:\ComboFix.txt, o resultado da análise do arquivo no site Virus Total e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo de sua resposta.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.