[Resolvido] &nbspNotebook com virus Abnow.com

[isaiaslopes3 0]

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software

Run date: 2012-03-11 23:03:45

-----------------------------

23:03:45.344 OS Version: Windows 6.0.6002 Service Pack 2

23:03:45.344 Number of processors: 2 586 0xF0D

23:03:45.345 ComputerName: ISAIAS-PC UserName: ISAIAS

23:03:46.723 Initialize success

23:03:56.338 AVAST engine defs: 12031101

23:04:09.219 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

23:04:09.222 Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3

23:04:09.225 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000077

23:04:09.228 Disk 1 Vendor: RICOH 01 Size: 152627MB BusType: 0

23:04:09.232 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000078

23:04:09.235 Disk 2 Vendor: RICOH 02 Size: 152627MB BusType: 0

23:04:09.397 Disk 0 MBR read successfully

23:04:09.401 Disk 0 MBR scan

23:04:09.407 Disk 0 Windows VISTA default MBR code

23:04:09.431 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9424 MB offset 2048

23:04:09.475 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 143201 MB offset 19302400

23:04:09.529 Disk 0 scanning sectors +312579760

23:04:09.837 Disk 0 scanning C:\Windows\system32\drivers

23:04:46.707 Service scanning

23:04:54.920 Service GbpKm C:\Windows\system32\drivers\gbpkm.sys **LOCKED** 32

23:05:16.364 Modules scanning

23:05:47.162 Disk 0 trace - called modules:

23:05:47.182 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys

23:05:47.188 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87882ac8]

23:05:47.193 3 CLASSPNP.SYS[89ba38b3] -> nt!IofCallDriver -> [0x872d3368]

23:05:47.199 5 acpi.sys[806936bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x872d6028]

23:05:48.196 AVAST engine scan C:\Windows

23:06:07.635 AVAST engine scan C:\Windows\system32

23:12:55.380 AVAST engine scan C:\Windows\system32\drivers

23:13:46.877 AVAST engine scan C:\Users\ISAIAS

23:28:14.564 AVAST engine scan C:\ProgramData

23:33:39.598 Scan finished successfully

00:15:05.964 Disk 0 MBR has been saved successfully to "C:\Users\ISAIAS\Desktop\MBR.dat"

00:15:06.016 The log file has been saved successfully to "C:\Users\ISAIAS\Desktop\aswMBR.txt"

00:15:20.931 Disk 0 MBR has been saved successfully to "C:\Users\ISAIAS\Desktop\MBR.dat"

00:15:20.938 The log file has been saved successfully to "C:\Users\ISAIAS\Desktop\aswMBR2.txt"

 

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software

Run date: 2012-03-11 23:03:45

-----------------------------

23:03:45.344 OS Version: Windows 6.0.6002 Service Pack 2

23:03:45.344 Number of processors: 2 586 0xF0D

23:03:45.345 ComputerName: ISAIAS-PC UserName: ISAIAS

23:03:46.723 Initialize success

23:03:56.338 AVAST engine defs: 12031101

23:04:09.219 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

23:04:09.222 Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3

23:04:09.225 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000077

23:04:09.228 Disk 1 Vendor: RICOH 01 Size: 152627MB BusType: 0

23:04:09.232 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000078

23:04:09.235 Disk 2 Vendor: RICOH 02 Size: 152627MB BusType: 0

23:04:09.397 Disk 0 MBR read successfully

23:04:09.401 Disk 0 MBR scan

23:04:09.407 Disk 0 Windows VISTA default MBR code

23:04:09.431 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9424 MB offset 2048

23:04:09.475 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 143201 MB offset 19302400

23:04:09.529 Disk 0 scanning sectors +312579760

23:04:09.837 Disk 0 scanning C:\Windows\system32\drivers

23:04:46.707 Service scanning

23:04:54.920 Service GbpKm C:\Windows\system32\drivers\gbpkm.sys **LOCKED** 32

23:05:16.364 Modules scanning

23:05:47.162 Disk 0 trace - called modules:

23:05:47.182 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys

23:05:47.188 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87882ac8]

23:05:47.193 3 CLASSPNP.SYS[89ba38b3] -> nt!IofCallDriver -> [0x872d3368]

23:05:47.199 5 acpi.sys[806936bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x872d6028]

23:05:48.196 AVAST engine scan C:\Windows

23:06:07.635 AVAST engine scan C:\Windows\system32

23:12:55.380 AVAST engine scan C:\Windows\system32\drivers

23:13:46.877 AVAST engine scan C:\Users\ISAIAS

23:28:14.564 AVAST engine scan C:\ProgramData

23:33:39.598 Scan finished successfully

00:15:05.964 Disk 0 MBR has been saved successfully to "C:\Users\ISAIAS\Desktop\MBR.dat"

00:15:06.016 The log file has been saved successfully to "C:\Users\ISAIAS\Desktop\aswMBR.txt"

00:15:20.931 Disk 0 MBR has been saved successfully to "C:\Users\ISAIAS\Desktop\MBR.dat"

00:15:20.938 The log file has been saved successfully to "C:\Users\ISAIAS\Desktop\aswMBR2.txt"

[wings 22]

Acho que o Avira deve ter removido o arquivo contaminado durante o scan do aswMBR.

 

Vamos remover algumas ferramentas usadas.

 

1.

*Delete o MBRScan, o arquivo MbrScan.txt e Dump_Hdd0_DR0.mbr localizados no desktop

 

2.

*Delete o GMER e seu relatório

 

3.

*Delete o GrantPerms

 

4.

*Renomei o Combofix para Uninstall

*Execute-o e aguarde a mensagem "ComboFix está desinstalado"

 

 

Vamos continuar...

 

Espero estar terminando...:)

 

 

1.

*Baixe o Windows Repair e extraia para o desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Pule o Step 1 e siga Step 2, 3 e 4

 

2.

*Execute o Farbar Service Scanner. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

Selecione as opções:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

 

*Clique [scan]

*Cole o relatório FSS.txt localizado no desktop

[isaiaslopes3 0]

ah sim, quando o avira acusou, eu selecionei a opção excluir.

 

Farbar Service Scanner Version: 01-03-2012

Ran by ISAIAS (administrator) on 12-03-2012 at 01:04:42

Running from "C:\Users\ISAIAS\Desktop"

Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

Windows Update:

============

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

 

ja fiz o passo 2 e 3, mas esse 4 pede o seguinte:

 

System Restore: create ou restore

erunt: backup ou restore

 

após o passo 4 vem o "start repair": devo escolher qual, basic, advanced ou custom?

[wings 22]

Informe se resolveu o problema.

[isaiaslopes3 0]

o antivirus nao acusa mais nada e nao ha mais redirecionamento para o site abnow.com

devo usar o combofix pra ver se ele completa? das outras vezes ele nao rodava todo.

[wings 22]

o antivirus nao acusa mais nada e nao ha mais redirecionamento para o site abnow.com

devo usar o combofix pra ver se ele completa? das outras vezes ele nao rodava todo.

Não necessita...

 

Vamos remover as demais ferramentas.

 

 

1.

*Delete o aswMBR, seus relatórios e MBR.dat

 

2.

*Delete o Windows Repair

 

3.

*Delete o Farbar Service Scanner e seu relatório

 

4.

*Execute o OTL e clique [Limpeza] > [OK]

*O PC será reiniciado

 

 

Um abraço.

[isaiaslopes3 0]

pronto. resolvido?

[wings 22]

pronto. resolvido?

Sim....:)

 

 

Boa sorte!

 

 

Um abraço.

[isaiaslopes3 0]

pronto. resolvido?

e o fix.reg, devo deletar tb?

[wings 22]

pronto. resolvido?

e o fix.reg, devo deletar tb?

Pode...

 

Tudo resolvido...:)

 

 

Um abraço.

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.