[Arquivado] &nbspNão Consigo instalar antivirus

[churrasqueiro02 0]

Bom dia a todos. Meu computador está uma bomba de virus. Consegui eliminar o festas.exe, agora estou com esse problema. o Windows nao consegue instalar nenhum anti virus, o processo é encerrado ~misteriosamente~ antes de chegar a metade. Segue o log do hijack obrigado desde já :D

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:50:49, on 22/8/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\AutorunRemover\AutorunRemover.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Caio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Caio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Caio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\regedit.exe

C:\Documents and Settings\Caio\Meus documentos\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Arquivos de programas\AutorunRemover\AutorunRemover.exe -Hide

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{90E8967A-897E-4B32-992B-0219D93CAECE}: NameServer = 200.204.0.10 200.204.0.138

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

 

--

End of file - 3205 bytes

[churrasqueiro02 0]

o link está off. obrigado mesmo assim

[Power Max 54]

:) Olá Churrasqueiro!

 

:seta: Para evitar que os virus voltem, desative a restauração do sistema e mantenha ela desativada até que o problema tenha sido completamente resolvido. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

______________________

 

:seta: Depois disto faça o download do Norman Malware Cleaner no endereço abaixo (o qual troquei o nome dele para que os virus não o bloqueiem)

http://www.4shared.com/get/FkoYOYgJ/jovem_campeo.html

 

Depois disto faça um Full Scan com ele seguindo as dicas do tutorial abaixo:

 

Tutorial do Norman Malware Cleaner

 

Depois disto poste o log dele aqui no fórum juntamente com novo log do Hijackthis e nos diga como está o PC depois disto.

[churrasqueiro02 0]

Opa Antônio, thanks for support :D

 

Bom, tô instalando o avast 6 free aqui, era um instalador na qual o virus nao tinha engolido ainda HAHAHA

Ta rodando normalmente.

 

Checa se o log tá limpo. Obrigado :D

 

Norman Malware Cleaner v2.02.01

Copyright © 1990 - 2011, Norman ASA.

 

Norman Scanner Engine Version: 6.07.10

nvcbin.def: Version: 6.07.00, Date: 2011/08/20 03:21:17, Variants: 11006162

nvcmacro.def: Version: 6.07.00, Date: 2011/02/01 12:21:31, Variants: 20465

 

Operating System: Windows XP Service Pack 3

 

Switches: /iagree /nomt

 

Scan started: 2011/08/22 18:30:55

 

Running pre-scan cleanup routine...

Potentially unwanted registry value: 'HKCR\txtfile\shell\open\command --> (null) = NOTEPAD.EXE %1'

Modified registry value: HKCR\txtfile\shell\open\command --> (Default) from 'NOTEPAD.EXE %1' to '%SystemRoot%\system32\notepad.exe %1'

Potentially unwanted registry value: 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows --> AppInit_DLLs = (null)'

Modified registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows --> AppInit_DLLs from '(null)' to ''

Potentially unwanted registry value: 'HKU\S-1-5-21-1659004503-1563985344-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System --> DisableRegistryTools = 0x00000001'

Deleted registry value: HKU\S-1-5-21-1659004503-1563985344-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System --> DisableRegistryTools = 0x00000001

Potentially unwanted registry value: 'HKU\S-1-5-21-1659004503-1563985344-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System --> DisableTaskMgr = 0x00000001'

Deleted registry value: HKU\S-1-5-21-1659004503-1563985344-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System --> DisableTaskMgr = 0x00000001

Potentially unwanted registry value: 'HKLM\SOFTWARE\Microsoft\Security Center --> AntiVirusDisableNotify = 0x00000001'

Modified registry value: HKLM\SOFTWARE\Microsoft\Security Center --> 仰ӏ到ӏVirusDisableNotify from '0x00000001' to ''

Potentially unwanted registry value: 'HKLM\SOFTWARE\Microsoft\Security Center --> FirewallDisableNotify = 0x00000001'

Modified registry value: HKLM\SOFTWARE\Microsoft\Security Center --> FirewallDisableNotify from '0x00000001' to '0'

Potentially unwanted registry value: 'HKLM\SOFTWARE\Microsoft\Security Center --> UpdatesDisableNotify = 0x00000001'

Modified registry value: HKLM\SOFTWARE\Microsoft\Security Center --> 蹸ӌ肈DžtesDisableNotify from '0x00000001' to ''

 

Number of malicious objects found: 7

Number of malicious objects cleaned: 7

Scanning time: 18s

 

Scanning system for FakeAV...

 

Number of malicious objects found: 0

Number of malicious objects cleaned: 0

Number of malicious files found: 0

Number of malicious files cleaned: 0

Scanning time: 0s

 

Scanning system for active rootkit activity...

 

Number of malicious objects found: 0

Number of malicious objects cleaned: 0

Number of malicious files found: 0

Number of malicious files cleaned: 0

Scanning time: 0s

 

Scanning running processes and process memory...

C:\Documents and Settings\Caio\Configurações locais\Temp\winjfktpr.exe: Process infected with W32/Suspicious_Gen2.MQPDW

Terminated process: C:\Documents and Settings\Caio\Configurações locais\Temp\winjfktpr.exe

C:\Documents and Settings\Caio\Configurações locais\Temp\winjfktpr.exe: File infected with W32/Suspicious_Gen2.MQPDW

Deleted registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List --> C:\DOCUME~1\Caio\CONFIG~1\Temp\winjfktpr.exe = C:\DOCUME~1\Caio\CONFIG~1\Temp\winjfktpr.exe:*:Enabled:ipsec

Deleted file: C:\Documents and Settings\Caio\Configurações locais\Temp\winjfktpr.exe

 

Number of objects found: 891

Number of objects scanned: 891

Number of objects not scanned: 0

Number of malicious memory objects found: 4

Number of malicious objects cleaned: 3

Number of malicious files found: 1

Number of malicious files cleaned: 0

Scanning time: 1m 48s

 

Running custom scan...

C:\Documents and Settings\Caio\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\index: Error opening file for read: 0x00000020

C:\Documents and Settings\Caio\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Current Session: Error opening file for read: 0x00000020

C:\Documents and Settings\Caio\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020

C:\Documents and Settings\Caio\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020

C:\Documents and Settings\Caio\Configurações locais\Temp\etilqs_SPsmWWv5Czq5luu: Error opening file for read: 0x00000020

C:\Documents and Settings\Caio\Configurações locais\Temp\etilqs_xASIli6gcVVerIv: Error opening file for read: 0x00000020

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar: Archive infected

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\alcchkid.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\alcchkid.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\alcrmv.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\alcrmv.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\alcrmv9x.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\alcrmv9x.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\alcupd.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\alcupd.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\ChCfg.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\ChCfg.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\GETDXVER.EXE: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\GETDXVER.EXE: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\SetCDfmt.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\SetCDfmt.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\setup.exe: File infected with W32/Sality.BD

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\setup.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\WDM\alcrmv.exe: File infected with W32/Sality.BD

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\WDM\alcrmv.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\WDM\ChCfg.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\WDM\ChCfg.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\WDM\SoundMan.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\WDM_A406\WDM_A406\WDM\SoundMan.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Setup.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Setup.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Win2000\hkcmd.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Win2000\hkcmd.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Win2000\ialmudlg.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Win2000\ialmudlg.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Win2000\igfxcfg.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Win2000\igfxcfg.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Win2000\igfxext.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Win2000\igfxext.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Win2000\igfxsrvc.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Win2000\igfxsrvc.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Win2000\igfxtray.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Win2000\igfxtray.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Win2000\igfxzoom.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\win2k_xp1417[1]\Win2000\igfxzoom.exe: Repaired

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\wrar393br.exe: File infected with W32/Sality.BM

C:\Documents and Settings\Caio\Desktop\INDISPENSAVEIS.rar/INDISPENSAVEIS\wrar393br.exe: Repaired

C:\Documents and Settings\Caio\NTUSER.DAT: Error opening file for read: 0x00000020

C:\Documents and Settings\Caio\NTUSER.DAT.LOG: Error opening file for read: 0x00000020

C:\Documents and Settings\Carlos\Configurações locais\Temp\winhdjqx.exe: File infected with W32/Suspicious_Gen2.MQPDW

Deleted file: C:\Documents and Settings\Carlos\Configurações locais\Temp\winhdjqx.exe

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020

C:\Documents and Settings\LocalService\NTUSER.DAT: Error opening file for read: 0x00000020

C:\Documents and Settings\LocalService\ntuser.dat.LOG: Error opening file for read: 0x00000020

C:\Documents and Settings\Lurdes Kizzy Tarick\Configurações locais\Temp\rhiit.exe: Sandbox detected infection of type W32/Malware

Deleted file: C:\Documents and Settings\Lurdes Kizzy Tarick\Configurações locais\Temp\rhiit.exe

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020

C:\Documents and Settings\NetworkService\NTUSER.DAT: Error opening file for read: 0x00000020

C:\Documents and Settings\NetworkService\ntuser.dat.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\system32\CatRoot2\edb.log: Error opening file for read: 0x00000020

C:\WINDOWS\system32\CatRoot2\tmp.edb: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\default: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\default.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\SAM: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\SAM.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\SECURITY: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\SECURITY.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\software: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\software.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\system: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\system.LOG: Error opening file for read: 0x00000020

 

Number of files found: 15936

Number of archives unpacked: 1127

Number of objects found: 48750

Number of objects scanned: 48722

Number of objects not scanned: 28

Number of malicious objects found: 22

Number of malicious objects cleaned: 22

Number of malicious files found: 3

Number of malicious files cleaned: 2

Scanning time: 3h 18m 21s

 

Running post-scan cleanup routine...

 

Number of malicious objects found: 0

Number of malicious objects cleaned: 0

Scanning time: 1s

 

Results:

Total number of files found: 15936

Total number of archives unpacked: 1127

Total number of objects found: 49641

Total number of objects scanned: 49613

Total number of objects not scanned: 28

Total number of malicious objects found: 33

Total number of malicious objects cleaned: 32

Total number of malicious files found: 4

Total number of malicious files cleaned: 2

Total number of objects quarantined: 11

Total scanning time: 3h 20m 31s

[Power Max 54]

:seta: Baixe o SalityKiller e salve-o no desktop (área de trabalho):

http://support.kaspersky.com/downloads/utils/salitykiller.zip

 

*Extraia o seu conteúdo para C:\

 

*Desative seu antivírus temporariamente

 

*Este programa irá rodar em 2 janelas distintas ao mesmo tempo!!

 

*A primeira janela:

*Clique em [iniciar] > [Executar] > copie e cole: C:\salitykiller.exe -m

*Clique [OK]

*Mantenha a janela rodando. Não feche-a!! Se desejar, minimize-a.

 

*A segunda janela:

*Clique em [iniciar] > [Executar] > copie e cole: C:\salitykiller.exe -y -x -j -l sality.txt -v

*Clique [OK]

*Ao término, a janela 2 será fechada automaticamente. Feche, então, a janela 1.

 

*Cole o resumo localizado no final do arquivo C:\sality.txt, conforme mostrado abaixo:

 

Infected files: 100

19:59:42Infected processes: 0

19:59:42Infected threads: 0

19:59:42Cured files: 100

19:59:42Executed registry scripts: 2

_______________________________

 

:seta: Na sua próxima resposta poste um novo log do Hijackthis, o log que estará em C:\sality.txt, e nos diga como está seu PC depois disto.

 

Ficamos na espera.

[churrasqueiro02 0]

Antônio, boa tarde.

Seguem os logs, com o pc está tudo nos conformes

 

12:59:09:093 3748 Infected files: 0

12:59:09:125 3748 Infected processes: 0

12:59:09:125 3748 Infected threads: 0

12:59:09:125 3748 Cured files: 0

12:59:09:125 3748 Will be cured on reboot: 0

12:59:09:125 3748 Executed registry scripts: 1

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:01:40, on 23/8/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\AutorunRemover\AutorunRemover.exe

C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Caio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Caio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Caio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Caio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Caio\Meus documentos\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG10\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Softonic ES Toolbar - {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Arquivos de programas\Softonic_ES\tbSoft.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Softonic ES Toolbar - {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Arquivos de programas\Softonic_ES\tbSoft.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Arquivos de programas\AutorunRemover\AutorunRemover.exe -Hide

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1659004503-1563985344-1417001333-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Lurdes Kizzy Tarick')

O4 - HKUS\S-1-5-21-1659004503-1563985344-1417001333-1005\..\Run: [Google Update] "C:\Documents and Settings\Lurdes Kizzy Tarick\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c (User 'Lurdes Kizzy Tarick')

O4 - HKUS\S-1-5-21-1659004503-1563985344-1417001333-1005\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'Lurdes Kizzy Tarick')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{90E8967A-897E-4B32-992B-0219D93CAECE}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG10\avgpp.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

 

--

End of file - 5078 bytes

[Power Max 54]

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG10\avgssie.dll (file missing)

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

 

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG10\avgpp.dll (file missing)

____________________

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento. Ficamos no aguardo de sua resposta.

[churrasqueiro02 0]

Antonio desculpe o abandono do post. estive ausente

 

Enfim, nao consigo rodar a ferramenta pelo internet explorer.

 

Obrigado!

[Power Max 54]

Antonio desculpe o abandono do post. estive ausente

 

Enfim, nao consigo rodar a ferramenta pelo internet explorer.

 

Obrigado!

Você pode rodar a ferramenta através de outros navegadores. É só baixar o arquivo recomendado lá no site e seguir a desinfecção normalmente.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.