arona 0 Denunciar post Postado Julho 10, 2010 Olá amigos meu pc demora muito pra abrir o internet explorer e a pagina inicial esta about:blank ja fiz de tudo pra trocar e nao da certo eu digito a pagina inicial e quando abro o internet explorer esta about:blank abaixo segue o log do HiJackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:43:09, on 10/7/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Arquivos de programas\Iminent\IMBooster4Web\Iminent.WebBooster.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?6a8ff442109c48a891508d583b64eaee O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?6a8ff442109c48a891508d583b64eaee O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O20 - AppInit_DLLs: c:\windows\system32\ O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\ O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Arquivos de programas\Arquivos comuns\XoftSpySE\6\xoftspyservice.exe -- End of file - 8950 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 10, 2010 :) Olá Arona! :seta: Siga, por gentileza, as dicas destes tutoriais: '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware '>http://dicasetutoriaisparapc.blogspot.com/2009/11/tutorial-do-regunlocker.html"]Tutorial do RegUnlocker '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-zeb-restore.html"]Tutorial do Zeb-Restore '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-aboutbuster.html"]Tutorial do AboutBuster ________________________________ :seta: Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e o log que estará em Ab LogFile.txt (localizado na pasta do programa AboutBuster) e nos diga como está o seu PC após estes procedimentos. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
arona 0 Denunciar post Postado Julho 11, 2010 Olá Antonio! Fiz todos os procedimestos recomendados melhorou agora abre rapido o internet explorer mas continua com a pagina inicial em branco e não consigo mudar abaixo segue o log do Malwarebyte e do Hijackthis o AboutBuster não gerou log apos o scan completo cliquei em ok e apareceu uma mensagem de erro com o seguinte Run-time erro '339': Component 'comctl32.ocx' or one of its dependencies not correctly registered: a file is missing or invalid e agora o que fazer pra mudar a pagina inicial? Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4300 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 11/7/2010 01:13:49 mbam-log-2010-07-11 (01-13-49).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 218814 Tempo decorrido: 56 minuto(s), 0 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 2 Pastas Infectadas: 0 Arquivos Infectados: 5 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP121\A0082389.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP121\A0083454.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP121\A0083506.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP121\A0083539.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\imaster forum\RegUnlocker.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 03:08:46, on 11/7/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Arquivos de programas\Iminent\IMBooster4Web\Iminent.WebBooster.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?6a8ff442109c48a891508d583b64eaee O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?6a8ff442109c48a891508d583b64eaee O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O20 - AppInit_DLLs: c:\windows\system32\ O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\ O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Arquivos de programas\Arquivos comuns\XoftSpySE\6\xoftspyservice.exe -- End of file - 8571 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 11, 2010 :) Vários problemas foram removidos pelo Malwarebytes. __________________________ :seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked: O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) _________________________ :seta: Sugiro que você desinstale esta toolbar IMinent WebBooster _________________________ :seta: Configure o seu Avast 5 de acordo com estes tutoriais: http://dicasetutoriaisparapc.blogspot.com/2010/01/tutorial-do-avast-5-edicao-gratuita.html '>Tutorial do Avast 5 free (instalação e configuração) '>http://dicasetutoriaisparapc.blogspot.com/2010/01/tutorial-do-avast-5-free-como-usa-lo.html"]Tutorial do Avast 5 free (como usá-lo corretamente) Depois disto, clique com o botão direito do mouse sobre o ícone do avast! e escolha a opção Abrir a interface do avast!, como mostra a imagem abaixo: Clique, então, no item ESCANEAMENTOS e clique no item Escaneamento ao reiniciar, como mostra esta figura: Deixe selecionada a opção Todos os discos. E, então, clique na setinha voltada para baixo (abaixo da opção Todos os discos) e clique no botão Navegar... Isto é mostrado nesta imagem: Na próxima tela que aparecer, marque todas as caixinhas e clique no botão OK, como mostra esta imagem: Depois disto, clique na setinha voltada para baixo (abaixo da opção C:\*) e selecione a opção Drive de sistema, como mostra esta imagem: Deixe as outras opções configuradas conforme a imagem abaixo e clique no botão Agendar: Obs: Caso você esteja fazendo algum trabalho ou outra coisa no PC salve-o para não perder informações importantes, já que o PC será reiniciado quando você clicar no botão Agendar. E caso seja encontrado algum virus e/ou malware durante este escaneamento no boot e o avast! te perguntar sobre qual destino deve ser dado aos arquivos infectados, é importante escolher sempre a opção de Reparar o arquivo (que é o mesmo que desinfectá-lo) > quando não for possível a opção de Reparar, escolha a opção de enviar o arquivo contaminado para a Quarentena > e caso o envio do arquivo para a quarentena também falhe, escolha a opção de Excluí-lo. _____________________________ :seta: Siga também as dicas destes tutoriais: '>http://dicasetutoriaisparapc.blogspot.com/2009/11/tutorial-do-norman-malware-cleaner.html"]Tutorial do Norman Malware Cleaner Tutorial do antivirus Nod32 Online _________________________ :seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis, o log do Norman Malware Cleaner e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos e se algum virus foi removido pelo Avast . Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
arona 0 Denunciar post Postado Julho 17, 2010 Olá Antonio Fiz os procedimentos recomendados abaixo segue os log O IE continua com a página inicial em branco e não consigo alterar. O Avaste não encontrou virus! ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=27bdb80913afb14bb16ca2e8bcf88de4 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-07-17 10:06:29 # local_time=2010-07-17 07:06:29 (-0300, Hora oficial do Brasil) # country="Brazil" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 1636020 1636020 0 0 # compatibility_mode=768 16777175 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=59552 # found=5 # cleaned=5 # scan_time=15384 C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP121\A0083556.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP135\A0089719.exe Win32/PSWTool.RAS.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP135\A0089722.exe Win32/PSWTool.RAS.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP135\A0089725.exe Win32/PSWTool.RAS.A application (deleted - quarantined) 00000000000000000000000000000000 C Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:44:11, on 17/7/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?6a8ff442109c48a891508d583b64eaee O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?6a8ff442109c48a891508d583b64eaee O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 8589 bytes Norman Malware Cleaner Version 1.6.2 Copyright © 1990 - 2009, Norman ASA. Built 2010/07/13 05:49:26 Norman Scanner Engine Version: 6.05.06 Nvcbin.def Version: 6.05.00, Date: 2010/07/13 05:49:26, Variants: 6305999 Scan started: 15/07/2010 03:32:21 Running pre-scan cleanup routine: Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2 Logged on user: ODIRLEI\Mariana Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "c:\windows\system32\" -> "" Scanning bootsectors... Number of sectors found: 0 Number of sectors scanned: 0 Number of sectors not scanned: 0 Number of infections found: 0 Number of infections removed: 0 Total scanning time: 0s Scanning running processes and process memory... Number of processes/threads found: 2447 Number of processes/threads scanned: 2447 Number of processes/threads not scanned: 0 Number of infected processes/threads terminated: 0 Total scanning time: 3m 18s Scanning file system... Scanning: prescan Scanning: C:\*.* C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Meus Documentos\Jogos\GTA- você\GTA 4 Vice City\Audio\wav2raw.exe (Infected with W32/Suspicious_Gen2.CSXB) Deleted file C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Meus Documentos\Nova pasta\Ðessa vez eu me rendo_alexandre p.mp3 (Error opening file: Not found) C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP100\A0077635.exe (Infected with Suspicious_Gen2.BJHXO) Deleted file C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP135\A0091735.exe (Infected with W32/Suspicious_Gen2.CSXB) Deleted file C:\WINDOWS\system32\autorun.i (Infected with BAT/Autorun.IXD) Deleted file Scanning: D:\*.* Scanning: C:\System Volume Information\*.* Scanning: postscan Running post-scan cleanup routine: Number of files found: 176292 Number of archives unpacked: 2051 Number of files scanned: 176286 Number of files not scanned: 6 Number of files skipped due to exclude list: 0 Number of infected files found: 4 Number of infected files repaired/deleted: 4 Number of infections removed: 4 Total scanning time: 2h 5m 40s Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 18, 2010 :) Outros problemas foram removidos do seu PC. _____________________________ :seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: Faça o download do ComboFix Salve-o no Desktop (área de trabalho). * Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! ) * Feche todas as janelas e execute a ferramenta. * Ps: A execução, por comando, também é possível: * Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall * Clique em Ok. * Na solicitação: "Negação de garantia de software" --> Clique em Sim. * Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo. * Terminando,clique Sim ou Yes. --> Aguarde. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX :!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download. * Salve-a no Desktop,renomeada como: Kombo.exe * Ps: Nomeie durante o salvamento,e não após salvá-la! * Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link! * Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: * Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos. * Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! * Ps: Para evitar problemas, siga todas as recomendações propostas. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX * Abrir-se-á a janela Auto Scan. --> Aguarde! * Para finalizar remoções, o ComboFix poderá reiniciar o computador. * Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! * Durante o scan, evite manusear o mouse ou teclado! <-- Importante! * Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter. <><><><><><><><><><><><> O log do Combofix estará em C:\ComboFix.txt _________________________ :seta: Siga também as dicas destes tutoriais: '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-usbfix.html"]Tutorial do USBFix Tutorial do Spyware Doctor Starter Edition Tutorial do antivírus BitDefender Online _________________________ :seta: Na sua próxima resposta poste o log do BitDefender Online que estará em C:\Windows\BDOSCAN8\bdoscan.log juntamente com um novo log do Hijackthis, o log do Spyware Doctor, o log que estará em C:\UsbFix.txt, o log que estará em C:\ComboFix.txt e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
arona 0 Denunciar post Postado Julho 20, 2010 Bom dia! Fiz todos os procedimentos recomendados O pc continua no mesmo IE com a pagina inicial em branco e não da de alterar. O que fazer agora? O UsbFix é totalmente diferente do tutorial, não tem Exclusão eu cliquei em Supressão. Ele também criou em cada disco uma pasta Autorun.inf com um arquivo NUL.Usbfix dentro dessa pasta. ate no meu modem usb de internet também esta com essa pasta Autorun.inf com um arquivo NUL.Usbfix. quando eu precisar instalar novamente o modem ele será executado automaticamente ou o UsbFix mexeu nas configurações? O BitDefender Online deletou um programa de minha utilidade o CTPLH Sei que CTPLH programa não contem vírus porque já uso a muito tempo e nunca tive problemas no pc! Não tem como recuperar? E os programas usados ate agora tem seres desinstalados? Vou aguardar novas instruções para resolver os problemas Obrigado. Abaixo segue os log [General] App = "楂䑴晥湥敤湏楬敮匠慣湮牥 v8" Date = 20:07:2010 Time = 04:23:59 Scan Path = A:\;C:\;D:\;E:\; [Engines Info] Virus Definitions = 6561654 Engine build = "AVCORE v2.1 Windows/i386 11.0.0.33 (Jun 10 2010)" Scan plugins = 18 Archive plugins = 44 Unpack plugins = 10 E-mail plugins = 6 System plugins = 4 [scan Statistics] Folders = 5488 Files = 123025 Archives = 2796 Packed files = 7988 Identified viruses = 3 Infected files = 8 Warnings = 0 Suspect files = 0 Disinfected files = 0 Deleted files = 6 Copied files = 0 Moved files = 0 Renamed files = 0 I/O Errors = 26 [scan Settings] SecondAction = Delete FirstAction = Disinfect Heuristics = 1 Enable Warnings = 1 Exclude Ext = Extensions = *; Scan Emails = 1 Scan Archives = 1 Scan Packed = 1 Scan Files = 1 Scan Boot = 1 Verify Memory = 0 [scan Results] Line00000016 = "C:\Arquivos de programas\RRGSoftware\CTPLH\csrss.exe Infected with: Generic.Banker.Delf.850A51D3" Line00000015 = "C:\Arquivos de programas\RRGSoftware\CTPLH\csrss.exe Deleted" Line00000014 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Nova pasta (3)\CTPLH\CTPLH.exe=>(Instyler o)=>(Instyler Module 0) Infected with: Generic.Banker.Delf.850A51D3" Line00000013 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Nova pasta (3)\CTPLH\CTPLH.exe=>(Instyler o)=>(Instyler Module 0) Disinfection failed" Line00000012 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Nova pasta (3)\Odirlei\CTPLH.rar=>CTPLH\CTPLH.exe=>(Instyler o)=>(Instyler Module 0) Infected with: Generic.Banker.Delf.850A51D3" Line00000011 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\Nova pasta (3)\Odirlei\CTPLH.rar=>CTPLH\CTPLH.exe=>(Instyler o)=>(Instyler Module 0) Disinfection failed" Line00000010 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\UsbFix_Upload_Me\C\WINDOWS\system32\autorun.in.vir Infected with: Trojan.AutorunINF.Gen" Line00000009 = "C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\UsbFix_Upload_Me\C\WINDOWS\system32\autorun.in.vir Deleted" Line00000008 = "C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP139\A0096399.exe Infected with: Generic.Banker.Delf.850A51D3" Line00000007 = "C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP139\A0096399.exe Deleted" Line00000006 = "C:\UsbFix\Quarantine\C\WINDOWS\system32\autorun.in.vir Infected with: Trojan.AutorunINF.Gen" Line00000005 = "C:\UsbFix\Quarantine\C\WINDOWS\system32\autorun.in.vir Deleted" Line00000004 = "C:\UsbFix\Quarantine\F\Recycled.exe.vir Infected with: Worm.Generic.48369" Line00000003 = "C:\UsbFix\Quarantine\F\Recycled.exe.vir Deleted" Line00000002 = "C:\UsbFix_Upload_Me_ODIRLEI.zip=>UsbFix_Upload_Me/C/WINDOWS/system32/autorun.in.vir Infected with: Trojan.AutorunINF.Gen" Line00000001 = "C:\UsbFix_Upload_Me_ODIRLEI.zip=>UsbFix_Upload_Me/C/WINDOWS/system32/autorun.in.vir Deleted" Line00000000 = "C:\UsbFix_Upload_Me_ODIRLEI.zip Updated" Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 04:51:24, on 20/7/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Barra do MSN Busca Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O3 - Toolbar: Barra do MSN Busca - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &MSN Busca - res://C:\Arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?6a8ff442109c48a891508d583b64eaee O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?6a8ff442109c48a891508d583b64eaee O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com.br O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe -- End of file - 8350 bytes PC Tools Spyware Doctor Date Status 20/7/2010 01:24:24:778 Verificação Concluída Tipo de Verificação - Verificação Completa Itens Processados - 370704 Ameaças Detectadas - 3 Infecções Detectadas - 5 Infecções Ignoradas - 0 20/7/2010 01:26:15:838 Infecção em quarentena Nome da Ameaça - Application.NirCmd Tipo - Arquivo Nível de Risco - Informações Infecção - C:\WINDOWS\SWXCACLS.exe 20/7/2010 01:26:18:602 Infecção em quarentena Nome da Ameaça - Application.NirCmd Tipo - Arquivo Nível de Risco - Informações Infecção - C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\ComboFix.exe 20/7/2010 01:26:20:515 Infecção excluída Nome da Ameaça - Application.NirCmd Tipo - Arquivo Nível de Risco - Informações Infecção - C:\WINDOWS\SWXCACLS.exe 20/7/2010 01:26:20:515 Infecção excluída Nome da Ameaça - Application.NirCmd Tipo - Arquivo Nível de Risco - Informações Infecção - C:\Documents and Settings\Mariana.PARTICUL-A73101\Desktop\ComboFix.exe 20/7/2010 01:26:20:715 Infecção em quarentena Nome da Ameaça - Adware.Altnet_Software Tipo - Arquivo Nível de Risco - Severo Infecção - C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP139\A0096376.Manifest 20/7/2010 01:26:20:775 Infecção em quarentena Nome da Ameaça - Adware.Altnet_Software Tipo - Arquivo Nível de Risco - Severo Infecção - C:\Documents and Settings\Mariana.PARTICUL-A73101\Menu Iniciar.rar 20/7/2010 01:26:20:936 Infecção excluída Nome da Ameaça - Adware.Altnet_Software Tipo - Arquivo Nível de Risco - Severo Infecção - C:\System Volume Information\_restore{D2993D4F-4C7E-4C64-B1C9-8D757EEA71DF}\RP139\A0096376.Manifest 20/7/2010 01:26:20:936 Infecção excluída Nome da Ameaça - Adware.Altnet_Software Tipo - Arquivo Nível de Risco - Severo Infecção - C:\Documents and Settings\Mariana.PARTICUL-A73101\Menu Iniciar.rar 20/7/2010 01:26:21:206 Infecção em quarentena Nome da Ameaça - PWSTool.RAS Tipo - Arquivo Nível de Risco - Alto Infecção - D:\Validação do windows\kf141.zip 20/7/2010 01:26:21:697 Infecção excluída Nome da Ameaça - PWSTool.RAS Tipo - Arquivo Nível de Risco - Alto Infecção - D:\Validação do windows\kf141.zip 20/7/2010 01:26:23:790 Resumo de Infecções em Quarentena/Removidas Quarentena - 5 Falha na Quarentena - 0 Removido - 5 Falha na Remoção - 0 ############################## | UsbFix 7.016 | [supressão] Usuário: Mariana (Administrador) # ODIRLEI [ ] Atualizado em 05/07/10 por El Desaparecido / C_XX Começou em 22:05:17 | 19/07/2010 Site: http://pagesperso-orange.fr/NosTools/index.html Contato: FindyKill.Contact@gmail.com CPU: AMD Duron Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2 Internet Explorer 8.0.6001.18702 Windows Firewall: Habilitado Antivirus: avast! Antivirus 5.0.83886587 [(!) Disabled | Updated] RAM -> 1023 Mb C:\ (%systemdrive%) -> Disco fixo # 37 Gb (9 Mb livre - 25%) [] # NTFS D:\ -> Disco fixo # 19 Gb (10 Mb livre - 54%) [] # FAT32 E:\ -> CD-ROM F:\ -> Disco removível # 170 Mb (24 Mb livre - 14%) [MD300] # FAT ################## | Ficheiros # pastas infeciosos | Não supprimido ! C:\Arquivos de programas\GbPlugin Supprimido ! C:\WINDOWS\system32\autorun.in Supprimido ! C:\kht Supprimido ! C:\khw Supprimido ! D:\kht Supprimido ! D:\khw Supprimido ! F:\Recycled.exe ################## | Registro | Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | ################## | Listing | [02/02/2009 - 13:39:21 | A | 2] C:\-933005945 [19/07/2010 - 01:36:31 | RD ] C:\Arquivos de programas [01/11/2005 - 15:01:14 | A | 0] C:\AUTOEXEC.BAT [18/09/2006 - 09:59:58 | A | 32] C:\BIOSINFO.INI [18/09/2006 - 09:59:58 | A | 75] C:\BIOSVIEW.INI [15/07/2010 - 16:16:10 | A | 211] C:\Boot.bak [18/07/2010 - 03:52:40 | RASH | 281] C:\boot.ini [08/11/2005 - 13:47:32 | D ] C:\C-Media [18/07/2010 - 03:52:39 | RASHD ] C:\cmdcons [03/08/2004 - 23:00:02 | A | 261920] C:\cmldr [19/07/2010 - 21:20:37 | A | 21177] C:\ComboFix.txt [01/11/2005 - 15:01:14 | A | 0] C:\CONFIG.001 [13/07/2010 - 22:56:27 | D ] C:\Config.Msi [25/12/2005 - 19:06:26 | A | 2982] C:\CONFIG.SYS [08/09/2006 - 08:47:50 | ASH | 14] C:\config.sy_ [30/10/2006 - 11:38:14 | D ] C:\DBBackup [07/07/2010 - 19:53:41 | D ] C:\Documents and Settings [16/06/2008 - 23:11:05 | D ] C:\Downloads [14/03/2003 - 04:54:17 | A | 3474653184] C:\DUDUGAMES.ISO [14/03/2003 - 04:54:17 | A | 4322] C:\DUDUGAMES.MDS [26/07/2008 - 10:59:59 | A | 1107] C:\DV.txt [19/07/2010 - 21:12:04 | ASH | 1073270784] C:\hiberfil.sys [06/02/2004 - 16:20:46 | RA | 16384] C:\hpqimgrc.resources.dll [20/07/2008 - 10:27:40 | A | 27681] C:\instaler.log [16/11/2007 - 20:47:38 | A | 1120] C:\INSTALL.LOG [01/11/2005 - 15:01:14 | RASH | 0] C:\IO.SYS [24/04/2010 - 22:52:11 | D ] C:\LinhaDefensiva [10/07/2010 - 20:10:43 | A | 100] C:\mbam-error.txt [01/11/2005 - 15:01:14 | RASH | 0] C:\MSDOS.SYS [28/07/2008 - 19:26:07 | D ] C:\MyWorks [03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM [03/08/2004 - 22:59:34 | RASH | 251168] C:\ntldr [19/07/2010 - 21:11:58 | ASH | 2831155200] C:\pagefile.sys [01/11/2005 - 15:20:11 | D ] C:\Plg2Spss [03/02/2008 - 13:40:15 | D ] C:\Program Files [19/07/2010 - 21:20:41 | D ] C:\Qoobox [19/07/2010 - 22:13:39 | SHD ] C:\RECYCLER [11/07/2010 - 01:55:33 | D ] C:\RegUnlocker Backups [07/07/2010 - 23:35:52 | D ] C:\RRGSoftware [06/01/2008 - 13:28:30 | AH | 268] C:\sqmdata00.sqm [06/01/2008 - 14:34:41 | AH | 172] C:\sqmdata01.sqm [28/06/2008 - 10:19:43 | AH | 268] C:\sqmdata02.sqm [28/06/2008 - 10:19:43 | AH | 148] C:\sqmdata03.sqm [28/06/2008 - 10:53:34 | AH | 172] C:\sqmdata04.sqm [20/08/2008 - 18:28:07 | AH | 268] C:\sqmdata05.sqm [01/02/2009 - 09:17:09 | AH | 268] C:\sqmdata06.sqm [06/01/2008 - 13:28:30 | AH | 244] C:\sqmnoopt00.sqm [06/01/2008 - 14:34:41 | AH | 172] C:\sqmnoopt01.sqm [28/06/2008 - 10:19:43 | AH | 244] C:\sqmnoopt02.sqm [28/06/2008 - 10:19:43 | AH | 136] C:\sqmnoopt03.sqm [28/06/2008 - 10:53:34 | AH | 172] C:\sqmnoopt04.sqm [01/02/2009 - 09:17:09 | AH | 244] C:\sqmnoopt05.sqm [19/07/2010 - 21:01:44 | SHD ] C:\System Volume Information [24/05/2001 - 11:59:30 | A | 162304] C:\UNWISE.EXE [19/07/2010 - 22:13:39 | D ] C:\UsbFix [19/07/2010 - 22:13:50 | A | 1893] C:\UsbFix.txt [28/06/2010 - 23:43:29 | D ] C:\ViteSoft [19/07/2010 - 21:20:40 | D ] C:\WINDOWS [15/11/2005 - 09:28:57 | A | 2366] C:\_Sid.txt [01/01/1999 - 00:40:20 | RASH | 1687] D:\MSDOS.SYS [15/05/1998 - 20:01:00 | RSH | 222390] D:\IO.SYS [01/01/1999 - 03:44:08 | SHD ] D:\RECYCLED [23/08/2008 - 15:21:42 | D ] D:\Filmes [15/07/2010 - 00:35:24 | D ] D:\Validação do windows [15/05/1998 - 20:01:00 | A | 95688] D:\COMMAND.COM [01/01/1999 - 01:06:42 | A | 134] D:\AUTOEXEC.BAT [01/01/1999 - 03:43:06 | SH | 49152] D:\VIDEOROM.BIN [01/01/1999 - 01:06:42 | A | 100] D:\CONFIG.SYS [01/01/1999 - 03:04:48 | ASH | 73508] D:\DETLOG.TXT [16/11/2009 - 15:44:08 | SHD ] D:\System Volume Information [13/06/2008 - 15:03:32 | HD ] F:\Install ################## | Vaccin | C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) D:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) F:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) ComboFix 10-07-19.01 - Mariana 19/07/2010 21:03:27.4.1 - x86 Executando de: c:\documents and settings\Mariana.PARTICUL-A73101\desktop\Combofix.exe Comandos utilizados :: /killall . (((((((((((((((( Arquivos/Ficheiros criados de 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))) . 9999-12-28 23:27 . 2001-09-06 01:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 9999-12-28 23:27 . 2004-08-04 02:45 21504 ----a-w- c:\windows\system32\hidserv.dll 9999-12-28 23:27 . 2004-08-04 02:39 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-07-17 21:50 . 2010-07-17 21:51 -------- d-----w- c:\windows\system32\Adobe 2010-07-17 05:41 . 2010-07-17 05:41 -------- d-----w- c:\arquivos de programas\ESET 2010-07-11 00:53 . 2010-07-11 04:55 -------- d-----w- C:\RegUnlocker Backups 2010-07-08 20:47 . 2010-07-08 20:47 -------- d-----w- c:\arquivos de programas\RRGSoftware 2010-07-08 02:35 . 2010-07-08 02:35 -------- d-----w- C:\RRGSoftware 2010-07-07 22:53 . 2010-07-07 22:53 -------- d-----w- c:\documents and settings\Nova pasta 2010-07-05 02:23 . 1999-10-18 01:01 26384 ----a-w- c:\windows\system32\fm20enu.dll 2010-07-05 02:23 . 1999-12-09 16:19 147456 ----a-w- c:\windows\system32\vbzip10.dll 2010-06-29 02:47 . 2010-06-29 02:47 -------- d-----w- c:\arquivos de programas\Artwork Develop 2010-06-29 02:44 . 2004-06-14 21:35 53248 ----a-w- c:\windows\system32\wm_hooks.dll 2010-06-29 02:44 . 2004-06-14 21:34 12288 ----a-w- c:\windows\system32\logmessages.dll 2010-06-29 02:10 . 2010-06-29 02:22 -------- d-----w- c:\arquivos de programas\FirebirdClient 2010-06-29 02:10 . 2007-12-12 04:05 356437 ----a-w- c:\windows\system32\GDS32.DLL 2010-06-29 02:09 . 2010-06-29 02:09 -------- d-----w- c:\arquivos de programas\Firebird 2010-06-29 02:09 . 2010-06-29 02:43 -------- d-----w- C:\ViteSoft 2010-06-22 19:01 . 2004-08-04 03:45 25600 ----a-w- c:\documents and settings\LocalService.AUTORIDADE NT\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2010-06-21 06:03 . 2008-08-18 22:45 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys 2010-06-21 06:03 . 2008-08-18 22:45 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys 2010-06-21 06:03 . 2008-08-18 22:44 110080 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys 2010-06-21 06:03 . 2008-08-18 22:44 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys 2010-06-21 06:03 . 2010-06-22 05:26 -------- d-----w- c:\arquivos de programas\InstallAffixationInfo . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-14 05:23 . 2010-03-04 04:08 -------- d-----w- c:\arquivos de programas\Alwil Software 2010-07-14 01:57 . 2010-04-27 23:47 -------- d-----w- c:\arquivos de programas\Iminent 2010-07-14 01:57 . 2010-04-27 23:47 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\{B65BB65B-9882-4CCB-99A9-9EBCA06A2255} 2010-07-10 23:10 . 2010-04-13 20:03 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-07-09 19:13 . 2004-08-31 00:55 70980 ----a-w- c:\windows\system32\perfc016.dat 2010-07-09 19:13 . 2004-08-31 00:55 433840 ----a-w- c:\windows\system32\perfh016.dat 2010-06-22 05:26 . 2005-11-01 19:49 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-06-19 13:09 . 2010-06-19 13:07 -------- d-----w- c:\arquivos de programas\Sony Ericsson 2010-06-19 13:08 . 2010-06-19 13:07 -------- d-----w- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\Sony Ericsson 2010-06-17 16:23 . 2010-06-17 16:23 388096 ----a-r- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-06-17 16:23 . 2010-06-17 16:23 -------- d-----w- c:\arquivos de programas\Trend Micro 2010-06-05 14:54 . 2009-12-01 01:00 -------- d-----w- c:\arquivos de programas\TP-LINK 2010-06-04 08:57 . 2010-06-04 08:57 -------- d-----w- c:\arquivos de programas\Device Doctor 2010-06-04 08:08 . 2010-06-04 08:08 -------- d-----w- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\Easeware 2010-06-04 06:57 . 2010-06-04 06:57 -------- d-----w- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\DeviceDoctorSoftware 2010-05-30 07:11 . 2010-05-30 07:11 -------- d-----w- c:\arquivos de programas\DVD Audio Extractor 2010-04-29 18:39 . 2010-04-13 20:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 18:39 . 2010-04-13 20:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-25 06:13 . 2010-04-25 06:13 52224 ----a-w- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-04-25 06:13 . 2010-04-25 06:13 117760 ----a-w- c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-04-24 17:19 . 2010-04-27 23:48 2475032 ------w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\{B65BB65B-9882-4CCB-99A9-9EBCA06A2255}\IMBoosterSetup.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-09 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 18:21 548352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Image Zone.lnk] backup=c:\windows\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Windows Desktop Search.lnk] backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Mariana.PARTICUL-A73101^Menu Iniciar^Programas^Inicializar^Reboot.exe] backup=c:\windows\pss\Reboot.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] 2009-02-03 13:22 1004544 ----a-w- c:\arquivos de programas\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 03:45 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE] 2003-08-19 17:47 16384 ----a-w- c:\program files\DSLink180U\Adsl\dslagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE] 2003-09-19 20:09 299008 ----a-w- c:\program files\DSLink180U\Adsl\dslstat.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116] 1998-11-30 20:04 497376 ----a-w- c:\windows\p_981116.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration] 2007-06-10 22:02 40960 ----a-w- c:\arquivos de programas\Free Download Manager\FUM\fumoei.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2004-05-12 17:18 241664 ----a-w- c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 05:41 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2006-12-06 01:55 54832 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2007-04-19 16:26 484904 ----a-w- c:\arquivos de programas\Arquivos comuns\LightScribe\LightScribeControlPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-02-10 20:00 1937408 ------w- c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 13:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 13:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-08-12 05:43 7630848 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2006-08-12 05:43 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-08-12 05:43 1519616 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE] 2004-01-30 11:33 180224 ----a-r- c:\windows\system32\pctspk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2006-11-23 18:10 56928 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-11-10 15:03 36975 ----a-w- c:\arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-03-09 23:40 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector] 2003-11-19 16:03 45056 ------w- c:\arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\Ares\\Ares.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "445:TCP"= 445:TCP:@xpsp2res.dll,-22005 "137:UDP"= 137:UDP:@xpsp2res.dll,-22001 "1155:TCP"= 1155:TCP:VSCyber "3050:TCP"= 3050:TCP:Firebird "5900:TCP"= 5900:TCP:VSCyberVNC R2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-03-09 135664] R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872] R3 WRSWanDD;WinPoET PPPoE Adapter;c:\windows\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 65604] R3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [x] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632] S2 aswFsBlk;aswFsBlk; [x] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe [2007-12-12 65536] S2 GbpSv;Gbp Service;c:\arquivos de programas\GbPlugin\GbpSv.exe [2007-08-15 45512] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe [2007-12-12 1531989] S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys [2008-02-06 260992] S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys [2008-02-06 337408] S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys [2008-02-06 14976] S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys [2008-02-06 380672] S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys [2008-02-06 343680] S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys [2008-02-06 24960] S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys [2008-02-06 344064] S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys [2008-02-06 337408] S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys [2008-02-15 17408] S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys [2007-08-14 12672] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 16:23 452136 ----a-w- c:\arquivos de programas\Arquivos comuns\LightScribe\LSRunOnce.exe . Conteúdo da pasta 'Tarefas Agendadas' 2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-03-09 23:40] 2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-03-09 23:40] 2010-07-19 c:\windows\Tasks\User_Feed_Synchronization-{7D2092C5-5C1A-4618-91B0-046DC46E8589}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31] . . ------- Scan Suplementar ------- . uDefault_Search_URL = hxxp://search.msn.com uInternet Settings,ProxyOverride = <local> IE: &MSN Busca - c:\arquivos de programas\MSN Toolbar Suite\TB\02.05.0000.1082\pt-br\msntb.dll/search.htm IE: Abrir em uma nova guia do plano de fundo - c:\arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/229?6a8ff442109c48a891508d583b64eaee IE: Abrir em uma nova guia do primeiro plano - c:\arquivos de programas\MSN Toolbar Suite\TAB\02.05.0001.1119\pt-br\msntabres.dll/230?6a8ff442109c48a891508d583b64eaee IE: Download all with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\arquivos de programas\Free Download Manager\FUM\fumiebtn.dll FF - ProfilePath - c:\documents and settings\Mariana.PARTICUL-A73101\Dados de aplicativos\Mozilla\Firefox\Profiles\18oaleja.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\Java\jre1.5.0_06\bin\NPJPI150_06.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-19 21:14 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(816) c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll c:\arquivos de programas\GbPlugin\gbiehabn.dll - - - - - - - > 'explorer.exe'(3668) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe c:\windows\System32\SCardSvr.exe c:\arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Tempo para conclusão: 2010-07-19 21:20:36 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-07-20 00:20 Pré-execução: 9.929.601.024 bytes disponíveis Pós execução: 9.921.536.000 bytes disponíveis - - End Of File - - 58ED83A8915AFE834ED1C28F30C4C731 Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 26, 2010 Desculpe-me pela demora na resposta, é que estou muito ocupado estes dias. ___________________________ Vários problemas foram removidos do seu PC. :seta: Siga, por gentileza, as dicas destes tutoriais: Tutorial do Kaspersky Virus Removal Tool Tutorial do Norton Security Scan and Clean Tutorial do Dr. Web CureIt ______________________________ :seta: Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis, o log do Dr. Web CureIt, o log do Norton Security Scan and Clean e nos diga como está o seu Pc depois disto. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Agosto 27, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
