Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Prowerwolf

Virus apagou o avast e o modo seguro

Recommended Posts

Olá.

Ao fazer um serviço em um computador, levei para casa alguns arquivos. Como não tinham dado problema antes, não verifiquei por virus. Agora estou no desespero. A praga que se instalou em meu computador tem as seguintes caracteristicas:

1. destruiu meu anti virus Avast, e impede a reinstalação

2. impede que ooutros anti virus sejam instalados

3. impede que o comp seja reiniciado em MODO SEGURO, por isso não tenho o log do hijackthis

4. Já usei uma ferramenta, ELIbagIA, que utilizei contra um virus parecido, mas não resolveu

5. Testei fazer o Avast da outra partição (windows 98) rodar, mas para minha surpresa ele também tinha sumido.

6. o gravador de dvd agora só funciona com a partição menor, mas o nero não reconhece a partição C:, a principal, de jeito nenhum.

Preciso de ajuda urgente, pois não posso de modo nenhum formatar o pc neste momento, para não atrasar alguns trabalhos. Já agradecido!

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do HijackThis

  • Coloque o arquivo numa pasta própria em C:\;
  • Dê um duplo clique no HijackThis e clique em Do a system scan and save a logfile;
  • Copie o conteúdo do bloco de notas cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Boa noite!

    Aí vai:

    Logfile of HijackThis v1.99.1

    Scan saved at 14:47:53, on 30/11/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Windows Defender\MSASCui.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\sm56hlpr.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\Documents and Settings\Administrador\Desktop\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://farejador.ig.com.br/ie/

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

    O4 - HKLM\..\Run: [babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [PCTVOICE] pctspk.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181851265133

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193517875796

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (file missing)

    O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (file missing)

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Faça o download do F-Secure Blacklight:

    ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe

    • Salve-o em C:\;
    • Digite no Executar C:\fsbl.exe /expert e clique em Ok;
    • Aceite o acordo e clique em "Next";
    • Clique "Scan";
    • Quando o scan terminar, clique em "Next", e depois em "Exit";
    • Se ele encontrar qualquer arquivo, ignore. Queremos apenas o log.
    • Ao final do scan, cole o arquivo fsb-xxxxx.log (onde xxx são números) na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa tarde. Tenho demorado para poder ver resposta pois estou acessando de lan house. Só para completar minhas tentativas, usei também o stinger e um novo elibaglia. Não entro na internet por não ter certeza da limpeza.

    12/10/07 14:58:22 [info]: BlackLight Engine 1.0.67 initialized

    12/10/07 14:58:22 [info]: OS: 5.1 build 2600 (Service Pack 2)

    12/10/07 14:58:22 [Note]: 7019 4

    12/10/07 14:58:22 [Note]: 7005 0

    12/10/07 14:58:25 [Note]: 7006 0

    12/10/07 14:58:25 [Note]: 7022 0

    12/10/07 14:58:26 [Note]: 7011 1556

    12/10/07 14:58:26 [Note]: 7026 0

    12/10/07 14:58:27 [Note]: 7026 0

    12/10/07 14:58:35 [Note]: FSRAW library version 1.7.1024

    12/10/07 15:07:43 [Note]: 2000 1012

    12/10/07 15:07:43 [Note]: 2000 1012

    12/10/07 15:12:08 [Note]: 7007 0

    Estou muito agradecido pela atenção prestada.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Faça o download do ComboFix

    • Desative, temporariamente, o antivírus;
    • Feche todas as janelas abertas;
    • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
    • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
    • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
    • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
    • Para parar ou sair do ComboFix, tecle "N".
    • Cole o ComboFix.txt na sua resposta.

    - Gere novo log do HijackThis e cole na sua resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa tarde! Aí vão os logs:

    1. COMBOFIX

    ComboFix 07-12-12.3 - Administrador 2007-12-13 14:22:15.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.316 [GMT -3:00]

    Executando de: C:\Documents and Settings\Administrador\Meus documentos\ComboFix.exe

    * Criado um novo ponto de restauro

    .

    ((((((((((((((((((((((( Ficheiros criados de 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))))

    .

    2007-12-04 00:08 . 2007-12-10 15:19 <DIR> d-------- C:\FSBlackLight

    2007-12-02 16:07 . 2007-12-02 16:07 <DIR> d-------- C:\hijackthis

    2007-12-01 09:28 . 2007-12-04 09:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

    2007-12-01 09:27 . 2007-12-01 09:27 <DIR> d-------- C:\Arquivos de programas\Alwil Software

    2007-12-01 09:15 . 2007-12-01 09:15 <DIR> d-------- C:\Arquivos de programas\CCleaner

    2007-11-30 22:23 . 2007-11-30 22:24 <DIR> d-------- C:\Arquivos de programas\ApecSoft

    2007-11-29 17:50 . 2007-11-29 17:50 <DIR> d-------- C:\Arquivos de programas\IObit

    2007-11-28 18:13 . 2007-11-30 22:03 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    2007-11-28 13:09 . 2007-11-28 13:09 <DIR> d-------- C:\Arquivos de programas\eRightSoft

    2007-11-24 13:39 . 2007-11-24 13:39 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic

    2007-11-14 17:22 . 2007-11-14 17:22 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SWF Studio

    2007-11-14 00:09 . 2007-11-14 00:09 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

    .

    ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2007-12-13 17:19 --------- d-----w C:\Arquivos de programas\Oi Internet

    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

    2007-11-24 19:58 --------- d-----w C:\Arquivos de programas\Real Alternative

    2007-11-24 16:31 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

    2007-11-15 13:02 --------- d-----w C:\Arquivos de programas\War Chess

    2007-11-15 00:29 --------- d-----w C:\Arquivos de programas\Discador Orolix

    2007-11-14 01:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

    2007-11-09 19:28 46,704 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\GDIPFONTCACHEV1.DAT

    2007-11-01 12:02 --------- d-----w C:\Arquivos de programas\ElcomSoft

    2007-10-31 21:01 --------- d-----w C:\Arquivos de programas\VirtualDub-1.7.6

    2007-10-30 14:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

    2007-10-25 03:25 --------- d-----w C:\Arquivos de programas\S3Inc

    2007-10-23 16:54 --------- d-----w C:\Arquivos de programas\AvRack

    2007-10-15 12:39 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

    2007-10-15 12:39 --------- d-----w C:\Arquivos de programas\Lavasoft

    2007-10-15 12:37 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

    "PCTVOICE"="pctspk.exe" [2001-09-05 23:50 C:\WINDOWS\system32\pctspk.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

    "Cmaudio"="RunDll32 cmicnfg.cpl" []

    "SoundMan"="SOUNDMAN.EXE" [2004-06-18 05:31 C:\WINDOWS\soundman.exe]

    "SMSERIAL"="sm56hlpr.exe" [2004-12-28 19:01 C:\WINDOWS\sm56hlpr.exe]

    "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:45]

    "melg3445"="C:\WINDOWS\System32\4.exe" []

    "DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

    "NoResolveSearch"= 1 (0x1)

    A chave SafeBoot necessita de ser reparada. Esta m*quina nÆo pode entrar em Modo de Seguran‡a.

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

    @="DiskDrive"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

    @="Hdc"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

    @="Keyboard"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

    @="Mouse"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

    @="System"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

    @="Volume"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

    backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discador iG]

    C:\Arquivos de programas\iGv6\Discador iG.exe boot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]

    2006-07-13 02:34 57344 --a------ C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    C:\Arquivos de programas\Messenger\msmsgs.exe /background

    S3 cwrwdm;SoundFusion WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys

    S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

    S3 SiSV;SiSV;C:\WINDOWS\system32\DRIVERS\SiSV.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7020b238-7be7-11dc-83de-d204d610bf73}]

    \Shell\auto\command - G:\Knight.exe open

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open

    \Shell\explore\command - G:\Knight.exe open

    \Shell\find\command - G:\Knight.exe open

    \Shell\install\command - G:\Knight.exe open

    \Shell\open\command - G:\Knight.exe open

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ce9a7b2-79ca-11dc-83d8-860fb7ce4d78}]

    \Shell\Auto\command - fun.xls.exe

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a11de2a6-7429-11dc-83c7-dfa3610b1149}]

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

    \Shell\Open(&0)\command - Recycled\ctfmon.exe

    .

    Conte£do da pasta 'Tarefas Agendadas'

    "2007-12-13 17:29:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

    - C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

    .

    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-12-13 14:28:58

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializ*veis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusÆo: 2007-12-13 14:30:57 - machine was rebooted

    .

    2007-12-12 11:44:00 --- E O F ---

    2. HIJACKTHIS

    Logfile of HijackThis v1.99.1

    Scan saved at 14:33:03, on 13/12/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Windows Defender\MsMpEng.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\LEXBCES.EXE

    C:\WINDOWS\system32\LEXPPS.EXE

    C:\Arquivos de programas\Windows Defender\MSASCui.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\sm56hlpr.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\notepad.exe

    C:\hijackthis\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [PCTVOICE] pctspk.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181851265133

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193517875796

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    Obrigado novamente!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa tarde. Mesmo sem confiar muito, entrei na internet para fazer o scanner on line. Eu estava entrando pela partição do win98. O computador estava bem vagaroso.

    -------------------------------------------------------------------------------

    KASPERSKY ONLINE SCANNER REPORT

    Friday, December 14, 2007 4:10:04 AM

    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

    Kaspersky Online Scanner version: 5.0.98.0

    Kaspersky Anti-Virus database last update: 14/12/2007

    Kaspersky Anti-Virus database records: 451510

    -------------------------------------------------------------------------------

    Scan Settings:

    Scan using the following antivirus database: standard

    Scan Archives: true

    Scan Mail Bases: true

    Scan Target - Folders:

    C:\

    Scan Statistics:

    Total number of scanned objects: 28934

    Number of viruses found: 0

    Number of infected objects: 0

    Number of suspicious objects: 0

    Duration of the scan process: 00:51:33

    Infected Object Name / Virus Name / Last Action

    C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

    C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

    C:\Arquivos de programas\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

    C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

    C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

    C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

    C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped

    C:\Arquivos de programas\EMULE\Db\Jumpstart.db Object is locked skipped

    C:\Arquivos de programas\EMULE\Db\log.0000000001 Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\001.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\002.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\003.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\004.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\005.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\006.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\007.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\008.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\009.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\010.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\011.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\012.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\013.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\014.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\015.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\016.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\017.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\018.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\020.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\021.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\022.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\024.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\025.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\026.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\027.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\028.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\029.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\030.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\031.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\032.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\033.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\035.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\037.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\038.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\039.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\040.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\041.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\042.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\043.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\045.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\046.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\048.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\051.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\052.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\053.part Object is locked skipped

    C:\Arquivos de programas\EMULE\Temp\054.part Object is locked skipped

    C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Defender\FileTracker\{981A8A4C-07A3-49EF-B77B-318D1F3CE3F1} Object is locked skipped

    C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\MSHist012007121420071215\index.dat Object is locked skipped

    C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF2EB5.tmp Object is locked skipped

    C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF2EF6.tmp Object is locked skipped

    C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF2F12.tmp Object is locked skipped

    C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

    C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Administrador\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\Administrador\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\Administrador\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Windows Defender\Support\MPLog-06222007-235924.log Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{784F134C-3FF5-4397-AFC1-553FB71B76C9}\RP6\change.log Object is locked skipped

    C:\WINDOWS\CSC\00000001 Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\EventCache\{15D6386D-692A-40E9-9884-8E941C2E500A}.bin Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\temp\Perflib_Perfdata_42c.dat Object is locked skipped

    C:\WINDOWS\temp\_avast4_\Webshlock.txt Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.

    Muito agradecido novamente!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa noite!

    Embora o sistema esteja um tanto instavel, pude reinstalar o Avast, e o gravador de dvd está livre, mas gostaria de saber como faço para reparar o iniciar pelo modo seguro, pois como no log do combofix foi apontado: A chave SafeBoot necessita de ser reparada. Esta m*quina nÆo pode entrar em Modo de Seguran‡a.

    Espero resposta.

    Muitissimo obrigado!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Faça o download do SafeBootKeyRepair

    • Rode a ferramenta.
    • Quando a ferramenta terminar, gerará um log C:\SafeBoot_Repair.txt
    • Na sua próxima resposta cole o conteúdo desse log.
    • Informe também o estado do seu PC e se já consegue entrar em Modo Seguro.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa tarde!

    O log gerado:

    Reg export of SafeBoot key after repair:

    ========================

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

    "AlternateShell"="cmd.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus estender]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]

    @="FSFilter System Recovery"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus estender]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinDefend]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

    @="Universal Serial Bus controllers"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

    @="CD-ROM Drive"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

    @="DiskDrive"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

    @="Standard floppy disk controller"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

    @="Hdc"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

    @="Keyboard"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

    @="Mouse"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

    @="PCMCIA Adapters"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

    @="SCSIAdapter"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

    @="System"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

    @="Floppy disk drive"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

    @="Volume"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

    @="Human Interface Devices"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus estender]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]

    @="FSFilter System Recovery"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus estender]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\UploadMgr]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinDefend]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]

    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]

    @="Universal Serial Bus controllers"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

    @="CD-ROM Drive"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

    @="DiskDrive"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

    @="Standard floppy disk controller"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

    @="Hdc"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

    @="Keyboard"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

    @="Mouse"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

    @="Net"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

    @="NetClient"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

    @="NetService"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

    @="NetTrans"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

    @="PCMCIA Adapters"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

    @="SCSIAdapter"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

    @="System"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

    @="Floppy disk drive"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

    @="Volume"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

    @="Human Interface Devices"

    ========================

    Consegui entrar pelo modo seguro, e o PC está só um pouco devagar no iniciar se comparando com antes do vírus.

    Estou realmente muito agradecido pelo ótimo trabalho. Continuem assim, e que Deus sempre os ilumine. E para quem passar por algum problema, que seja parecido ou mais grave que o meu, acreditem neste site, e quem puder ajudar em alguma coisa, se prontifiquem.

    Novamente, MUITO OBRIGADO!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×