Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

raulbrazil

[Resolvido] &nbspNão consigo instalar nenhum anti virus

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

raulbrazil    0

raulbrazil
Postado

Bom dia,

Estou com um problema sério no computador de trabalho. De repente o AVAST sumiu e não consigo instalar nenhum anti virus. Consigo fazer download mas quando instalo para de repente e dá mensagem de erro. Já tentei SPYBOT, ADVANCED SYSTEM CARE e etc...Através de pesquisas descobri o SPYWARE TERMINATOR que instalei e até achou vários virus e spyware que mandei para a quarentena. Fiz tb uma varredura online pelo eset (http://www.eset.com/online-scanner) que tb achou 2 virus que removi mas mesmo assim ainda não consigo instalar nenhum anti virus. Estou postando abaixo o log do HijackThis e agradeço se puderem me ajudar:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:38:42, on 17/2/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Arquivos de programas\Alterdata\Servidor\nxServer.Exe

C:\Arquivos de programas\Alterdata\PDV Alterdata\ServidorOffLine.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\FREEDO~1\fdm.exe

C:\Downloads\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: nxServer.lnk = C:\Arquivos de programas\Alterdata\Servidor\nxServer.Exe

O4 - Startup: Servidor OFF Line.lnk = C:\Arquivos de programas\Alterdata\PDV Alterdata\ServidorOffLine.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.bancobrasil.com.br

O15 - Trusted Zone: http://www.bb.com.br

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 13693 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Olá raulbrazil

 

 

*Baixe o RSIT e salve-o no desktop

*Execute-o e clique [Continue]

*Cole os relatórios apresentados

Compartilhar este post

Link para o post
Compartilhar em outros sites

raulbrazil    0

raulbrazil
Postado

Bom dia Wings,

Segue abaixo o log do RSIT:

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by Usuario at 2011-02-18 10:44:54

Microsoft Windows XP Professional Service Pack 3

System drive C: has 14 GB (29%) free of 50 GB

Total RAM: 2021 MB (30% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:45:23, on 18/2/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\Alterdata\Servidor\nxServer.Exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Alterdata\PDV Alterdata\ServidorOffLine.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Corel\Corel Graphics 12\PROGRAMS\CORELDRW.EXE

C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Photoshop.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\FREEDO~1\fdm.exe

C:\Documents and Settings\Usuario\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\trend micro\Usuario.exe

C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: nxServer.lnk = C:\Arquivos de programas\Alterdata\Servidor\nxServer.Exe

O4 - Startup: Servidor OFF Line.lnk = C:\Arquivos de programas\Alterdata\PDV Alterdata\ServidorOffLine.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.bancobrasil.com.br

O15 - Trusted Zone: http://www.bb.com.br

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 14137 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\1-Click Maintenance.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1844237615-725345543-1003Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1844237615-725345543-1003UA.job

C:\WINDOWS\tasks\OGALogon.job

C:\WINDOWS\tasks\SDMsgUpdate (TE).job

C:\WINDOWS\tasks\User_Feed_Synchronization-{A3C672CA-402E-4553-B047-EBC767B88E3F}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23 61888]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype add-on for Internet Explorer - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2010-12-28 351624]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}]

GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbiehuni.dll [2010-10-11 341928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]

FDMIECookiesBHO Class - C:\Arquivos de programas\Free Download Manager\iefdm2.dll [2008-12-30 98304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"=C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [2010-02-18 248040]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-09-24 40368]

"Adobe ARM"=C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-15 142104]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-15 162584]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-15 138008]

"SpywareTerminator"=C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe [2011-02-15 2216960]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"Google Update"=C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [2009-07-20 133104]

"Advanced SystemCare 3"=C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe [2010-12-16 2402512]

"PC Suite Tray"=C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808]

"SpybotSD TeaTimer"=C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

"SpywareTerminatorUpdate"=C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-02-15 3318784]

 

C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Inicializar

nxServer.lnk - C:\Arquivos de programas\Alterdata\Servidor\nxServer.Exe

Servidor OFF Line.lnk - C:\Arquivos de programas\Alterdata\PDV Alterdata\ServidorOffLine.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2010-12-28 351624]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni]

C:\Arquivos de programas\GbPlugin\gbiehuni.dll [2010-10-11 341928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-11-21 90112]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2007-06-15 204800]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"=C:\Arquivos de programas\GbPlugin\gbiehuni.dll [2010-10-11 341928]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2010-12-28 351624]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoResolveSearch"=1

"HonorAutoRunSetting"=1

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\SETUP.EXE"="D:\SETUP.EXE:*:Enabled:Setup"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe"="C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Arquivos de programas\Alterdata\Servidor\nxServer.Exe"="C:\Arquivos de programas\Alterdata\Servidor\nxServer.Exe:*:Disabled:nxServer"

"C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator Update Support"

"C:\Arquivos de programas\Alterdata\Shop\Wshop.exe"="C:\Arquivos de programas\Alterdata\Shop\Wshop.exe:*:Enabled:Wshop"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

 

======File associations======

 

.js - open - "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

.scr - open - "%1" %*

 

======List of files/folders created in the last 1 months======

 

2011-02-18 10:44:54 ----D---- C:\rsit

2011-02-18 10:44:54 ----D---- C:\Arquivos de programas\trend micro

2011-02-17 10:54:22 ----D---- C:\Arquivos de programas\ESET

2011-02-17 10:16:01 ----D---- C:\!KillBox

2011-02-17 10:09:29 ----A---- C:\WINDOWS\system32\drivers\tmcomm.sys

2011-02-17 09:41:11 ----D---- C:\WINDOWS\CSC

2011-02-16 10:24:07 ----A---- C:\WINDOWS\system32\drivers\pavboot.sys

2011-02-16 10:23:53 ----D---- C:\Arquivos de programas\Panda Security

2011-02-16 10:00:25 ----D---- C:\Arquivos de programas\Wise Registry Cleaner

2011-02-15 17:25:43 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData

2011-02-15 15:38:32 ----D---- C:\Downloads

2011-02-15 15:36:56 ----D---- C:\Documents and Settings\Usuario\Dados de aplicativos\Free Download Manager

2011-02-15 15:36:51 ----D---- C:\Arquivos de programas\Free Download Manager

2011-02-15 14:06:29 ----D---- C:\Arquivos de programas\Sophos

2011-02-15 13:34:40 ----A---- C:\WINDOWS\system32\drivers\apmeyoxlokog.sys

2011-02-15 12:40:15 ----D---- C:\Arquivos de programas\WinClamAVShield

2011-02-15 12:25:44 ----D---- C:\Documents and Settings\Usuario\Dados de aplicativos\Spyware Terminator

2011-02-15 12:25:44 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2011-02-15 12:25:42 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2011-02-15 12:25:42 ----D---- C:\Arquivos de programas\Spyware Terminator

2011-02-15 11:53:37 ----D---- C:\Documents and Settings\Usuario\Dados de aplicativos\QuickScan

2011-02-15 10:50:54 ----D---- C:\Arquivos de programas\SpywareBlaster

2011-02-14 15:35:23 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\IObit

2011-02-14 14:11:33 ----D---- C:\Documents and Settings\Usuario\Dados de aplicativos\KC Softwares

2011-02-14 14:04:29 ----D---- C:\Documents and Settings\Usuario\Dados de aplicativos\facemoods.com

2011-02-14 14:02:34 ----D---- C:\Arquivos de programas\facemoods.com

2011-02-14 13:08:11 ----D---- C:\Arquivos de programas\Fotos 3x4

2011-02-09 10:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$

2011-02-09 10:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$

2011-02-09 10:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$

2011-02-09 10:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$

2011-02-09 10:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$

2011-02-09 10:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$

2011-02-09 10:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$

2011-01-24 12:19:11 ----D---- C:\Pimaco

2011-01-24 12:19:11 ----D---- C:\CDpply

2011-01-24 12:19:11 ----D---- C:\CadEtiq

 

======List of files/folders modified in the last 1 months======

 

2011-02-18 10:44:54 ----RD---- C:\Arquivos de programas

2011-02-18 08:40:54 ----D---- C:\WINDOWS\Prefetch

2011-02-18 08:28:16 ----D---- C:\WINDOWS\Temp

2011-02-18 08:26:09 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2011-02-18 08:26:09 ----AD---- C:\WINDOWS\system32\drivers

2011-02-17 19:13:53 ----A---- C:\WINDOWS\SchedLgU.Txt

2011-02-17 15:20:35 ----AC---- C:\WINDOWS\ntbtlog.txt

2011-02-17 14:20:52 ----D---- C:\WINDOWS\system32\CatRoot2

2011-02-17 13:37:14 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

2011-02-17 13:35:46 ----D---- C:\WINDOWS

2011-02-17 11:44:53 ----SHD---- C:\WINDOWS\Installer

2011-02-17 11:44:53 ----RSHDC---- C:\WINDOWS\system32\dllcache

2011-02-17 10:54:26 ----SD---- C:\WINDOWS\Downloaded Program Files

2011-02-17 09:12:42 ----AD---- C:\WINDOWS\system32

2011-02-16 16:30:15 ----D---- C:\Arquivos de programas\SUPERAntiSpyware

2011-02-16 16:23:25 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2011-02-16 11:07:30 ----SHD---- C:\System Volume Information

2011-02-16 11:07:30 ----D---- C:\WINDOWS\system32\Restore

2011-02-16 10:23:52 ----HD---- C:\WINDOWS\inf

2011-02-16 08:20:08 ----D---- C:\WINDOWS\Debug

2011-02-15 16:25:31 ----D---- C:\Arquivos de programas\Mozilla Firefox

2011-02-15 16:03:47 ----D---- C:\Arquivos de programas\TuneUp Utilities 2009

2011-02-14 16:49:14 ----D---- C:\Documents and Settings\Usuario\Dados de aplicativos\IObit

2011-02-14 16:04:44 ----D---- C:\WINDOWS\system32\config

2011-02-14 16:03:14 ----D---- C:\WINDOWS\system32\wbem

2011-02-14 16:03:08 ----D---- C:\WINDOWS\Registration

2011-02-14 15:35:20 ----D---- C:\Arquivos de programas\IObit

2011-02-14 14:44:34 ----D---- C:\WINDOWS\system32\drivers\etc

2011-02-13 11:40:59 ----D---- C:\WINDOWS\network diagnostic

2011-02-09 10:01:15 ----AC---- C:\WINDOWS\system32\MRT.exe

2011-02-09 10:01:08 ----D---- C:\Arquivos de programas\Internet Explorer

2011-02-09 10:00:59 ----D---- C:\WINDOWS\ie8updates

2011-02-09 10:00:57 ----HD---- C:\WINDOWS\$hf_mig$

2011-02-09 10:00:52 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2011-02-04 12:51:23 ----AC---- C:\WINDOWS\NeroDigital.ini

2011-01-24 12:19:10 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2011-01-21 12:44:12 ----A---- C:\WINDOWS\system32\shimgvw.dll

2011-01-21 12:44:12 ----A---- C:\WINDOWS\system32\shell32.dll

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 GbpKm;Gbp KernelMode; C:\WINDOWS\system32\drivers\gbpkm.sys [2010-12-28 46600]

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]

R0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2009-06-30 28552]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R1 SASDIFSV;SASDIFSV; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys []

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []

R3 Arp1394;Protocolo cliente 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-06-15 254872]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-03-13 44672]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-15 5761760]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-15 4402176]

R3 NIC1394;Driver de rede 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 NCPro;NCPro; C:\WINDOWS\system32\drivers\MTictwl.sys []

S2 DS1410D;DS1410D; C:\WINDOWS\SYSTEM32\drivers\DS1410D.SYS []

S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-11-21 2829824]

S3 cpuz132;cpuz132; C:\WINDOWS\system32\drivers\cpuz132.sys []

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys []

S3 MEMSWEEP2;MEMSWEEP2; C:\WINDOWS\system32\drivers\MEMSWEEP2.sys []

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 SASENUM;SASENUM; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASENUM.SYS []

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys []

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2006-02-28 229376]

R2 CCALib8;Canon Camera Access Library 8; C:\Arquivos de programas\Canon\CAL\CALMAIN.exe [2007-01-31 96370]

R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe [2008-06-13 81920]

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2010-12-28 54664]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2010-04-12 153376]

R2 SeaPort;SeaPort; C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe [2011-02-15 496128]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-03-30 603904]

R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe [2008-06-13 2723840]

R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-13 654848]

R3 ServiceLayer;ServiceLayer; C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]

S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-11-21 430080]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-11-22 520192]

S2 gupdate;Google Update Service (gupdate); C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-04-09 136176]

S3 Adobe LM Service;Adobe LM Service; C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-01-09 72704]

S3 apmeyoxlokog;apmeyoxlokog; C:\WINDOWS\system32\drivers\apmeyoxlokog.sys [2011-02-15 8576]

S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-03-30 360192]

S4 NetTcpPortSharing;Serviço de Compartilhamento de Porta Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Responda sempre neste tópico. Evite criar outro para responder.

 

1.

*Delete o RSIT e a pasta C:\rsit

 

2.

*Baixe o ERUNT e salve-o no desktop

*Crie uma pasta em C:\ chamada ERUNT e extraia para ela

*Execute o arquivo C:\ERUNT\ERUNT.exe

*Clique [OK] > [OK] > [sim] > [OK]

 

3.

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Aceite a instalação do Console de Recuperação do Microsoft Windows, caso não esteja instalado

*Aguarde a conclusão das etapas

*Não use o mouse nem o teclado durante as etapas!!

*Cole o relatório apresentado

Compartilhar este post

Link para o post
Compartilhar em outros sites

raulbrazil    0

raulbrazil
Postado

Responda sempre neste tópico. Evite criar outro para responder.

 

1.

*Delete o RSIT e a pasta C:\rsit

 

2.

*Baixe o ERUNT e salve-o no desktop

*Crie uma pasta em C:\ chamada ERUNT e extraia para ela

*Execute o arquivo C:\ERUNT\ERUNT.exe

*Clique [OK] > [OK] > [sim] > [OK]

 

3.

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Aceite a instalação do Console de Recuperação do Microsoft Windows, caso não esteja instalado

*Aguarde a conclusão das etapas

*Não use o mouse nem o teclado durante as etapas!!

*Cole o relatório apresentado

 

Deletei o RSIT e a pasta C:\rsit. Baixei o ERUNT e fiz tudo o que você disse mas na pasta ERUNT só tem os arquivos abaixo então cliquei em NTREGOPT.

NTREGOPT

AUTOBACK

ERDNT.E_E

ERDNTDOS.LOC

ERDNTWIN.LOC

ERUNT

ERUNT.LOC

LIESMICH

NTREGOPT.LOC

README

Baixei o ComboFix e aceitei a instalação do Console de Recuperação do Microsoft Windows. Ele começou a procura mas não terminou e apresentou a mensagem

UNABLE TO RESTORE A BACK UP FILE C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT! e depois outra mensagem de erro.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Deletei o RSIT e a pasta C:\rsit. Baixei o ERUNT e fiz tudo o que você disse mas na pasta ERUNT só tem os arquivos abaixo então cliquei em NTREGOPT.

NTREGOPT

AUTOBACK

ERDNT.E_E

ERDNTDOS.LOC

ERDNTWIN.LOC

ERUNT

ERUNT.LOC

LIESMICH

NTREGOPT.LOC

README

Baixei o ComboFix e aceitei a instalação do Console de Recuperação do Microsoft Windows. Ele começou a procura mas não terminou e apresentou a mensagem

UNABLE TO RESTORE A BACK UP FILE C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT! e depois outra mensagem de erro.

 

Na pasta o arquivo ERUNT é o aplicativo ERUNT.exe :)

 

*Clique com o botão direito do mouse em Meu Computador e selecione Propriedades

*Clique em Restauração do Sistema

*Desmarque a opção:

[] Desativar Restauração do Sistema

*Clique [Aplicar] > [sim] > [OK]

 

Agora execute novamente o Combofix e siga o procedimento.

Compartilhar este post

Link para o post
Compartilhar em outros sites

raulbrazil    0

raulbrazil
Postado

Feito. Segue o relatório:

 

ComboFix 11-02-17.02 - Usuario 18/02/2011 13:27:39.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2021.1443 [GMT -2:00]

Executando de: c:\documents and settings\Usuario\Desktop\ComboFix.exe

.

ADS - drivers: deleted 304 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Execuções precedente -------

.

c:\arquivos de programas\facemoods.com

c:\arquivos de programas\facemoods.com\facemoods\1.4.17.5\facemoods.crx

c:\arquivos de programas\facemoods.com\facemoods\1.4.17.5\facemoods.png

c:\bancobrasil\officePLUGIN\index.html

c:\documents and settings\All Users\Dados de aplicativos\dkwork.ini

c:\documents and settings\All Users\Dados de aplicativos\UpApp32.dll

c:\documents and settings\Usuario\Dados de aplicativos\facemoods.com

c:\documents and settings\Usuario\Desktop\Gerenciador Financeiro.url

c:\documents and settings\Usuario\System

c:\documents and settings\Usuario\System\win_qs8.jqx

c:\windows\system32\drivers\apmeyoxlokog.sys

c:\windows\system32\midas.dll

c:\windows\system32\netlogin.dll

c:\windows\system32\twunk_32.exe

c:\windows\winmgr

c:\windows\winmgr\licença.txt

c:\windows\winmgr\winmgr.chm

c:\windows\winmgr\winmgr.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Service_GbpSv

-------\Legacy_apmeyoxlokog

-------\Service_apmeyoxlokog

-------\Legacy_GBPSV

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-18 to 2011-02-18 ))))))))))))))))))))))))))))

.

 

2011-02-18 13:26 . 2011-02-18 15:25 -------- d-----w- C:\ERUNT

2011-02-18 12:44 . 2011-02-18 12:45 -------- d-----w- c:\arquivos de programas\trend micro

2011-02-17 12:54 . 2011-02-17 12:54 -------- d-----w- c:\arquivos de programas\ESET

2011-02-17 12:16 . 2011-02-17 12:16 -------- d-----w- C:\!KillBox

2011-02-17 12:09 . 2011-02-17 12:09 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-02-16 12:24 . 2009-06-30 12:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2011-02-16 12:23 . 2011-02-16 12:23 -------- d-----w- c:\arquivos de programas\Panda Security

2011-02-16 12:00 . 2011-02-16 12:03 -------- d-----w- c:\arquivos de programas\Wise Registry Cleaner

2011-02-15 19:25 . 2011-02-15 19:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\MFAData

2011-02-15 17:38 . 2011-02-17 17:35 -------- d-----w- C:\Downloads

2011-02-15 17:36 . 2011-02-18 13:32 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\Free Download Manager

2011-02-15 17:36 . 2011-02-15 17:36 -------- d-----w- c:\arquivos de programas\Free Download Manager

2011-02-15 16:06 . 2011-02-15 16:06 -------- d-----w- c:\arquivos de programas\Sophos

2011-02-15 15:29 . 2011-02-15 15:29 -------- d-----w- c:\documents and settings\Usuario\Pavark

2011-02-15 14:40 . 2011-02-18 12:28 -------- d-----w- c:\arquivos de programas\WinClamAVShield

2011-02-15 14:25 . 2011-02-17 12:59 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\Spyware Terminator

2011-02-15 14:25 . 2011-02-15 14:25 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2011-02-15 14:25 . 2011-02-18 12:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator

2011-02-15 14:25 . 2011-02-17 15:40 -------- d-----w- c:\arquivos de programas\Spyware Terminator

2011-02-15 13:53 . 2011-02-15 14:03 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\QuickScan

2011-02-15 12:50 . 2011-02-15 12:56 -------- d-----w- c:\arquivos de programas\SpywareBlaster

2011-02-14 18:03 . 2011-02-14 18:03 -------- d-----w- c:\windows\system32\wbem\Repository

2011-02-14 17:35 . 2011-02-14 17:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IObit

2011-02-14 16:11 . 2011-02-14 16:11 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\KC Softwares

2011-02-14 15:08 . 2011-02-14 18:02 -------- d-----w- c:\arquivos de programas\Fotos 3x4

2011-01-24 14:19 . 2011-01-24 14:19 -------- d-----w- C:\Pimaco

2011-01-24 14:19 . 2011-01-24 14:19 -------- d-----w- C:\CDpply

2011-01-24 14:19 . 2011-01-24 14:19 -------- d-----w- C:\CadEtiq

2011-01-24 14:19 . 2004-10-22 04:18 749568 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2011-01-24 14:19 . 2004-10-22 04:17 69715 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2011-01-24 14:19 . 2004-10-22 04:17 274432 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2011-01-24 14:19 . 2004-10-22 04:16 180224 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2011-01-24 14:19 . 2004-10-22 04:16 5632 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2011-01-24 14:19 . 2011-01-24 14:19 323716 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2011-01-24 14:19 . 2011-01-24 14:19 192644 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-21 14:44 . 2007-08-02 12:00 440832 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2007-08-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 14:03 . 2007-08-02 12:00 1855104 ----a-w- c:\windows\system32\win32k.sys

2010-12-28 12:46 . 2008-12-10 18:44 46600 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2010-12-22 12:34 . 2007-08-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:51 . 2007-08-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:51 . 2007-08-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:51 . 2007-08-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:25 . 2007-08-02 12:00 732672 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2007-08-02 12:00 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15 . 2007-08-02 12:00 734208 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 15:13 . 2004-08-04 00:40 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-12-09 15:13 . 2007-08-02 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 14:29 . 2007-08-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-02 03:35 . 2010-12-02 03:35 4280320 -c--a-w- c:\windows\system32\GPhotos.scr

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-07-20 133104]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]

"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"SpywareTerminatorUpdate"="c:\arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-02-15 3318784]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-15 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-15 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-15 138008]

"SpywareTerminator"="c:\arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" [2011-02-15 2216960]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Usuario\Menu Iniciar\Programas\Inicializar\

nxServer.lnk - c:\arquivos de programas\Alterdata\Servidor\nxServer.Exe [2010-5-12 4202496]

Servidor OFF Line.lnk - c:\arquivos de programas\Alterdata\PDV Alterdata\ServidorOffLine.exe [2010-5-12 573952]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquivos de programas\GbPlugin\gbiehuni.dll" [2010-10-11 341928]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-12-28 12:42 351624 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2010-10-11 15:51 341928 ----a-w- c:\arquivos de programas\GbPlugin\gbiehuni.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Alterdata\\Servidor\\nxServer.Exe"=

"c:\\Arquivos de programas\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

"c:\\Arquivos de programas\\Alterdata\\Shop\\Wshop.exe"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [10/12/2008 16:44 46600]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16/2/2011 10:24 28552]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [26/5/2009 11:05 9968]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [26/5/2009 11:05 72944]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [15/2/2011 12:25 142592]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe [31/3/2009 15:43 81920]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe [31/3/2009 15:43 2723840]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [9/4/2010 17:19 136176]

S3 MEMSWEEP2;MEMSWEEP2; [x]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/9/2009 16:55 136704]

S3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [26/5/2009 11:05 7408]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2011-02-18 c:\windows\Tasks\1-Click Maintenance.job

- c:\arquivos de programas\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 00:36]

 

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-04-09 19:19]

 

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-04-09 19:19]

 

2011-02-18 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 17:07]

 

2011-02-18 c:\windows\Tasks\SDMsgUpdate (TE).job

- c:\arquiv~1\SMARTD~1\Messages\SDNotify.exe [2009-09-15 16:21]

 

2011-02-18 c:\windows\Tasks\User_Feed_Synchronization-{A3C672CA-402E-4553-B047-EBC767B88E3F}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

.

- - - - ORFÃOS REMOVIDOS - - - -

 

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-18 13:33

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540003}\InprocServer32]

@DACL=(02 0000)

@="c:\\ARQUIVOS DE PROGRAMAS\\GBPLUGIN\\GBIEHCEF.DLL"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399003}\InprocServer32]

@DACL=(02 0000)

@="c:\\ARQUIVOS DE PROGRAMAS\\GBPLUGIN\\GBIEHCEF.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(780)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquivos de programas\GbPlugin\gbiehuni.dll

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(2900)

c:\windows\system32\WININET.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquivos de programas\GbPlugin\gbiehuni.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 6\phonebrowser.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 6\NGSCM.DLL

c:\arquivos de programas\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_por-br.nlr

c:\arquivos de programas\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\documents and settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\arquivos de programas\Spyware Terminator\sp_rsser.exe

c:\windows\System32\TUProgSt.exe

c:\arquivos de programas\Canon\CAL\CALMAIN.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxsrvc.exe

c:\arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

c:\arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-02-18 13:37:36 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-02-18 15:37

 

Pré-execução: 27 pasta(s) 15.134.953.472 bytes disponíveis

Pós execução: 29 pasta(s) 15.131.095.040 bytes disponíveis

 

- - End Of File - - 5ED6FD71144550FC325A94FB36A83B47

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

*Baixe o SecurityCheck e salve-o no desktop

*Execute-o e tecle [Enter]

*Cole o relatório apresentado

 

Informe também qual o antivírus você pretende instalar?

Compartilhar este post

Link para o post
Compartilhar em outros sites

raulbrazil    0

raulbrazil
Postado

Feito. Segue o relatório e gostaria de continuar usando o AVAST que foi o que sempre usei. Esses vírus do computador são aqueles que capturam senhas de bancos? Como eles vieram parar aqui? O AVAST estava instalado e simplesmente sumiu.

 

Results of screen317's Security Check version 0.99.7

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

ESET Online Scanner v3

Adobe After Effects CS3 Presets

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

MV AntiSpy 4.0

Spyware Terminator

SpywareBlaster 4.4

Spybot - Search & Destroy

Sophos Anti-Rootkit 1.5.4

Wise Registry Cleaner Professional V5.9.1

Java 6 Update 20

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 9 (Out of date Flash Player installed!)

Adobe Flash Player 10.0.42.34

Adobe Reader 8.2.5

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

``````````End of Log````````````

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Há uma série de programas instalados. Isso acabará gerando conflitos.

 

1.

Desinstale:

Ad-Aware

MV AntiSpy 4.0

Spyware Terminator

SpywareBlaster 4.4

Spybot - Search & Destroy

 

2.

*Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall

 

9c7dcf5090.jpg

 

*Clique [OK] > [Executar]

*Aguarde a mensagem: "ComboFix está desinstalado" e clique [OK]

 

3.

*Baixe o JavaRa e salve-o no desktop

*Extraia para o desktop

*Execute-o e clique [search For Updates]

*Selecione "Update Using jucheck.exe" e clique [search]

*Caso o Java esteja desatualizado:

Aguarde o término do download e da instalação, e em seguida, clique [Remove Older Versions]

*Caso esteja atualizado, simplesmente feche o JavaRa

 

4.

*Baixe e instale o Avast

 

5.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

 

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado

 

6.

*Delete o SecurityCheck

Compartilhar este post

Link para o post
Compartilhar em outros sites

raulbrazil    0

raulbrazil
Postado

Já desinstalei os softwares abaixo

Ad-Aware

MV AntiSpy 4.0

Spyware Terminator

SpywareBlaster 4.4

Spybot - Search & Destroy

 

Com relação ao ComboFix fiz o que você mandou mas não aparece janela de ok. Fiz 3 vezes e aparece uma janela dizendo a instrução faz referência à memória .....(Um código estranho)....A memória não pode ser written e com x vermelho para clicar em ok. Aliás essa janela tem aparecido de vez em quando com frequência.

 

Vou continuar os procedmentos e já retorno.

 

Já fiz todos os procedimentos mas ainda não consegui instalar o AVAST. Tenho o exe aqui. Devo fazer novo download?

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

1.

*Baixe o DelFix e salve-o no desktop

*Execute-o e clique [suppression]

*Cole o relatório apresentado

 

2.

*Baixe novamente o Avast e instale-o.

Compartilhar este post

Link para o post
Compartilhar em outros sites

raulbrazil    0

raulbrazil
Postado

Segue o relatório do DelFix. Baixei novamente o AVAST mas continua mesma coisa não consigo instalar.

 

# DelFix v7.4 - Rapport créé le 18/02/2011 à 16:02

# Mis à jour le 09/02/11 à 23h par Xplode

# Système d'exploitation : Microsoft Windows XP (32 bits) [versão 5.1.2600] Service Pack 3

# Nom d'utilisateur : Usuario - EXPOR (Administrateur)

# Exécuté depuis : C:\Documents and Settings\Usuario\Desktop\DelFix.exe

# Option [suppression]

 

 

~~~~~~ Dossier(s) ~~~~~~

 

-> C:\Qoobox\BackEnv ... ACL modifié avec succès.

Supprimé : C:\Qoobox

Supprimé : C:\32788R22FWJFW

 

~~~~~~ Fichier(s) ~~~~~~

 

Supprimé : C:\ComboFix.txt

Supprimé : C:\WINDOWS\grep.exe

Supprimé : C:\WINDOWS\PEV.exe

Supprimé : C:\WINDOWS\NIRCMD.exe

Supprimé : C:\WINDOWS\MBR.exe

Supprimé : C:\WINDOWS\sed.exe

Supprimé : C:\WINDOWS\SWREG.exe

Supprimé : C:\WINDOWS\SWSC.exe

Supprimé : C:\WINDOWS\SWXCACLS.exe

Supprimé : C:\WINDOWS\zip.exe

Supprimé : C:\Documents and Settings\Usuario\Desktop\ComboFix.exe

Supprimé : C:\Documents and Settings\Usuario\Desktop\JavaRa.def

Supprimé : C:\Documents and Settings\Usuario\Desktop\JavaRa.exe

Supprimé : C:\Documents and Settings\Usuario\Desktop\JavaRa.zip

Supprimé : C:\Documents and Settings\Usuario\Desktop\SecurityCheck.exe

 

~~~~~~ Registre ~~~~~~

 

Clé Supprimée : HKLM\Software\swearware

Clé Supprimée : HKLM\Software\Classes\.cfxxe

Clé Supprimée : HKLM\Software\Classes\cfxxefile

Clé Supprimée : HKLM\Software\TrendMicro\Hijackthis

Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart

Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys

Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart

Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys

Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

Clé Supprimée : HKCU\console_combofixbackup

 

~~~~~~ Autre ~~~~~~

 

-> ESET Online Scanner ... Désinstallé avec succès

-> Prefetch vidé

 

########## EOF - "C:\DelFixSuppr.txt" - [2060 octets] ##########

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

1.

*Execute o DelFix e clique [Désinstallation]

 

2.

*Baixe o Kaspersky Virus Removal Tool e salve-o no desktop

*Instale o programa e selecione a opção:

[X] Meu Computador

*Clique [start scan]

*Caso encontre algo, clique [skip]

*Ao finalizar, clique [Report]

*Uma janela chamada "Detailed report" será aberta

*Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados

*Clique com o botão direito do mouse em Autoscan e selecione "Select all"

*Clique novamente com o botão direito do mouse e selecione "Copy"

*Abra o bloco de notas, cole (Ctrl+v) e salve o arquivo no desktop como log.txt

*Feche a janela "Detailed report" do Kasperky

*Na tela principal do Kaspersky clique em [Exit] > [No]

*Cole o relatório log.txt salvo no desktop

Compartilhar este post

Link para o post
Compartilhar em outros sites

raulbrazil    0

raulbrazil
Postado

Prezado Amigo,

Obrigado pela ajudar mas como nossa internet é muito lenta não vou conseguir terminar o download do Kaspersky hoje ainda pois já estou de saída. Na segunda-feira cedo volto aqui para tentarmos resolver juntos o problema, ok? Obrigado por tudo e um bom final de semana. Abçs.

Compartilhar este post

Link para o post
Compartilhar em outros sites

raulbrazil    0

raulbrazil
Postado

Bom dia Wings,

Havia me esquecido de um item de suas instruções, a instalação e uso MalwareBytes Anti-malware. Já fiz o scan segue abaixo o log. Ainda estou fazendo o download do Kaspersky.

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Versão da Base de Dados: 5829

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

21/2/2011 11:07:47

mbam-log-2011-02-21 (11-07-47).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 310954

Tempo decorrido: 37 minuto(s), 55 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

Compartilhar este post

Link para o post
Compartilhar em outros sites

raulbrazil    0

raulbrazil
Postado

Olá Wings, segue o relatório do Kaspersky:

 

Verificação automática: concluído 1 hora atrás (eventos: 2, objetos: 350527, hora: 01:06:22)

21/2/2011 11:40:33 Tarefa iniciada Ação padrão selecionada

21/2/2011 12:46:56 Tarefa concluída Ação padrão selecionada

Verificação automática: concluído 3 minutos atrás (eventos: 2, objetos: 205488, hora: 01:18:38)

21/2/2011 12:52:12 Tarefa iniciada Ação padrão selecionada

21/2/2011 14:10:50 Tarefa concluída Ação padrão selecionada

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

1.

*Abra a pasta Virus Removal Tool, localizada no desktop, execute o atalho Start

*Clique [Exit] > [Yes] > [sim] > [sim]

*O PC será reiniciado

*Delete os arquivos setup do Kaspersky e log.txt salvos no desktop

 

 

Durante a instalação do Avast você está conectado a internet?

Caso positivo...tudo bem

 

Tente instalar o Avira.

Compartilhar este post

Link para o post
Compartilhar em outros sites

raulbrazil    0

raulbrazil
Postado

Olá Wings,

Fiz tudo o que você sugeriu. Consegui instalar o AVIRA e ele detectou os seguintes itens:

W95/Bumble

TR/Spy.Banker.Gen

O que faço, movo para a quarentena?

E por que não consigo instalar o AVAST nem o AVG ?

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito