Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

hollyjunior

[Resolvido] &nbspNao consigo entrar no meu disco C

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

hollyjunior    0

hollyjunior
Postado

Nao consigo entrar no disco c, nem no explorer, nem em executar, aparece um erro : "Esta operação foi cancelada devido a restrições existentes neste computador"

Mas eu sou o unico utilizador e administrador.

Por favor Ajudem-me

Obrigado

Abraços ;)

 

*tambem nao consigo entrar em qualquer pasta dos documentos, basicamente nao consigo entrar em tudo dentro do C:

 

Fica aqui o log

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:59:43, on 05-09-2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: 65.54.239.80 messenger.hotmail.com

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

O1 - Hosts: 65.54.239.80 messenger.hotmail.com

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMSAccess64 - Unknown owner - C:\Windows\SysWOW64\NMSAccess64.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12435 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

:) Olá!

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

 

Para instalá-lo e utilizá-lo corretamente siga as dicas deste tutorial:

 

Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e nos diga como está o seu PC após este procedimento.

 

Ficamos no aguardo.

Compartilhar este post

Link para o post
Compartilhar em outros sites

hollyjunior    0

hollyjunior
Postado

Ok eu vou fazer isso, eu ja tinha feito scan com meu antivirus e ele apagou alguns virus e trojans e depois disso ja apareceu o Disco C em meu computador so que mesmo assim nao da para entrar, aparece o mesmo aviso

vou fazer isso, ja digo qualquer coisa

Obrigado

 

Continuo com o problema :(

Aqui ficam os logs, 1º ponho o log do Malwarebytes que fiz antes de pedir ajuda aqui:

 

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Versão da base de dados: 7656

 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

 

05-09-2011 18:18:03

mbam-log-2011-09-05 (18-18-03).txt

 

Tipo de pesquisa: Completa (C:\|D:\|)

Objectos verificados: 337368

Tempo decorrido: 53 minuto(s), 20 segundo(s)

 

Processos de memória infectados: 0

módulos de Memória infectados: 0

Chaves do Registo Infectadas: 0

Valores do Registo infectados: 0

Itens de dados do Registo Infectados: 1

Pastas Infectadas: 1

Ficheiros Infectados: 2

 

Processos de memória infectados:

(Nenhum item malicioso detectado)

 

módulos de Memória infectados:

(Nenhum item malicioso detectado)

 

Chaves do Registo Infectadas:

(Nenhum item malicioso detectado)

 

Valores do Registo infectados:

(Nenhum item malicioso detectado)

 

Itens de dados do Registo Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (PUM.Hijack.Drives) -> Bad: (4) Good: (0) -> Quarantined and deleted successfully.

 

Pastas Infectadas:

c:\wins (Trojan.Banker) -> Quarantined and deleted successfully.

 

Ficheiros Infectados:

c:\wins\face.txt (Trojan.Banker) -> Quarantined and deleted successfully.

c:\wins\mms.txt (Trojan.Banker) -> Quarantined and deleted successfully.

 

 

Aqui fica o Log do Malwarebytes que fiz agora quando tu me disseste para fazer :

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Versão da base de dados: 7658

 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

 

05-09-2011 21:10:12

mbam-log-2011-09-05 (21-10-12).txt

 

Tipo de pesquisa: Completa (C:\|D:\|)

Objectos verificados: 335528

Tempo decorrido: 37 minuto(s), 16 segundo(s)

 

Processos de memória infectados: 0

módulos de Memória infectados: 0

Chaves do Registo Infectadas: 0

Valores do Registo infectados: 0

Itens de dados do Registo Infectados: 0

Pastas Infectadas: 0

Ficheiros Infectados: 0

 

Processos de memória infectados:

(Nenhum item malicioso detectado)

 

módulos de Memória infectados:

(Nenhum item malicioso detectado)

 

Chaves do Registo Infectadas:

(Nenhum item malicioso detectado)

 

Valores do Registo infectados:

(Nenhum item malicioso detectado)

 

Itens de dados do Registo Infectados:

(Nenhum item malicioso detectado)

 

Pastas Infectadas:

(Nenhum item malicioso detectado)

 

Ficheiros Infectados:

(Nenhum item malicioso detectado)

 

 

E por fim aqui fica o novo log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:24:39, on 05-09-2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: 65.54.239.80 messenger.hotmail.com

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

O1 - Hosts: 65.54.239.80 messenger.hotmail.com

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunOnce: [scan_after_setup] "c:\program files (x86)\avira\antivir desktop\avcenter.exe" /SCANAFTERSETUP="scan setup2date wait newprocess"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMSAccess64 - Unknown owner - C:\Windows\SysWOW64\NMSAccess64.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12184 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

alguns problemas removidos pelo Malwarebytes.

 

:seta: Siga também esta dica, por gentileza:

 

Tutorial do Norman Malware Cleaner

 

Na sua próxima resposta poste o conteúdo do log do Norman Malware Cleaner juntamente com um novo log do Hijackthis e nos diga como está o seu PC depois disto.

 

Ficamos na espera.

Compartilhar este post

Link para o post
Compartilhar em outros sites

hollyjunior    0

hollyjunior
Postado

Desculpe mas esqueci me de dizer que tambem ja tinha tentado usar o ccleaner para limpar o registo antes de pedir aqui ajudar

nao sei se faz diferença, mas lembrei me

Muito obrigado Antonio pela ajuda e pelo seu tempo

Compartilhar este post

Link para o post
Compartilhar em outros sites

hollyjunior    0

hollyjunior
Postado

Olá outra vez

Continuo com o problema

Aqui fica o Log do Norman Malware Cleaner:

 

 

Norman Malware Cleaner v2.02.01

Copyright © 1990 - 2011, Norman ASA.

 

Norman Scanner Engine Version: 6.07.10

nvcbin.def: Version: 6.07.00, Date: 2011/09/05 20:34:39, Variants: 11407004

nvcmacro.def: Version: 6.07.00, Date: 2011/02/01 14:21:31, Variants: 20465

 

Operating System: Windows 7 Service Pack 1 x64

 

Switches: /iagree

 

Scan started: 2011/09/05 21:51:11

 

Running pre-scan cleanup routine...

Potentially unwanted registry value: 'HKU\S-1-5-21-1295675630-2641133050-3349800410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System --> DisableRegistryTools = 0x00000000'

Deleted registry value: HKU\S-1-5-21-1295675630-2641133050-3349800410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System --> DisableRegistryTools = 0x00000000

Potentially unwanted registry value: 'HKU\S-1-5-21-1295675630-2641133050-3349800410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer --> NoDrives = 0x00000000'

Deleted registry value: HKU\S-1-5-21-1295675630-2641133050-3349800410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer --> NoDrives = 0x00000000

 

Number of malicious objects found: 2

Number of malicious objects cleaned: 2

Scanning time: 0s

 

Scanning system for FakeAV...

 

Number of malicious objects found: 0

Number of malicious objects cleaned: 0

Number of malicious files found: 0

Number of malicious files cleaned: 0

Scanning time: 0s

 

Scanning running processes and process memory...

 

Number of objects found: 766

Number of objects scanned: 766

Number of objects not scanned: 0

Number of malicious memory objects found: 0

Number of malicious objects cleaned: 0

Number of malicious files found: 0

Number of malicious files cleaned: 0

Scanning time: 38s

 

Running full scan...

C:\Program Files\AVAST Software\Avast\2070\Avast5_2070.chm: Error opening file for read: 0x00000005

C:\Program Files\AVAST Software\Avast\aswSidebar.gadget: Error opening file for read: 0x00000005

C:\Program Files\AVAST Software\Avast\WebRep\FF\skin\wrc ico 16x16px a 24x24px.zip: Error opening file for read: 0x00000005

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file1: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file1: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file1: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file1: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file1: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file1: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file1: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file1: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file1: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file1: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file1: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file11: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file11: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file11: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file11: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file11: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file11: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file11: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file11: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file11: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file11: Damaged file

C:\Program Files (x86)\Ad-Remover\Backup\AD-R.exe/noname.nsis/file11: Damaged file

C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012 DEMO\PES2012 demo - unlock teams.exe: File infected with W32/Suspicious_P1!genr

Deleted file: C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012 DEMO\PES2012 demo - unlock teams.exe

C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock: Error opening file for read: 0x00000020

C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1: Error opening file for read: 0x00000020

C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0: Error opening file for read: 0x00000020

C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3: Error opening file for read: 0x00000020

C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Cache\data_4: Error opening file for read: 0x00000020

C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2: Error opening file for read: 0x00000020

C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Cache\index: Error opening file for read: 0x00000020

C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Current Session: Error opening file for read: 0x00000020

C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Current Tabs: Error opening file for read: 0x00000020

C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\sqlite3.dll: File infected with HTML/Agent.NJ

Deleted file: C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\sqlite3.dll

C:\Users\Utilizador\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Error opening file for read: 0x00000020

C:\Users\Utilizador\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2: Error opening file for read: 0x00000020

C:\Users\Utilizador\AppData\Local\Norman Malware Cleaner\Quarantine\dc8fd29ae1bce5a0e1bda9953dbf9181.qtn: File infected with HTML/Agent.NJ

Deleted file: C:\Users\Utilizador\AppData\Local\Norman Malware Cleaner\Quarantine\dc8fd29ae1bce5a0e1bda9953dbf9181.qtn

C:\Users\Utilizador\AppData\Local\Temp\etilqs_i6qCt3Zbv9T1E5T: Error opening file for read: 0x00000020

C:\Users\Utilizador\AppData\Local\Temp\etilqs_j7SF44ToahuJnSY: Error opening file for read: 0x00000020

C:\Users\Utilizador\AppData\Local\Temp\etilqs_oJzZV4LPi64hIHf: Error opening file for read: 0x00000020

C:\Users\Utilizador\NTUSER.DAT: Error opening file for read: 0x00000020

C:\Users\Utilizador\ntuser.dat.LOG1: Error opening file for read: 0x00000020

C:\Users\Utilizador\ntuser.dat.LOG2: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020

C:\Windows\System32\catroot2\edb.log: Error opening file for read: 0x00000020

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Error opening file for read: 0x00000020

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Error opening file for read: 0x00000020

C:\Windows\System32\config\DEFAULT: Error opening file for read: 0x00000020

C:\Windows\System32\config\DEFAULT.LOG1: Error opening file for read: 0x00000020

C:\Windows\System32\config\DEFAULT.LOG2: Error opening file for read: 0x00000020

C:\Windows\System32\config\RegBack\DEFAULT: Error opening file for read: 0x00000020

C:\Windows\System32\config\RegBack\SAM: Error opening file for read: 0x00000020

C:\Windows\System32\config\RegBack\SECURITY: Error opening file for read: 0x00000020

C:\Windows\System32\config\RegBack\SOFTWARE: Error opening file for read: 0x00000020

C:\Windows\System32\config\RegBack\SYSTEM: Error opening file for read: 0x00000020

C:\Windows\System32\config\SAM: Error opening file for read: 0x00000020

C:\Windows\System32\config\SAM.LOG1: Error opening file for read: 0x00000020

C:\Windows\System32\config\SAM.LOG2: Error opening file for read: 0x00000020

C:\Windows\System32\config\SECURITY: Error opening file for read: 0x00000020

C:\Windows\System32\config\SECURITY.LOG1: Error opening file for read: 0x00000020

C:\Windows\System32\config\SECURITY.LOG2: Error opening file for read: 0x00000020

C:\Windows\System32\config\SOFTWARE: Error opening file for read: 0x00000020

C:\Windows\System32\config\SOFTWARE.LOG1: Error opening file for read: 0x00000020

C:\Windows\System32\config\SOFTWARE.LOG2: Error opening file for read: 0x00000020

C:\Windows\System32\config\SYSTEM: Error opening file for read: 0x00000020

C:\Windows\System32\config\SYSTEM.LOG1: Error opening file for read: 0x00000020

C:\Windows\System32\config\SYSTEM.LOG2: Error opening file for read: 0x00000020

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl: Error opening file for read: 0x00000020

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl: Error opening file for read: 0x00000020

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl: Error opening file for read: 0x00000020

C:\Windows\SysWOW64\log.txt: Error opening file for read: 0x00000020

C:\Windows\Temp\_avast_\Webshlock.txt: Error opening file for read: 0x00000020

 

Number of files found: 164508

Number of archives unpacked: 3752

Number of objects found: 375123

Number of objects scanned: 374950

Number of objects not scanned: 57

Number of malicious objects found: 3

Number of malicious objects cleaned: 3

Number of malicious files found: 3

Number of malicious files cleaned: 3

Scanning time: 1h 28m 59s

 

Running post-scan cleanup routine...

 

Number of malicious objects found: 0

Number of malicious objects cleaned: 0

Scanning time: 11s

 

Results:

Total number of files found: 164508

Total number of archives unpacked: 3752

Total number of objects found: 375889

Total number of objects scanned: 375716

Total number of objects not scanned: 57

Total number of malicious objects found: 5

Total number of malicious objects cleaned: 5

Total number of malicious files found: 3

Total number of malicious files cleaned: 3

Total number of objects quarantined: 5

Total scanning time: 1h 29m 48s

 

 

E Aqui fica o log do Hijackthis:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:27:04, on 05-09-2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: 65.54.239.80 messenger.hotmail.com

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

O1 - Hosts: 65.54.239.80 messenger.hotmail.com

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMSAccess64 - Unknown owner - C:\Windows\SysWOW64\NMSAccess64.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 13129 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

:seta: Siga, por gentileza, as dicas deste tutorial:

 

Tutorial do USBFix

 

Poste o log do Usbfix que estará em C:\UsbFix.txt em sua próxima resposta juntamente com um novo log do Hijackthis e nos diga como está o PC após este procedimento.

 

Ficamos no aguardo.

Compartilhar este post

Link para o post
Compartilhar em outros sites

hollyjunior    0

hollyjunior
Postado

Aqui fica o log do Usb Fix:

 

 

Internet Explorer 9.0.8112.16421

Windows Firewall Status : Enabled

 

C:\ -> Local Fixed Disk # 149,41 Go (86,75 Go free) [WINDOWS] # NTFS

D:\ -> Local Fixed Disk # 148,28 Go (123,38 Go free) [Data] # NTFS

E:\ -> CD-ROM Disc

F:\ -> CD-ROM Disc

G:\ -> Removable Disk # 982,72 Mo (974,98 Mo free) [uSB DISK] # FAT

H:\ -> Removable Disk # 3,76 Go (3,76 Go free) # FAT32

 

################## | Ficheiros # pastas infeciosos |

 

 

################## | Registro |

 

[HKLM\software\microsoft\windows nt\currentversion\winlogon] "Taskman"

 

################## | Mountpoints2 |

 

HKCU\..\..\Explorer\MountPoints2\{1fdef589-33a6-11e0-a941-00266c75af57}

shell\AutoRun\command =F:\autorun.exe

 

################## | Vaccin |

 

(!) Este computador não é vacinada!

 

################## | ! Fim do relatório # UsbFix V6.098 ! |

 

 

 

e aqui fica o log do Hijackthis:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:39:13, on 06-09-2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utilizador\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: 65.54.239.80 messenger.hotmail.com

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

O1 - Hosts: 65.54.239.80 messenger.hotmail.com

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMSAccess64 - Unknown owner - C:\Windows\SysWOW64\NMSAccess64.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12387 bytes

 

Continua com o mesmo problema :(

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

Por enquanto não precisa postar o log do Hijackthis, só o dos programas mesmo.

_________________

 

:seta: No log do Usbfix está constando que foram detectados problemas, mas ao que parece ainda não foram removidos.

 

Há uma nova versão dele no link abaixo, remova a versão anterior e baixe esta nova por gentileza:

http://www.teamxscript.org/too/UsbFix.exe

 

Depois disto é só executá-lo > clique no botão Supressão e vá seguindo os passos que ele vai te mostrando.

 

Depois é só postar o novo log dele e nos dizer como está o PC depois disto.

Compartilhar este post

Link para o post
Compartilhar em outros sites

hollyjunior    0

hollyjunior
Postado

Continuo com o mesmo problema :(

 

Esta aqui o log do Usb Fix:

 

 

############################## | UsbFix 7.058 | [supressão]

 

Usuário: Utilizador (Administrador) # UTILIZADOR-TOSH [TOSHIBA Satellite L650]

Atualizado em 24/08/2011 por El Desaparecido

Começou em 19:45:18 | 06/09/2011

Site: http://www.teamxscript.org

Submit your sample: http://www.teamxscript.org/Upload.php

Contato: contact@eldesaparecido.com

 

CPU: Intel® Core i5 CPU M 450 @ 2.40GHz

CPU 2: Intel® Core i5 CPU M 450 @ 2.40GHz

Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1

Internet Explorer 9.0.8112.16421

 

Windows Firewall: Habilitado

RAM -> 3958 Mb

C:\ (%systemdrive%) -> Disco fixo # 149 Gb (85 Mb livre - 57%) [WINDOWS] # NTFS

D:\ -> Disco fixo # 148 Gb (123 Mb livre - 83%) [Data] # NTFS

E:\ -> CD-ROM

F:\ -> CD-ROM

G:\ -> Disco removível # 983 Mb (975 Mb livre - 99%) [uSB DISK] # FAT

H:\ -> Disco removível # 4 Gb (4 Mb livre - 100%) [] # FAT32

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\$RECYCLE.BIN\S-1-5-21-1295675630-2641133050-3349800410-1000

Supprimido ! D:\$RECYCLE.BIN\S-1-5-21-1295675630-2641133050-3349800410-1000

 

################## | Registro |

 

 

################## | Mountpoints2 |

 

 

################## | Listing |

 

[09/02/2011 - 15:25:53 | D ] C:\$AVG

[06/09/2011 - 19:47:22 | SHD ] C:\$RECYCLE.BIN

[04/08/2011 - 22:10:31 | N | 1024] C:\.rnd

[05/09/2011 - 19:54:24 | D ] C:\32788R22FWJFW

[05/09/2011 - 16:14:38 | N | 1196] C:\aaw7boot.log

[05/09/2011 - 17:22:31 | N | 5441] C:\Ad-Report-SCAN[1].txt

[06/09/2011 - 19:41:33 | RASHD ] C:\autorun.inf

[05/09/2011 - 12:25:08 | N | 3288] C:\bootsqm.dat

[27/05/2011 - 19:32:40 | D ] C:\BTNext

[05/09/2011 - 22:48:04 | D ] C:\Config.Msi

[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings

[19/08/2011 - 17:19:21 | D ] C:\Download

[05/09/2011 - 16:30:24 | N | 885] C:\FindyKill_Upload_Me_Utilizador-TOSH.zip

[05/09/2011 - 16:31:38 | D ] C:\FyK

[05/09/2011 - 16:31:38 | N | 1926] C:\FyK.txt

[06/09/2011 - 15:42:57 | ASH | 3112587264] C:\hiberfil.sys

[29/01/2011 - 11:42:59 | D ] C:\Intel

[14/07/2011 - 14:01:14 | D ] C:\Log

[12/03/2011 - 19:41:55 | RHD ] C:\MSOCache

[21/08/2011 - 02:52:42 | D ] C:\Nexon

[06/09/2011 - 15:43:02 | ASH | 4150116352] C:\pagefile.sys

[14/07/2009 - 04:20:08 | D ] C:\PerfLogs

[05/09/2011 - 01:03:34 | D ] C:\Program Files

[05/09/2011 - 18:49:08 | D ] C:\Program Files (x86)

[29/01/2011 - 13:15:39 | D ] C:\Programas

[05/09/2011 - 18:49:08 | HD ] C:\ProgramData

[01/04/2010 - 08:09:13 | N | 70] C:\SWSTAMP.TXT

[06/09/2011 - 14:13:56 | SHD ] C:\System Volume Information

[29/01/2011 - 13:25:26 | D ] C:\Toshiba

[06/09/2011 - 19:47:52 | D ] C:\UsbFix

[06/09/2011 - 19:45:29 | A | 2704] C:\UsbFix.txt

[06/09/2011 - 19:41:34 | N | 1293] C:\UsbFix_Upload_Me_Utilizador-TOSH.zip

[31/05/2011 - 21:25:46 | D ] C:\Users

[05/09/2011 - 21:35:21 | D ] C:\Windows

[29/01/2011 - 12:00:05 | D ] C:\Works

[06/09/2011 - 19:47:22 | SHD ] D:\$RECYCLE.BIN

[08/02/2011 - 15:54:17 | D ] D:\0141a70473eec830537e

[07/02/2011 - 23:47:52 | D ] D:\1081105e158863aadc

[30/04/2011 - 11:33:26 | D ] D:\AAP2011.V10.00.643.Plus.KEY.Till.11.2013_[pdclinks.net]

[06/09/2011 - 19:41:33 | RASHD ] D:\autorun.inf

[25/08/2011 - 19:14:25 | D ] D:\Config.Msi

[29/01/2011 - 20:10:42 | D ] D:\HDDRecovery

[21/08/2011 - 19:40:22 | D ] D:\Nova pasta

[05/09/2011 - 23:09:03 | D ] D:\Nova pasta (2)

[28/02/2011 - 20:09:17 | D ] D:\PFiles

[29/01/2011 - 11:37:25 | SHD ] D:\System Volume Information

[12/07/2011 - 19:41:26 | D ] D:\wow

[01/04/2011 - 08:48:36 | N | 165] G:\~$trabalho de PT.pptx

[18/07/2011 - 02:25:00 | D ] G:\Driver Checker v2.7.5 + Keygen[pdclinks.net]

[06/09/2011 - 19:41:34 | RASHD ] G:\autorun.inf

 

################## | Vaccin |

 

C:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

D:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

G:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

H:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

 

################## | Upload |

 

Favor enviar o arquivo: C:\UsbFix_Upload_Me_UTILIZADOR-TOSH.zip

http://www.teamxscript.org/Upload.php

Obrigado pela sua contribuição.

 

################## | E.O.F |

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

Mais problemas foram removidos.

_________________

 

:seta: Siga, por gentileza, estas dicas:

 

Tutorial do Flash Disinfector

http://www.caixadedicas.com/2009/10/tutorial-do-flash-disinfector.html

 

Tutorial do Remove Restrictions Tool (Sergiwa Antiviral Toolkit):

http://www.caixadedicas.com/2009/10/tutorial-do-remove-restrictions-tool.html

__________________

 

Depois nos diga como está PC.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

Nao consigo abrir o flash desinfector, eu carrego 2 vezes, carrego em executar e nao aparece mais nada

Ele não gera logs, você só o executa, e ele é bem rápido. Ai já termina. ele abriu normalmente? E quanto ao outro programa, você executou? caso não tenha executado, execute-o e depois nos diga o resultado.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito