rmoralez 0 Denunciar post Postado Maio 5, 2011 Srs, Esta praga vai e vem e não sei mais o que fazer ... Se algum participante poder ajudar, agradeço muito. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:49:57, on 05/05/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\aetcrss1.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Controle de Virus\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://terra.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" O4 - HKLM\..\Run: [eTMonitor] "C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe O4 - HKCU\..\Run: [samsung_AppInst] E:\SamsungSoftware\AppInst.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{193B1C6F-AE12-4414-B380-A916AE1A9430}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{193B1C6F-AE12-4414-B380-A916AE1A9430}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: ETOKSRV (eTSrv) - Aladdin Knowledge Systems, Ltd. - C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 6311 bytes Obrigado! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 5, 2011 Olá rmoralez *Faça um scan online com o NOD32 *Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log Compartilhar este post Link para o post Compartilhar em outros sites
rmoralez 0 Denunciar post Postado Maio 10, 2011 Como apareceu o Win32/Gaelicum.A, precisei rodar o vcleaner.exe em modo segurança, assim estou postando novamente o log do “HijackThis” e o solicitado. Agora preciso remover as duas pragas. Durante o scan com o NOD32 o AVG estava ativo! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:39:33, on 10/05/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\aetcrss1.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe C:\Windows\system32\conhost.exe C:\Windows\system32\notepad.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Controle de Virus\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://terra.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" O4 - HKLM\..\Run: [eTMonitor] "C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe O4 - HKCU\..\Run: [samsung_AppInst] E:\SamsungSoftware\AppInst.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{193B1C6F-AE12-4414-B380-A916AE1A9430}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{193B1C6F-AE12-4414-B380-A916AE1A9430}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: ETOKSRV (eTSrv) - Aladdin Knowledge Systems, Ltd. - C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 6919 bytes ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 Fico no aguardo, obrigado! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 10, 2011 *Baixe o MalwareBytes e salve-o no desktop *Instale o programa e aguarde a atualização *O programa será aberto automaticamente *Na aba [Verificação], selecione [Verificação completa] *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Caso já tenhas o Malwarebytes instalado.... *Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações] *Na aba [Verificação], selecione [x] Verificação completa *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
rmoralez 0 Denunciar post Postado Maio 12, 2011 Olá Wings, Segue log conforme solicitado! Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Versão da Base de Dados: 6562 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 12/05/2011 15:52:30 mbam-log-2011-05-12 (15-52-30).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 303982 Tempo decorrido: 35 minuto(s), 14 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 1 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\phoenix\wdjzky.exe (Trojan.Agent) -> Quarantined and deleted successfully. Obrigado! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 12, 2011 1. *Baixe o DDS e salve-o no desktop *Execute-o e salve os relatórios (DDS.txt e Attach.txt) no desktop *Cole o relatório DDS.txt 2. *Baixe o GMER e salve-o no desktop *Crie uma pasta chamada GMER em C:\ e extraia para lá *Desative temporariamente o antivírus *Feche todos os programas ativos, inclusive o seu navegador *Execute-o *Caso receba a mensagem de atividade de rootkit e se deseja fazer um scan, clique [NÃO] Na coluna da direita, desmarque: [] IAT/EAT [] Show All *Clique [scan] e aguarde o término *Clique [save...] e salve no desktop *Cole o relatório Compartilhar este post Link para o post Compartilhar em outros sites
rmoralez 0 Denunciar post Postado Maio 17, 2011 Olá Wings, Desculpe a demora, segue os logs! . DDS (Ver_11-03-05.01) - NTFSx86 Run by 1 at 8:29:54,62 on 17/05/2011 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2037.1208 [GMT -3:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Windows\system32\Dwm.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Windows\Explorer.EXE C:\Windows\System32\alg.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\aetcrss1.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Nero\Update\NASvc.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\1\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://terra.com.br/ uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [samsung_AppInst] e:\samsungsoftware\AppInst.exe uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [Gbridge] "c:\program files\gbridge llc\gbridge\pstartw.exe" "c:\program files\gbridge llc\gbridge\Gbridge.exe" -autostart uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_ActiveX.exe -update activex mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\" mRun: [eTMonitor] "c:\program files\aladdin\etoken\pkiclient\x32\PKIMonitor.exe" mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [CertificateRegistration] aetcrss1.exe StartupFolder: c:\users\1\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: {193B1C6F-AE12-4414-B380-A916AE1A9430} = 200.204.0.10 200.204.0.138 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: aetsprov - c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\1\appdata\roaming\mozilla\firefox\profiles\o0titr5h.default\ FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752] R2 avgwd;Watchdog do AVG;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 eTSrv;ETOKSRV;c:\program files\aladdin\etoken\pkiclient\x32\eTSrv.exe [2009-12-31 12640] R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968] R3 FETND62;D-Link PCI Fast Ethernet Adapter Driver;c:\windows\system32\drivers\DLF62X86.SYS [2009-11-23 45568] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Serviço do Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-10 136176] S3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [2011-2-11 34472] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [2009-5-10 41216] S3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-10 136176] S3 PERTO38U;PertoSmart EMV - Leitor USB de Cartoes Inteligentes;c:\windows\system32\drivers\perto38u.sys [2007-9-27 35840] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-15 15872] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-15 52224] S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-22 1343400] . =============== Created Last 30 ================ . 2011-05-11 16:34:55 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-05-11 12:05:31 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-05-11 12:05:31 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2011-05-11 12:05:31 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-05-11 12:05:31 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-05-11 12:05:31 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-05-11 12:05:31 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2011-05-11 12:05:05 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-05-11 12:05:04 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-10 16:00:48 -------- d-----w- c:\users\1\appdata\local\Google 2011-05-10 16:00:30 -------- d-----w- c:\users\1\appdata\local\Deployment 2011-05-10 16:00:30 -------- d-----w- c:\users\1\appdata\local\Apps 2011-05-10 14:46:30 -------- d-----w- c:\users\1\appdata\roaming\Gbridge 2011-05-10 14:45:30 -------- d-----w- c:\program files\Gbridge LLC 2011-05-10 12:59:32 253952 ----a-w- c:\windows\system32\temp.023 2011-05-10 12:59:31 253952 ----a-w- c:\windows\system32\temp.022 2011-05-05 16:12:55 -------- d-----w- c:\progra~2\Kaspersky Lab 2011-05-05 14:59:54 -------- d-----w- C:\Controle de Virus 2011-05-05 14:43:25 -------- d-----w- c:\program files\Enigma Software Group 2011-05-05 14:42:51 -------- d-----w- c:\windows\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP 2011-05-05 14:42:50 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2011-05-05 14:39:33 23836272 ----a-w- c:\temp\SHSetup.exe 2011-05-05 14:14:12 -------- d-----w- c:\users\1\appdata\roaming\TightVNC 2011-05-05 12:04:13 -------- d-----w- C:\Acesso Remoto 2011-04-30 15:34:08 -------- d-----w- c:\users\1\appdata\roaming\TeamViewer 2011-04-30 15:33:25 -------- d-----w- c:\program files\TeamViewer 2011-04-29 11:24:46 253952 ----a-w- c:\windows\system32\~GLH0051.TMP 2011-04-29 11:19:16 253952 ----a-w- c:\windows\system32\~GLH0145.TMP 2011-04-29 11:16:31 253952 ----a-w- c:\windows\system32\~GLH0050.TMP 2011-04-29 11:15:05 253952 ----a-w- c:\windows\system32\temp.021 2011-04-29 11:15:05 253952 ----a-w- c:\windows\system32\temp.020 2011-04-29 11:13:05 253952 ----a-w- c:\windows\system32\temp.01F 2011-04-29 11:13:04 253952 ----a-w- c:\windows\system32\temp.01E 2011-04-20 18:22:11 253952 ----a-w- c:\windows\system32\~GLH0144.TMP 2011-04-20 18:21:38 253952 ----a-w- c:\windows\system32\temp.01D 2011-04-20 18:21:38 253952 ----a-w- c:\windows\system32\temp.01C 2011-04-19 14:51:48 -------- d-----w- c:\progra~2\Clarus 2011-04-19 11:22:29 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d62f265c-7914-4430-aa24-f82c7b1360c5}\mpengine.dll . ==================== Find3M ==================== . 2011-03-15 15:04:37 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-03-12 11:23:45 870912 ----a-w- c:\windows\system32\XpsPrint.dll 2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-03-11 05:33:09 1699328 ----a-w- c:\windows\system32\esent.dll 2011-03-11 05:31:07 74240 ----a-w- c:\windows\system32\fsutil.exe 2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-07 05:33:13 981504 ----a-w- c:\windows\system32\wininet.dll 2011-03-07 03:52:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys 2011-02-25 05:30:54 2616320 ----a-w- c:\windows\explorer.exe 2011-02-24 05:38:54 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-22 13:08:10 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll 2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll 2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-02-19 06:30:46 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-02-19 04:34:54 294912 ----a-w- c:\windows\system32\atmfd.dll 2011-02-18 05:43:28 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-02-18 05:39:44 31232 ----a-w- c:\windows\system32\prevhost.exe . ============= FINISH: 8:30:43,55 =============== GMER 1.0.15.15627 - http://www.gmer.net Rootkit scan 2011-05-17 08:58:45 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 ST3500630NS rev.3.AEH Running: gmer.exe; Driver: C:\TEMP\pwtdypob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x95F3D7A0] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x95F3D848] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x95F3D8E4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x95F3D980] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82A55339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A8ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82A96094 4 Bytes [A0, D7, F3, 95] .text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82A96364 8 Bytes [48, D8, F3, 95, E4, D8, F3, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82A963D8 4 Bytes [80, D9, F3, 95] {SBB CL, 0xf3; XCHG EBP, EAX} init C:\Windows\system32\DRIVERS\aksifdh.sys entry point in "init" section [0x8DF13090] ? C:\TEMP\mbr.sys O sistema não pode encontrar o arquivo especificado. ! ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 1349 ---- EOF - GMER 1.0.15 ---- Fico no aguardo, obrigado! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 17, 2011 1. *Delete o DDS e seus relatórios. 2. *Delete a pasta C:\GMER e seu relatório. 3. *Baixe o AD-Remover e salve-o no desktop *Clique com o botão direito do mouse no AD-Remover e selecione "Executar como administrador" *Clique [Clean] > [sim] > [OK] > [sim] *O PC será reiniciado *Cole o relatório C:\Ad-Report-CLEAN[1].txt 4. *Desative temporariamente seu antivírus *Baixe o ComboFix e salve-o no desktop *Execute-o e aceite o contrato e aguarde a conclusão das etapas *Não use o mouse nem o teclado durante as etapas, pois implicará na desconfiguração do seu desktop! *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
rmoralez 0 Denunciar post Postado Maio 24, 2011 Olá Wings, Desculpe a demora! Segue os logs solicitados. ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 08:06:57 on 24/05/2011, Normal boot Microsoft Windows 7 Ultimate Service Pack 1 (X86) 1@SERVIDOR (Gigabyte Technology Co., Ltd. G31M-ES2L) ============== ACTION(S) ============== File deleted: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar Folder deleted: C:\Users\1\AppData\Roaming\Mozilla\FireFox\Profiles\o0titr5h.default\extensions\toolbar@ask.com Folder deleted: C:\Program Files\Ask.com Folder deleted: C:\Users\1\AppData\Local\AskToolbar Folder deleted: C:\Users\1\AppData\LocalLow\AskToolbar (!) -- Temporary files deleted. Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key deleted: HKCU\Software\Ask.com Key deleted: HKCU\Software\AskToolbar Key deleted: HKCU\Software\AppDataLow\AskToolbarInfo Key deleted: HKCU\Software\AppDataLow\Software\AskToolbar Key deleted: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key deleting error: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.12 (pt-BR)] **** Searchplugins\avg_igeared.xml (hxxp://search.avg.com/route/?d=4ced65ce&v=6.010.023.001&i=23&tp=chrome&q={searchTerms}&lng=pt-BR&iy=&ychte=br/) Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura) Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk) Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca) Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search) HKLM_Extensions|{1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files\AVG\AVG10\Firefox4\ HKLM_Extensions|{3112ca9c-de6d-4884-a869-9855de68056c} - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} -- C:\Users\1\AppData\Roaming\Mozilla\FireFox\Profiles\o0titr5h.default -- Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.12 ======================================== **** Internet Explorer Version [8.0.7601.17514] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{A3BC75A2-1F87-4686-AA43-5347D756017C} (x) HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?) HKCU_Toolbar\WebBrowser|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (x) HKLM_Toolbar|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (x) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x) ======================================== C:\Program Files\Ad-Remover\Quarantine: 100 File(s) C:\Program Files\Ad-Remover\Backup: 15 File(s) C:\Ad-Report-CLEAN[1].txt - 24/05/2011 08:07:11 (5490 Byte(s)) End at: 08:08:08, 24/05/2011 ============== E.O.F ============== ComboFix 11-05-23.02 - 1 24/05/2011 8:22.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2037.1324 [GMT -3:00] Executando de: c:\users\1\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\temp.00E . . (((((((((((((((( Arquivos/Ficheiros criados de 2011-04-24 to 2011-05-24 )))))))))))))))))))))))))))) . . 2011-05-24 11:20 . 2011-05-24 11:20 -------- d-----w- C:\32788R22FWJFW 2011-05-24 11:06 . 2011-05-24 11:06 -------- d-----w- c:\program files\Ad-Remover 2011-05-20 21:37 . 2011-05-20 21:38 -------- d-----w- c:\users\1\3909BE712D8F42D2BA463831B60CFD0F.TMP 2011-05-18 12:01 . 2011-03-30 15:01 253952 ----a-w- c:\windows\system32\temp.027 2011-05-18 12:01 . 2011-03-30 15:01 253952 ----a-w- c:\windows\system32\temp.026 2011-05-18 12:00 . 2008-03-04 13:37 253952 ----a-w- c:\windows\system32\temp.025 2011-05-18 12:00 . 2008-03-04 13:37 253952 ----a-w- c:\windows\system32\temp.024 2011-05-18 11:51 . 2011-05-10 18:03 253952 ----a-w- c:\windows\system32\~GLH014b.TMP 2011-05-17 13:22 . 2011-05-23 20:16 -------- d-----w- C:\bck 2011-05-11 16:34 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-05-11 12:05 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-05-11 12:05 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-05-11 12:05 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-05-11 12:05 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-05-11 12:05 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2011-05-11 12:05 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2011-05-11 12:05 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-05-11 12:05 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-10 16:00 . 2011-05-10 16:01 -------- d-----w- c:\program files\Google 2011-05-10 16:00 . 2011-05-17 11:21 -------- d-----w- c:\users\1\AppData\Local\Google 2011-05-10 16:00 . 2011-05-10 16:00 -------- d-----w- c:\users\1\AppData\Local\Deployment 2011-05-10 16:00 . 2011-05-10 16:00 -------- d-----w- c:\users\1\AppData\Local\Apps 2011-05-10 14:46 . 2011-05-17 12:32 -------- d-----w- c:\users\1\AppData\Roaming\Gbridge 2011-05-10 14:45 . 2011-05-10 14:45 -------- d-----w- c:\program files\Gbridge LLC 2011-05-10 12:59 . 2008-03-04 13:37 253952 ----a-w- c:\windows\system32\temp.023 2011-05-10 12:59 . 2008-03-04 13:37 253952 ----a-w- c:\windows\system32\temp.022 2011-05-05 16:12 . 2011-05-05 16:12 -------- d-----w- c:\programdata\Kaspersky Lab 2011-05-05 14:59 . 2011-05-24 11:16 -------- d-----w- C:\Controle de Virus 2011-05-05 14:43 . 2011-05-05 14:43 -------- d-----w- c:\program files\Enigma Software Group 2011-05-05 14:42 . 2011-05-05 14:56 -------- d-----w- c:\windows\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP 2011-05-05 14:42 . 2011-05-05 14:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2011-05-05 14:14 . 2011-05-05 14:14 -------- d-----w- c:\users\1\AppData\Roaming\TightVNC 2011-05-05 12:04 . 2011-05-10 13:04 -------- d-----w- C:\Acesso Remoto 2011-04-30 15:34 . 2011-04-30 15:35 -------- d-----w- c:\users\1\AppData\Roaming\TeamViewer 2011-04-30 15:33 . 2011-04-30 15:33 -------- d-----w- c:\program files\TeamViewer 2011-04-29 11:24 . 2010-02-05 13:59 253952 ----a-w- c:\windows\system32\~GLH0051.TMP 2011-04-29 11:19 . 2011-04-14 16:43 253952 ----a-w- c:\windows\system32\~GLH0145.TMP 2011-04-29 11:16 . 2010-02-05 13:59 253952 ----a-w- c:\windows\system32\~GLH0050.TMP 2011-04-29 11:15 . 2008-03-04 13:37 253952 ----a-w- c:\windows\system32\temp.021 2011-04-29 11:15 . 2008-03-04 13:37 253952 ----a-w- c:\windows\system32\temp.020 2011-04-29 11:13 . 2008-03-04 13:37 253952 ----a-w- c:\windows\system32\temp.01F 2011-04-29 11:13 . 2008-03-04 13:37 253952 ----a-w- c:\windows\system32\temp.01E . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-18 12:15 . 2011-04-19 11:22 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D62F265C-7914-4430-AA24-F82C7B1360C5}\mpengine.dll 2011-03-30 15:01 . 2011-02-10 15:44 640512 ----a-w- c:\windows\system32\OC30.DLL 2011-03-30 15:01 . 2011-02-10 15:44 632832 ----a-w- c:\windows\system32\vcf132.ocx 2011-03-30 15:01 . 2011-02-10 15:44 149504 ----a-w- c:\windows\system32\MFCANS32.DLL 2011-03-15 15:04 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-03-11 05:33 . 2011-04-14 11:22 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-11 05:33 . 2011-04-14 11:22 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-03-08 05:28 . 2011-04-14 11:22 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-07 05:33 . 2011-04-14 11:24 981504 ----a-w- c:\windows\system32\wininet.dll 2011-03-07 03:52 . 2011-04-14 11:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-03-03 05:38 . 2011-04-14 11:24 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-03-03 05:36 . 2011-04-14 11:24 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-03-03 03:42 . 2011-04-14 11:22 2333184 ----a-w- c:\windows\system32\win32k.sys 2011-02-24 05:38 . 2011-04-14 11:22 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-10 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-11-02 36864] "eTMonitor"="c:\program files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe" [2009-12-31 230752] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "CertificateRegistration"="aetcrss1.exe" [2010-07-20 151552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] . c:\users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Serviço do Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 136176] R3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [2008-07-29 34472] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge.sys [2009-05-10 41216] R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 136176] R3 PERTO38U;PertoSmart EMV - Leitor USB de Cartoes Inteligentes;c:\windows\system32\DRIVERS\perto38u.sys [2007-09-27 35840] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-22 1343400] S2 eTSrv;ETOKSRV;c:\program files\Aladdin\eToken\PKIClient\x32\eTSrv.exe [2009-12-31 12640] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080] S3 FETND62;D-Link PCI Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\DLF62X86.SYS [2009-11-23 45568] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov] 2010-07-30 16:02 81920 ----a-w- c:\windows\System32\aetsprov.dll . Conteúdo da pasta 'Tarefas Agendadas' . 2011-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 16:00] . 2011-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 16:00] . . ------- Scan Suplementar ------- . IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html FF - ProfilePath - c:\users\1\AppData\Roaming\Mozilla\Firefox\Profiles\o0titr5h.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} . - - - - ORFÃOS REMOVIDOS - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKCU-Run-Samsung_AppInst - e:\samsungsoftware\AppInst.exe HKCU-Run-Gbridge - c:\program files\Gbridge LLC\Gbridge\pstartw.exe . . . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'lsass.exe'(516) c:\windows\system32\aetsprov.dll . Tempo para conclusão: 2011-05-24 08:29:46 ComboFix-quarantined-files.txt 2011-05-24 11:29 . Pré-execução: 443.176.816.640 bytes disponíveis Pós execução: 442.982.449.152 bytes disponíveis . - - End Of File - - AA43AB68EE325CC55F10E8C1BAA53B7E Fico no aguardo! Muito obrigado!! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 24, 2011 Envie os arquivos abaixo para análise em http://virusscan.jotti.org c:\windows\system32\~GLH0051.TMP c:\windows\system32\temp.027 c:\users\1\3909BE712D8F42D2BA463831B60CFD0F.TMP c:\windows\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP *Cole os links dos resultados de cada um. Compartilhar este post Link para o post Compartilhar em outros sites
rmoralez 0 Denunciar post Postado Maio 25, 2011 Olá Wings, Segue os links na ordem! http://virusscan.jotti.org/pt-br/scanresult/904f7b4f86e0239b14086fe0caad834c29d6cf2e http://virusscan.jotti.org/pt-br/scanresult/904f7b4f86e0239b14086fe0caad834c29d6cf2e/fc975f490c119356960bd3515a672d54f41472ec O link: c:\users\1\3909BE712D8F42D2BA463831B60CFD0F.TMP não entrou direto, mandei a analise de todos os arquivos que estavam dentro! http://virusscan.jotti.org/pt-br/scanresult/f4693ef6cc342a501714b7f225e691c93815767c/aa61da66d456c965469cacfe9497d6163ee8443a http://virusscan.jotti.org/pt-br/scanresult/171a052977dc37a5a16bfeaef22de6e0f04f2f15/74fb24f04be9acd1bded6096c0400fa81a5b9869 http://virusscan.jotti.org/pt-br/scanresult/ac28672f152cd8d4f47faeb2035124d29a1cb15f http://virusscan.jotti.org/pt-br/scanresult/b8a19c27d3f1ef89e67c9815a924cf8851abcf7a Idem ao anterior http://virusscan.jotti.org/pt-br/scanresult/f8390e368115cb6756c988f9fd816d79cbbfff53 http://virusscan.jotti.org/pt-br/scanresult/ee0d6e841539b290df581a14f417fb69d68b2ac0 http://virusscan.jotti.org/pt-br/scanresult/541fbbf420f9c07ecd93820c89a91d5548305283 http://virusscan.jotti.org/pt-br/scanresult/1d2bbc885b0d8cfaa207d5ff40af1c19eebfbe37 http://virusscan.jotti.org/pt-br/scanresult/ee0d6e841539b290df581a14f417fb69d68b2ac0/a357eb5c2fc2cb39563ffb652449e4696cbf26b6 http://virusscan.jotti.org/pt-br/scanresult/541fbbf420f9c07ecd93820c89a91d5548305283/454ece15edd576bbe993a66070a9938a438e19ca http://virusscan.jotti.org/pt-br/scanresult/d2286a0fab670321a65ec909a6f5f46fa2468bb1 http://virusscan.jotti.org/pt-br/scanresult/af891d6cdf30d72441355375cc9d392cc80f04c9 http://virusscan.jotti.org/pt-br/scanresult/af891d6cdf30d72441355375cc9d392cc80f04c9/192907ca4500462facb0376ca0c048d0bdab5a47 http://virusscan.jotti.org/pt-br/scanresult/3380fc3919867a825c52b83730a74aeb447b6285 Fico no aguardo, obrigado! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 25, 2011 Em nenhum dos arquivos foi encontrada contaminação. Como está o PC? Compartilhar este post Link para o post Compartilhar em outros sites
rmoralez 0 Denunciar post Postado Maio 26, 2011 Wings, Aparentemente não apresenta problemas, tenho nele uma conexão speedy (que cai algumas vezes durante o dia) mas acho que é problema da infraestrutura. Tenho um HD externo que faço back-up desta máquina (depois destes vírus não conectei mais), provavelmente deve estar infectada e vou ter que limpar. Obrigado! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 26, 2011 1. *Formate o HD externo. 2. *Execute o AD-Remover e clique [uninstall] > [Não] > [Close] 3. *Renomei o Combofix para Uninstall *Execute-o, aguarde a mensagem "ComboFix está desinstalado" e clique [OK] Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
rmoralez 0 Denunciar post Postado Maio 30, 2011 Wings, Muito obrigado! []´s Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 30, 2011 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
