Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Kaua Fabiano

[Arquivado] Problemas ao pesquisar no google

Recommended Posts

Bom dia ;D

Houve tendo problemas com o pesquisador GOOGLE

Sempre quando vou pesquisar aparece a seguinte mensagem :

 

302 Moved

The document has moved here.

 

E quando clico em "here" aparece a seguinte screen

Google

Desculpe...

Desculpe,

 

... mas é possível que o seu computador ou a sua rede esteja enviando consultas automáticas. Para proteger os nossos usuários, nós não podemos processar a sua solicitação agora.

Para continuar pesquisando, digite os caracteres que você vê abaixo:

 

E ha caracteres para digitar,mas nem digito porque ja pesquisei sobre isso e pode ser um tipo de virus

 

Aqui vai um log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:30:57, on 17/6/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 SP1 (7.00.6000.20627)

Boot mode: Normal

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\spoolsv.exe

H:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

H:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfevtps.exe

H:\WINDOWS\system32\svchost.exe

H:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mcshield.exe

H:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfefire.exe

H:\WINDOWS\Explorer.exe

H:\DOCUME~1\KAHMEL~1\CONFIG~1\Temp\jtzvppj.exe

H:\WINDOWS\system32\rundll32.exe

H:\WINDOWS\ZSSnp211.exe

H:\WINDOWS\Domino.exe

H:\windows\system32\wuaucldt.exe

H:\WINDOWS\system32\RUNDLL32.EXE

H:\WINDOWS\system32\RUNDLL32.EXE

H:\WINDOWS\system32\RUNDLL32.EXE

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\system32\hkcmd.exe

H:\WINDOWS\system32\igfxpers.exe

H:\WINDOWS\RTHDCPL.EXE

H:\WINDOWS\system32\igfxsrvc.exe

H:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

H:\WINDOWS\fonts\services.exe

H:\Arquivos de programas\Messenger\msmsgs.exe

H:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\Rundll32.exe

H:\Arquivos de programas\Mozilla Firefox\firefox.exe

H:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

H:\DOCUME~1\KAHMEL~1\CONFIG~1\Temp\jtzvppj.exe

H:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

F3 - REG:win.ini: load=H:\WINDOWS\fonts\services.exe

F3 - REG:win.ini: run=H:\WINDOWS\fonts\services.exe

O1 - Hosts: 89.149.249.196 www.google.com

O1 - Hosts: 89.149.249.196 www.google.de

O1 - Hosts: 89.149.249.196 www.google.fr

O1 - Hosts: 89.149.249.196 www.google.co.uk

O1 - Hosts: 89.149.249.196 www.google.com.br

O1 - Hosts: 89.149.249.196 www.google.it

O1 - Hosts: 89.149.249.196 www.google.es

O1 - Hosts: 89.149.249.196 www.google.co.jp

O1 - Hosts: 89.149.249.196 www.google.com.mx

O1 - Hosts: 89.149.249.196 www.google.ca

O1 - Hosts: 89.149.249.196 www.google.com.au

O1 - Hosts: 89.149.249.196 www.google.nl

O1 - Hosts: 89.149.249.196 www.google.co.za

O1 - Hosts: 89.149.249.196 www.google.be

O1 - Hosts: 89.149.249.196 www.google.gr

O1 - Hosts: 89.149.249.196 www.google.at

O1 - Hosts: 89.149.249.196 www.google.se

O1 - Hosts: 89.149.249.196 www.google.ch

O1 - Hosts: 89.149.249.196 www.google.pt

O1 - Hosts: 89.149.249.196 www.google.dk

O1 - Hosts: 89.149.249.196 www.google.fi

O1 - Hosts: 89.149.249.196 www.google.ie

O1 - Hosts: 89.149.249.196 www.google.no

O1 - Hosts: 89.149.249.196 www.google.co.in

O1 - Hosts: 89.149.249.196 search.yahoo.com

O1 - Hosts: 89.149.249.196 us.search.yahoo.com

O1 - Hosts: 89.149.249.196 uk.search.yahoo.com

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - h:\arquiv~1\mcafee\msk\mskapbho.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - H:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\ScriptSn.20100613210942.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - h:\arquiv~1\mcafee\sitead~1\mcieplg.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - H:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - h:\arquiv~1\mcafee\sitead~1\mcieplg.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ZSSnp211] H:\WINDOWS\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] H:\WINDOWS\Domino.exe

O4 - HKLM\..\Run: [syncman] h:\windows\system32\wuaucldt.exe

O4 - HKLM\..\Run: [jswqvj] RUNDLL32.EXE H:\WINDOWS\system32\mslagcpt.dll,w

O4 - HKLM\..\Run: [jimuqf] RUNDLL32.EXE H:\WINDOWS\system32\mspyeajp.dll,w

O4 - HKLM\..\Run: [pgoxhe] RUNDLL32.EXE H:\WINDOWS\system32\msmbhdru.dll,w

O4 - HKLM\..\Run: [igfxTray] H:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] H:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] H:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "H:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "h:\pacsteamt\steam.exe" -silent

O4 - HKCU\..\Run: [MSMSGS] "H:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [syncman] h:\documents and settings\káah méelo'\wuaucldt.exe

O4 - HKLM\..\Policies\Explorer\Run: [exec] H:\WINDOWS\fonts\services.exe

O4 - HKLM\..\Policies\Explorer\Run: [z0hd0] H:\DOCUME~1\KAHMEL~1\CONFIG~1\Temp\jtzvppj.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')

O4 - HKUS\S-1-5-21-2025429265-436374069-1801674531-1003\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - h:\arquiv~1\mcafee\sitead~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - h:\arquiv~1\mcafee\sitead~1\mcieplg.dll

O20 - AppInit_DLLs:

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - H:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Serviço Personal Firewall (McMPFSvc) - McAfee, Inc. - H:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - H:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - H:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - H:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - H:\Arquivos de programas\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - H:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - H:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - H:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - H:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfevtps.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - H:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

 

--

End of file - 10160 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite...

 

1.

*Baixe o HostsXpert e salve-o no desktop

*Extraia para o desktop e execute-o.

*Clique em > [Restore Microsoft's Hosts File]

 

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui esta o LOG do Malware bytes

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4211

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2800.2180

 

17/6/2010 20:39:53

mbam-log-2010-06-17 (20-39-53).txt

 

Tipo de Verificação: Verificação Completa (H:\|)

Objetos escaneados: 147194

Tempo decorrido: 45 minuto(s), 41 segundo(s)

 

Processos de Memória Infectados: 2

Módulos de Memória Infectados: 2

Chaves de Registro Infectadas: 6

Valores de Registro Infectados: 17

Itens de Dados no Registro Infectados: 3

Pastas Infectadas: 0

Arquivos Infectados: 52

 

Processos de Memória Infectados:

H:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> Unloaded process successfully.

h:\WINDOWS\system32\wuaucldt.exe (Trojan.Agent) -> Unloaded process successfully.

 

Módulos de Memória Infectados:

H:\WINDOWS\system32\msncxmjw.dll (Spyware.OnlineGames) -> Delete on reboot.

H:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Delete on reboot.

 

Chaves de Registro Infectadas:

HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlqtjd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\exec (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jswqvj (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jimuqf (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pgoxhe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\office word (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\z0hd0 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Delete on reboot.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Delete on reboot.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.

 

Itens de Dados no Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Data: h:\windows\fonts\services.exe -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run (Trojan.Agent) -> Data: h:\windows\fonts\services.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

h:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> Delete on reboot.

H:\WINDOWS\system32\msncxmjw.dll (Spyware.OnlineGames) -> Delete on reboot.

H:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\mslagcpt.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\mspyeajp.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\msmbhdru.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

h:\WINDOWS\system32\office woid.exe (Trojan.Agent) -> Quarantined and deleted successfully.

H:\Documents and Settings\Káah Méelo'\Configurações locais\Temp\jtzvppj.exe (Trojan.Agent) -> Quarantined and deleted successfully.

H:\Documents and Settings\Káah Méelo'\Desktop\ARQUIVOS\asx-re4.exe (Malware.Packer) -> Quarantined and deleted successfully.

H:\System Volume Information\_restore{289FC2FE-0651-40A9-8319-309D392684FC}\RP2\A0003032.exe (Trojan.Agent) -> Quarantined and deleted successfully.

H:\System Volume Information\_restore{289FC2FE-0651-40A9-8319-309D392684FC}\RP2\A0003033.exe (Trojan.Agent) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\1252,187.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\1460,84.exe (Trojan.Koblu) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\2127,497.exe (Trojan.Koblu) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\2759,363.exe (Trojan.Koblu) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\3108,439.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\3446,466.exe (Trojan.Koblu) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\856,2869.exe (Trojan.Koblu) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\8779,413.exe (Trojan.Koblu) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\8899,332.exe (Trojan.Agent) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\8965,982.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\914,2703.exe (Trojan.Koblu) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\9421,655.exe (Trojan.Koblu) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\9825,708.exe (Trojan.Koblu) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\373,9113.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\3876,719.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\4374,308.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\4412,455.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\4636,606.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\5104,929.exe (Trojan.Agent) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\5235,102.exe (Trojan.Koblu) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\6238,169.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\6365,015.exe (Trojan.Koblu) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\6412,424.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\6749,231.exe (Trojan.Koblu) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\7054,56.exe (Trojan.Koblu) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\7147,943.exe (Trojan.Koblu) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\7244,792.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\7465,128.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\7520,955.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\7596,705.exe (Trojan.Koblu) -> Quarantined and deleted successfully.

H:\WINDOWS\system32\YHF\QJTN.007 (PUP.ArdamaxKeyLogger) -> Quarantined and deleted successfully.

H:\WINDOWS\Temp\VRT14.tmp (Backdoor.HareBot) -> Quarantined and deleted successfully.

H:\WINDOWS\Temp\VRT25.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

H:\WINDOWS\Temp\VRT29.tmp (Spyware.Passwords) -> Quarantined and deleted successfully.

H:\WINDOWS\Temp\VRT2A.tmp (Backdoor.HareBot) -> Quarantined and deleted successfully.

H:\WINDOWS\Temp\VRTA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

H:\WINDOWS\Temp\VRTD.tmp (Backdoor.HareBot) -> Quarantined and deleted successfully.

H:\Documents and Settings\Káah Méelo'\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

H:\Documents and Settings\Káah Méelo'\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.

H:\Documents and Settings\Káah Méelo'\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

 

 

Depois desse scan,surgiram novos erros:

 

Explorer.exe nao inicia com o windows

e quando se inicia o explorer.exe da erro no processo win1ogon.exe

aparece o seguinte erro :

A instruçao no "0x01a5d601" fez referencia a memoria no "0x01a67000". A memoria nao pode ser "read".

 

Clique em OK para encerrar o programa

Clique em Cancelar para depurar o programa

 

Quando clico em algumas dessas alternativas o pc desliga

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ctrl+alt+del > Gerenciador de tarefas > Nova tarefa > digite: explorer.exe

 

 

*Desative temporariamente seu antivírus

 

 

*Baixe o ComboFix e salve-o no desktop

 

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

 

recovery-console-prompt.jpg

 

*Clique em [sIM] para continuar.

 

recovery-console-installed.jpg

 

*Aguarde a conclusão de todas as etapas

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Quando inicio o combofix fala que o processo foi interrompido por causa do virus "Virut",e pede para baixar outra versão

ja tentei baixar e nao adiantou,tentei trocar o nome por 123.exe,tentei colocar no H:\

nenhum desses processos adiantou

e tambem

o combofix quando inicia,fecha a janela do erro do winlogon.exe ocasionando assim o desligamento do computador

agora o computador só entra em modo seguro

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...se for Virut vai ser difícil a remoção. Ele é como o Sality, um file infector. Mas vamos tentar..

 

 

1.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

92674490.jpg

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

2.

*Baixe o Kaspersky Virus Removal Tool e salve-o no desktop

*Instale o programa

*A tela principal do programa será aberta automaticamente

*Selecione a opção: [] Meu Computador

*Clique em [start scan]....aguarde. Pode demorar.

*Caso encontre algo, clique em [skip]

*Ao término do scan, clique em [Report]

*Uma janela chamada "Detailed report" será aberta

*Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados

*Clique com o botão direito do mouse e selecione "Select all"

*Clique novamente com o botão direito do mouse e selecione "Copy"

*Abra o bloco de notas e cole (Ctrl+v) e salve o arquivo no desktop como log.txt

*Feche a janela "Detailed report" do Kasperky

*Na tela principal do Kaspersky clique em [Exit] > [No]

*Cole o relatório salvo no desktop na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.