Publicidade

arona

[Arquivado] meu pc demora a abrir o internet explorer e a pagina

Olá amigos

meu pc demora muito pra abrir o internet explorer

e a pagina inicial esta about:blank

ja fiz de tudo pra trocar e nao da certo

eu digito a pagina inicial e quando abro o internet explorer esta about:blank

 

 

abaixo segue o log do HiJackThis

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:43:09, on 10/7/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Arquivos de programas\Iminent\IMBooster4Web\Iminent.WebBooster.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?6a8ff442109c48a891508d583b64eaee

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?6a8ff442109c48a891508d583b64eaee

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O20 - AppInit_DLLs: c:\windows\system32\

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Arquivos de programas\Arquivos comuns\XoftSpySE\6\xoftspyservice.exe

 

--

End of file - 8950 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Olá Arona!

 

:seta: Siga, por gentileza, as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/11/tutorial-do-regunlocker.html"]Tutorial do RegUnlocker

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-zeb-restore.html"]Tutorial do Zeb-Restore

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-aboutbuster.html"]Tutorial do AboutBuster

________________________________

 

:seta: Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e o log que estará em Ab LogFile.txt (localizado na pasta do programa AboutBuster) e nos diga como está o seu PC após estes procedimentos.

 

Ficamos no aguardo.

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Antonio!

Fiz todos os procedimestos recomendados

 

melhorou agora abre rapido o internet explorer

mas continua com a pagina inicial em branco e não consigo mudar

 

abaixo segue o log do Malwarebyte e do Hijackthis

o AboutBuster não gerou log apos o scan completo cliquei em ok e apareceu uma mensagem de erro com o seguinte

 

Run-time erro '339':

Component 'comctl32.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

 

e agora o que fazer pra mudar a pagina inicial?

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4300

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

 

11/7/2010 01:13:49

mbam-log-2010-07-11 (01-13-49).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 218814

Tempo decorrido: 56 minuto(s), 0 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 2

Pastas Infectadas: 0

Arquivos Infectados: 5

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP121\A0082389.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP121\A0083454.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP121\A0083506.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP121\A0083539.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\imaster forum\RegUnlocker.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 03:08:46, on 11/7/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Arquivos de programas\Iminent\IMBooster4Web\Iminent.WebBooster.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?6a8ff442109c48a891508d583b64eaee

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?6a8ff442109c48a891508d583b64eaee

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O20 - AppInit_DLLs: c:\windows\system32\

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Arquivos de programas\Arquivos comuns\XoftSpySE\6\xoftspyservice.exe

 

--

End of file - 8571 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Vários problemas foram removidos pelo Malwarebytes.

__________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

_________________________

 

:seta: Sugiro que você desinstale esta toolbar IMinent WebBooster

_________________________

 

:seta: Configure o seu Avast 5 de acordo com estes tutoriais:

 

http://dicasetutoriaisparapc.blogspot.com/2010/01/tutorial-do-avast-5-edicao-gratuita.html '>Tutorial do Avast 5 free (instalação e configuração)

 

'>http://dicasetutoriaisparapc.blogspot.com/2010/01/tutorial-do-avast-5-free-como-usa-lo.html"]Tutorial do Avast 5 free (como usá-lo corretamente)

 

Depois disto, clique com o botão direito do mouse sobre o ícone do avast! e escolha a opção Abrir a interface do avast!, como mostra a imagem abaixo:

 

avast115.jpg

 

Clique, então, no item ESCANEAMENTOS e clique no item Escaneamento ao reiniciar, como mostra esta figura:

 

avast115.jpg

 

Deixe selecionada a opção Todos os discos.

 

E, então, clique na setinha voltada para baixo (abaixo da opção Todos os discos) e clique no botão Navegar...

 

Isto é mostrado nesta imagem:

 

avast116.jpg

 

Na próxima tela que aparecer, marque todas as caixinhas e clique no botão OK, como mostra esta imagem:

 

avast83.jpg

 

Depois disto, clique na setinha voltada para baixo (abaixo da opção C:\*) e selecione a opção Drive de sistema, como mostra esta imagem:

 

avast117.jpg

 

Deixe as outras opções configuradas conforme a imagem abaixo e clique no botão Agendar:

Obs: Caso você esteja fazendo algum trabalho ou outra coisa no PC salve-o para não perder informações importantes, já que o PC será reiniciado quando você clicar no botão Agendar.

 

avast118.jpg

 

E caso seja encontrado algum virus e/ou malware durante este escaneamento no boot e o avast! te perguntar sobre qual destino deve ser dado aos arquivos infectados, é importante escolher sempre a opção de Reparar o arquivo (que é o mesmo que desinfectá-lo) > quando não for possível a opção de Reparar, escolha a opção de enviar o arquivo contaminado para a Quarentena > e caso o envio do arquivo para a quarentena também falhe, escolha a opção de Excluí-lo.

_____________________________

 

:seta: Siga também as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/11/tutorial-do-norman-malware-cleaner.html"]Tutorial do Norman Malware Cleaner

 

Tutorial do antivirus Nod32 Online

_________________________

 

:seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis, o log do Norman Malware Cleaner e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos e se algum virus foi removido pelo Avast . Ficamos no aguardo de sua resposta.

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Antonio

Fiz os procedimentos recomendados abaixo segue os log

O IE continua com a página inicial em branco e não consigo alterar.

 

O Avaste não encontrou virus!

 

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=27bdb80913afb14bb16ca2e8bcf88de4

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-07-17 10:06:29

# local_time=2010-07-17 07:06:29 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 1636020 1636020 0 0

# compatibility_mode=768 16777175 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=59552

# found=5

# cleaned=5

# scan_time=15384

C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP121\A0083556.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP135\A0089719.exe Win32/PSWTool.RAS.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP135\A0089722.exe Win32/PSWTool.RAS.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP135\A0089725.exe Win32/PSWTool.RAS.A application (deleted - quarantined) 00000000000000000000000000000000 C

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:44:11, on 17/7/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?6a8ff442109c48a891508d583b64eaee

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?6a8ff442109c48a891508d583b64eaee

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

 

--

End of file - 8589 bytes

 

 

 

Norman Malware Cleaner

Version 1.6.2

Copyright © 1990 - 2009, Norman ASA. Built 2010/07/13 05:49:26

 

Norman Scanner Engine Version: 6.05.06

Nvcbin.def Version: 6.05.00, Date: 2010/07/13 05:49:26, Variants: 6305999

 

Scan started: 15/07/2010 03:32:21

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2

Logged on user: ODIRLEI\Mariana

 

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "c:\windows\system32\" -> ""

 

Scanning bootsectors...

 

Number of sectors found: 0

Number of sectors scanned: 0

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 2447

Number of processes/threads scanned: 2447

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 3m 18s

 

 

Scanning file system...

 

Scanning: prescan

 

Scanning: C:\*.*

 

C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Meus Documentos\Jogos\GTA- você\GTA 4 Vice City\Audio\wav2raw.exe (Infected with W32/Suspicious_Gen2.CSXB)

Deleted file

 

C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Meus Documentos\Nova pasta\Ðessa vez eu me rendo_alexandre p.mp3 (Error opening file: Not found)

 

C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP100\A0077635.exe (Infected with Suspicious_Gen2.BJHXO)

Deleted file

 

C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP135\A0091735.exe (Infected with W32/Suspicious_Gen2.CSXB)

Deleted file

 

C:\WINDOWS\system32\autorun.i (Infected with BAT/Autorun.IXD)

Deleted file

 

Scanning: D:\*.*

 

Scanning: C:\System Volume Information\*.*

 

Scanning: postscan

 

 

Running post-scan cleanup routine:

 

Number of files found: 176292

Number of archives unpacked: 2051

Number of files scanned: 176286

Number of files not scanned: 6

Number of files skipped due to exclude list: 0

Number of infected files found: 4

Number of infected files repaired/deleted: 4

Number of infections removed: 4

Total scanning time: 2h 5m 40s

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Outros problemas foram removidos do seu PC.

_____________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

RcAuto1.gif

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

O log do Combofix estará em C:\ComboFix.txt

_________________________

 

:seta: Siga também as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-usbfix.html"]Tutorial do USBFix

 

Tutorial do Spyware Doctor Starter Edition

 

Tutorial do antivírus BitDefender Online

_________________________

 

:seta: Na sua próxima resposta poste o log do BitDefender Online que estará em C:\Windows\BDOSCAN8\bdoscan.log juntamente com um novo log do Hijackthis, o log do Spyware Doctor, o log que estará em C:\UsbFix.txt, o log que estará em C:\ComboFix.txt e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo de sua resposta.

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia!

Fiz todos os procedimentos recomendados

 

O pc continua no mesmo IE com a pagina inicial em branco e não da de alterar.

O que fazer agora?

 

O UsbFix é totalmente diferente do tutorial, não tem Exclusão eu cliquei em Supressão.

Ele também criou em cada disco uma pasta Autorun.inf com um arquivo NUL.Usbfix dentro dessa pasta.

ate no meu modem usb de internet também esta com essa pasta Autorun.inf com um arquivo NUL.Usbfix.

quando eu precisar instalar novamente o modem ele será executado automaticamente ou o UsbFix mexeu nas configurações?

 

O BitDefender Online deletou um programa de minha utilidade o CTPLH

Sei que CTPLH programa não contem vírus porque já uso a muito tempo e nunca tive problemas no pc!

Não tem como recuperar?

 

E os programas usados ate agora tem seres desinstalados?

 

Vou aguardar novas instruções para resolver os problemas

Obrigado.

Abaixo segue os log

 

 

 

 

[General]

App = "楂䑴晥湥敤⁲湏楬敮匠慣湮牥 v8"

Date = 20:07:2010

Time = 04:23:59

Scan Path = A:\;C:\;D:\;E:\;

 

[Engines Info]

Virus Definitions = 6561654

Engine build = "AVCORE v2.1 Windows/i386 11.0.0.33 (Jun 10 2010)"

Scan plugins = 18

Archive plugins = 44

Unpack plugins = 10

E-mail plugins = 6

System plugins = 4

 

[scan Statistics]

Folders = 5488

Files = 123025

Archives = 2796

Packed files = 7988

Identified viruses = 3

Infected files = 8

Warnings = 0

Suspect files = 0

Disinfected files = 0

Deleted files = 6

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 26

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000016 = "C:\Arquivos de programas\RRGSoftware\CTPLH\csrss.exe Infected with: Generic.Banker.Delf.850A51D3"

Line00000015 = "C:\Arquivos de programas\RRGSoftware\CTPLH\csrss.exe Deleted"

Line00000014 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Nova pasta (3)\CTPLH\CTPLH.exe=>(Instyler o)=>(Instyler Module 0) Infected with: Generic.Banker.Delf.850A51D3"

Line00000013 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Nova pasta (3)\CTPLH\CTPLH.exe=>(Instyler o)=>(Instyler Module 0) Disinfection failed"

Line00000012 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Nova pasta (3)\Odirlei\CTPLH.rar=>CTPLH\CTPLH.exe=>(Instyler o)=>(Instyler Module 0) Infected with: Generic.Banker.Delf.850A51D3"

Line00000011 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Nova pasta (3)\Odirlei\CTPLH.rar=>CTPLH\CTPLH.exe=>(Instyler o)=>(Instyler Module 0) Disinfection failed"

Line00000010 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\UsbFix_Upload_Me\C\WINDOWS\system32\autorun.in.vir Infected with: Trojan.AutorunINF.Gen"

Line00000009 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\UsbFix_Upload_Me\C\WINDOWS\system32\autorun.in.vir Deleted"

Line00000008 = "C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP139\A0096399.exe Infected with: Generic.Banker.Delf.850A51D3"

Line00000007 = "C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP139\A0096399.exe Deleted"

Line00000006 = "C:\UsbFix\Quarantine\C\WINDOWS\system32\autorun.in.vir Infected with: Trojan.AutorunINF.Gen"

Line00000005 = "C:\UsbFix\Quarantine\C\WINDOWS\system32\autorun.in.vir Deleted"

Line00000004 = "C:\UsbFix\Quarantine\F\Recycled.exe.vir Infected with: Worm.Generic.48369"

Line00000003 = "C:\UsbFix\Quarantine\F\Recycled.exe.vir Deleted"

Line00000002 = "C:\UsbFix_Upload_Me_ODIRLEI.zip=>UsbFix_Upload_Me/C/WINDOWS/system32/autorun.in.vir Infected with: Trojan.AutorunINF.Gen"

Line00000001 = "C:\UsbFix_Upload_Me_ODIRLEI.zip=>UsbFix_Upload_Me/C/WINDOWS/system32/autorun.in.vir Deleted"

Line00000000 = "C:\UsbFix_Upload_Me_ODIRLEI.zip Updated"

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 04:51:24, on 20/7/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll

O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?6a8ff442109c48a891508d583b64eaee

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?6a8ff442109c48a891508d583b64eaee

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 8350 bytes

 

 

PC Tools Spyware Doctor

Date Status

20/7/2010 01:24:24:778 Verificação Concluída

Tipo de Verificação - Verificação Completa

Itens Processados - 370704

Ameaças Detectadas - 3

Infecções Detectadas - 5

Infecções Ignoradas - 0

 

20/7/2010 01:26:15:838 Infecção em quarentena

Nome da Ameaça - Application.NirCmd

Tipo - Arquivo

Nível de Risco - Informações

Infecção - C:\WINDOWS\SWXCACLS.exe

 

20/7/2010 01:26:18:602 Infecção em quarentena

Nome da Ameaça - Application.NirCmd

Tipo - Arquivo

Nível de Risco - Informações

Infecção - C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\ComboFix.exe

 

20/7/2010 01:26:20:515 Infecção excluída

Nome da Ameaça - Application.NirCmd

Tipo - Arquivo

Nível de Risco - Informações

Infecção - C:\WINDOWS\SWXCACLS.exe

 

20/7/2010 01:26:20:515 Infecção excluída

Nome da Ameaça - Application.NirCmd

Tipo - Arquivo

Nível de Risco - Informações

Infecção - C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\ComboFix.exe

 

20/7/2010 01:26:20:715 Infecção em quarentena

Nome da Ameaça - Adware.Altnet_Software

Tipo - Arquivo

Nível de Risco - Severo

Infecção - C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP139\A0096376.Manifest

 

20/7/2010 01:26:20:775 Infecção em quarentena

Nome da Ameaça - Adware.Altnet_Software

Tipo - Arquivo

Nível de Risco - Severo

Infecção - C:\Documents and Settings\Mariana.PARTICUL-A73101\Menu Iniciar.rar

 

20/7/2010 01:26:20:936 Infecção excluída

Nome da Ameaça - Adware.Altnet_Software

Tipo - Arquivo

Nível de Risco - Severo

Infecção - C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP139\A0096376.Manifest

 

20/7/2010 01:26:20:936 Infecção excluída

Nome da Ameaça - Adware.Altnet_Software

Tipo - Arquivo

Nível de Risco - Severo

Infecção - C:\Documents and Settings\Mariana.PARTICUL-A73101\Menu Iniciar.rar

 

20/7/2010 01:26:21:206 Infecção em quarentena

Nome da Ameaça - PWSTool.RAS

Tipo - Arquivo

Nível de Risco - Alto

Infecção - D:\Validação do windows\kf141.zip

 

20/7/2010 01:26:21:697 Infecção excluída

Nome da Ameaça - PWSTool.RAS

Tipo - Arquivo

Nível de Risco - Alto

Infecção - D:\Validação do windows\kf141.zip

 

20/7/2010 01:26:23:790 Resumo de Infecções em Quarentena/Removidas

Quarentena - 5

Falha na Quarentena - 0

Removido - 5

Falha na Remoção - 0

 

 

############################## | UsbFix 7.016 | [supressão]

 

Usuário: Mariana (Administrador) # ODIRLEI [ ]

Atualizado em 05/07/10 por El Desaparecido / C_XX

Começou em 22:05:17 | 19/07/2010

Site: http://pagesperso-orange.fr/NosTools/index.html

Contato: FindyKill.Contact@gmail.com

 

CPU: AMD Duron

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Habilitado

Antivirus: avast! Antivirus 5.0.83886587 [(!) Disabled | Updated]

RAM -> 1023 Mb

C:\ (%systemdrive%) -> Disco fixo # 37 Gb (9 Mb livre - 25%) [] # NTFS

D:\ -> Disco fixo # 19 Gb (10 Mb livre - 54%) [] # FAT32

E:\ -> CD-ROM

F:\ -> Disco removível # 170 Mb (24 Mb livre - 14%) [MD300] # FAT

 

################## | Ficheiros # pastas infeciosos |

 

Não supprimido ! C:\Arquivos de programas\GbPlugin

Supprimido ! C:\WINDOWS\system32\autorun.in

Supprimido ! C:\kht

Supprimido ! C:\khw

Supprimido ! D:\kht

Supprimido ! D:\khw

Supprimido ! F:\Recycled.exe

 

################## | Registro |

 

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

 

################## | Mountpoints2 |

 

 

################## | Listing |

 

[02/02/2009 - 13:39:21 | A | 2] C:\-933005945

[19/07/2010 - 01:36:31 | RD ] C:\Arquivos de programas

[01/11/2005 - 15:01:14 | A | 0] C:\AUTOEXEC.BAT

[18/09/2006 - 09:59:58 | A | 32] C:\BIOSINFO.INI

[18/09/2006 - 09:59:58 | A | 75] C:\BIOSVIEW.INI

[15/07/2010 - 16:16:10 | A | 211] C:\Boot.bak

[18/07/2010 - 03:52:40 | RASH | 281] C:\boot.ini

[08/11/2005 - 13:47:32 | D ] C:\C-Media

[18/07/2010 - 03:52:39 | RASHD ] C:\cmdcons

[03/08/2004 - 23:00:02 | A | 261920] C:\cmldr

[19/07/2010 - 21:20:37 | A | 21177] C:\ComboFix.txt

[01/11/2005 - 15:01:14 | A | 0] C:\CONFIG.001

[13/07/2010 - 22:56:27 | D ] C:\Config.Msi

[25/12/2005 - 19:06:26 | A | 2982] C:\CONFIG.SYS

[08/09/2006 - 08:47:50 | ASH | 14] C:\config.sy_

[30/10/2006 - 11:38:14 | D ] C:\DBBackup

[07/07/2010 - 19:53:41 | D ] C:\Documents and Settings

[16/06/2008 - 23:11:05 | D ] C:\Downloads

[14/03/2003 - 04:54:17 | A | 3474653184] C:\DUDUGAMES.ISO

[14/03/2003 - 04:54:17 | A | 4322] C:\DUDUGAMES.MDS

[26/07/2008 - 10:59:59 | A | 1107] C:\DV.txt

[19/07/2010 - 21:12:04 | ASH | 1073270784] C:\hiberfil.sys

[06/02/2004 - 16:20:46 | RA | 16384] C:\hpqimgrc.resources.dll

[20/07/2008 - 10:27:40 | A | 27681] C:\instaler.log

[16/11/2007 - 20:47:38 | A | 1120] C:\INSTALL.LOG

[01/11/2005 - 15:01:14 | RASH | 0] C:\IO.SYS

[24/04/2010 - 22:52:11 | D ] C:\LinhaDefensiva

[10/07/2010 - 20:10:43 | A | 100] C:\mbam-error.txt

[01/11/2005 - 15:01:14 | RASH | 0] C:\MSDOS.SYS

[28/07/2008 - 19:26:07 | D ] C:\MyWorks

[03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM

[03/08/2004 - 22:59:34 | RASH | 251168] C:\ntldr

[19/07/2010 - 21:11:58 | ASH | 2831155200] C:\pagefile.sys

[01/11/2005 - 15:20:11 | D ] C:\Plg2Spss

[03/02/2008 - 13:40:15 | D ] C:\Program Files

[19/07/2010 - 21:20:41 | D ] C:\Qoobox

[19/07/2010 - 22:13:39 | SHD ] C:\RECYCLER

[11/07/2010 - 01:55:33 | D ] C:\RegUnlocker Backups

[07/07/2010 - 23:35:52 | D ] C:\RRGSoftware

[06/01/2008 - 13:28:30 | AH | 268] C:\sqmdata00.sqm

[06/01/2008 - 14:34:41 | AH | 172] C:\sqmdata01.sqm

[28/06/2008 - 10:19:43 | AH | 268] C:\sqmdata02.sqm

[28/06/2008 - 10:19:43 | AH | 148] C:\sqmdata03.sqm

[28/06/2008 - 10:53:34 | AH | 172] C:\sqmdata04.sqm

[20/08/2008 - 18:28:07 | AH | 268] C:\sqmdata05.sqm

[01/02/2009 - 09:17:09 | AH | 268] C:\sqmdata06.sqm

[06/01/2008 - 13:28:30 | AH | 244] C:\sqmnoopt00.sqm

[06/01/2008 - 14:34:41 | AH | 172] C:\sqmnoopt01.sqm

[28/06/2008 - 10:19:43 | AH | 244] C:\sqmnoopt02.sqm

[28/06/2008 - 10:19:43 | AH | 136] C:\sqmnoopt03.sqm

[28/06/2008 - 10:53:34 | AH | 172] C:\sqmnoopt04.sqm

[01/02/2009 - 09:17:09 | AH | 244] C:\sqmnoopt05.sqm

[19/07/2010 - 21:01:44 | SHD ] C:\System Volume Information

[24/05/2001 - 11:59:30 | A | 162304] C:\UNWISE.EXE

[19/07/2010 - 22:13:39 | D ] C:\UsbFix

[19/07/2010 - 22:13:50 | A | 1893] C:\UsbFix.txt

[28/06/2010 - 23:43:29 | D ] C:\ViteSoft

[19/07/2010 - 21:20:40 | D ] C:\WINDOWS

[15/11/2005 - 09:28:57 | A | 2366] C:\_Sid.txt

[01/01/1999 - 00:40:20 | RASH | 1687] D:\MSDOS.SYS

[15/05/1998 - 20:01:00 | RSH | 222390] D:\IO.SYS

[01/01/1999 - 03:44:08 | SHD ] D:\RECYCLED

[23/08/2008 - 15:21:42 | D ] D:\Filmes

[15/07/2010 - 00:35:24 | D ] D:\Validação do windows

[15/05/1998 - 20:01:00 | A | 95688] D:\COMMAND.COM

[01/01/1999 - 01:06:42 | A | 134] D:\AUTOEXEC.BAT

[01/01/1999 - 03:43:06 | SH | 49152] D:\VIDEOROM.BIN

[01/01/1999 - 01:06:42 | A | 100] D:\CONFIG.SYS

[01/01/1999 - 03:04:48 | ASH | 73508] D:\DETLOG.TXT

[16/11/2009 - 15:44:08 | SHD ] D:\System Volume Information

[13/06/2008 - 15:03:32 | HD ] F:\Install

 

################## | Vaccin |

 

C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

D:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

F:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

 

 

 

ComboFix 10-07-19.01 - Mariana 19/07/2010 21:03:27.4.1 - x86

Executando de: c:\documents and settings\Mariana.PARTICUL-A73101\desktop\Combofix.exe

Comandos utilizados :: /killall

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-06-20 to 2010-07-20 ))))))))))))))))))))))))))))

.

 

9999-12-28 23:27 . 2001-09-06 01:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

9999-12-28 23:27 . 2004-08-04 02:45 21504 ----a-w- c:\windows\system32\hidserv.dll

9999-12-28 23:27 . 2004-08-04 02:39 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-07-17 21:50 . 2010-07-17 21:51 -------- d-----w- c:\windows\system32\Adobe

2010-07-17 05:41 . 2010-07-17 05:41 -------- d-----w- c:\arquivos de programas\ESET

2010-07-11 00:53 . 2010-07-11 04:55 -------- d-----w- C:\RegUnlocker Backups

2010-07-08 20:47 . 2010-07-08 20:47 -------- d-----w- c:\arquivos de programas\RRGSoftware

2010-07-08 02:35 . 2010-07-08 02:35 -------- d-----w- C:\RRGSoftware

2010-07-07 22:53 . 2010-07-07 22:53 -------- d-----w- c:\documents and settings\Nova pasta

2010-07-05 02:23 . 1999-10-18 01:01 26384 ----a-w- c:\windows\system32\fm20enu.dll

2010-07-05 02:23 . 1999-12-09 16:19 147456 ----a-w- c:\windows\system32\vbzip10.dll

2010-06-29 02:47 . 2010-06-29 02:47 -------- d-----w- c:\arquivos de programas\Artwork Develop

2010-06-29 02:44 . 2004-06-14 21:35 53248 ----a-w- c:\windows\system32\wm_hooks.dll

2010-06-29 02:44 . 2004-06-14 21:34 12288 ----a-w- c:\windows\system32\logmessages.dll

2010-06-29 02:10 . 2010-06-29 02:22 -------- d-----w- c:\arquivos de programas\FirebirdClient

2010-06-29 02:10 . 2007-12-12 04:05 356437 ----a-w- c:\windows\system32\GDS32.DLL

2010-06-29 02:09 . 2010-06-29 02:09 -------- d-----w- c:\arquivos de programas\Firebird

2010-06-29 02:09 . 2010-06-29 02:43 -------- d-----w- C:\ViteSoft

2010-06-22 19:01 . 2004-08-04 03:45 25600 ----a-w- c:\documents and settings\LocalService.AUTORIDADE NT\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-06-21 06:03 . 2008-08-18 22:45 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2010-06-21 06:03 . 2008-08-18 22:45 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2010-06-21 06:03 . 2008-08-18 22:44 110080 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys

2010-06-21 06:03 . 2008-08-18 22:44 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2010-06-21 06:03 . 2010-06-22 05:26 -------- d-----w- c:\arquivos de programas\InstallAffixationInfo

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-14 05:23 . 2010-03-04 04:08 -------- d-----w- c:\arquivos de programas\Alwil Software

2010-07-14 01:57 . 2010-04-27 23:47 -------- d-----w- c:\arquivos de programas\Iminent

2010-07-14 01:57 . 2010-04-27 23:47 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\{B65BB65B-9882-4CCB-99A9-9EBCA06A2255}

2010-07-10 23:10 . 2010-04-13 20:03 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-07-09 19:13 . 2004-08-31 00:55 70980 ----a-w- c:\windows\system32\perfc016.dat

2010-07-09 19:13 . 2004-08-31 00:55 433840 ----a-w- c:\windows\system32\perfh016.dat

2010-06-22 05:26 . 2005-11-01 19:49 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-06-19 13:09 . 2010-06-19 13:07 -------- d-----w- c:\arquivos de programas\Sony Ericsson

2010-06-19 13:08 . 2010-06-19 13:07 -------- d-----w- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\Sony Ericsson

2010-06-17 16:23 . 2010-06-17 16:23 388096 ----a-r- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-06-17 16:23 . 2010-06-17 16:23 -------- d-----w- c:\arquivos de programas\Trend Micro

2010-06-05 14:54 . 2009-12-01 01:00 -------- d-----w- c:\arquivos de programas\TP-LINK

2010-06-04 08:57 . 2010-06-04 08:57 -------- d-----w- c:\arquivos de programas\Device Doctor

2010-06-04 08:08 . 2010-06-04 08:08 -------- d-----w- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\Easeware

2010-06-04 06:57 . 2010-06-04 06:57 -------- d-----w- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\DeviceDoctorSoftware

2010-05-30 07:11 . 2010-05-30 07:11 -------- d-----w- c:\arquivos de programas\DVD Audio Extractor

2010-04-29 18:39 . 2010-04-13 20:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 18:39 . 2010-04-13 20:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-25 06:13 . 2010-04-25 06:13 52224 ----a-w- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-04-25 06:13 . 2010-04-25 06:13 117760 ----a-w- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-04-24 17:19 . 2010-04-27 23:48 2475032 ------w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\{B65BB65B-9882-4CCB-99A9-9EBCA06A2255}\IMBoosterSetup.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-09 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 18:21 548352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Image Zone.lnk]

backup=c:\windows\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Windows Desktop Search.lnk]

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Mariana.PARTICUL-A73101^Menu Iniciar^Programas^Inicializar^Reboot.exe]

backup=c:\windows\pss\Reboot.exeStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

2009-02-03 13:22 1004544 ----a-w- c:\arquivos de programas\Ares\Ares.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 03:45 15360 ------w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]

2003-08-19 17:47 16384 ----a-w- c:\program files\DSLink180U\Adsl\dslagent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]

2003-09-19 20:09 299008 ----a-w- c:\program files\DSLink180U\Adsl\dslstat.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]

1998-11-30 20:04 497376 ----a-w- c:\windows\p_981116.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]

2007-06-10 22:02 40960 ----a-w- c:\arquivos de programas\Free Download Manager\FUM\fumoei.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2004-05-12 17:18 241664 ----a-w- c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-02-19 05:41 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-06 01:55 54832 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2007-04-19 16:26 484904 ----a-w- c:\arquivos de programas\Arquivos comuns\LightScribe\LightScribeControlPanel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

2005-02-10 20:00 1937408 ------w- c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2001-07-09 13:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 13:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-08-12 05:43 7630848 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-08-12 05:43 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-08-12 05:43 1519616 ----a-w- c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]

2004-01-30 11:33 180224 ----a-r- c:\windows\system32\pctspk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 18:10 56928 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2005-11-10 15:03 36975 ----a-w- c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-03-09 23:40 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]

2003-11-19 16:03 45056 ------w- c:\arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"445:TCP"= 445:TCP:@xpsp2res.dll,-22005

"137:UDP"= 137:UDP:@xpsp2res.dll,-22001

"1155:TCP"= 1155:TCP:VSCyber

"3050:TCP"= 3050:TCP:Firebird

"5900:TCP"= 5900:TCP:VSCyberVNC

 

R2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-03-09 135664]

R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]

R3 WRSWanDD;WinPoET PPPoE Adapter;c:\windows\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 65604]

R3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]

S2 aswFsBlk;aswFsBlk; [x]

S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2007-12-12 65536]

S2 GbpSv;Gbp Service;c:\arquivos de programas\GbPlugin\GbpSv.exe [2007-08-15 45512]

S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2007-12-12 1531989]

S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys [2008-02-06 260992]

S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys [2008-02-06 337408]

S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys [2008-02-06 14976]

S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys [2008-02-06 380672]

S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys [2008-02-06 343680]

S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys [2008-02-06 24960]

S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys [2008-02-06 344064]

S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys [2008-02-06 337408]

S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys [2008-02-15 17408]

S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys [2007-08-14 12672]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 16:23 452136 ----a-w- c:\arquivos de programas\Arquivos comuns\LightScribe\LSRunOnce.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-03-09 23:40]

 

2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-03-09 23:40]

 

2010-07-19 c:\windows\Tasks\User_Feed_Synchronization-{7D2092C5-5C1A-4618-91B0-046DC46E8589}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uDefault_Search_URL = hxxp://search.msn.com

uInternet Settings,ProxyOverride = <local>

IE: &MSN Busca - c:\arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm

IE: Abrir em uma nova guia do plano de fundo - c:\arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?6a8ff442109c48a891508d583b64eaee

IE: Abrir em uma nova guia do primeiro plano - c:\arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?6a8ff442109c48a891508d583b64eaee

IE: Download all with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

FF - ProfilePath - c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\Mozilla\Firefox\Profiles\18oaleja.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJPI150_06.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-19 21:14

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(816)

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

c:\arquivos de programas\GbPlugin\gbiehabn.dll

 

- - - - - - - > 'explorer.exe'(3668)

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

c:\windows\System32\SCardSvr.exe

c:\arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-07-19 21:20:36 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-07-20 00:20

 

Pré-execução: 9.929.601.024 bytes disponíveis

Pós execução: 9.921.536.000 bytes disponíveis

 

- - End Of File - - 58ED83A8915AFE834ED1C28F30C4C731

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe-me pela demora na resposta, é que estou muito ocupado estes dias.

___________________________

 

Vários problemas foram removidos do seu PC.

 

:seta: Siga, por gentileza, as dicas destes tutoriais:

 

Tutorial do Kaspersky Virus Removal Tool

 

Tutorial do Norton Security Scan and Clean

 

Tutorial do Dr. Web CureIt

______________________________

 

:seta: Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis, o log do Dr. Web CureIt, o log do Norton Security Scan and Clean e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Crie uma nova conta em nossa comunidade. É fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora