[Resolvido] &nbspAnálise de log.

[leandro aislan 0]

Boa tarde, toda vez que instalo o anti virus ele acusa minhas fotos como vírus e coloca em quarentena, ai pego e recupero o sistema para minhas fotos voltarem, depois que recuperei vários programas não funcionam.

 

Segue o logo:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:40:35, on 14/05/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\HP\QuickPlay\QPService.exe

C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Users\Leandro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Leandro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Leandro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Leandro\Downloads\HijackThis (1).exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [bankerFixV3] \LinhaDefensiva\rotinas\postreboot.bat

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\Leandro\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 10080 bytes

[DigRam 144]

Bom Dia! leandro aislan

 

|- Siga,na ordem em que estão dispostos,estes procedimentos!

 

-/-/-/-

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

 

|- Dê início ao scan,clicando em "Recherche" < >

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[R].txt

 

-/-/-/-

 

|- Baixe: < AVPTool >

 

|- < Link-2 >

 

|- Você será conduzido a uma página da Kaspersky,solicitando um email para cadastro.

|- Ps: Será pedido seu nome e sobrenome.

|- Ps: Somente o campo "email" é obrigatório.

 

|- Informe seu email e depois,clique no botão "Submit Form".

|- Ps: A página será recarregada!

|- Clique no botão "Download".

|- Salve-o em seu desktop!

|- Duplo clique no arquivo "setup".

|- Ps: Aguarde a instalação!

|- Ps: Na próxima tela,marque: "I accept the licence agreement"

|- À seguir,clique em "Start".

 

|- Clique no botão: < >

|- Marque:

 

|- <1> Meu Computador;

|- <2> Disco local ( C: ) ou ( D: );

 

|- Ps: Normalmente,a unidade em que esteja instalado o SO!

 

 

|- Clique em "Actions".

|- Ps: Deixe os dois quadrinhos Marcados! <- Importante!

|- Ps: Imprima estas orientações,para posterior consulta!

|- Clique na aba "Automatic Scan" e aguarde o término da verificação.

 

|- Clique no botão < >

|- Clique em"Detected threats".

|- Clique no botão "Save".

|- Ps: Copie o conteúdo do arquivo salvo. <-- Se houver algo detectado!

|- Poste-o em sua resposta!

 

-/-/-/-

 

|- Baixe: | ZHPDiag | *ºº* < > ( ... de Nicolas Coolman )

 

|- Estando na página,clique em: < >

 

|- Salve-o no desktop!

 

 

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

 

 

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

 

 

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

 

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

 

 

|- Abra a ferramenta e clique no ícone do pergaminho. ( ZHPScript )

 

 

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

 

 

|- Clique em All.

 

|-

 

|- Clique em "Calendar" e escolha 30 dias!

 

 

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Ps: Salve-o em um local conveniente!

|- Anexe na sua resposta,ZHPDiag.txt.

|- Ps: Não poste,diretamente,esse arquivo texto.

|- Recomendo compactá-lo e anexar em sua resposta!

 

|- Ou envie-o à Pjjoint.malekal,clicando na seta azul! < >

 

|- Ou acesse: < >

 

|- Para enviar,siga o caminho: Selecionar arquivo... -> Abrir -> Upload file

|- Poste o endereço que estará em "Download link" ou "Forum link".

 

|- Ou acesse: < > ( Tire-o do zip ao enviar! )

 

|- Maiores informações: < |Link| >

 

Abraços!

[leandro aislan 0]

Segue o log do AdwCleaner:

 

# AdwCleaner v1.606 - Logfile created 05/15/2012 at 12:37:17

# Updated 10/05/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Leandro - LEANDRO-PC

# Running from : C:\Users\Leandro\Downloads\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Found : C:\Users\Leandro\AppData\Local\Babylon

Folder Found : C:\Users\Leandro\AppData\LocalLow\BabylonToolbar

Folder Found : C:\Users\Gabriela\AppData\LocalLow\BabylonToolbar

Folder Found : C:\ProgramData\Babylon

 

***** [Registry] *****

 

Key Found : HKCU\Software\Headlight

Key Found : HKLM\SOFTWARE\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

[x64] Key Found : HKCU\Software\Headlight

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

 

***** [Registre - GUID] *****

 

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v [unable to get version]

 

Profile name : default

File : C:\Users\Leandro\AppData\Roaming\Mozilla\Firefox\Profiles\q8fu0xw8.default\prefs.js

 

[OK] File is clean.

 

Profile name : default

File : C:\Users\Gabriela\AppData\Roaming\Mozilla\Firefox\Profiles\gw82po3i.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v18.0.1025.168

 

File : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [2294 octets] - [15/05/2012 12:37:17]

 

########## EOF - C:\AdwCleaner[R1].txt - [2422 octets] ##########

[DigRam 144]

Boa Tarde! leandro aislan

 

|- Lance,novamente,AdwCleaner e clique em "Delete" ou "Suppression".

 

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

-/-/-/-

 

|- Poste,também,à seguir,o relatório da ferramenta AVPTool.

|- Adicione o relatório de ZHPDiag.

 

Abraços!

[leandro aislan 0]

Boa tarde, após fazer o scaneamento do anti virus foram encontrado 27 virus e logo em seguida o windows reiniciou, sendo assim, não consegui tirar o log.

 

 

# AdwCleaner v1.606 - Logfile created 05/15/2012 at 13:23:20

# Updated 10/05/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Leandro - LEANDRO-PC

# Running from : C:\Users\Leandro\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Users\Leandro\AppData\Local\Babylon

Folder Deleted : C:\Users\Leandro\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Gabriela\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\ProgramData\Babylon

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Headlight

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v [unable to get version]

 

Profile name : default

File : C:\Users\Leandro\AppData\Roaming\Mozilla\Firefox\Profiles\q8fu0xw8.default\prefs.js

 

[OK] File is clean.

 

Profile name : default

File : C:\Users\Gabriela\AppData\Roaming\Mozilla\Firefox\Profiles\gw82po3i.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v18.0.1025.168

 

File : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [2409 octets] - [15/05/2012 12:37:17]

AdwCleaner[s1].txt - [1890 octets] - [15/05/2012 13:23:20]

 

########## EOF - C:\AdwCleaner[s1].txt - [2018 octets] ##########

[DigRam 144]

Boa Tarde! leandro aislan

 

"Como não foi possível postar o log de AVPTool,poste o de ZHPDiag."

~~°°~~

|- Poste o link ao relatório de ZHPDiag.

 

Abraços!

[leandro aislan 0]

Tentei passar novamente o anti virus e foi reiniciado.

As pastas com minhas fotos sumiram....

Pastas como back up do GPS também sumiram.

 

Segue o link do log:

 

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120515_w6s10m14j12i10

[DigRam 144]

Boa Tarde! leandro aislan

 

|- Qual antivírus estás utilizando no momento!

 

-/-/-/-

 

|- Feche programas/pastas que estejam abertas.

|- Para Windows Vista,desabilite a UAC.

 

 

|- Dê um duplo clique em ZHPFix.

 

|- Clique no menu,H < >

 

R3 - URLSearchHook: (no name) [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)

O4 - HKLM\..\Wow6432Node\RunOnce: [GrpConv] Orphean Key

O8 - Extra context menu item: res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 - (.not file.) - C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll

O8 - Extra context menu item: res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 - (.not file.) - C:\Program Files (x86)\MICROS~2\Office14\EXCEL.exe

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-140612206-2747226350-1124050360-1001Core.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-140612206-2747226350-1124050360-1001UA.job

[MD5.00000000000000000000000000000000] [APT] [{47BB9B61-FC39-45C4-98A7-974D6A487A39}] (...) -- C:\Users\Leandro\Downloads\Nova pasta\sp33411.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{909A5308-89BC-49B0-BD7D-B2A884376A28}] (...) -- C:\Program Files (x86)\Kazaa Lite K++\unins000.exe (.not file.)

O45 - LFCP:[MD5.BD62084FAB4BB2E00B133CF27A20761A] - 01/05/2012 - 20:05:03 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-140612206-2747226350-1124050360-1003.db

O45 - LFCP:[MD5.E2127E5A2022D794E454F4C16DDF7404] - 01/05/2012 - 20:05:03 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-140612206-2747226350-1124050360-1003.db

O45 - LFCP:[MD5.7EE76CFC40F58358450B7309CAC9CD35] - 01/05/2012 - 22:16:32 ---A- - C:\Windows\Prefetch\AgCx_SC1.db.trx

O45 - LFCP:[MD5.164496BE7384964E62DDFCA6C3B373EF] - 01/05/2012 - 22:17:32 ---A- - C:\Windows\Prefetch\AgCx_SC1.db

O45 - LFCP:[MD5.44EDC79AF59F197BF177F8B4B7ECEE2C] - 12/05/2012 - 18:42:44 ---A- - C:\Windows\Prefetch\AgCx_SC4.db

O45 - LFCP:[MD5.C1C59ADAB66769AAEDFA64670EF3C91C] - 14/05/2012 - 18:38:27 ---A- - C:\Windows\Prefetch\AgCx_S1_S-1-5-21-140612206-2747226350-1124050360-1003.snp.db

O45 - LFCP:[MD5.34B9CC1BEC4DEAD6BDBD5D64A977CEC7] - 15/05/2012 - 12:08:22 ---A- - C:\Windows\Prefetch\Layout.ini

O45 - LFCP:[MD5.21E3128737B604E398B7DB67E390ADBB] - 15/05/2012 - 12:37:25 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-140612206-2747226350-1124050360-1001.db

O45 - LFCP:[MD5.73F5EE182ED6E70E734657FC34DC3D35] - 15/05/2012 - 12:37:26 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-140612206-2747226350-1124050360-1001.db

O45 - LFCP:[MD5.005FC9B397F0148062810DF1942CA9D0] - 15/05/2012 - 13:50:54 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin

O45 - LFCP:[MD5.9338C6C6B9C73F290A3412AB65EB1341] - 15/05/2012 - 13:50:55 ---A- - C:\Windows\Prefetch\AgRobust.db

O45 - LFCP:[MD5.993BFAB40C554E87F57FDED3B393806A] - 15/05/2012 - 13:50:58 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db

O45 - LFCP:[MD5.56E4ED7CA9DA0356AEBE7ECEC09CE9E3] - 15/05/2012 - 13:51:00 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db

O45 - LFCP:[MD5.233C9EB4C26E35056B8F506194314ECB] - 15/05/2012 - 13:51:01 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db

 

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

[HKLM\Software\WOW6432Node\Classes\CLSID\{761f6a83-f007-49e4-8eac-cdb6808ef06f}]

 

C:\Users\Leandro\AppData\Local\Temp\2338343\bases\*.kdc

 

hostfix

proxyfix

emptytemp

emptyflash

firewallraz

sysrestore

|- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix.

|- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote.

|- Clique em GO -> Oui.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

-/-/-/-

 

|- Baixe: < DrWebCureIt >

|- Salve-o no desktop!

|- Reinicie o computador em Modo de Segurança.

|- Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

|- Na janela que abrir,clique em Iniciar -> OK.

|- Será dado início a "Verificação rápida" -> Feche a janela de propaganda!

|- Terminando,marque a caixa de "Verificação Completa".

|- Click em "Options" -> Em Change settings,desmarque a "Heuristic analysis".

|- Ps: Neste modo,são verificados os seguintes objetos:

 

|- <1> Sectores de Arranque de Todos os Discos

|- <2> Todas as Unidades Removíveis

|- <3> Todos os Discos Locais

 

|- Clique em "Iniciar verificação" -> Aguarde!

|- Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

|- Terminando,clique em "Ficheiro" -> "Guardar lista de relatórios".

|- Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Converta em Texto!

|- Poste: DrWeb.csv <- Relatório!

 

Abraços!

[leandro aislan 0]

Não estou usando nenhum anti virus, apenas agora que usei o kasperhy que deletou minhas pastas de fotos e outros back ups que tinha....

 

Rapport de ZHPFix 1.2.05 par Nicolas Coolman, Update du 30/04/2012

Fichier d'export Registre :

Run by Leandro at 15/05/2012 15:18:14

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Registry Key ==========

NOT FOUND Key: Menu Contextuel: res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

NOT FOUND Key: Menu Contextuel: res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

DELETED Key: HKLM\Software\WOW6432Node\Classes\CLSID\{761f6a83-f007-49e4-8eac-cdb6808ef06f}

 

========== Registry Value ==========

DELETED URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}

NOT FOUND RunValue: GrpConv

NOT FOUND CLSID SSODL: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

NOT FOUND Value Key: NoActiveDesktopChanges

NOT FOUND [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

No Value in Firewall Exception Register Key (FirewallRaz)

 

========== Repertory ==========

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

NOT FOUND File: c:\program files (x86)\micros~2\office14\onbttnie.dll

DELETED File: c:\windows\tasks\googleupdatetaskusers-1-5-21-140612206-2747226350-1124050360-1001core.job

DELETED File: c:\windows\tasks\googleupdatetaskusers-1-5-21-140612206-2747226350-1124050360-1001ua.job

NOT FOUND File: c:\windows\prefetch\aggluad_p_s-1-5-21-140612206-2747226350-1124050360-1003.db

NOT FOUND File: c:\windows\prefetch\aggluad_s-1-5-21-140612206-2747226350-1124050360-1003.db

NOT FOUND File: c:\windows\prefetch\agcx_sc1.db.trx

NOT FOUND File: c:\windows\prefetch\agcx_sc1.db

NOT FOUND File: c:\windows\prefetch\agcx_sc4.db

NOT FOUND File: c:\windows\prefetch\agcx_s1_s-1-5-21-140612206-2747226350-1124050360-1003.snp.db

NOT FOUND File: c:\windows\prefetch\layout.ini

NOT FOUND File: c:\windows\prefetch\aggluad_s-1-5-21-140612206-2747226350-1124050360-1001.db

NOT FOUND File: c:\windows\prefetch\aggluad_p_s-1-5-21-140612206-2747226350-1124050360-1001.db

NOT FOUND File: c:\windows\prefetch\pfsvperfstats.bin

NOT FOUND File: c:\windows\prefetch\agrobust.db

NOT FOUND File: c:\windows\prefetch\agglglobalhistory.db

NOT FOUND File: c:\windows\prefetch\agglfaulthistory.db

NOT FOUND File: c:\windows\prefetch\agglfgapphistory.db

DELETED File: C:\Users\Leandro\AppData\Local\Temp\2338343\bases\*.kdc

DELETED File*: c:\users\leandro\appdata\local\temp\2338343\bases\*.kdc

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Task ==========

DELETED Task: {47BB9B61-FC39-45C4-98A7-974D6A487A39}

DELETED Task: {909A5308-89BC-49B0-BD7D-B2A884376A28}

 

========== Restoration ==========

Restore System Point not created

 

 

========== Summary ==========

3 : Registry Key

14 : Registry Value

2 : Repertory

21 : File

2 : Task

1 : Restoration

 

 

End of clean in 00mn 10s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 15/05/2012 15:18:14 [3239]

[DigRam 144]

Boa Tarde! leandro aislan

 

Não estou usando nenhum anti virus, apenas agora que usei o kasperhy que deletou minhas pastas de fotos e outros back ups que tinha....

|- Ótimo! Até concluírmos o caso,pode ficar sem antivírus.

|- Aguardo,então,a desinfecção que proporcionará a ferramenta DrWebCureit.

 

Abraços!

[leandro aislan 0]

Uma pergunta, esta maquina que estou agora foi que você arrumou ontem, nela uso o kaspersky versão paga, fui colocar o cartão de memória da minha camera e acusou virus? O que pode ser?? notei que de uns dias pra cá, nem minha camera esta aceitando os cartões se não formatar? tem alguma coisa relacionado???

O anti virus fez a leitura e movel para a quarentena.

[DigRam 144]

Boa Tarde! leandro aislan

 

Uma pergunta, esta maquina que estou agora foi que você arrumou ontem, nela uso o kaspersky versão paga, fui colocar o cartão de memória da minha camera e acusou virus? O que pode ser??

|- Ainda não sei com quem estamos lidando,já que o relatório de AVPTool não foi postado e estou aguardando o de DrWebCureit. Mas... estou desconfiado da presença de file infectors,provavelmente o Sality.

|- Ps: Você obteve essa referência,durante o scan de AVPTool e/ou DrWeb?

 

-/-/-/-

 

notei que de uns dias pra cá, nem minha camera esta aceitando os cartões se não formatar? tem alguma coisa relacionado???

|- Se for infector(s),a formatação seria um boa possibilidade.

 

-/-/-/-

 

|- Baixe: < sality_off.zip >

|- Extraia seu conteúdo,para o C:\. <-- Disco local ©

|- Desative seu antivírus temporariamente!

|- Ps: A ferramenta será executada,simultaneamente,em 2 janelas:

 

<1> A primeira janela:

 

|- Vá em Iniciar --> Executar > Digite: C:\Sality_off.exe -m

 

 

|- Clique OK!

|- Ps: Aguarde a finalização,que é demorada!

 

<2> A segunda janela:

 

|- Clique Iniciar -> Executar -> Copie e cole: C:\salitykiller.exe -y -l sality.txt -> OK.

|- Ps: Ao concluir,a janela 2 será fechada automaticamente!

|- Feche,à seguir,a "janela 1".

|- Ps: Aguarde a finalização,que é demorada!

|- Terminando,aperte ENTER!

 

############

Monitoring thread stopped

01:39:21:156 2368

completed

01:39:21:156 2368 Infected files: 387

01:39:21:156 2368 Infected processes: 0

01:39:21:156 2368 Infected threads: 0

01:39:21:156 2368 Cured files: 386

01:39:21:156 2368 Will be cured on reboot: 0

01:39:21:156 2368 Executed registry scripts: 1

############

 

|- Poste,segundo o exemplo,seu resumo final ou conclusão.

 

Abraços!

[leandro aislan 0]

Tirei o cartão do notebook e coloquei na outra maquina, o kaspersky que acusou....

** Ainda estou scaneando com o Dr...esta bem demorado....

 

Quando formato o cartão fica tudo ok, quando coloco no notebook volta a dar problemas na camera.

 

Logo após terminar o DR executo o sality ou posso executar junto??

[DigRam 144]

Boa Tarde! leandro aislan

 

Logo após terminar o DR executo o sality ou posso executar junto??

|- Aguarde a conclusão de DrWeb e,à seguir,execute o Sality_off.

 

Abraços!

[leandro aislan 0]

Bom dia, demorou mas acabou rs.

 

Segue:

 

download.exe C:\LinhaDefensiva\exec Win32.Sector.22 Desinfectado.

md5.exe C:\LinhaDefensiva\exec Win32.Sector.22 Desinfectado.

pv.exe C:\LinhaDefensiva\exec Win32.Sector.22 Desinfectado.

unzip.exe C:\LinhaDefensiva\exec Win32.Sector.22 Desinfectado.

3DVision_195.62.exe C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English Win32.Sector.22 Desinfectado.

hdaudio_1.00.00.63_xp_vista_win7.exe C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English Win32.Sector.22 Desinfectado.

NvCplSetupEng.exe C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English Win32.Sector.22 Desinfectado.

PhysX_9.09.0814_SystemSoftware.exe C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English Win32.Sector.22 Desinfectado.

setup.exe C:\NVIDIA\DisplayDriver\195.62\WinVista_Win7_64\English Win32.Sector.22 Desinfectado.

setup.exe C:\NVIDIA\nForceWin7\32bit Win32.Sector.22 Desinfectado.

NvCplSetupInt.exe C:\NVIDIA\nForceWin7\32bit\Display Win32.Sector.22 Desinfectado.

nvudisp.exe C:\NVIDIA\nForceWin7\32bit\Display Win32.Sector.22 Desinfectado.

PDsetup.exe C:\NVIDIA\nForceWin7\32bit\Display Win32.Sector.22 Desinfectado.

PhysX_9.09.0203_SystemSoftware.exe C:\NVIDIA\nForceWin7\32bit\Display Win32.Sector.22 Desinfectado.

setup.exe C:\NVIDIA\nForceWin7\32bit\Display Win32.Sector.22 Desinfectado.

DPInst.exe C:\NVIDIA\nForceWin7\32bit\Ethernet Win32.Sector.22 Desinfectado.

nvunrm.exe C:\NVIDIA\nForceWin7\32bit\Ethernet Win32.Sector.22 Desinfectado.

NAMSetup.exe C:\NVIDIA\nForceWin7\32bit\Ethernet\NAM Win32.Sector.22 Desinfectado.

nvuhda.exe C:\NVIDIA\nForceWin7\32bit\HDAudio Win32.Sector.22 Desinfectado.

nvusmu.exe C:\NVIDIA\nForceWin7\32bit\SMU Win32.Sector.22 Desinfectado.

setup.exe C:\NVIDIA\WinVista64\179.48\IS Win32.Sector.22 Desinfectado.

PhysX_9.09.0010_SystemSoftware.exe C:\NVIDIA\WinVista64\179.48\IS\Display Win32.Sector.22 Desinfectado.

setup.exe C:\NVIDIA\WinVista64\179.48\IS\Display Win32.Sector.22 Desinfectado.

nvuhda.exe C:\NVIDIA\WinVista64\179.48\IS\HDAudio Win32.Sector.22 Desinfectado.

TeamViewer_Desktop.exe C:\Program Files (x86)\TeamViewer\Version6 Win32.Sector.22 Desinfectado.

tv_w32.exe C:\Program Files (x86)\TeamViewer\Version6 Win32.Sector.22 Desinfectado.

uninstall.exe C:\Program Files (x86)\TeamViewer\Version6 Win32.Sector.22 Desinfectado.

rmvparse.exe C:\Sierra\Empire Earth Win32.Sector.22 Desinfectado.

SierraUp.exe C:\Sierra\Empire Earth\Sierra Update Win32.Sector.22 Desinfectado.

nvuide.exe C:\swsetup\SP33411 Win32.Sector.22 Desinfectado.

nvunrm.exe C:\swsetup\SP33411 Win32.Sector.22 Desinfectado.

nvusmb.exe C:\swsetup\SP33411 Win32.Sector.22 Desinfectado.

nvusmu.exe C:\swsetup\SP33411 Win32.Sector.22 Desinfectado.

setup.exe C:\swsetup\SP33411 Win32.Sector.22 Desinfectado.

nvunrm.exe C:\swsetup\SP33411\Ethernet Win32.Sector.22 Desinfectado.

nvuide.exe C:\swsetup\SP33411\IDE\Win2K\sata_ide Win32.Sector.22 Desinfectado.

nvuide.exe C:\swsetup\SP33411\IDE\WinXP\sata_ide Win32.Sector.22 Desinfectado.

nvusmb.exe C:\swsetup\SP33411\SMBus Win32.Sector.22 Desinfectado.

nvusmu.exe C:\swsetup\SP33411\SMU Win32.Sector.22 Desinfectado.

Setup.exe C:\swsetup\SP37732 Win32.Sector.22 Desinfectado.

Setup.exe C:\swsetup\SP37732\Hermosa Win32.Sector.22 Desinfectado.

Setup.exe C:\swsetup\SP37732\Hermosa\V32 Win32.Sector.22 Desinfectado.

UIU32a.exe C:\swsetup\SP37732\Hermosa\V32 Win32.Sector.22 Desinfectado.

Setup.exe C:\swsetup\SP37732\Hermosa\V32\SmAudio Win32.Sector.22 Desinfectado.

SmAudio.exe C:\swsetup\SP37732\Hermosa\V32\SmAudio\SmAudio Win32.Sector.22 Desinfectado.

Setup.exe C:\swsetup\SP37732\Hermosa\V64\SmAudio Win32.Sector.22 Desinfectado.

SmAudio.exe C:\swsetup\SP37732\Hermosa\V64\SmAudio\SmAudio Win32.Sector.22 Desinfectado.

Setup.exe C:\swsetup\SP37732\Venice Win32.Sector.22 Desinfectado.

Setup.exe C:\swsetup\SP37732\Venice\V32 Win32.Sector.22 Desinfectado.

UIU32a.exe C:\swsetup\SP37732\Venice\V32 Win32.Sector.22 Desinfectado.

Setup.exe C:\swsetup\SP37732\Venice\V32\SmAudio Win32.Sector.22 Desinfectado.

SmAudio.exe C:\swsetup\SP37732\Venice\V32\SmAudio\SmAudio Win32.Sector.22 Desinfectado.

Setup.exe C:\swsetup\SP37732\Venice\V64\SmAudio Win32.Sector.22 Desinfectado.

SmAudio.exe C:\swsetup\SP37732\Venice\V64\SmAudio\SmAudio Win32.Sector.22 Desinfectado.

setup.exe C:\swsetup\SP38171\Disk1 Win32.Sector.22 Desinfectado.

Ev~NeN^e.eXe C:\Users\Gabriela\AppData\Local\Temp Win32.HLLW.Autoruner.54936 Incuravel.Movido.

vqvbl.exe C:\Users\Gabriela\AppData\Local\Temp BackDoor.Siggen.45488 Incuravel.Movido.

Messenger Plus .scr C:\Users\Gabriela\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.

Messenger Plus! .scr C:\Users\Gabriela\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.

Ev~NeN^e.eXe C:\Users\Leandro\AppData\Local\Temp Win32.HLLW.Autoruner.54936 Incuravel.Movido.

winhfjnt.exe C:\Users\Leandro\AppData\Local\Temp BackDoor.Siggen.45488 Incuravel.Movido.

Originals .scr C:\Users\Leandro\Desktop\Exportação sem título Win32.HLLW.Autoruner.54936 Incuravel.Movido.

audio .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.

backup .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.

content .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.

custom .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.

debug .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.

gscript .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.

iGO .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.

license .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.

save .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.

ui_android .scr C:\Users\Leandro\Desktop\iGO Win32.HLLW.Autoruner.54936 Incuravel.Movido.

2011 .scr C:\Users\Leandro\Desktop\niver Win32.HLLW.Autoruner.54936 Incuravel.Movido.

niver Previews.lrdata .scr C:\Users\Leandro\Desktop\niver Win32.HLLW.Autoruner.54936 Incuravel.Movido.

0 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

1 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

2 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

3 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

4 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

5 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

6 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

7 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

8 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

9 .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

A .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

B .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

C .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

D .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

E .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

F .scr C:\Users\Leandro\Desktop\niver\niver Previews.lrdata Win32.HLLW.Autoruner.54936 Incuravel.Movido.

iGO .scr C:\Users\Leandro\Desktop\Nova pasta Win32.HLLW.Autoruner.54936 Incuravel.Movido.

atualizacao_radares_05_jan[1] .scr C:\Users\Leandro\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.

HostsXpert[1] .scr C:\Users\Leandro\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.

Messenger Plus .scr C:\Users\Leandro\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.

Messenger Plus! .scr C:\Users\Leandro\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.

Meus arquivos recebidos .scr C:\Users\Leandro\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.

samsung .scr C:\Users\Leandro\Documents Win32.HLLW.Autoruner.54936 Incuravel.Movido.

 

Bom dia não consegui salvar em C:

 

Aparece a msg : ! C:\sality_off.zip: Não foi possível criar Sality_off.exe

Acesso negado.

[DigRam 144]

Boa Tarde! leandro aislan

 

|- Vamos desinstalar algumas ferramentas,mas...caso queira certifique-se da ausência do Sality com o Norman.

 

-/-/-/-

 

|- Baixe: |DelFix| ( ... de Xplode )

 

 

|- Estando na página,clique na seta verde,para o download. ( Seta verde! )

|- Salve-a em um local conveniente! ( desktop! )

|- Feche aplicativos que estejam abertos.

 

 

|- Clique em "Suppression".

|- Poste o relatório! ( C:\DelFixSuppr.txt )

|- À seguir,para remover DelFix do seu computador,clique em "Désinstallation".

 

-/-/-/-

 

|- Baixe: < >

 

|- Ou |Aqui|.

 

 

|- Digite,no campo,o seu email e clique em "Download Free Malware Cleaner".

|- Salve-o no desktop.

|- Vá ao arquivo e clique em Executar --> Accept.

|- Clique em Add,para adicionar ou Remove,para remover unidades/setores à serem escaneados. ( C:\*.*,D:\*.*,E:\*.*,etc... )

|- Clique em "Scan" --> Aguarde!

|- Ao concluir,clique em "Result" e poste o relatório,que estará no desktop.

|- Ps: Caminho ao relatório: C:\Documents and Settings\norman\Desktop\Nmc_2012-xx-xx_yy-yy-yy.log

 

Abraços!

[leandro aislan 0]

Boa tarde,

 

não entendi esta parte.

 

[/|- Vamos desinstalar algumas ferramentas,mas...caso queira certifique-se da ausência do Sality com o Norman.

 

 

 

 

# DelFix v8.8 - Rapport créé le 16/05/2012 à 13:23:17

# Mis à jour le 12/02/12 par Xplode

# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)

# Nom d'utilisateur : Leandro - LEANDRO-PC (Administrateur)

# Exécuté depuis : C:\Users\Leandro\Desktop\delfix.exe

# Option [suppression]

 

 

~~~~~~ Dossiers(s) ~~~~~~

 

Supprimé : C:\ZHP

Supprimé : C:\Users\Leandro\DoctorWeb

Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

Supprimé : C:\Program Files (x86)\ZHPDiag

 

~~~~~~ Fichier(s) ~~~~~~

 

Supprimé : C:\AdwCleaner[R1].txt

Supprimé : C:\AdwCleaner[s1].txt

Supprimé : C:\PhysicalDisk0_MBR.bin

Supprimé : C:\Users\Leandro\Desktop\drweb-cureit.exe

Supprimé : C:\Users\Leandro\Desktop\OTS.exe

Supprimé : C:\Users\Leandro\Desktop\OTS.Txt

Supprimé : C:\Users\Leandro\Desktop\ZHPDiag.txt

Supprimé : C:\Users\Leandro\Desktop\ZHPFixReport.txt

Supprimé : C:\Users\Leandro\Downloads\adwcleaner.exe

Supprimé : C:\Users\Leandro\Downloads\HijackThis (1).exe

Supprimé : C:\Users\Leandro\Downloads\HijackThis.exe

Supprimé : C:\Users\Leandro\Downloads\hijackthis.log

Supprimé : C:\Users\Leandro\Downloads\ZHPDiag2.exe

Supprimé : C:\Users\Leandro\Downloads\ZHPDiag2_exe (1).2qshcea.partial

Supprimé : C:\Users\Leandro\Downloads\ZHPDiag2_exe.6c1dcos.partial

Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk

Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk

Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk

 

~~~~~~ Registre ~~~~~~

 

Clé Supprimée : HKCU\Software\IDAVLab

Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools

Clé Supprimée : HKLM\SOFTWARE\AdwCleaner

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

 

~~~~~~ Autres ~~~~~~

 

-> Prefetch Vidé

 

*************************

 

DelFix[s1].txt - [1766 octets] - [16/05/2012 13:23:17]

 

########## EOF - C:\DelFix[s1].txt - [1890 octets] ##########

 

 

 

 

Norman Malware Cleaner v2.05.05

Copyright © 1990 - 2012, Norman ASA.

 

Norman Scanner Engine Version: 6.08.06

nvcbin.def: Version: 6.08.00, Date: 2012/05/16 03:16:23, Variants: 15110355

nvcmacro.def: Version: 6.08.00, Date: 2012/04/18 13:30:56, Variants: 20466

 

Operating System: Windows 7 Service Pack 1 x64

 

Switches: /iagree

 

Scan started: 2012/05/16 13:30:53

 

Running pre-scan cleanup routine...

 

Number of malicious objects found: 0

Number of malicious objects cleaned: 0

Scanning time: 0s

 

Scanning running processes and process memory...

 

Number of objects found: 1173

Number of objects scanned: 1173

Number of objects not scanned: 0

Number of malicious memory objects found: 0

Number of malicious objects cleaned: 0

Number of malicious files found: 0

Number of malicious files cleaned: 0

Scanning time: 2m 24s

 

Scanning system for FakeAV...

 

Number of malicious objects found: 0

Number of malicious objects cleaned: 0

Number of malicious files found: 0

Number of malicious files cleaned: 0

Scanning time: 1s

 

Running custom scan...

C:\Program Files (x86)\GameVicio\Empire Earth\Atualizador.exe: Archive infected

C:\Program Files (x86)\GameVicio\Empire Earth\Atualizador.exe/noname.nsis/nsis.sld/file2: File infected with W32/Suspicious_Gen2.ONV

Delete archive object: C:\Program Files (x86)\GameVicio\Empire Earth\Atualizador.exe/noname.nsis/nsis.sld/file2

Cleaning not supported (220000)

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log: Error opening file for read: 0x00000020

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log: Error opening file for read: 0x00000020

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Error opening file for read: 0x00000020

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Error opening file for read: 0x00000020

C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock: Error opening file for read: 0x00000020

C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin: Error opening file for read: 0x00000020

C:\sality_off.zip: Archive infected

C:\sality_off.zip/Sality_off.exe: File infected with W32/Malware.LBBA

Delete archive object: C:\sality_off.zip/Sality_off.exe

Cleaning successful

C:\sality_off.zip: Archive is empty after cleaning

Delete file: C:\sality_off.zip

Cleaning successful

C:\System Volume Information\Syscache.hve: Error opening file for read: 0x00000020

C:\System Volume Information\Syscache.hve.LOG1: Error opening file for read: 0x00000020

C:\System Volume Information\Syscache.hve.LOG2: Error opening file for read: 0x00000020

C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0006a4/file0: I/O error scanning file: 0x00000026

C:\Users\Leandro\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E69A3AB3-9F43-11E1-84AE-E70EA2D74FCC}.dat: Error opening file for read: 0x00000020

C:\Users\Leandro\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{4F3E2610-9F73-11E1-84AE-E70EA2D74FCC}.dat: Error opening file for read: 0x00000020

C:\Users\Leandro\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{7FE0DCE0-9F73-11E1-84AE-E70EA2D74FCC}.dat: Error opening file for read: 0x00000020

C:\Users\Leandro\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{FCBBD150-9F43-11E1-84AE-E70EA2D74FCC}.dat: Error opening file for read: 0x00000020

C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoD22D.tmp: Error opening file for read: 0x00000020

C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\35I51YAC\sality_off[2].zip: Archive infected

C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\35I51YAC\sality_off[2].zip/Sality_off.exe: File infected with W32/Malware.LBBA

Delete archive object: C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\35I51YAC\sality_off[2].zip/Sality_off.exe

Cleaning successful

C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\35I51YAC\sality_off[2].zip: Archive is empty after cleaning

Delete file: C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\35I51YAC\sality_off[2].zip

Cleaning successful

C:\Users\Leandro\AppData\Local\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020

C:\Users\Leandro\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Error opening file for read: 0x00000020

C:\Users\Leandro\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2: Error opening file for read: 0x00000020

C:\Users\Leandro\AppData\Local\Temp\Rar$EX05.336\Sality_off.exe: File infected with W32/Malware.LBBA

Delete file: C:\Users\Leandro\AppData\Local\Temp\Rar$EX05.336\Sality_off.exe

Cleaning successful

C:\Users\Leandro\AppData\Local\Temp\~DF2EB8E364D1C6D048.TMP: Error opening file for read: 0x00000020

C:\Users\Leandro\AppData\Local\Temp\~DF74CF066CA39D7296.TMP: Error opening file for read: 0x00000020

C:\Users\Leandro\AppData\Local\Temp\~DF7B88092E01BFF1DE.TMP: Error opening file for read: 0x00000020

C:\Users\Leandro\AppData\Local\Temp\~DFCE07A1AE2F28AE63.TMP: Error opening file for read: 0x00000020

C:\Users\Leandro\AppData\Local\VirtualStore\sality_off.zip: Archive infected

C:\Users\Leandro\AppData\Local\VirtualStore\sality_off.zip/Sality_off.exe: File infected with W32/Malware.LBBA

Delete archive object: C:\Users\Leandro\AppData\Local\VirtualStore\sality_off.zip/Sality_off.exe

Cleaning successful

C:\Users\Leandro\AppData\Local\VirtualStore\sality_off.zip: Archive is empty after cleaning

Delete file: C:\Users\Leandro\AppData\Local\VirtualStore\sality_off.zip

Cleaning successful

C:\Users\Leandro\AppData\Roaming\Samsung\Kies\00000001.dat: I/O error scanning file: 0x00000026

C:\Users\Leandro\AppData\Roaming\Samsung\Kies\00000003.dat: I/O error scanning file: 0x00000026

C:\Users\Leandro\NTUSER.DAT: Error opening file for read: 0x00000020

C:\Users\Leandro\ntuser.dat.LOG1: Error opening file for read: 0x00000020

C:\Users\Leandro\ntuser.dat.LOG2: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\b86935641d9061465941847ad1353ba937a8c1e8.HomeGroupClassifier\9ed1ab26872d74fa5eef7c38364383d5\grouping\db.mdb: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\b86935641d9061465941847ad1353ba937a8c1e8.HomeGroupClassifier\9ed1ab26872d74fa5eef7c38364383d5\grouping\edb.log: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\b86935641d9061465941847ad1353ba937a8c1e8.HomeGroupClassifier\9ed1ab26872d74fa5eef7c38364383d5\grouping\tmp.edb: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020

C:\Windows\System32\catroot2\edb.log: Error opening file for read: 0x00000020

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Error opening file for read: 0x00000020

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Error opening file for read: 0x00000020

C:\Windows\System32\config\DEFAULT: Error opening file for read: 0x00000020

C:\Windows\System32\config\DEFAULT.LOG1: Error opening file for read: 0x00000020

C:\Windows\System32\config\DEFAULT.LOG2: Error opening file for read: 0x00000020

C:\Windows\System32\config\RegBack\DEFAULT: Error opening file for read: 0x00000020

C:\Windows\System32\config\RegBack\SAM: Error opening file for read: 0x00000020

C:\Windows\System32\config\RegBack\SECURITY: Error opening file for read: 0x00000020

C:\Windows\System32\config\RegBack\SOFTWARE: Error opening file for read: 0x00000020

C:\Windows\System32\config\RegBack\SYSTEM: Error opening file for read: 0x00000020

C:\Windows\System32\config\SAM: Error opening file for read: 0x00000020

C:\Windows\System32\config\SAM.LOG1: Error opening file for read: 0x00000020

C:\Windows\System32\config\SAM.LOG2: Error opening file for read: 0x00000020

C:\Windows\System32\config\SECURITY: Error opening file for read: 0x00000020

C:\Windows\System32\config\SECURITY.LOG1: Error opening file for read: 0x00000020

C:\Windows\System32\config\SECURITY.LOG2: Error opening file for read: 0x00000020

C:\Windows\System32\config\SOFTWARE: Error opening file for read: 0x00000020

C:\Windows\System32\config\SOFTWARE.LOG1: Error opening file for read: 0x00000020

C:\Windows\System32\config\SOFTWARE.LOG2: Error opening file for read: 0x00000020

C:\Windows\System32\config\SYSTEM: Error opening file for read: 0x00000020

C:\Windows\System32\config\SYSTEM.LOG1: Error opening file for read: 0x00000020

C:\Windows\System32\config\SYSTEM.LOG2: Error opening file for read: 0x00000020

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl: Error opening file for read: 0x00000020

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl: Error opening file for read: 0x00000020

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl: Error opening file for read: 0x00000020

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl: Error opening file for read: 0x00000020

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl: Error opening file for read: 0x00000020

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl: Error opening file for read: 0x00000020

 

Number of files found: 163313

Number of archives unpacked: 4498

Number of objects found: 454591

Number of objects scanned: 454524

Number of objects not scanned: 67

Number of malicious objects found: 8

Number of malicious objects cleaned: 7

Number of malicious files found: 5

Number of malicious files cleaned: 4

Scanning time: 2h 46m 55s

 

Running post-scan cleanup routine...

 

Number of malicious objects found: 0

Number of malicious objects cleaned: 0

Scanning time: 0s

 

Results:

Total number of files found: 163313

Total number of archives unpacked: 4498

Total number of objects found: 455764

Total number of objects scanned: 455697

Total number of objects not scanned: 67

Total number of malicious objects found: 8

Total number of malicious objects cleaned: 7

Total number of malicious files found: 5

Total number of malicious files cleaned: 4

Total number of objects quarantined: 5

Total scanning time: 2h 49m 20s

[DigRam 144]

Boa Tarde! leandro aislan

 

[/|- Vamos desinstalar algumas ferramentas,mas...caso queira certifique-se da ausência do Sality com o Norman.

|- Nova verificação que costumo realizar com o Norman Malware Cleaner,na desinfecção de arquivos infectados pelo Sality.

|- Tudo Ok já que pelo relatório do Norman,o Sality não está mais presente em seu PC.

 

-/-/-/-

 

|- Ps: Pode ficar com o Norman Malware Cleaner,que não conflitará com seu antivírus.

|- Seus logs estão limpos!

|- Tudo Ok!

 

Abraços!

[leandro aislan 0]

Desculpa a demora Digiran....

Acredito que tenha melhorado bem sim, mas ainda todas as pastas que tinhas fotos sumiram, foram movidos para quarentena e não voltaram mais, sinto que meu pc ainda esta um pouco lento.....

Obrigado pela ajuda leandro

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.