Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

daisymo

[Arquivado] &nbspO Meu AVG diz que o agp440.sys é um trojan e o Windo

Recommended Posts

Olá,

 

O meu Sistema Operacional é Windows Vista Home Basic e eu estou enfrentando os seguintes problemas:

- O meu AVG está considerando o arquivo agp440.sys como trojan BackDoor.Generic13.EFH

- Quando eu inicio a máquina o Windows dá um erro que se chama BlueScreen e eu não consigo desligar a máquina, ele reinicia e eu tenho que desligar na tela do logon.

 

Por favor, vocês poderiam me ajudar?

Muito obrigada Daisy.

 

Eu rodei o HiJackThis.exe e o log deu:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:10:17, on 06/10/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Drivers\trcboot.exe

C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\IBM\SQLLIB\bin\db2syscs.exe

C:\IBM\SQLLIB\bin\db2dasrrm.exe

C:\IBM\SQLLIB\BIN\db2mgmtsvc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\IBM\SQLLIB\BIN\db2rcmd.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\Dwm.exe

C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe

C:\Windows\System32\svchost.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Google\Update\1.2.183.27\GoogleCrashHandler.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\System32\WerFault.exe

C:\Windows\system32\Drivers\ldlcserv.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\IBM\SQLLIB\BIN\db2fmp.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\FixCamera.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE

C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ibm\Personal Communications\tpam.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\USB Video Camera\Monitor.exe

C:\Users\daisy\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Users\daisy\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\daisy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\HiJackThis\HiJackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CacherBHO - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"

O4 - HKLM\..\Run: [CProgramFile0] C:\Program Files\ibm\Personal Communications\Registration\prtStart.exe 10 44 10 18 2010 "C:\Program Files\ibm\Personal Communications\Registration\PRT5639I70.exe" /lang=ptb

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\daisy\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winfdk32.rom,MDpUMweR

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe (User 'Default user')

O4 - Startup: algdyw32.exe

O4 - Startup: Dropbox.lnk = daisy\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Monitor.lnk = C:\Program Files\USB Video Camera\Monitor.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCYYYYYYYYBR

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/CursorManiaInitialSetup1.0.1.1.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AppnNode - IBM Corporation - C:\Windows\system32\Drivers\appnnode.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: DB2 - DB2COPY1 - DB2 (DB2) - International Business Machines Corporation - C:\IBM\SQLLIB\bin\db2syscs.exe

O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\IBM\SQLLIB\\bin\db2dasrrm.exe

O23 - Service: DB2 Governor (DB2COPY1) (DB2GOVERNOR_DB2COPY1) - International Business Machines Corporation - C:\IBM\SQLLIB\BIN\db2govds.exe

O23 - Service: DB2 License Server (DB2COPY1) (DB2LICD_DB2COPY1) - International Business Machines Corporation - C:\IBM\SQLLIB\BIN\db2licd.exe

O23 - Service: DB2 Management Service (DB2COPY1) (DB2MGMTSVC_DB2COPY1) - International Business Machines Corporation - C:\IBM\SQLLIB\BIN\db2mgmtsvc.exe

O23 - Service: DB2 Remote Command Server (DB2COPY1) (DB2REMOTECMD_DB2COPY1) - International Business Machines Corporation - C:\IBM\SQLLIB\BIN\db2rcmd.exe

O23 - Service: Google Update Service (gupdate1ca16f6c3b511b0) (gupdate1ca16f6c3b511b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\Windows\system32\Drivers\ldlcserv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Função de Rastreio IBM (TrcBoot) - IBM Corporation - C:\Windows\system32\Drivers\trcboot.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 18077 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá daisymo

 

1.

*Baixe o AD-Remover e salve-o no desktop

*Execute o AD-Remover

*Clique [Clean]...aguarde o término. A reinicialização do PC poderá ou não ser solicitada pelo programa.

*Cole o relatório C:\Ad-Report-CLEAN.log

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá daisymo

 

1.

*Baixe o AD-Remover'>http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe"]AD-Remover e salve-o no desktop

*Execute o AD-Remover

*Clique [Clean]...aguarde o término. A reinicialização do PC poderá ou não ser solicitada pelo programa.

*Cole o relatório C:\Ad-Report-CLEAN.log

 

Olá Wings,

Eu não consegui executar o programa no modo normal porque ele aparecia aquela tela azul e reiniciava, então eu executei no modo segurança.

Surgiu 4 files no C.

Estou te enviando os quatro.

Muito obrigada por sua ajuda.

 

Ad-Report-CLEAN[1] - 07/10/2010 09:16

 

======= REPORT FROM AD-REMOVER 2.0.0.1,F | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 16/09/10 at 13:30

Contact: AdRemover.contact[AT]gmail.com

website: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 09:15:53 on 07/10/2010, Normal boot

 

Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)

daisy@DAISY-TP (Hewlett-Packard Presario C700 Notebook PC)

 

============== ACTION(S) ==============

 

 

Ad-Report-CLEAN[2] - 07/10/2010 09:24

 

======= REPORT FROM AD-REMOVER 2.0.0.1,F | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 16/09/10 at 13:30

Contact: AdRemover.contact[AT]gmail.com

website: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 09:24:34 on 07/10/2010, Normal boot

 

Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)

daisy@DAISY-TP (Hewlett-Packard Presario C700 Notebook PC)

 

============== ACTION(S) ==============

 

Ad-Report-CLEAN[3] - 07/10/2010 09:28

 

======= REPORT FROM AD-REMOVER 2.0.0.1,F | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 16/09/10 at 13:30

Contact: AdRemover.contact[AT]gmail.com

website: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [3]) -> Launched at 09:28:48 on 07/10/2010, Normal boot

 

Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)

daisy@DAISY-TP (Hewlett-Packard Presario C700 Notebook PC)

 

============== ACTION(S) ==============

 

 

Ad-Report-CLEAN[4] - 07/10/2010 09:37 rodado no modo segurança

 

======= REPORT FROM AD-REMOVER 2.0.0.1,F | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 16/09/10 at 13:30

Contact: AdRemover.contact[AT]gmail.com

website: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [4]) -> Launched at 09:31:30 on 07/10/2010, Safeboot mode

 

Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)

daisy@DAISY-TP (Hewlett-Packard Presario C700 Notebook PC)

 

============== ACTION(S) ==============

 

Service: "MyWebSearchService" Service stopped and deleted

 

0,File deleted: C:\Windows\Downloaded Program Files\F3initialsetup1.0.1.1.inf

0,File deleted: C:\Program Files\Mozilla FireFox\chrome\m3ffxtbr.jar

0,File deleted: C:\Program Files\Mozilla FireFox\chrome\m3ffxtbr.manifest

0,File deleted: C:\Program Files\Mozilla FireFox\Plugins\NPMyWebS.dll

0,File deleted: C:\Windows\system32\f3PSSavr.scr

0,Folder deleted: C:\Users\daisy\AppData\LocalLow\Conduit

0,Folder deleted: C:\Users\daisy\AppData\LocalLow\Fun Web Products

0,Folder deleted: C:\Users\daisy\AppData\LocalLow\FunWebProducts

0,Folder deleted: C:\Users\daisy\AppData\LocalLow\MyWebSearch

0,Folder deleted: C:\Program Files\MyWebSearch

2,File deleted: C:\Program Files\MSN Messenger\Riched20.dll

2,File deleted: C:\Program Files\MSN Messenger\Msimg32.dll

2,File deleted: C:\Program Files\Windows Live\Messenger\Riched20.dll

2,File deleted: C:\Program Files\Windows Live\Messenger\Msimg32.dll

 

(!) -- Temporary files deleted.

 

 

1,Key deleted: HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44cf-8957-5838F569A31D}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}

1,Key deleted: HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44cf-8957-5838F569A31D}

1,Key deleted: HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}

1,Key deleted: HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}

1,Key deleted: HKLM\Software\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}

1,Key deleted: HKLM\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}

1,Key deleted: HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}

1,Key deleted: HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}

1,Key deleted: HKLM\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}

1,Key deleted: HKLM\Software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}

1,Key deleted: HKLM\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}

1,Key deleted: HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}

1,Key deleted: HKLM\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}

1,Key deleted: HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}

1,Key deleted: HKLM\Software\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}

1,Key deleted: HKLM\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}

1,Key deleted: HKLM\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}

1,Key deleted: HKLM\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}

1,Key deleted: HKLM\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}

1,Key deleted: HKLM\Software\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}

1,Key deleted: HKLM\Software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}

1,Key deleted: HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}

1,Key deleted: HKLM\Software\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

1,Key deleted: HKLM\Software\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}

1,Key deleted: HKLM\Software\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}

1,Key deleted: HKLM\Software\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

1,Key deleted: HKLM\Software\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}

1,Key deleted: HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

1,Key deleted: HKLM\Software\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}

1,Key deleted: HKLM\Software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

1,Key deleted: HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}

1,Key deleted: HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}

1,Key deleted: HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}

1,Key deleted: HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

1,Key deleted: HKLM\Software\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}

1,Key deleted: HKLM\Software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}

1,Key deleted: HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

1,Key deleted: HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\Interface\{89541520-2D31-11D2-A166-0060081C43D9}

1,Key deleted: HKLM\Software\Classes\Interface\{8954152E-2D31-11D2-A166-0060081C43D9}

1,Key deleted: HKLM\Software\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

1,Key deleted: HKLM\Software\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

1,Key deleted: HKLM\Software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}

1,Key deleted: HKLM\Software\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

1,Key deleted: HKLM\Software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

1,Key deleted: HKLM\Software\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

1,Key deleted: HKLM\Software\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

1,Key deleted: HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}

1,Key deleted: HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}

1,Key deleted: HKLM\Software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}

1,Key deleted: HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

1,Key deleted: HKLM\Software\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

1,Key deleted: HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

1,Key deleted: HKLM\Software\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}

1,Key deleted: HKLM\Software\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}

1,Key deleted: HKLM\Software\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}

1,Key deleted: HKLM\Software\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}

1,Key deleted: HKLM\Software\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}

1,Key deleted: HKLM\Software\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}

1,Key deleted: HKLM\Software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

1,Key deleted: HKLM\Software\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}

1,Key deleted: HKLM\Software\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}

1,Key deleted: HKLM\Software\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}

0,Key deleted: HKLM\Software\Classes\FunWebProducts.DataControl

0,Key deleted: HKLM\Software\Classes\FunWebProducts.DataControl.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HTMLMenu

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HTMLMenu.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HTMLMenu.2

0,Key deleted: HKLM\Software\Classes\FunWebProducts.IECookiesManager

0,Key deleted: HKLM\Software\Classes\FunWebProducts.IECookiesManager.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.KillerObjManager

0,Key deleted: HKLM\Software\Classes\FunWebProducts.KillerObjManager.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton

0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl

0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin

0,Key deleted: HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.HTMLPanel

0,Key deleted: HKLM\Software\Classes\MyWebSearch.HTMLPanel.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.OutlookAddin

0,Key deleted: HKLM\Software\Classes\MyWebSearch.OutlookAddin.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin

0,Key deleted: HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin.1

0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin

0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin.1

0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin

0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin.1

0,Key deleted: HKLM\Software\Classes\ScreenSaverControl.ScreenSaverInstaller

0,Key deleted: HKLM\Software\Classes\ScreenSaverControl.ScreenSaverInstaller.1

0,Key deleted: HKLM\Software\Classes\Toolbar.CT2444516

0,Key deleted: HKLM\Software\FocusInteractive

0,Key deleted: HKLM\Software\Freeze.com

0,Key deleted: HKLM\Software\Fun Web Products

0,Key deleted: HKLM\Software\FunWebProducts

0,Key deleted: HKLM\Software\MyWebSearch

0,Key deleted: HKCU\Software\FunWebProducts

0,Key deleted: HKCU\Software\MyWebSearch

0,Key deleted: HKCU\Software\AppDataLow\Software\Conduit

0,Key deleted: HKCU\Software\AppDataLow\Software\Fun Web Products

0,Key deleted: HKCU\Software\AppDataLow\Software\FunWebProducts

0,Key deleted: HKCU\Software\AppDataLow\Software\MyWebSearch

0,Key deleted: HKU\.DEFAULT\Software\MyWebSearch

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall

0,Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search

0,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

0,Key deleted: HKLM\Software\Classes\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}

0,Key deleted: HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}

0,Key deleted: HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

0,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}

0,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll

0,Key deleted: HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss

0,Key deleted: HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin

0,Key deleted: HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin

 

0,Value deleted: HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources|F3PopularScreenSavers

0,Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform|FunWebProducts

0,Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar Search Scope Monitor

0,Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin

0,Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Plugin

0,Value deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D}

0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA}

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA}

 

 

============== ADDITIONNAL SCAN ==============

 

** Mozilla Firefox Version [3.6.3 (pt-BR)] **

 

-- C:\Users\daisy\AppData\Roaming\Mozilla\FireFox\Profiles\bb11lfck.default\Prefs.js --

browser.search.defaultenginename, ICQ Search

browser.search.selectedEngine, ICQ Search

browser.startup.homepage, www.yahoo.com.br

browser.startup.homepage_override.mstone, rv:1.9.2.3

keyword.URL, hxxp://search.sweetim.com/search.asp?src=2&q=

sweetim.toolbar.previous.keyword.URL, hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=

 

========================================

 

** Internet Explorer Version [8.0.6001.18943] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\Windows\system32\blank.htm

SearchAssistant:

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Search Asst:

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Enable Browser Extensions: no

Local Page: C:\Windows\System32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 129 File(s)

C:\Program Files\Ad-Remover\Backup: 18 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 07/10/2010 (459 Byte(s))

C:\Ad-Report-CLEAN[2].txt - 07/10/2010 (459 Byte(s))

C:\Ad-Report-CLEAN[3].txt - 07/10/2010 (459 Byte(s))

C:\Ad-Report-CLEAN[4].txt - 07/10/2010 (0 Byte(s))

 

End at: 09:37:33, 07/10/2010

 

============== E.O.F ==============

 

Olá Wings,

Já faz dois dias que o problema do bluescreen acabou, mas o vírus no agp440.sys continua.

O que eu faço?

Muito obrigada,

Daisy.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá daisymo

 

1.

*Clique em Iniciar > Painel de Controle > Contas de Usuários > Ativar ou Desativar Contas de Usuários > Confirme > Continuar > Desmarque "Utilizar o Controle de Conta de Usuário (UAC) para ajudar a proteger o computador" > OK > Confirme > Reinicie o PC

 

2.

*Execute o AD-Remover

*Clique [uninstall]

 

3.

*Desative temporariamente seu antivírus

 

Clique em [iniciar] > [Programas] > [AVG]

Abra a Interface do usuário do AVG

Duplo clique na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Baixe o ComboFix e salve-o no desktop

 

*Execute o Combofix e aceite o contrato

 

*Aguarde a conclusão de todas as etapas

 

etapas.jpg

 

*Evite usar o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER]

 

*Cole o relatório C:\combofix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Wings,

 

Eu executei o ComboFix.

Eu não consegui desabilitar o avg então executei no modo segurança.

Muito obrigada.

 

 

ComboFix 10-10-11.01 - daisy 12/10/2010 10:30:33.1.2 - x86 MINIMAL

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.55.1046.18.2037.1532 [GMT -3:00]

Executando de: c:\users\daisy\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\daisy\AppData\Roaming\avdrn.dat

c:\users\daisy\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif

c:\users\daisy\DOCUME~1\ASREVE~1\PROFec~1.exe

c:\users\daisy\googletalk-setup-pt-BR.exe

c:\windows\system32\AutoRun.inf

c:\windows\system32\USRINI~1.EXE

 

A cópia de c:\windows\system32\drivers\AGP440.sys foi encontrada e desinfectada

Cópia restaurada de - c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-09-12 to 2010-10-12 ))))))))))))))))))))))))))))

.

 

2010-10-12 13:39 . 2010-10-12 13:42 -------- d-----w- c:\users\daisy\AppData\Local\temp

2010-10-12 13:39 . 2010-10-12 13:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2010-10-12 13:39 . 2010-10-12 13:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-10-06 23:08 . 2010-10-06 23:10 -------- d-----w- C:\HiJackThis

2010-10-05 21:23 . 2010-10-05 21:23 70656 ----a-w- c:\windows\system32\winfdk32.rom

2010-10-05 21:21 . 2010-10-05 21:21 70656 ----a-w- c:\windows\system32\wingfz32.rom

2010-10-05 21:20 . 2010-10-05 21:20 70656 ----a-w- c:\windows\system32\winyrd32.rom

2010-10-05 18:33 . 2010-10-05 18:33 70656 ----a-w- c:\windows\system32\winisu32.rom

2010-10-05 18:33 . 2010-10-05 18:33 70656 ----a-w- c:\windows\system32\winnyh32.rom

2010-10-05 17:33 . 2010-10-05 18:16 -------- d-----w- c:\users\daisy\AppData\Roaming\GetRightToGo

2010-10-05 16:45 . 2010-10-06 18:04 -------- d-----w- c:\program files\Common Files\Ahead

2010-10-05 16:45 . 2010-10-06 18:05 -------- d-----w- c:\program files\Ahead

2010-10-05 16:24 . 2010-10-05 16:24 -------- d-----w- c:\users\daisy\AppData\Roaming\Nero

2010-10-05 16:14 . 2010-10-05 16:34 -------- d-----w- c:\programdata\Nero

2010-09-29 17:42 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll

2010-09-29 17:42 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-09-23 17:42 . 2010-09-23 17:42 95672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2010-09-23 12:53 . 2010-09-23 12:53 -------- d-----w- c:\programdata\PDF reDirect

2010-09-23 12:51 . 2010-09-23 12:53 -------- d-----w- c:\users\daisy\AppData\Roaming\PDF reDirect

2010-09-23 12:50 . 2010-09-23 12:51 -------- d-----w- c:\program files\PDF reDirect

2010-09-20 03:43 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe

2010-09-20 03:43 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL

2010-09-20 03:43 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2010-09-20 03:42 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll

2010-09-20 03:41 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll

2010-09-20 02:22 . 2010-09-20 02:22 -------- d-----w- c:\program files\Common Files\Skype

2010-09-20 02:22 . 2010-09-20 02:22 -------- d-----r- c:\program files\Skype

2010-09-17 00:22 . 2010-09-20 04:14 -------- d-----w- c:\users\daisy\AppData\Roaming\Dev-Cpp

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\daisy\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\daisy\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\daisy\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-04 39408]

"Google Update"="c:\users\daisy\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-27 135664]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"MSSMSGS"="winfdk32.rom" [2010-10-05 70656]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-21 217088]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-28 176128]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 184320]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]

"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-04 122368]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3735552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Tpam.exe"="c:\program files\IBM\Personal Communications\tpam.exe" [2004-04-27 28672]

"CProgramFile0"="c:\program files\ibm\Personal Communications\Registration\prtStart.exe" [2002-12-09 36864]

 

c:\users\daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\daisy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

Monitor.lnk - c:\program files\USB Video Camera\Monitor.exe [2007-10-16 249856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]

2004-04-27 22:02 49152 ----a-w- c:\windows\System32\pcsinst.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Translate Client.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Translate Client.lnk

backup=c:\windows\pss\Translate Client.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^daisy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BrOffice.org 2.4.lnk]

path=c:\users\daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrOffice.org 2.4.lnk

backup=c:\windows\pss\BrOffice.org 2.4.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-05-27 00:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

R2 gupdate1ca16f6c3b511b0;Google Update Service (gupdate1ca16f6c3b511b0);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 133104]

R3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\Drivers\Ca2001v.sys [2008-02-19 2333568]

R3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);c:\ibm\SQLLIB\BIN\db2govds.exe [2009-05-30 23840]

R3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);c:\ibm\SQLLIB\BIN\db2licd.exe [2009-05-30 128288]

R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [x]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]

S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]

S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]

S2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\ibm\SQLLIB\BIN\db2mgmtsvc.exe [2009-05-30 37664]

S2 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);c:\ibm\SQLLIB\BIN\db2rcmd.exe [2009-05-31 34592]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-04-19 15:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-10-12 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-06 00:04]

 

2010-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 00:33]

 

2010-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 00:33]

 

2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071014526-2568414093-83962523-1000Core.job

- c:\users\daisy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-09 00:16]

 

2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071014526-2568414093-83962523-1000UA.job

- c:\users\daisy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-09 00:16]

.

.

------- Scan Suplementar -------

.

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\users\daisy\AppData\Roaming\Mozilla\Firefox\Profiles\bb11lfck.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - www.yahoo.com.br

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\users\daisy\AppData\Roaming\Mozilla\Firefox\Profiles\bb11lfck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\daisy\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\users\daisy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\daisy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-hpqSRMon - (no file)

HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10e.exe

Notify-atmgrtok - atmgrtok.dll

 

 

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e7,18,9d,72,97,4e,49,85,bf,b9,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e7,18,9d,72,97,4e,49,85,bf,b9,\

 

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'Explorer.exe'(3752)

c:\users\daisy\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\Drivers\trcboot.exe

c:\program files\IBM\Personal Communications\PCS_AGNT.EXE

c:\ibm\SQLLIB\bin\db2syscs.exe

c:\ibm\SQLLIB\bin\db2dasrrm.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Google\Update\1.2.183.27\GoogleCrashHandler.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\Drivers\ldlcserv.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\ibm\SQLLIB\BIN\db2fmp.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conime.exe

c:\program files\AVG\AVG9\avgtray.exe

c:\windows\system32\igfxsrvc.exe

c:\users\daisy\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe

c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-10-12 10:53:07 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-10-12 13:53

 

Pré-execução: 28.553.846.784 bytes disponíveis

Pós execução: 28.679.938.048 bytes disponíveis

 

- - End Of File - - C9D8AF6E5D749BBA0C45F95B782F6757

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Wings,

Eu rodei o AVG e ele não acusa mais vírus no agp440.sys e não dá mais erro de bluescreen.

O computador está bem rápido e normal.

Muito obrigada.

Daisy.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá daisymo

 

1.

*Baixe o SystemLook e salve-o no desktop

*Execute o SystemLook

*Cole o código no espaço em branco:

:file

c:\windows\system32\winfdk32.rom

c:\windows\system32\wingfz32.rom

c:\windows\system32\winyrd32.rom

c:\windows\system32\winisu32.rom

c:\windows\system32\winnyh32.rom

*Clique [Look]

*Cole o relatório SystemLook.txt localizado no desktop

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Wings,

Eu executei o SystemLook.

Aqui está o relatório.

Muito obrigada, meu computador está ótimo.

 

SystemLook 04.09.10 by jpshortstuff

Log created at 16:25 on 01/11/2010 by daisy

Administrator - Elevation successful

 

========== file ==========

 

c:\windows\system32\winfdk32.rom - File found and opened.

MD5: 207AC7A2C4B5FA0810F007F7A7EC3594

Created at 21:23 on 05/10/2010

Modified at 21:23 on 05/10/2010

Size: 70656 bytes

Attributes: --a----

No version information available.

 

c:\windows\system32\wingfz32.rom - File found and opened.

MD5: 207AC7A2C4B5FA0810F007F7A7EC3594

Created at 21:21 on 05/10/2010

Modified at 21:21 on 05/10/2010

Size: 70656 bytes

Attributes: --a----

No version information available.

 

c:\windows\system32\winyrd32.rom - File found and opened.

MD5: 207AC7A2C4B5FA0810F007F7A7EC3594

Created at 21:20 on 05/10/2010

Modified at 21:20 on 05/10/2010

Size: 70656 bytes

Attributes: --a----

No version information available.

 

c:\windows\system32\winisu32.rom - File found and opened.

MD5: 207AC7A2C4B5FA0810F007F7A7EC3594

Created at 18:33 on 05/10/2010

Modified at 18:33 on 05/10/2010

Size: 70656 bytes

Attributes: --a----

No version information available.

 

c:\windows\system32\winnyh32.rom - File found and opened.

MD5: 207AC7A2C4B5FA0810F007F7A7EC3594

Created at 18:33 on 05/10/2010

Modified at 18:33 on 05/10/2010

Size: 70656 bytes

Attributes: --a----

No version information available.

 

-= EOF =-

 

 

 

 

Olá daisymo

 

1.

*Baixe o SystemLook'>http://jpshortstuff.247fixes.com/SystemLook.exe"]SystemLook e salve-o no desktop

*Execute o SystemLook

*Cole o código no espaço em branco:

:file

c:\windows\system32\winfdk32.rom

c:\windows\system32\wingfz32.rom

c:\windows\system32\winyrd32.rom

c:\windows\system32\winisu32.rom

c:\windows\system32\winnyh32.rom

*Clique [Look]

*Cole o relatório SystemLook.txt localizado no desktop

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.