daisymo 0 Denunciar post Postado Outubro 6, 2010 Olá, O meu Sistema Operacional é Windows Vista Home Basic e eu estou enfrentando os seguintes problemas: - O meu AVG está considerando o arquivo agp440.sys como trojan BackDoor.Generic13.EFH - Quando eu inicio a máquina o Windows dá um erro que se chama BlueScreen e eu não consigo desligar a máquina, ele reinicia e eu tenho que desligar na tela do logon. Por favor, vocês poderiam me ajudar? Muito obrigada Daisy. Eu rodei o HiJackThis.exe e o log deu: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:10:17, on 06/10/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Drivers\trcboot.exe C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\IBM\SQLLIB\bin\db2syscs.exe C:\IBM\SQLLIB\bin\db2dasrrm.exe C:\IBM\SQLLIB\BIN\db2mgmtsvc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\IBM\SQLLIB\BIN\db2rcmd.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\Dwm.exe C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe C:\Windows\System32\svchost.exe C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Google\Update\1.2.183.27\GoogleCrashHandler.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\System32\WerFault.exe C:\Windows\system32\Drivers\ldlcserv.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Windows\system32\taskeng.exe C:\Program Files\Apoint2K\Apoint.exe C:\IBM\SQLLIB\BIN\db2fmp.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\FixCamera.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE C:\Program Files\AVG\AVG9\avgtray.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ibm\Personal Communications\tpam.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\USB Video Camera\Monitor.exe C:\Users\daisy\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Users\daisy\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\svchost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\daisy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\HiJackThis\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CacherBHO - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe" O4 - HKLM\..\Run: [CProgramFile0] C:\Program Files\ibm\Personal Communications\Registration\prtStart.exe 10 44 10 18 2010 "C:\Program Files\ibm\Personal Communications\Registration\PRT5639I70.exe" /lang=ptb O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\daisy\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winfdk32.rom,MDpUMweR O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe (User 'Default user') O4 - Startup: algdyw32.exe O4 - Startup: Dropbox.lnk = daisy\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Monitor.lnk = C:\Program Files\USB Video Camera\Monitor.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCYYYYYYYYBR O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/CursorManiaInitialSetup1.0.1.1.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AppnNode - IBM Corporation - C:\Windows\system32\Drivers\appnnode.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: DB2 - DB2COPY1 - DB2 (DB2) - International Business Machines Corporation - C:\IBM\SQLLIB\bin\db2syscs.exe O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\IBM\SQLLIB\\bin\db2dasrrm.exe O23 - Service: DB2 Governor (DB2COPY1) (DB2GOVERNOR_DB2COPY1) - International Business Machines Corporation - C:\IBM\SQLLIB\BIN\db2govds.exe O23 - Service: DB2 License Server (DB2COPY1) (DB2LICD_DB2COPY1) - International Business Machines Corporation - C:\IBM\SQLLIB\BIN\db2licd.exe O23 - Service: DB2 Management Service (DB2COPY1) (DB2MGMTSVC_DB2COPY1) - International Business Machines Corporation - C:\IBM\SQLLIB\BIN\db2mgmtsvc.exe O23 - Service: DB2 Remote Command Server (DB2COPY1) (DB2REMOTECMD_DB2COPY1) - International Business Machines Corporation - C:\IBM\SQLLIB\BIN\db2rcmd.exe O23 - Service: Google Update Service (gupdate1ca16f6c3b511b0) (gupdate1ca16f6c3b511b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\Windows\system32\Drivers\ldlcserv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Função de Rastreio IBM (TrcBoot) - IBM Corporation - C:\Windows\system32\Drivers\trcboot.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 18077 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Outubro 7, 2010 Olá daisymo 1. *Baixe o AD-Remover e salve-o no desktop *Execute o AD-Remover *Clique [Clean]...aguarde o término. A reinicialização do PC poderá ou não ser solicitada pelo programa. *Cole o relatório C:\Ad-Report-CLEAN.log Compartilhar este post Link para o post Compartilhar em outros sites
daisymo 0 Denunciar post Postado Outubro 10, 2010 Olá daisymo 1. *Baixe o AD-Remover'>http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe"]AD-Remover e salve-o no desktop *Execute o AD-Remover *Clique [Clean]...aguarde o término. A reinicialização do PC poderá ou não ser solicitada pelo programa. *Cole o relatório C:\Ad-Report-CLEAN.log Olá Wings, Eu não consegui executar o programa no modo normal porque ele aparecia aquela tela azul e reiniciava, então eu executei no modo segurança. Surgiu 4 files no C. Estou te enviando os quatro. Muito obrigada por sua ajuda. Ad-Report-CLEAN[1] - 07/10/2010 09:16 ======= REPORT FROM AD-REMOVER 2.0.0.1,F | ONLY XP/VISTA/7 ======= Updated by C_XX on 16/09/10 at 13:30 Contact: AdRemover.contact[AT]gmail.com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 09:15:53 on 07/10/2010, Normal boot Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) daisy@DAISY-TP (Hewlett-Packard Presario C700 Notebook PC) ============== ACTION(S) ============== Ad-Report-CLEAN[2] - 07/10/2010 09:24 ======= REPORT FROM AD-REMOVER 2.0.0.1,F | ONLY XP/VISTA/7 ======= Updated by C_XX on 16/09/10 at 13:30 Contact: AdRemover.contact[AT]gmail.com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 09:24:34 on 07/10/2010, Normal boot Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) daisy@DAISY-TP (Hewlett-Packard Presario C700 Notebook PC) ============== ACTION(S) ============== Ad-Report-CLEAN[3] - 07/10/2010 09:28 ======= REPORT FROM AD-REMOVER 2.0.0.1,F | ONLY XP/VISTA/7 ======= Updated by C_XX on 16/09/10 at 13:30 Contact: AdRemover.contact[AT]gmail.com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [3]) -> Launched at 09:28:48 on 07/10/2010, Normal boot Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) daisy@DAISY-TP (Hewlett-Packard Presario C700 Notebook PC) ============== ACTION(S) ============== Ad-Report-CLEAN[4] - 07/10/2010 09:37 rodado no modo segurança ======= REPORT FROM AD-REMOVER 2.0.0.1,F | ONLY XP/VISTA/7 ======= Updated by C_XX on 16/09/10 at 13:30 Contact: AdRemover.contact[AT]gmail.com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [4]) -> Launched at 09:31:30 on 07/10/2010, Safeboot mode Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) daisy@DAISY-TP (Hewlett-Packard Presario C700 Notebook PC) ============== ACTION(S) ============== Service: "MyWebSearchService" Service stopped and deleted 0,File deleted: C:\Windows\Downloaded Program Files\F3initialsetup1.0.1.1.inf 0,File deleted: C:\Program Files\Mozilla FireFox\chrome\m3ffxtbr.jar 0,File deleted: C:\Program Files\Mozilla FireFox\chrome\m3ffxtbr.manifest 0,File deleted: C:\Program Files\Mozilla FireFox\Plugins\NPMyWebS.dll 0,File deleted: C:\Windows\system32\f3PSSavr.scr 0,Folder deleted: C:\Users\daisy\AppData\LocalLow\Conduit 0,Folder deleted: C:\Users\daisy\AppData\LocalLow\Fun Web Products 0,Folder deleted: C:\Users\daisy\AppData\LocalLow\FunWebProducts 0,Folder deleted: C:\Users\daisy\AppData\LocalLow\MyWebSearch 0,Folder deleted: C:\Program Files\MyWebSearch 2,File deleted: C:\Program Files\MSN Messenger\Riched20.dll 2,File deleted: C:\Program Files\MSN Messenger\Msimg32.dll 2,File deleted: C:\Program Files\Windows Live\Messenger\Riched20.dll 2,File deleted: C:\Program Files\Windows Live\Messenger\Msimg32.dll (!) -- Temporary files deleted. 1,Key deleted: HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} 1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44cf-8957-5838F569A31D} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D} 1,Key deleted: HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44cf-8957-5838F569A31D} 1,Key deleted: HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} 1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} 1,Key deleted: HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} 1,Key deleted: HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} 1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} 1,Key deleted: HKLM\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} 1,Key deleted: HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} 1,Key deleted: HKLM\Software\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A} 1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} 1,Key deleted: HKLM\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} 1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} 1,Key deleted: HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} 1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} 1,Key deleted: HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} 1,Key deleted: HKLM\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} 1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} 1,Key deleted: HKLM\Software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} 1,Key deleted: HKLM\Software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} 1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} 1,Key deleted: HKLM\Software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} 1,Key deleted: HKLM\Software\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} 1,Key deleted: HKLM\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} 1,Key deleted: HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} 1,Key deleted: HKLM\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} 1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} 1,Key deleted: HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} 1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} 1,Key deleted: HKLM\Software\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} 1,Key deleted: HKLM\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} 1,Key deleted: HKLM\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} 1,Key deleted: HKLM\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} 1,Key deleted: HKLM\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} 1,Key deleted: HKLM\Software\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} 1,Key deleted: HKLM\Software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} 1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} 1,Key deleted: HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} 1,Key deleted: HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} 1,Key deleted: HKLM\Software\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} 1,Key deleted: HKLM\Software\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} 1,Key deleted: HKLM\Software\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} 1,Key deleted: HKLM\Software\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} 1,Key deleted: HKLM\Software\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} 1,Key deleted: HKLM\Software\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} 1,Key deleted: HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} 1,Key deleted: HKLM\Software\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} 1,Key deleted: HKLM\Software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} 1,Key deleted: HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906} 1,Key deleted: HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} 1,Key deleted: HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} 1,Key deleted: HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} 1,Key deleted: HKLM\Software\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} 1,Key deleted: HKLM\Software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} 1,Key deleted: HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} 1,Key deleted: HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} 1,Key deleted: HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} 1,Key deleted: HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} 1,Key deleted: HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} 1,Key deleted: HKLM\Software\Classes\Interface\{89541520-2D31-11D2-A166-0060081C43D9} 1,Key deleted: HKLM\Software\Classes\Interface\{8954152E-2D31-11D2-A166-0060081C43D9} 1,Key deleted: HKLM\Software\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} 1,Key deleted: HKLM\Software\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} 1,Key deleted: HKLM\Software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} 1,Key deleted: HKLM\Software\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} 1,Key deleted: HKLM\Software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} 1,Key deleted: HKLM\Software\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} 1,Key deleted: HKLM\Software\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} 1,Key deleted: HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} 1,Key deleted: HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} 1,Key deleted: HKLM\Software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} 1,Key deleted: HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} 1,Key deleted: HKLM\Software\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} 1,Key deleted: HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} 1,Key deleted: HKLM\Software\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} 1,Key deleted: HKLM\Software\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} 1,Key deleted: HKLM\Software\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} 1,Key deleted: HKLM\Software\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} 1,Key deleted: HKLM\Software\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} 1,Key deleted: HKLM\Software\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} 1,Key deleted: HKLM\Software\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} 1,Key deleted: HKLM\Software\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} 1,Key deleted: HKLM\Software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} 1,Key deleted: HKLM\Software\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} 1,Key deleted: HKLM\Software\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} 1,Key deleted: HKLM\Software\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} 0,Key deleted: HKLM\Software\Classes\FunWebProducts.DataControl 0,Key deleted: HKLM\Software\Classes\FunWebProducts.DataControl.1 0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler 0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler.1 0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar 0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar.1 0,Key deleted: HKLM\Software\Classes\FunWebProducts.HTMLMenu 0,Key deleted: HKLM\Software\Classes\FunWebProducts.HTMLMenu.1 0,Key deleted: HKLM\Software\Classes\FunWebProducts.HTMLMenu.2 0,Key deleted: HKLM\Software\Classes\FunWebProducts.IECookiesManager 0,Key deleted: HKLM\Software\Classes\FunWebProducts.IECookiesManager.1 0,Key deleted: HKLM\Software\Classes\FunWebProducts.KillerObjManager 0,Key deleted: HKLM\Software\Classes\FunWebProducts.KillerObjManager.1 0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton 0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton.1 0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl 0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl.1 0,Key deleted: HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin 0,Key deleted: HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin.1 0,Key deleted: HKLM\Software\Classes\MyWebSearch.HTMLPanel 0,Key deleted: HKLM\Software\Classes\MyWebSearch.HTMLPanel.1 0,Key deleted: HKLM\Software\Classes\MyWebSearch.OutlookAddin 0,Key deleted: HKLM\Software\Classes\MyWebSearch.OutlookAddin.1 0,Key deleted: HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin 0,Key deleted: HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin.1 0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin 0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin.1 0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin 0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin.1 0,Key deleted: HKLM\Software\Classes\ScreenSaverControl.ScreenSaverInstaller 0,Key deleted: HKLM\Software\Classes\ScreenSaverControl.ScreenSaverInstaller.1 0,Key deleted: HKLM\Software\Classes\Toolbar.CT2444516 0,Key deleted: HKLM\Software\FocusInteractive 0,Key deleted: HKLM\Software\Freeze.com 0,Key deleted: HKLM\Software\Fun Web Products 0,Key deleted: HKLM\Software\FunWebProducts 0,Key deleted: HKLM\Software\MyWebSearch 0,Key deleted: HKCU\Software\FunWebProducts 0,Key deleted: HKCU\Software\MyWebSearch 0,Key deleted: HKCU\Software\AppDataLow\Software\Conduit 0,Key deleted: HKCU\Software\AppDataLow\Software\Fun Web Products 0,Key deleted: HKCU\Software\AppDataLow\Software\FunWebProducts 0,Key deleted: HKCU\Software\AppDataLow\Software\MyWebSearch 0,Key deleted: HKU\.DEFAULT\Software\MyWebSearch 3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} 3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} 3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} 3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} 3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} 3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} 3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} 0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall 0,Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search 0,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} 0,Key deleted: HKLM\Software\Classes\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} 0,Key deleted: HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} 0,Key deleted: HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} 0,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7} 0,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll 0,Key deleted: HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss 0,Key deleted: HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin 0,Key deleted: HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin 0,Value deleted: HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources|F3PopularScreenSavers 0,Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform|FunWebProducts 0,Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar Search Scope Monitor 0,Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin 0,Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Plugin 0,Value deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin 0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} 0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} 0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} 0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} ============== ADDITIONNAL SCAN ============== ** Mozilla Firefox Version [3.6.3 (pt-BR)] ** -- C:\Users\daisy\AppData\Roaming\Mozilla\FireFox\Profiles\bb11lfck.default\Prefs.js -- browser.search.defaultenginename, ICQ Search browser.search.selectedEngine, ICQ Search browser.startup.homepage, www.yahoo.com.br browser.startup.homepage_override.mstone, rv:1.9.2.3 keyword.URL, hxxp://search.sweetim.com/search.asp?src=2&q= sweetim.toolbar.previous.keyword.URL, hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q= ======================================== ** Internet Explorer Version [8.0.6001.18943] ** [HKCU\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\Windows\system32\blank.htm SearchAssistant: Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Search Asst: [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Enable Browser Extensions: no Local Page: C:\Windows\System32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 129 File(s) C:\Program Files\Ad-Remover\Backup: 18 File(s) C:\Ad-Report-CLEAN[1].txt - 07/10/2010 (459 Byte(s)) C:\Ad-Report-CLEAN[2].txt - 07/10/2010 (459 Byte(s)) C:\Ad-Report-CLEAN[3].txt - 07/10/2010 (459 Byte(s)) C:\Ad-Report-CLEAN[4].txt - 07/10/2010 (0 Byte(s)) End at: 09:37:33, 07/10/2010 ============== E.O.F ============== Olá Wings, Já faz dois dias que o problema do bluescreen acabou, mas o vírus no agp440.sys continua. O que eu faço? Muito obrigada, Daisy. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Outubro 10, 2010 Olá daisymo 1. *Clique em Iniciar > Painel de Controle > Contas de Usuários > Ativar ou Desativar Contas de Usuários > Confirme > Continuar > Desmarque "Utilizar o Controle de Conta de Usuário (UAC) para ajudar a proteger o computador" > OK > Confirme > Reinicie o PC 2. *Execute o AD-Remover *Clique [uninstall] 3. *Desative temporariamente seu antivírus Clique em [iniciar] > [Programas] > [AVG] Abra a Interface do usuário do AVG Duplo clique na Proteção Residente Desmarque a opção "Proteção Residente ativa" Salve as alterações *Baixe o ComboFix e salve-o no desktop *Execute o Combofix e aceite o contrato *Aguarde a conclusão de todas as etapas *Evite usar o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER] *Cole o relatório C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
daisymo 0 Denunciar post Postado Outubro 12, 2010 Olá Wings, Eu executei o ComboFix. Eu não consegui desabilitar o avg então executei no modo segurança. Muito obrigada. ComboFix 10-10-11.01 - daisy 12/10/2010 10:30:33.1.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.55.1046.18.2037.1532 [GMT -3:00] Executando de: c:\users\daisy\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\daisy\AppData\Roaming\avdrn.dat c:\users\daisy\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif c:\users\daisy\DOCUME~1\ASREVE~1\PROFec~1.exe c:\users\daisy\googletalk-setup-pt-BR.exe c:\windows\system32\AutoRun.inf c:\windows\system32\USRINI~1.EXE A cópia de c:\windows\system32\drivers\AGP440.sys foi encontrada e desinfectada Cópia restaurada de - c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys . (((((((((((((((( Arquivos/Ficheiros criados de 2010-09-12 to 2010-10-12 )))))))))))))))))))))))))))) . 2010-10-12 13:39 . 2010-10-12 13:42 -------- d-----w- c:\users\daisy\AppData\Local\temp 2010-10-12 13:39 . 2010-10-12 13:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2010-10-12 13:39 . 2010-10-12 13:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-06 23:08 . 2010-10-06 23:10 -------- d-----w- C:\HiJackThis 2010-10-05 21:23 . 2010-10-05 21:23 70656 ----a-w- c:\windows\system32\winfdk32.rom 2010-10-05 21:21 . 2010-10-05 21:21 70656 ----a-w- c:\windows\system32\wingfz32.rom 2010-10-05 21:20 . 2010-10-05 21:20 70656 ----a-w- c:\windows\system32\winyrd32.rom 2010-10-05 18:33 . 2010-10-05 18:33 70656 ----a-w- c:\windows\system32\winisu32.rom 2010-10-05 18:33 . 2010-10-05 18:33 70656 ----a-w- c:\windows\system32\winnyh32.rom 2010-10-05 17:33 . 2010-10-05 18:16 -------- d-----w- c:\users\daisy\AppData\Roaming\GetRightToGo 2010-10-05 16:45 . 2010-10-06 18:04 -------- d-----w- c:\program files\Common Files\Ahead 2010-10-05 16:45 . 2010-10-06 18:05 -------- d-----w- c:\program files\Ahead 2010-10-05 16:24 . 2010-10-05 16:24 -------- d-----w- c:\users\daisy\AppData\Roaming\Nero 2010-10-05 16:14 . 2010-10-05 16:34 -------- d-----w- c:\programdata\Nero 2010-09-29 17:42 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll 2010-09-29 17:42 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2010-09-23 17:42 . 2010-09-23 17:42 95672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2010-09-23 12:53 . 2010-09-23 12:53 -------- d-----w- c:\programdata\PDF reDirect 2010-09-23 12:51 . 2010-09-23 12:53 -------- d-----w- c:\users\daisy\AppData\Roaming\PDF reDirect 2010-09-23 12:50 . 2010-09-23 12:51 -------- d-----w- c:\program files\PDF reDirect 2010-09-20 03:43 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe 2010-09-20 03:43 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL 2010-09-20 03:43 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2010-09-20 03:42 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll 2010-09-20 03:41 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll 2010-09-20 02:22 . 2010-09-20 02:22 -------- d-----w- c:\program files\Common Files\Skype 2010-09-20 02:22 . 2010-09-20 02:22 -------- d-----r- c:\program files\Skype 2010-09-17 00:22 . 2010-09-20 04:14 -------- d-----w- c:\users\daisy\AppData\Roaming\Dev-Cpp . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\daisy\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\daisy\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\daisy\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-04 39408] "Google Update"="c:\users\daisy\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-27 135664] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "MSSMSGS"="winfdk32.rom" [2010-10-05 70656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-21 217088] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-28 176128] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 184320] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656] "FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-04 122368] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3735552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Tpam.exe"="c:\program files\IBM\Personal Communications\tpam.exe" [2004-04-27 28672] "CProgramFile0"="c:\program files\ibm\Personal Communications\Registration\prtStart.exe" [2002-12-09 36864] c:\users\daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\daisy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992] Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] Monitor.lnk - c:\program files\USB Video Camera\Monitor.exe [2007-10-16 249856] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst] 2004-04-27 22:02 49152 ----a-w- c:\windows\System32\pcsinst.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Translate Client.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Translate Client.lnk backup=c:\windows\pss\Translate Client.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^daisy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BrOffice.org 2.4.lnk] path=c:\users\daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrOffice.org 2.4.lnk backup=c:\windows\pss\BrOffice.org 2.4.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2009-05-27 00:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R2 gupdate1ca16f6c3b511b0;Google Update Service (gupdate1ca16f6c3b511b0);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 133104] R3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\Drivers\Ca2001v.sys [2008-02-19 2333568] R3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);c:\ibm\SQLLIB\BIN\db2govds.exe [2009-05-30 23840] R3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);c:\ibm\SQLLIB\BIN\db2licd.exe [2009-05-30 128288] R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [x] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400] S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136] S2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\ibm\SQLLIB\BIN\db2mgmtsvc.exe [2009-05-30 37664] S2 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);c:\ibm\SQLLIB\BIN\db2rcmd.exe [2009-05-31 34592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 15:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Conteúdo da pasta 'Tarefas Agendadas' 2010-10-12 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-06 00:04] 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 00:33] 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 00:33] 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071014526-2568414093-83962523-1000Core.job - c:\users\daisy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-09 00:16] 2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071014526-2568414093-83962523-1000UA.job - c:\users\daisy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-09 00:16] . . ------- Scan Suplementar ------- . IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html FF - ProfilePath - c:\users\daisy\AppData\Roaming\Mozilla\Firefox\Profiles\bb11lfck.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - www.yahoo.com.br FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\users\daisy\AppData\Roaming\Mozilla\Firefox\Profiles\bb11lfck.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\daisy\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\users\daisy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\daisy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . - - - - ORFÃOS REMOVIDOS - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-hpqSRMon - (no file) HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10e.exe Notify-atmgrtok - atmgrtok.dll . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e7,18,9d,72,97,4e,49,85,bf,b9,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e7,18,9d,72,97,4e,49,85,bf,b9,\ [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'Explorer.exe'(3752) c:\users\daisy\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\Drivers\trcboot.exe c:\program files\IBM\Personal Communications\PCS_AGNT.EXE c:\ibm\SQLLIB\bin\db2syscs.exe c:\ibm\SQLLIB\bin\db2dasrrm.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Google\Update\1.2.183.27\GoogleCrashHandler.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\Drivers\ldlcserv.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\ibm\SQLLIB\BIN\db2fmp.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conime.exe c:\program files\AVG\AVG9\avgtray.exe c:\windows\system32\igfxsrvc.exe c:\users\daisy\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Tempo para conclusão: 2010-10-12 10:53:07 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-10-12 13:53 Pré-execução: 28.553.846.784 bytes disponíveis Pós execução: 28.679.938.048 bytes disponíveis - - End Of File - - C9D8AF6E5D749BBA0C45F95B782F6757 Compartilhar este post Link para o post Compartilhar em outros sites
daisymo 0 Denunciar post Postado Outubro 12, 2010 Olá Wings, Eu rodei o AVG e ele não acusa mais vírus no agp440.sys e não dá mais erro de bluescreen. O computador está bem rápido e normal. Muito obrigada. Daisy. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Outubro 16, 2010 Olá daisymo 1. *Baixe o SystemLook e salve-o no desktop *Execute o SystemLook *Cole o código no espaço em branco: :file c:\windows\system32\winfdk32.rom c:\windows\system32\wingfz32.rom c:\windows\system32\winyrd32.rom c:\windows\system32\winisu32.rom c:\windows\system32\winnyh32.rom *Clique [Look] *Cole o relatório SystemLook.txt localizado no desktop Compartilhar este post Link para o post Compartilhar em outros sites
daisymo 0 Denunciar post Postado Novembro 1, 2010 Olá Wings, Eu executei o SystemLook. Aqui está o relatório. Muito obrigada, meu computador está ótimo. SystemLook 04.09.10 by jpshortstuff Log created at 16:25 on 01/11/2010 by daisy Administrator - Elevation successful ========== file ========== c:\windows\system32\winfdk32.rom - File found and opened. MD5: 207AC7A2C4B5FA0810F007F7A7EC3594 Created at 21:23 on 05/10/2010 Modified at 21:23 on 05/10/2010 Size: 70656 bytes Attributes: --a---- No version information available. c:\windows\system32\wingfz32.rom - File found and opened. MD5: 207AC7A2C4B5FA0810F007F7A7EC3594 Created at 21:21 on 05/10/2010 Modified at 21:21 on 05/10/2010 Size: 70656 bytes Attributes: --a---- No version information available. c:\windows\system32\winyrd32.rom - File found and opened. MD5: 207AC7A2C4B5FA0810F007F7A7EC3594 Created at 21:20 on 05/10/2010 Modified at 21:20 on 05/10/2010 Size: 70656 bytes Attributes: --a---- No version information available. c:\windows\system32\winisu32.rom - File found and opened. MD5: 207AC7A2C4B5FA0810F007F7A7EC3594 Created at 18:33 on 05/10/2010 Modified at 18:33 on 05/10/2010 Size: 70656 bytes Attributes: --a---- No version information available. c:\windows\system32\winnyh32.rom - File found and opened. MD5: 207AC7A2C4B5FA0810F007F7A7EC3594 Created at 18:33 on 05/10/2010 Modified at 18:33 on 05/10/2010 Size: 70656 bytes Attributes: --a---- No version information available. -= EOF =- Olá daisymo 1. *Baixe o SystemLook'>http://jpshortstuff.247fixes.com/SystemLook.exe"]SystemLook e salve-o no desktop *Execute o SystemLook *Cole o código no espaço em branco: :file c:\windows\system32\winfdk32.rom c:\windows\system32\wingfz32.rom c:\windows\system32\winyrd32.rom c:\windows\system32\winisu32.rom c:\windows\system32\winnyh32.rom *Clique [Look] *Cole o relatório SystemLook.txt localizado no desktop Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 7, 2010 Olá daisymo Envie os mesmos arquivos para análise em http://www.virustotal.com.br Cole os links dos resultados da análise de cada um. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 8, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites