[Resolvido] &nbspanalize de log

[Requel 0]

Me ajudem a ver se tem alguma praga no meu pc!

usso o spyware termination como av .. ele já detectou varios virus é to deixando eles todos na quarentena,

eu queria saber se estou fazer o procedimento correto? agradeço muito.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 03:18:01, on 27/9/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\igfxtray.exe

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\RTHDCPL.EXE

D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

D:\WINDOWS\system32\svchost.exe

D:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [spywareTerminator] "D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279113441896

O17 - HKLM\System\CCS\Services\Tcpip\..\{37ED41F5-413E-46BC-BAC0-B113714030D1}: NameServer = 201.10.128.3,201.10.120.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{4F121222-45D5-4F34-AD0C-7E8987FAA737}: NameServer = 201.10.128.3,201.10.120.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{773D1DB8-CDDC-4BA9-B508-C771955F3BA6}: NameServer = 201.10.128.3,201.10.120.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{37ED41F5-413E-46BC-BAC0-B113714030D1}: NameServer = 201.10.128.3,201.10.120.2

O17 - HKLM\System\CS3\Services\Tcpip\..\{37ED41F5-413E-46BC-BAC0-B113714030D1}: NameServer = 201.10.128.3,201.10.120.2

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GFI LANguard 9 Attendant Service (gfi_lanss9_attservice) - GFI Software Ltd. - D:\Arquivos de programas\GFI\LANguard 9\lnssatt.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 6592 bytes

[Power Max 54]

:) Oi Requel!

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

______________________________

 

:seta: Siga também as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-ad-remover.html"]Tutorial do Ad-Remover

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/11/tutorial-do-toolbar-sd.html"]Tutorial do Toolbar S&D

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

___________________________

 

:seta: Baixe e execute este programa que desativa o Bonjour (que é um item desnecessário e que costuma deixar o PC mais lento):

http://download.gizmo5.com/jasmine/TurnOffBonjour.exe

____________________________

 

Na sua próxima resposta poste o log do Malwarebytes juntamente com um novo log do Hijackthis, o log do Ad-Remover que estará em C:\Ad-Report-CLEAN[1].log, o log do Toolbar S&D que estará em C:\ToolBar SD\TB_1.txt e nos diga como está o seu PC após estes procedimentos.

 

Ficamos no aguardo.

[Requel 0]

:) Oii Moderador!!!

 

ok fiz o procedimento do HijackThis..

 

removi as duas entradas correto?

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

______________________________

 

Log do Malwarebytes

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4724

 

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

 

1/10/2010 01:28:59

mbam-log-2010-10-01 (01-28-59).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|H:\|I:\|K:\|L:\|)

Objetos escaneados: 253106

Tempo decorrido: 52 minuto(s), 20 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

D:\Documents and Settings\ \Desktop\noot\Paiva\Configurações locais\Temp\E_4\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.

 

______________________________

 

Novo Log do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:42:22, on 1/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\igfxtray.exe

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\RTHDCPL.EXE

D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

D:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

D:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft....k/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - Default URLSearchHook is missing

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [spywareTerminator] "D:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1279113441896

O17 - HKLM\System\CCS\Services\Tcpip\..\{37ED41F5-413E-46BC-BAC0-B113714030D1}: NameServer = 201.10.128.3,201.10.120.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{4F121222-45D5-4F34-AD0C-7E8987FAA737}: NameServer = 201.10.128.3,201.10.120.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{773D1DB8-CDDC-4BA9-B508-C771955F3BA6}: NameServer = 201.10.128.3,201.10.120.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{37ED41F5-413E-46BC-BAC0-B113714030D1}: NameServer = 201.10.128.3,201.10.120.2

O17 - HKLM\System\CS3\Services\Tcpip\..\{37ED41F5-413E-46BC-BAC0-B113714030D1}: NameServer = 201.10.128.3,201.10.120.2

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GFI LANguard 9 Attendant Service (gfi_lanss9_attservice) - GFI Software Ltd. - D:\Arquivos de programas\GFI\LANguard 9\lnssatt.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 5232 bytes

 

______________________________

 

 

Log do Ad-Remover

 

======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 13/06/10 at 20:40

Contact: AdRemover.contact@gmail.com

website: http://pagesperso-or...ad_remover.html

 

D:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 15:02:12 on 30/09/2010, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

, CASA ( )

 

============== ACTION(S) ==============

 

 

0,Folder deleted: D:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

0,File deleted: D:\Arquivos de programas\Mozilla FireFox\searchplugins\crawlersrch.xml

0,File deleted: D:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

0,Folder deleted: D:\Arquivos de programas\Ask.com

0,Folder deleted: D:\Documents and Settings\ \Configurações locais\Dados de aplicativos\AskToolbar

3,File deleted: D:\WINDOWS\Installer\b6a50a.msi

 

(!) -- Temporary files deleted.

 

 

-- File opened: D:\Documents and Settings\ \Dados de aplicativos\Mozilla\FireFox\Profiles\dlu36dl8.default\Prefs.js --

Line deleted: user_pref("extensions.asktb.cbid", "F4");

Line deleted: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}...

Line deleted: user_pref("extensions.asktb.dtid", "YYYYYYYYBR");

Line deleted: user_pref("extensions.asktb.fresh-install", false);

Line deleted: user_pref("extensions.asktb.l", "dis");

Line deleted: user_pref("extensions.asktb.last-config-req", "1283463543254");

Line deleted: user_pref("extensions.asktb.locale", "en_US");

Line deleted: user_pref("extensions.asktb.o", "101699");

Line deleted: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Line deleted: user_pref("extensions.asktb.qsrc", "2871");

Line deleted: user_pref("extensions.asktb.r", "2");

Line deleted: user_pref("extensions.asktb.search-suggestions-enabled", true);

-- File closed --

 

 

1,Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

1,Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

1,Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

1,Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

1,Key deleted: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}

1,Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

0,Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

1,Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

0,Key deleted: HKCU\Software\Ask.com

0,Key deleted: HKCU\Software\AskToolbar

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

 

0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

 

 

============== ADDITIONNAL SCAN ==============

 

** Mozilla Firefox Version [3.6.10 (pt-BR)] **

 

-- D:\Documents and Settings\ \Dados de aplicativos\Mozilla\FireFox\Profiles\dlu36dl8.default\Prefs.js --

browser.download.lastDir, D:\\Documents and Settings\\ \\Desktop

browser.startup.homepage, www.google.com.br

browser.startup.homepage_override.mstone, rv:1.9.2.10

 

========================================

 

** Internet Explorer Version [8.0.6001.18702] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Search Asst: on

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

D:\Arquivos de programas\Ad-Remover\Quarantine: 17 File(s)

D:\Arquivos de programas\Ad-Remover\Backup: 15 File(s)

 

D:\Ad-Report-CLEAN[1].txt - 30/09/2010 (874 Byte(s))

 

End at: 15:11:25, 30/09/2010

 

============== E.O.F ==============

 

______________________________

 

 

 

 

Log do Toolbar S&D

 

 

-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core™2 Duo CPU E4600 @ 2.40GHz )

BIOS : Award Modular BIOS v6.00PG

USER : ( Administrator )

BOOT : Normal boot

Antivirus : Spyware Terminator 2.7.2.125 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:148 Go (Free:52 Go)

D:\ (Local Disk) - NTFS - Total:148 Go (Free:97 Go)

E:\ (CD or DVD)

H:\ (USB)

I:\ (USB)

J:\ (CD or DVD)

K:\ (USB)

L:\ (USB)

 

"D:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [2] ( qui 30/09/2010|15:19 )

 

-----------\\ REMOVIDOS

 

Deletado! - D:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

Deletado! - D:\Arquivos de programas\DAEMON Tools Toolbar\Resources

Deletado! - D:\Arquivos de programas\DAEMON Tools Toolbar\uninst.exe

Deletado! - D:\Arquivos de programas\DAEMON Tools Toolbar\_DTLite.xml

Deletado! - D:\Arquivos de programas\DAEMON Tools Toolbar

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ Extensions

 

(ÿÿ) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://fr.msn.com/"

"Search Bar"="http://go.microsoft.com/fwlink/?linkid=54896"

"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.msn.com/"

"Search bar"="http://search.msn.com/spbasic.htm"

 

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

 

1 - "D:\ToolBar SD\TB_1.txt" - qui 30/09/2010|15:18 - Option : [1]

2 - "D:\ToolBar SD\TB_2.txt" - qui 30/09/2010|15:20 - Option : [2]

 

-----------\\ Verificação completa em 15:20:01,84

 

______________________________

 

 

:lol: muito obrigado moderador! o malwarebytes detectou um Worm.Autorun. :clap:

[Power Max 54]

:) Vários problemas foram removidos do seu PC.

___________________________

 

:seta: Siga, por gentileza, as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-usbfix.html"]Tutorial do USBFix

 

Tutorial do antivirus Nod32 Online

___________________________

 

:seta: Poste o log do Usbfix que estará em C:\UsbFix.txt juntamente com o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt e um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta.

[Requel 0]

:)

 

:seta: Log UsbFix

 

 

############################## | UsbFix 7.027 | [supressão]

 

Usuário: (Administrador) # CASA [ ]

Atualizado em 28/09/10 por El Desaparecido / C_XX

Começou em 23:12:01 | 03/10/2010

Site: http://www.teamxscript.org

Contato: FindyKill.Contact@gmail.com

 

CPU: Intel® Core2 Duo CPU E4600 @ 2.40GHz

CPU 2: Intel® Core2 Duo CPU E4600 @ 2.40GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Habilitado

RAM -> 1015 Mb

C:\ -> Disco fixo # 149 Gb (52 Mb livre - 35%) [] # NTFS

D:\ (%systemdrive%) -> Disco fixo # 149 Gb (104 Mb livre - 70%) [] # NTFS

E:\ -> CD-ROM

J:\ -> CD-ROM

 

################## | Ficheiros # pastas infeciosos |

 

 

 

################## | Registro |

 

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch

 

################## | Mountpoints2 |

 

 

################## | Listing |

 

[16/07/2010 - 13:01:39 | A | 1024] C:\.rnd

[29/08/2010 - 17:56:29 | D ] C:\Arquivo

[14/07/2010 - 00:19:32 | A | 0] C:\AUTOEXEC.BAT

[02/09/2010 - 15:55:44 | RASH | 211] C:\boot.ini

[14/04/2008 - 09:00:00 | RASH | 4952] C:\Bootfont.bin

[02/09/2010 - 15:55:44 | RASH | 0] C:\CONFIG.SYS

[14/07/2010 - 09:53:47 | A | 25] C:\csb.log

[23/01/2010 - 05:09:41 | D ] C:\Curso de Piloto Privado

[09/06/2010 - 06:20:54 | D ] C:\DVD

[20/05/2010 - 01:48:38 | D ] C:\Estudo

[16/09/2010 - 23:54:56 | D ] C:\Filmes

[28/09/2010 - 02:45:42 | D ] C:\Fotos

[14/07/2010 - 00:19:32 | RASH | 0] C:\IO.SYS

[28/09/2010 - 04:33:08 | D ] C:\Jogos

[14/07/2010 - 00:19:32 | RASH | 0] C:\MSDOS.SYS

[01/10/2010 - 21:05:15 | RD ] C:\My Music

[14/04/2008 - 09:00:00 | RASH | 47564] C:\NTDETECT.COM

[14/04/2008 - 09:00:00 | RASH | 251696] C:\ntldr

[05/09/2010 - 14:32:35 | D ] C:\Programas

[28/09/2010 - 10:53:12 | D ] C:\Programação

[13/09/2010 - 17:03:10 | D ] C:\Projetos

[03/10/2010 - 23:12:43 | SHD ] C:\RECYCLER

[14/07/2010 - 09:52:27 | A | 431] C:\RHDSetup.log

[17/09/2010 - 07:09:19 | D ] C:\Sistemas Operacionais

[09/02/2010 - 06:31:00 | SHD ] C:\System Volume Information

[01/07/2010 - 02:16:32 | D ] C:\Tentehackear

[07/05/2009 - 01:24:09 | D ] C:\Treino

[23/06/2010 - 17:04:04 | A | 6006] C:\TTRABALHODEGEOGRAFIA.doc

[21/10/2009 - 20:17:32 | D ] C:\vanete

[06/09/2010 - 15:09:23 | D ] C:\Video Aula

[16/09/2010 - 23:54:56 | D ] C:\Videos

[15/07/2010 - 12:11:59 | D ] D:\7e2ee3224145b1d897e0d2be6ad4b9

[30/09/2010 - 15:11:25 | A | 5751] D:\Ad-Report-CLEAN[1].txt

[01/10/2010 - 02:48:19 | A | 2190] D:\Ad-Report-SCAN[1].txt

[01/10/2010 - 14:52:51 | RD ] D:\Arquivos de programas

[30/09/2010 - 14:57:18 | D ] D:\backups

[28/09/2010 - 09:03:27 | D ] D:\bkp 111

[30/06/2010 - 04:24:32 | A | 153718] D:\Boot.bmp

[30/09/2010 - 13:49:12 | D ] D:\ChaosGameServer5

[19/08/2010 - 01:56:45 | A | 44976] D:\crlog_.tot.tmp

[14/09/2010 - 02:42:29 | D ] D:\directx

[15/09/2010 - 03:00:23 | D ] D:\Documents and Settings

[15/07/2010 - 12:09:17 | D ] D:\fe376f7f2a3d1d385d2fe9a63315b1

[27/09/2010 - 03:09:44 | A | 388608] D:\HiJackThis.exe

[01/10/2010 - 01:42:22 | A | 5233] D:\hijackthis.log

[22/08/2010 - 00:15:43 | D ] D:\Intel

[24/09/2010 - 06:27:50 | D ] D:\Level Up! Games

[28/09/2010 - 00:02:37 | D ] D:\NovoChaosGameServer17

[03/10/2010 - 22:58:11 | ASH | 1598029824] D:\pagefile.sys

[03/10/2010 - 23:12:43 | SHD ] D:\RECYCLER

[27/08/2010 - 03:18:33 | SHD ] D:\System Volume Information

[30/09/2010 - 15:20:01 | A | 2449] D:\TB.txt

[30/09/2010 - 15:20:01 | D ] D:\ToolBar SD

[03/10/2010 - 23:12:43 | D ] D:\UsbFix

[03/10/2010 - 23:12:47 | A | 2613] D:\UsbFix.txt

[30/09/2010 - 15:32:45 | D ] D:\WINDOWS

 

################## | Vaccin |

 

C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

D:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

 

################## | E.O.F |

 

 

________________________________________________________________________

 

 

 

 

:seta: Log Nod32

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=b73595725f25054399cf56c252310c30

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-10-04 03:41:09

# local_time=2010-10-04 12:41:09 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=7937 16777213 100 100 0 10395535 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=116923

# found=1

# cleaned=1

# scan_time=3936

C:\Projetos\Programas alpha\MsgPlusLive-485.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

 

________________________________________________________________________________

 

:seta: Log Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:11:58, on 4/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\explorer.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

D:\WINDOWS\system32\ctfmon.exe

D:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - Default URLSearchHook is missing

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [spywareTerminator] "D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279113441896

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{37ED41F5-413E-46BC-BAC0-B113714030D1}: NameServer = 201.10.128.3,201.10.120.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{4F121222-45D5-4F34-AD0C-7E8987FAA737}: NameServer = 201.10.128.3,201.10.120.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{773D1DB8-CDDC-4BA9-B508-C771955F3BA6}: NameServer = 201.10.128.3,201.10.120.2

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GFI LANguard 9 Attendant Service (gfi_lanss9_attservice) - GFI Software Ltd. - D:\Arquivos de programas\GFI\LANguard 9\lnssatt.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 4681 bytes

______________________________________________________________

 

gracias! :joia:

[Power Max 54]

:) Outros problemas foram removidos.

____________________________

 

:seta: Siga, por gentileza, estas dicas:

 

Tutorial do Spyware Doctor Starter Edition

 

Tutorial do antivírus BitDefender Online

___________________________

 

:seta: Na sua próxima resposta poste o log do BitDefender Online que estará em C:\Windows\BDOSCAN8\bdoscan.log juntamente com um novo log do Hijackthis e o log do Spyware Doctor e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo de sua resposta.

[Requel 0]

^_^ Mais um vez obrigado!

 

_____________________________________

 

log do BitDefender

 

 

QuickScan Beta 32-bit v0.9.9.41

-------------------------------

Data da análise: Sun Oct 10 02:20:30 2010

ID da máquina: 7CF01AE0

 

 

 

Não foram encontradas infecções.

--------------------------------

 

 

 

Processos

---------

Crawler Spyware Terminator 1628 D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

Crawler Spyware Terminator 2196 D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.Exe

Firefox 3964 D:\Arquivos de programas\Mozilla Firefox\firefox.exe

Firefox 3708 D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

Intel® Common User Interface 2164 D:\WINDOWS\system32\hkcmd.exe

Intel® Common User Interface 2172 D:\WINDOWS\system32\igfxpers.exe

Intel® Common User Interface 2228 D:\WINDOWS\system32\igfxsrvc.exe

Intel® Common User Interface 2156 D:\WINDOWS\system32\igfxtray.exe

Java Platform SE 6 U21 1552 D:\Arquivos de programas\Java\jre6\bin\jqs.exe

Java Platform SE Auto Updater 2 0 2188 D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

Microsoft® .NET Framework 1460 D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

Microsoft® Windows® Operating System 296 D:\WINDOWS\system32\alg.exe

Microsoft® Windows® Operating System 608 D:\WINDOWS\system32\csrss.exe

Microsoft® Windows® Operating System 2240 D:\WINDOWS\system32\ctfmon.exe

Microsoft® Windows® Operating System 688 D:\WINDOWS\system32\lsass.exe

Microsoft® Windows® Operating System 1320 D:\WINDOWS\system32\spoolsv.exe

Microsoft® Windows® Operating System 1416 D:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 1788 D:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 856 D:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 924 D:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 992 D:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 1032 D:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 1092 D:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 1140 D:\WINDOWS\system32\svchost.exe

Realtek HD Audio Sound Effect Manager 2180 D:\WINDOWS\RTHDCPL.EXE

Sistema operacional Microsoft® Windows® 220 D:\WINDOWS\explorer.exe

Sistema operacional Microsoft® Windows® 676 D:\WINDOWS\system32\services.exe

Sistema Operacional Microsoft® Windows® 560 D:\WINDOWS\system32\smss.exe

Sistema operacional Microsoft® Windows® 552 D:\WINDOWS\system32\wbem\wmiapsrv.exe

Sistema operacional Microsoft® Windows® 632 D:\WINDOWS\system32\winlogon.exe

Spyware Terminator 2208 D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

USB Vaccine 516 D:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe

Windows Live Messenger 3208 D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

 

Atividade da Rede

-----------------

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.104

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 74.125.155.100

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.100

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 184.50.165.115

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.100

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.104

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.104

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 189.11.250.56

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.132

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.104

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.104

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.132

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.104

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.104

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 66.235.143.121

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.104

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.104

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.104

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.104

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.104

Processo firefox.exe (3964) conectado à porta 80 (HTTP) --> 64.233.163.104

 

Processo svchost.exe (924) escuta na porta: 135 (RPC)

Processo SpywareTerminatorUpdate.exe (2208) escuta na porta: 6881 (BitTorrent)

 

 

Autoruns e arquivos críticos

----------------------------

Crawler Spyware Terminator D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.Exe

Google Update D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

Intel® Common User Interface D:\WINDOWS\system32\hkcmd.exe

Intel® Common User Interface D:\WINDOWS\system32\igfxdev.dll

Intel® Common User Interface D:\WINDOWS\system32\igfxpers.exe

Intel® Common User Interface D:\WINDOWS\system32\igfxtray.exe

Java Platform SE Auto Updater 2 0 D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

Microsoft® Windows® Operating System D:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System D:\WINDOWS\system32\ctfmon.exe

Microsoft® Windows® Operating System D:\WINDOWS\system32\dimsntfy.dll

Microsoft® Windows® Operating System D:\WINDOWS\system32\WPDShServiceObj.dll

Programa de Vantagens do Windows Origin D:\WINDOWS\system32\WgaLogon.dll

Realtek HD Audio Sound Effect Manager D:\WINDOWS\RTHDCPL.EXE

RunInteractiveWin.exe D:\Arquivos de programas\Panda USB Vaccine\RunInteractiveWin.exe

Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\browseui.dll

Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\crypt32.dll

Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\cscdll.dll

Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\logonui.exe

Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\sclgntfy.dll

Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\shell32.dll

Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\stobject.dll

Sistema operacional Microsoft® Windows® d:\windows\system32\userinit.exe

Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\wlnotify.dll

Spyware Terminator D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

Windows® Internet Explorer D:\WINDOWS\system32\webcheck.dll

 

 

Plugins do navegador

--------------------

BitDefender QuickScan D:\Documents and Settings\  \Dados de aplicativos\Mozilla\Firefox\Profiles\dlu36dl8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

BitDefender QuickScan D:\Documents and Settings\  \Dados de aplicativos\Mozilla\Firefox\Profiles\dlu36dl8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

Bonjour D:\Arquivos de programas\Bonjour\mdnsNSP.dll

Foxit Reader Plugin for Mozilla D:\Arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

Google Earth Plugin D:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

Google Update D:\Arquivos de programas\Google\Update\1.2.183.29\npGoogleOneClick8.dll

Java Deployment Toolkit 6.0.210.7 D:\Arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

Java Platform SE 6 U21 d:\arquivos de programas\java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U21 D:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll

Java Platform SE 6 U21 d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

Microsoft® Windows Live Login Helper d:\arquivos de programas\arquivos comuns\microsoft shared\windows live\windowslivelogin.dll

Microsoft® Windows® Operating System D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Microsoft® Windows® Operating System D:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System D:\WINDOWS\system32\winrnr.dll

Mozilla Default Plug-in D:\Arquivos de programas\Mozilla Firefox\plugins\npnul32.dll

NPSWF32.dll D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

RealPlayer Version Plugin D:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

RealPlayer Version Plugin D:\Arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

RealPlayer G2 LiveConnect-Enabled P D:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

RealPlayer G2 LiveConnect-Enabled P D:\Arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

Silverlight Plug-In d:\Arquivos de programas\Microsoft Silverlight\4.0.50917.0\npctrl.dll

Sistema operacional Microsoft® Windows® D:\WINDOWS\system32\mswsock.dll

ToolBand Module D:\Documents and Settings\  \Dados de aplicativos\Mozilla\Firefox\Profiles\dlu36dl8.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

Windows Presentation Foundation d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

 

 

Análise

-------

 

 

Nenhum arquivo carregado.

 

Fim da Análise - a comunicação levou 7 seg

Tráfego Total - 0.06 MB enviados, 2.37 KB receb

Analisados 973 arquivos e módulos - 49 segundos

 

==============================================================================

 

 

Log HijackThis

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 02:25:02, on 10/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

d:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

D:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe

D:\WINDOWS\system32\igfxtray.exe

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\RTHDCPL.EXE

D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

D:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - Default URLSearchHook is missing

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [spywareTerminator] "D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "D:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279113441896

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{37ED41F5-413E-46BC-BAC0-B113714030D1}: NameServer = 201.10.128.3,201.10.120.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{4F121222-45D5-4F34-AD0C-7E8987FAA737}: NameServer = 201.10.128.3,201.10.120.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{773D1DB8-CDDC-4BA9-B508-C771955F3BA6}: NameServer = 201.10.128.3,201.10.120.2

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GFI LANguard 9 Attendant Service (gfi_lanss9_attservice) - GFI Software Ltd. - D:\Arquivos de programas\GFI\LANguard 9\lnssatt.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 5497 bytes

 

==============================================================================

 

 

 

log do Spyware Doctor

 

 

 

<html><title>PC Tools Spyware Doctor</title><style type="text/css"><!--hr {  color: #0066CC; height: 1px; margin-left: 15px; margin-right: 15px}.bodylink {  color: #000033}--></style><body bgcolor="#FFFFFF" text="#000033" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" link="#FFFFFF" vlink="#FFFFFF" alink="#FFFFFF"><table width="100%" border="0" cellspacing="0" cellpadding="0" height="100%"><tr><td bgcolor="#1C67A8" height="30"><font size="4" color="#FFFFFF"><b><font size="3"> PC Tools Spyware Doctor</font></b></font></td></tr><tr><td valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding="3"><tr><td bgcolor="#1C67A8"><div align="center"><font color="#FFFFFF"><b>Date</b></font></div></td><td bgcolor="#1C67A8"><div align="center"><font color="#FFFFFF"><b>Status</b></font></div></td></tr>  <tr bgcolor="#ffffff">  <td width="25%">9/10/2010 07:01:10:343</td>  <td width="25%">  <div align="center">Serviço Iniciado</div>  </td>  </tr>  <tr bgcolor="#ffffff">  <td colspan="4">Aplicações de Serviço do Spyware Doctor iniciadas</td>  </tr>  <tr bgcolor="#cccccc">  <td width="25%">9/10/2010 07:01:10:343</td>  <td width="25%">  <div align="center">Mecanismo Antimalware</div>  </td>  </tr>  <tr bgcolor="#cccccc">  <td colspan="4">Configuração do mecanismo antimalware carregada com sucesso.</td>  </tr>  <tr bgcolor="#ffffff">  <td width="25%">9/10/2010 07:01:28:156</td>  <td width="25%">  <div align="center">Verificação Iniciada</div>  </td>  </tr>  <tr bgcolor="#ffffff">  <td colspan="4"><b>Tipo de Verificação</b> - Intelli-Scan<br></td>  </tr>  <tr bgcolor="#cccccc">  <td width="25%">9/10/2010 07:01:46:406</td>  <td width="25%">  <div align="center">Status do IntelliGuard</div>  </td>  </tr>  <tr bgcolor="#cccccc">  <td colspan="4">Todos os IntelliGuards foram Ativados</td>  </tr>  <tr bgcolor="#ffffff">  <td width="25%">9/10/2010 07:01:48:984</td>  <td width="25%">  <div align="center">Resultados do Immunizer</div>  </td>  </tr>  <tr bgcolor="#ffffff">  <td colspan="4">A seção do ActiveX foi imunizada. Itens 2902 processados.</td>  </tr>  <tr bgcolor="#cccccc">  <td width="25%">9/10/2010 07:01:54:437</td>  <td width="25%">  <div align="center">Detectada uma infecção neste computador</div>  </td>  </tr>  <tr bgcolor="#cccccc">  <td colspan="4"><b>Nome da Ameaça</b> - Application.TrackingCookies<br><b>Tipo</b> - Cookie<br><b>Nível de Risco</b> - Baixo<br><b>Infecção</b> - boursoramabanque.solution.weborama.fr/ boursoramabanque.solution.weborama.fr<br></td>  </tr>  <tr bgcolor="#ffffff">  <td width="25%">9/10/2010 07:01:54:687</td>  <td width="25%">  <div align="center">Detectada uma infecção neste computador</div>  </td>  </tr>  <tr bgcolor="#ffffff">  <td colspan="4"><b>Nome da Ameaça</b> - Application.TrackingCookies<br><b>Tipo</b> - Cookie<br><b>Nível de Risco</b> - Baixo<br><b>Infecção</b> - msnportal.112.2o7.net/ msnportal.112.2o7.net<br></td>  </tr>  <tr bgcolor="#cccccc">  <td width="25%">9/10/2010 07:01:55:93</td>  <td width="25%">  <div align="center">Detectada uma infecção neste computador</div>  </td>  </tr>  <tr bgcolor="#cccccc">  <td colspan="4"><b>Nome da Ameaça</b> - Application.TrackingCookies<br><b>Tipo</b> - Cookie<br><b>Nível de Risco</b> - Baixo<br><b>Infecção</b> - weborama.fr/ weborama.fr<br></td>  </tr>  <tr bgcolor="#ffffff">  <td width="25%">9/10/2010 07:03:30:453</td>  <td width="25%">  <div align="center">Verificação Concluída</div>  </td>  </tr>  <tr bgcolor="#ffffff">  <td colspan="4"><b>Tipo de Verificação</b> - Intelli-Scan<br><b>Itens Processados</b> - 331892<br><b>Ameaças Detectadas</b> - 1<br><b>Infecções Detectadas</b> - 3<br><b>Infecções Ignoradas</b> - 0<br></td>  </tr>  <tr bgcolor="#cccccc">  <td width="25%">9/10/2010 07:04:10:375</td>  <td width="25%">  <div align="center">Infecção excluída</div>  </td>  </tr>  <tr bgcolor="#cccccc">  <td colspan="4"><b>Nome da Ameaça</b> - Application.TrackingCookies<br><b>Tipo</b> - Cookie<br><b>Nível de Risco</b> - Baixo<br><b>Infecção</b> - weborama.fr/ weborama.fr<br></td>  </tr>  <tr bgcolor="#ffffff">  <td width="25%">9/10/2010 07:04:10:406</td>  <td width="25%">  <div align="center">Infecção excluída</div>  </td>  </tr>  <tr bgcolor="#ffffff">  <td colspan="4"><b>Nome da Ameaça</b> - Application.TrackingCookies<br><b>Tipo</b> - Cookie<br><b>Nível de Risco</b> - Baixo<br><b>Infecção</b> - msnportal.112.2o7.net/ msnportal.112.2o7.net<br></td>  </tr>  <tr bgcolor="#cccccc">  <td width="25%">9/10/2010 07:04:10:406</td>  <td width="25%">  <div align="center">Infecção excluída</div>  </td>  </tr>  <tr bgcolor="#cccccc">  <td colspan="4"><b>Nome da Ameaça</b> - Application.TrackingCookies<br><b>Tipo</b> - Cookie<br><b>Nível de Risco</b> - Baixo<br><b>Infecção</b> - boursoramabanque.solution.weborama.fr/ boursoramabanque.solution.weborama.fr<br></td>  </tr>  <tr bgcolor="#ffffff">  <td width="25%">9/10/2010 07:04:12:453</td>  <td width="25%">  <div align="center">Resumo de Infecções em Quarentena/Removidas</div>  </td>  </tr>  <tr bgcolor="#ffffff">  <td colspan="4"><b>Quarentena</b> - 0<br><b>Falha na Quarentena</b> - 0<br><b>Removido</b> - 3<br><b>Falha na Remoção</b> - 0<br></td>  </tr>  <tr bgcolor="#cccccc">  <td width="25%">9/10/2010 07:19:51:375</td>  <td width="25%">  <div align="center">Verificação Iniciada</div>  </td>  </tr>  <tr bgcolor="#cccccc">  <td colspan="4"><b>Tipo de Verificação</b> - Verificação Completa<br></td>  </tr>  <tr bgcolor="#ffffff">  <td width="25%">9/10/2010 07:24:56:750</td>  <td width="25%">  <div align="center">Smart Update</div>  </td>  </tr>  <tr bgcolor="#ffffff">  <td colspan="4">O Smart Update determinou que o Spyware Doctor está atualizado</td>  </tr>  <tr bgcolor="#cccccc">  <td width="25%">9/10/2010 07:25:03:234</td>  <td width="25%">  <div align="center">Resultados do Immunizer</div>  </td>  </tr>  <tr bgcolor="#cccccc">  <td colspan="4">A seção do ActiveX foi imunizada. Nenhum item foi processado.</td>  </tr>  <tr bgcolor="#ffffff">  <td width="25%">9/10/2010 07:54:50:703</td>  <td width="25%">  <div align="center">Verificação Concluída</div>  </td>  </tr>  <tr bgcolor="#ffffff">  <td colspan="4"><b>Tipo de Verificação</b> - Verificação Completa<br><b>Itens Processados</b> - 463080<br><b>Ameaças Detectadas</b> - 0<br><b>Infecções Detectadas</b> - 0<br><b>Infecções Ignoradas</b> - 0<br></td>  </tr>  </table>  </td>  </tr>  <tr>  </tr>  </table>  </html>

[Power Max 54]

:seta: Obs: Se o seu computador ficar lento depois da instalação do Spyware Doctor, clique com o botão do mouse sobre o ícone do Spyware Doctor na barra de tarefas (ao lado do relógio do Windows) e escolha a opção Sair. Aparecerá uma mensagem perguntando se você tem certeza de que deseja fechar o Spyware Doctor, clique em Ok.

 

Aí quando você quizer utilizar novamente o Spyware Doctor é só você ir no menu: Iniciar --> Todos os programas --> Spyware Doctor --> Spyware Doctor.

 

E depois de utilizá-lo basta você realizar o procedimento descrito acima para desativá-lo novamente.

________________________________

 

:) Seus logs estão limpos. Como está seu PC depois destes procedimentos?

[Felipe_88 0]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.