[Resolvido] &nbspTR/ATRAPS.Gen - Não consigo remove-lo.

[MartinD 0]

Olá, pessoal, tudo bem?

Madrugada passada o avira detectou 4 vírus em minha máquina. Do nada foi instalado um "antivírus" chamado "Live Security Platinum" sem minha autorização. Esse programa fez com que não pudesse acessar nenhum arquivo, nem mesmo a internet. Pesquisei no pc do meu irmão, encontrei o que me parecia a solução e instalei TDSSKiller e o Malwarebytes Anti-Malware. Isso realmente ajudou, pois aquele antivírus falso foi removido. Mas 2 vírus continum aparecendo, são eles 'TR/ATRAPS.Gen' e 'TR/ATRAPS.Gen2'. O Avira sempre detecta eles, de 5 em 5 minutos, seleciono para remover só que acabam voltando. E a internet também está muito lenta. Beixei o ComboFix, mas não fiz o uso porque tenho medo de piorar a situação.

Espero que alguém possa me ajudar.

Agradeço desde já.

 

Abaixo o Log do HijackThis

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:57:14, on 29/7/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\arquivos de programas\idt\5902xp_6033v_012208\wdm\STacSV.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\dllhost.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

c:\arquivos de programas\avira\antivir desktop\avcenter.exe

C:\Documents and Settings\Douglas\Desktop\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223764967156

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://www.yougamers.com/systeminfo/FMSI.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2E3B2C04-2E61-4783-9DA0-850BB2B37B4D}: NameServer = 200.180.239.1,200.180.239.250

O17 - HKLM\System\CS1\Services\Tcpip\..\{2E3B2C04-2E61-4783-9DA0-850BB2B37B4D}: NameServer = 200.180.239.1,200.180.239.250

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\arquivos de programas\idt\5902xp_6033v_012208\wdm\STacSV.exe

[wings 22]

Olá MartinD

 

 

:seta: Baixe o OTL e salve-o no Desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Selecione as opções:

Verificar All Users

Verificar Lop

Verificar Purity

 

*Cole as linhas, em marrom, no espaço abaixo de Exames Personalizados/Correções

/md5start

services.exe

/md5stop

netsvcs

HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s

HKEY_CURRENT_USER\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s

 

*Clique [Verificar]

 

*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)

 

 

:seta: Acesse este link

 

*Clique [selecionar arquivo]

 

*Localize o arquivo OTL.txt no Desktop (Área de Trabalho) e clique [Abrir]

 

*Clique [Envoyer le fichier]

*Cole o link criado abaixo de Fichier envoyé avec succés! Copiez votre lien :

 

*Repita o procedimento para o relatório Extras.txt e cole o link

[MartinD 0]

Boa noite, Wings.

Antes de tudo eu quero agradecer a ajuda e rapidez na resposta. Espero que não seja nada de muito grave.

Enfim, vou postar os links que me pediu.

 

http://mydoc.tk/3/8229OTL.Txt

 

http://mydoc.tk/3/6966Extras.Txt

[wings 22]

:seta: Baixe o GMER (...de Przemyslaw Gmerek) e salve-o no Desktop (Área de Trabalho)

 

*Desative temporariamente o antivírus e feche todos os programas ativos

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Se receber um aviso sobre atividade de rootkit e se deseja fazer um scan clique [NO]

 

*Clique [scan] e aguarde o término

 

*Clique [save...] e salve no desktop (Área de Trabalho) com o nome de gmer

 

 

:seta: Acesse este link

 

*Clique [selecionar arquivo]

 

*Localize o arquivo gmer.txt no Desktop (Área de Trabalho) e clique [Abrir]

 

*Clique [Envoyer le fichier]

 

*Cole o link criado abaixo de Fichier envoyé avec succés! Copiez votre lien :

[MartinD 0]

O arquivo gmer:

 

http://mydoc.tk/3/gmer.log

[wings 22]

:seta: Abra o bloco de notas e cole nele as linhas em azul

 

reg delete HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /f

reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v 6C82ED4B175BFAEF02E3BC797B07D287 /f

sc delete gusvc

sc delete FXDrv32

 

*Salve em C:\

 

Nome: Fix.bat

Tipo: Todos os arquivos

 

 

:seta: Baixe o BlitzBlank (...d Emsisoft) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Clique [OK]

 

 

*Clique [script]

 

 

*Cole as linhas em azul no espaço

DeleteFolder:

C:\WINDOWS\Installer\{0d373970-69ff-226e-6833-bd1edeb60665}

"C:\Documents and Settings\Douglas\Configurações locais\Dados de aplicativos\{0d373970-69ff-226e-6833-bd1edeb60665}"

"C:\Documents and Settings\All Users\Dados de aplicativos\6C82ED4B175BFAEF02E3BC797B07D287"

 

Execute:

C:\fix.bat

 

*Clique [Execute Now]

 

*Clique [OK] > [OK]

 

*O PC será reiniciado

 

*Cole o relatório C:\blitzblank.txt

 

 

:seta: Baixe o SystemLook (...de jpshortstuff) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Cole as linhas em azul no espaço em branco:

:reg

HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s

*Clique [Look] e cole o relatório apresentado

 

 

:seta: Baixe o Farbar Service Scanner (...de Farbar) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Selecione todas as opções

 

*Clique [scan]

 

*Cole o relatório FSS.txt localizado no desktop

[MartinD 0]

Boa noite, wings.

Hoje, quando liguei o pc os meus arquivos e programas estavam todos em ordem alfabetica e o vírus não deu mais sinal de vida, mesmo antes de executar os últimos programas que me pediu. Então passei o BlitzBlank e voltou tudo ao normal, exceto o vírus.

É normal ocorrer isso? E quanto ao vírus que não apareceu mais, pode estar ainda no meu pc?

 

Abaixo os relatórios que me pediu.

 

BlitzBlank:

 

BlitzBlank 1.0.0.32

 

File/Registry Modification Engine native application

MoveDirectoryOnReboot: sourceDirectory = "\??\c:\windows\installer\{0d373970-69ff-226e-6833-bd1edeb60665}", destinationDirectory = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{0d373970-69ff-226e-6833-bd1edeb60665}\@", destinationFile = "(null)", replaceWithDummy = 0

MoveDirectoryOnReboot: sourceDirectory = "\??\c:\windows\installer\{0d373970-69ff-226e-6833-bd1edeb60665}\L", destinationDirectory = "(null)", replaceWithDummy = 0

MoveDirectoryOnReboot: sourceDirectory = "\??\c:\windows\installer\{0d373970-69ff-226e-6833-bd1edeb60665}\U", destinationDirectory = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{0d373970-69ff-226e-6833-bd1edeb60665}\U\00000001.@", destinationFile = "(null)", replaceWithDummy = 0

MoveDirectoryOnReboot: sourceDirectory = "\??\c:\documents and settings\douglas\configurações locais\dados de aplicativos\{0d373970-69ff-226e-6833-bd1edeb60665}", destinationDirectory = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\documents and settings\douglas\configurações locais\dados de aplicativos\{0d373970-69ff-226e-6833-bd1edeb60665}\@", destinationFile = "(null)", replaceWithDummy = 0

MoveDirectoryOnReboot: sourceDirectory = "\??\c:\documents and settings\douglas\configurações locais\dados de aplicativos\{0d373970-69ff-226e-6833-bd1edeb60665}\L", destinationDirectory = "(null)", replaceWithDummy = 0

MoveDirectoryOnReboot: sourceDirectory = "\??\c:\documents and settings\douglas\configurações locais\dados de aplicativos\{0d373970-69ff-226e-6833-bd1edeb60665}\U", destinationDirectory = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\documents and settings\douglas\configurações locais\dados de aplicativos\{0d373970-69ff-226e-6833-bd1edeb60665}\U\00000001.@", destinationFile = "(null)", replaceWithDummy = 0

MoveDirectoryOnReboot: sourceDirectory = "\??\c:\documents and settings\all users\dados de aplicativos\6c82ed4b175bfaef02e3bc797b07d287", destinationDirectory = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\documents and settings\all users\dados de aplicativos\6c82ed4b175bfaef02e3bc797b07d287\6C82ED4B175BFAEF02E3BC797B07D287", destinationFile = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\documents and settings\all users\dados de aplicativos\6c82ed4b175bfaef02e3bc797b07d287\6C82ED4B175BFAEF02E3BC797B07D287.ico", destinationFile = "(null)", replaceWithDummy = 0

LaunchOnReboot: launchName = "\fix.bat", commandLine = "c:\fix.bat"

 

 

 

 

SstemLook:

 

SystemLook 30.07.11 by jpshortstuff

Log created at 18:59 on 30/07/2012 by Douglas

Administrator - Elevation successful

 

========== reg ==========

 

[HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]

(Unable to open key - key not found)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}]

@="Microsoft WBEM New Event Subsystem"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]

@="wbemess.dll"

"ThreadingModel"="Both"

 

 

-= EOF =-

 

 

 

 

Farbar Service Scanner:

 

Farbar Service Scanner Version: 26-07-2012

Ran by Douglas (administrator) on 30-07-2012 at 19:06:52

Running from "C:\Documents and Settings\Douglas\desktop"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

sharedaccess Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.

 

 

Firewall Disabled Policy:

==================

ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.

ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

wscsvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

 

 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

 

BITS Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

 

 

Windows Autoupdate Disabled Policy:

============================

 

 

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0126976 ____A (Microsoft Corporation) E587EEB3DA2390AE30053EC7EF2AFD92

 

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll

[2004-08-04 00:45] - [2009-04-20 14:19] - 0045568 ____A (Microsoft Corporation) 2B3EC2EFEFD222EA15A06ED01E722060

 

C:\WINDOWS\system32\ipnathlp.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0331264 ____A (Microsoft Corporation) 0F70B1A8839BD83DB28210B6F11F9058

 

C:\WINDOWS\system32\netman.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0198144 ____A (Microsoft Corporation) B199C4F441DDAB10253ABC0AC4858BFF

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2008-10-11 10:11] - [2008-04-13 23:20] - 0145408 ____A (Microsoft Corporation) 4176F07A724AEC7E4722A2D539EDC0B7

 

C:\WINDOWS\system32\srsvc.dll

[2008-10-11 10:13] - [2008-04-13 23:20] - 0171520 ____A (Microsoft Corporation) 4423787F4261EE43B7341429AF0CBB77

 

C:\WINDOWS\system32\Drivers\sr.sys

[2008-10-11 10:13] - [2008-04-13 23:02] - 0073472 ____A (Microsoft Corporation) D6C5A1A97FE0C533E712652AD9DC00D4

 

C:\WINDOWS\system32\wscsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0080896 ____A (Microsoft Corporation) B57E408B8E0758AF6EA4BF37B3ADC91D

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2008-10-11 10:11] - [2008-04-13 23:20] - 0145408 ____A (Microsoft Corporation) 4176F07A724AEC7E4722A2D539EDC0B7

 

C:\WINDOWS\system32\wuauserv.dll

[2008-10-11 10:14] - [2008-04-13 23:20] - 0006656 ____A (Microsoft Corporation) EB4EA477B7B4959D41B153C6D3CD869B

 

C:\WINDOWS\system32\qmgr.dll

[2008-10-11 10:14] - [2008-04-13 23:20] - 0409088 ____A (Microsoft Corporation) F0F5EEF8C4B0444E6E4D8E09F7A8F0A8

 

C:\WINDOWS\system32\es.dll

[2004-08-04 00:45] - [2008-07-07 17:28] - 0253952 ____A (Microsoft Corporation) B024AB8B7692D47C8176BE92AB36D316

 

C:\WINDOWS\system32\cryptsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0062464 ____A (Microsoft Corporation) 554798AAD881736DFC4D08C572DECD7A

 

C:\WINDOWS\system32\svchost.exe

[2004-08-04 00:45] - [2008-04-13 23:21] - 0014336 ____A (Microsoft Corporation) ED2D69CD4B0EBE37EFE11D4DC4ABC68F

 

C:\WINDOWS\system32\rpcss.dll

[2004-08-04 00:45] - [2009-02-09 07:53] - 0401408 ____A (Microsoft Corporation) F3763E01E7536F7A6D0C6E392C603EC2

 

C:\WINDOWS\system32\services.exe

[2004-08-04 00:45] - [2009-02-09 08:25] - 0111104 ____A (Microsoft Corporation) C52DEB6D8CD4B096BF1A9EC001F36507

 

 

Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x0700000005000000010000000200000003000000040000000600000007000000

IpSec Tag value is correct.

 

**** End of log ****

[wings 22]

Pelos relatórios ele foi removido.

 

Porém, há problemas em serviços do Windows que foram afetados. Houve uma contaminação pelo ZeroAccess.

 

Vamos arrumar os serviços.

 

 

:seta: Baixe este arquivo e salve-o no desktop

 

*Clique com o botão direito do mouse nele e selecione Mesclar

 

*Reinicie o PC

 

 

:seta: Baixe este arquivo e salve-o no desktop

 

*Clique com o botão direito do mouse nele e selecione Mesclar

 

*Reinicie o PC

 

 

:seta: Baixe este arquivo e salve-o no desktop

 

*Clique com o botão direito do mouse nele e selecione Mesclar

 

*Reinicie o PC

 

 

:seta: Baixe este arquivo e salve-o no desktop

 

*Clique com o botão direito do mouse nele e selecione Mesclar

 

*Reinicie o PC

 

 

:seta: Execute novamente Farbar Service Scanner (FSS), selecione todas as opções

 

*Clique [scan]

 

*Cole o relatório FSS.txt localizado no desktop

[MartinD 0]

Abaixo o relatório FSS:

 

 

Farbar Service Scanner Version: 26-07-2012

Ran by Douglas (administrator) on 30-07-2012 at 21:36:23

Running from "C:\Documents and Settings\Douglas\desktop"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.

ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0126976 ____A (Microsoft Corporation) E587EEB3DA2390AE30053EC7EF2AFD92

 

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll

[2004-08-04 00:45] - [2009-04-20 14:19] - 0045568 ____A (Microsoft Corporation) 2B3EC2EFEFD222EA15A06ED01E722060

 

C:\WINDOWS\system32\ipnathlp.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0331264 ____A (Microsoft Corporation) 0F70B1A8839BD83DB28210B6F11F9058

 

C:\WINDOWS\system32\netman.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0198144 ____A (Microsoft Corporation) B199C4F441DDAB10253ABC0AC4858BFF

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2008-10-11 10:11] - [2008-04-13 23:20] - 0145408 ____A (Microsoft Corporation) 4176F07A724AEC7E4722A2D539EDC0B7

 

C:\WINDOWS\system32\srsvc.dll

[2008-10-11 10:13] - [2008-04-13 23:20] - 0171520 ____A (Microsoft Corporation) 4423787F4261EE43B7341429AF0CBB77

 

C:\WINDOWS\system32\Drivers\sr.sys

[2008-10-11 10:13] - [2008-04-13 23:02] - 0073472 ____A (Microsoft Corporation) D6C5A1A97FE0C533E712652AD9DC00D4

 

C:\WINDOWS\system32\wscsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0080896 ____A (Microsoft Corporation) B57E408B8E0758AF6EA4BF37B3ADC91D

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2008-10-11 10:11] - [2008-04-13 23:20] - 0145408 ____A (Microsoft Corporation) 4176F07A724AEC7E4722A2D539EDC0B7

 

C:\WINDOWS\system32\wuauserv.dll

[2008-10-11 10:14] - [2008-04-13 23:20] - 0006656 ____A (Microsoft Corporation) EB4EA477B7B4959D41B153C6D3CD869B

 

C:\WINDOWS\system32\qmgr.dll

[2008-10-11 10:14] - [2008-04-13 23:20] - 0409088 ____A (Microsoft Corporation) F0F5EEF8C4B0444E6E4D8E09F7A8F0A8

 

C:\WINDOWS\system32\es.dll

[2004-08-04 00:45] - [2008-07-07 17:28] - 0253952 ____A (Microsoft Corporation) B024AB8B7692D47C8176BE92AB36D316

 

C:\WINDOWS\system32\cryptsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0062464 ____A (Microsoft Corporation) 554798AAD881736DFC4D08C572DECD7A

 

C:\WINDOWS\system32\svchost.exe

[2004-08-04 00:45] - [2008-04-13 23:21] - 0014336 ____A (Microsoft Corporation) ED2D69CD4B0EBE37EFE11D4DC4ABC68F

 

C:\WINDOWS\system32\rpcss.dll

[2004-08-04 00:45] - [2009-02-09 07:53] - 0401408 ____A (Microsoft Corporation) F3763E01E7536F7A6D0C6E392C603EC2

 

C:\WINDOWS\system32\services.exe

[2004-08-04 00:45] - [2009-02-09 08:25] - 0111104 ____A (Microsoft Corporation) C52DEB6D8CD4B096BF1A9EC001F36507

 

 

Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x0700000005000000010000000200000003000000040000000600000007000000

IpSec Tag value is correct.

 

**** End of log ****

[wings 22]

:seta: Baixe este arquivo e salve-o no desktop

 

*Execute-o e aceite a entrada no registro

 

*Reinicie o PC

 

 

:seta: Novo relatório do Farbar Service Scanner

[MartinD 0]

Relatório FSS:

 

Farbar Service Scanner Version: 26-07-2012

Ran by Douglas (administrator) on 30-07-2012 at 22:16:24

Running from "C:\Documents and Settings\Douglas\desktop"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Attempt to access Yahoo.com returned error: Yahoo.com is offline

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0126976 ____A (Microsoft Corporation) E587EEB3DA2390AE30053EC7EF2AFD92

 

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll

[2004-08-04 00:45] - [2009-04-20 14:19] - 0045568 ____A (Microsoft Corporation) 2B3EC2EFEFD222EA15A06ED01E722060

 

C:\WINDOWS\system32\ipnathlp.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0331264 ____A (Microsoft Corporation) 0F70B1A8839BD83DB28210B6F11F9058

 

C:\WINDOWS\system32\netman.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0198144 ____A (Microsoft Corporation) B199C4F441DDAB10253ABC0AC4858BFF

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2008-10-11 10:11] - [2008-04-13 23:20] - 0145408 ____A (Microsoft Corporation) 4176F07A724AEC7E4722A2D539EDC0B7

 

C:\WINDOWS\system32\srsvc.dll

[2008-10-11 10:13] - [2008-04-13 23:20] - 0171520 ____A (Microsoft Corporation) 4423787F4261EE43B7341429AF0CBB77

 

C:\WINDOWS\system32\Drivers\sr.sys

[2008-10-11 10:13] - [2008-04-13 23:02] - 0073472 ____A (Microsoft Corporation) D6C5A1A97FE0C533E712652AD9DC00D4

 

C:\WINDOWS\system32\wscsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0080896 ____A (Microsoft Corporation) B57E408B8E0758AF6EA4BF37B3ADC91D

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2008-10-11 10:11] - [2008-04-13 23:20] - 0145408 ____A (Microsoft Corporation) 4176F07A724AEC7E4722A2D539EDC0B7

 

C:\WINDOWS\system32\wuauserv.dll

[2008-10-11 10:14] - [2008-04-13 23:20] - 0006656 ____A (Microsoft Corporation) EB4EA477B7B4959D41B153C6D3CD869B

 

C:\WINDOWS\system32\qmgr.dll

[2008-10-11 10:14] - [2008-04-13 23:20] - 0409088 ____A (Microsoft Corporation) F0F5EEF8C4B0444E6E4D8E09F7A8F0A8

 

C:\WINDOWS\system32\es.dll

[2004-08-04 00:45] - [2008-07-07 17:28] - 0253952 ____A (Microsoft Corporation) B024AB8B7692D47C8176BE92AB36D316

 

C:\WINDOWS\system32\cryptsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0062464 ____A (Microsoft Corporation) 554798AAD881736DFC4D08C572DECD7A

 

C:\WINDOWS\system32\svchost.exe

[2004-08-04 00:45] - [2008-04-13 23:21] - 0014336 ____A (Microsoft Corporation) ED2D69CD4B0EBE37EFE11D4DC4ABC68F

 

C:\WINDOWS\system32\rpcss.dll

[2004-08-04 00:45] - [2009-02-09 07:53] - 0401408 ____A (Microsoft Corporation) F3763E01E7536F7A6D0C6E392C603EC2

 

C:\WINDOWS\system32\services.exe

[2004-08-04 00:45] - [2009-02-09 08:25] - 0111104 ____A (Microsoft Corporation) C52DEB6D8CD4B096BF1A9EC001F36507

 

 

Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x0700000005000000010000000200000003000000040000000600000007000000

IpSec Tag value is correct.

 

**** End of log ****

[wings 22]

Espero estar terminando...:)

 

 

*Baixe este arquivo e salve-o no Desktop

 

*Execute-o e aceite a entrada no registro

 

*Reinicie o PC

 

 

:seta: Novo log do Farbar

[MartinD 0]

Então somos 2! :grin:

wings, esse último arquivo que tu pediu para baixar, tenho um arquivo com o mesmo nome que havia baixado anteriormente. A diferença é que esse último está com letras maúsculas.

 

Segue o relatório FSS:

 

Farbar Service Scanner Version: 26-07-2012

Ran by Douglas (administrator) on 30-07-2012 at 22:45:42

Running from "C:\Documents and Settings\Douglas\desktop"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0126976 ____A (Microsoft Corporation) E587EEB3DA2390AE30053EC7EF2AFD92

 

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll

[2004-08-04 00:45] - [2009-04-20 14:19] - 0045568 ____A (Microsoft Corporation) 2B3EC2EFEFD222EA15A06ED01E722060

 

C:\WINDOWS\system32\ipnathlp.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0331264 ____A (Microsoft Corporation) 0F70B1A8839BD83DB28210B6F11F9058

 

C:\WINDOWS\system32\netman.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0198144 ____A (Microsoft Corporation) B199C4F441DDAB10253ABC0AC4858BFF

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2008-10-11 10:11] - [2008-04-13 23:20] - 0145408 ____A (Microsoft Corporation) 4176F07A724AEC7E4722A2D539EDC0B7

 

C:\WINDOWS\system32\srsvc.dll

[2008-10-11 10:13] - [2008-04-13 23:20] - 0171520 ____A (Microsoft Corporation) 4423787F4261EE43B7341429AF0CBB77

 

C:\WINDOWS\system32\Drivers\sr.sys

[2008-10-11 10:13] - [2008-04-13 23:02] - 0073472 ____A (Microsoft Corporation) D6C5A1A97FE0C533E712652AD9DC00D4

 

C:\WINDOWS\system32\wscsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0080896 ____A (Microsoft Corporation) B57E408B8E0758AF6EA4BF37B3ADC91D

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2008-10-11 10:11] - [2008-04-13 23:20] - 0145408 ____A (Microsoft Corporation) 4176F07A724AEC7E4722A2D539EDC0B7

 

C:\WINDOWS\system32\wuauserv.dll

[2008-10-11 10:14] - [2008-04-13 23:20] - 0006656 ____A (Microsoft Corporation) EB4EA477B7B4959D41B153C6D3CD869B

 

C:\WINDOWS\system32\qmgr.dll

[2008-10-11 10:14] - [2008-04-13 23:20] - 0409088 ____A (Microsoft Corporation) F0F5EEF8C4B0444E6E4D8E09F7A8F0A8

 

C:\WINDOWS\system32\es.dll

[2004-08-04 00:45] - [2008-07-07 17:28] - 0253952 ____A (Microsoft Corporation) B024AB8B7692D47C8176BE92AB36D316

 

C:\WINDOWS\system32\cryptsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0062464 ____A (Microsoft Corporation) 554798AAD881736DFC4D08C572DECD7A

 

C:\WINDOWS\system32\svchost.exe

[2004-08-04 00:45] - [2008-04-13 23:21] - 0014336 ____A (Microsoft Corporation) ED2D69CD4B0EBE37EFE11D4DC4ABC68F

 

C:\WINDOWS\system32\rpcss.dll

[2004-08-04 00:45] - [2009-02-09 07:53] - 0401408 ____A (Microsoft Corporation) F3763E01E7536F7A6D0C6E392C603EC2

 

C:\WINDOWS\system32\services.exe

[2004-08-04 00:45] - [2009-02-09 08:25] - 0111104 ____A (Microsoft Corporation) C52DEB6D8CD4B096BF1A9EC001F36507

 

 

Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x0700000005000000010000000200000003000000040000000600000007000000

IpSec Tag value is correct.

 

**** End of log ****

[wings 22]

OK...finalizando.

 

 

:seta: Delete o BlitzBlank e o arquivo C:\blitzblank.txt

 

 

:seta: Delete o arquivo C:\fix.bat

 

 

:seta: Delete o Farbar Service Scanner e seu relatório FSS.txt localizados no Desktop

 

 

:seta: Delete os arquivos .reg localizados no desktop

 

 

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Clique [Limpeza] > [OK]

 

*O PC será reiniciado

 

 

:seta: Desinstale a versão antiga do Java

 

 

:seta: Instale a última versão do Java

 

 

:seta: Execute o Malwarebytes, clique [Atualização] > [baixar Atualizações]

 

*Aguarde o término

 

*Clique [Verificação], selecione Verificação completa

 

*Clique [Verificar] e selecione a partição onde o Windows está instalado

 

*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]

 

*Cole o relatório apresentado

[MartinD 0]

wings, fiz quase tudo que me pediu, mas na hora do:"*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]" eu não encontrei as opções [Ver Resultados] > [Remover Selecionados]. Mesmo assim eu consegui o relatório, acho, e vou coloca-lo abaixo.

Também, existem alguns itens na quarentena da primeira vez que passei. Eu os apago, restauro ou deixo como estão?

 

O relatório do Malwarebytes:

 

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

 

Versão da Base de Dados: v2012.07.31.02

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Douglas :: SAGRADO [administrador]

 

30/7/2012 23:34:55

mbam-log-2012-07-30 (23-34-55).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 264755

Tempo decorrido: 36 minuto(s), 47 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

 

(fim)

[wings 22]

OK...o PC está limpo.

 

 

*Execute o Malwarebytes, clique na aba [Quarentena], selecione todos os resultados e clique [Apagar tudo]

 

*Clique na aba [Logs], selecione os relatórios e clique [Apagar]

 

*Feche o Malwarebytes

 

 

Um abraço.

[MartinD 0]

Beleza, wings, muito obrigado pela ajuda e paciência!

Só uma última pergunta, o GMER, posso deletar também?

Enfim, obrigado mais uma vez.

Forte abraço.

[wings 22]

Só uma última pergunta, o GMER, posso deletar também?

Pode sim...sem problemas. :thumbsup:

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.