Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
renatomdmatos

janela do ie abrindo sozinha!

Recommended Posts

a janela do ie esta abrindo sozinha, sempre encaminhando para uns sites tipo, nadadevirus, virusscan, etrusteantivirus, protejaseudrive, esse virus esta acabando com os meus drivers de audio, e cd-rom, e mudando as configurações, peço ajuda porque não há antivirus que identifique a sua presença, segue o log no hijack this:

Logfile of HijackThis v1.99.1

Scan saved at 11:40, on 2008-02-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\Glass2k\Glass2k.exe

C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

C:\Arquivos de programas\QuickTime\QTTask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\TrueTransparency\TrueTransparency.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Downloads\hijackthis(2)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file)

O4 - HKLM\..\Run: [Glass2k] C:\Arquivos de programas\Glass2k\Glass2k.exe

O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TrueTransparency] "C:\Arquivos de programas\TrueTransparency\TrueTransparency.exe"

O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

O4 - Startup: Thoosje Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195354777796

O17 - HKLM\System\CCS\Services\Tcpip\..\{9D7248FD-BA77-4A81-AD9D-03BFD01E47EB}: NameServer = 10.0.113.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: admgcx - {D94E77BE-9D1B-4EB6-95CE-F7F5D9E884F0} - C:\WINDOWS\admgcx.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt e um novo log do HijackThis na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 08-02-25.3 - Administrador 2008-02-29 1:00:12.5 - NTFSx86

    Executando de: C:\ComboFix.exe

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

    C:\WINDOWS\privacy_danger

    C:\WINDOWS\privacy_danger\images\capt.gif

    C:\WINDOWS\privacy_danger\images\danger.jpg

    C:\WINDOWS\privacy_danger\images\down.gif

    C:\WINDOWS\privacy_danger\images\spacer.gif

    C:\WINDOWS\privacy_danger\index.htm

    ----- BITS: Possible infected sites -----

    hxxp://onsafepro.com

    hxxp://softworldnetwork.com

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))))

    .

    2008-02-29 00:58 . 2008-02-28 12:29 1,573,742 --a--c--- C:\ComboFix.exe

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Vso

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\ViStart

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\TuneUp Software

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Talkback

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Snapfish

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Simple Star

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Publish Providers

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\NetMedia Providers

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\MegauploadToolbar

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InterTrust

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\fltk.org

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Feedreader

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\DivX

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d----c--- C:\Arquivos de programas\VSO

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d----c--- C:\Arquivos de programas\SopCast

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d----c--- C:\Arquivos de programas\DVDVideoSoft

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

    2008-02-29 00:48 . 2008-02-29 00:48 <DIR> d-------- C:\VundoFix Backups

    2008-02-29 00:48 . 2008-02-29 00:48 <DIR> d-------- C:\LinhaDefensiva

    2008-02-29 00:48 . 2008-02-29 00:48 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Stardock

    2008-02-28 12:30 . 2008-02-29 00:48 <DIR> d----c--- C:\QooBox(2)

    2008-02-28 11:56 . 2008-02-29 00:48 <DIR> d----c--- C:\ComboFix(2)

    2008-02-24 15:39 . 2008-02-29 00:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn

    2008-02-24 15:39 . 2008-02-24 15:39 1,409 --a------ C:\WINDOWS\QTFont.for

    2008-02-23 18:52 . 2008-02-23 21:13 1,917 --a------ C:\WINDOWS\imsins.BAK

    2008-02-23 18:05 . 2008-02-23 18:06 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Help(2)

    2008-02-20 08:44 . 2008-02-23 15:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

    2008-02-20 00:41 . 2007-02-28 13:02 2,184,576 --a------ C:\WINDOWS\system32\ntoskrnl.exe.zottel

    2008-02-20 00:41 . 2007-02-28 13:02 2,061,824 --a------ C:\WINDOWS\system32\ntkrnlpa.exe.zottel

    2008-02-19 11:19 . 2008-02-19 11:19 <DIR> d----c--- C:\Arquivos de programas\CCleaner

    2008-02-17 01:26 . 2008-02-17 10:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

    2008-02-17 01:09 . 2008-02-17 01:09 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

    2008-02-17 00:25 . 2006-05-05 06:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys

    2008-02-16 22:52 . 2008-02-16 22:52 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

    2008-02-16 22:52 . 2008-02-16 22:52 <DIR> d-------- C:\Documents and Settings\Rose\Configuraþ§es locais

    2008-02-16 22:52 . 2008-02-16 22:52 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

    2008-02-16 22:52 . 2008-02-16 22:52 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

    2008-02-16 22:50 . 2008-02-17 15:29 <DIR> d--h----- C:\WINDOWS\$hf_mig$

    2008-02-16 20:44 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

    2008-02-16 20:44 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

    2008-02-16 20:44 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

    2008-02-16 03:00 . 2008-02-16 03:00 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

    2008-02-16 03:00 . 2008-02-16 03:00 47,360 --a------ C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.sys

    2008-02-16 02:34 . 2008-02-16 16:23 <DIR> d----c--- C:\Arquivos de programas\PianoFX

    2008-02-16 02:34 . 2000-08-21 00:00 1,693,968 --a------ C:\WINDOWS\system32\VBA6.DLL

    2008-02-16 00:48 . 2008-02-15 19:23 282,624 --a------ C:\WINDOWS\dmdvpndto.dll

    2008-02-16 00:48 . 2008-02-15 19:23 270,336 --a------ C:\WINDOWS\admgcx.dll

    2008-02-16 00:48 . 2008-02-15 19:23 81,920 --a------ C:\WINDOWS\fsxloqf.exe

    2008-02-12 14:15 . 2008-02-12 14:15 796,672 --a------ C:\WINDOWS\GPInstall.exe

    2008-02-10 02:31 . 2008-02-10 02:31 <DIR> d----c--- C:\Arquivos de programas\Macromedia

    2008-02-10 02:23 . 2008-02-11 11:59 <DIR> d----c--- C:\Arquivos de programas\VDJ5

    2008-02-10 02:23 . 2005-11-30 21:20 2,314,332 --a------ C:\WINDOWS\system32\LIBMMD.DLL

    2008-02-10 02:23 . 1998-06-23 22:00 609,584 --a------ C:\WINDOWS\system32\comctl32.ocx

    2008-02-10 02:23 . 2001-03-13 11:49 120,320 --a------ C:\WINDOWS\system32\comdlg32.ocx

    2008-02-10 02:23 . 2000-05-22 15:58 115,920 --a------ C:\WINDOWS\system32\msinet.ocx

    2008-02-10 01:53 . 2008-02-10 01:53 <DIR> d----c--- C:\Arquivos de programas\EPCTV

    2008-02-10 01:13 . 2008-02-29 00:48 <DIR> d----c--- C:\Downloads

    2008-02-09 13:23 . 2008-02-14 00:48 <DIR> d-------- C:\Documents and Settings\Rogério\Dados de aplicativos\ppStream

    2008-02-09 11:41 . 2008-02-09 13:22 <DIR> d----c--- C:\Arquivos de programas\InternetPlayer

    2008-02-08 22:45 . 2008-02-08 22:45 <DIR> d----c--- C:\Arquivos de programas\Guitar Pro 5

    2008-02-05 18:34 . 2008-02-05 18:34 <DIR> d----c--- C:\Arquivos de programas\Mediacenter

    2008-02-03 20:03 . 2008-02-03 21:49 <DIR> d-------- C:\Documents and Settings\Rogério\Dados de aplicativos\uTorrent

    2008-02-03 20:03 . 2008-02-03 20:03 <DIR> d-------- C:\Documents and Settings\Rogério\Arquivos de programas

    2008-02-03 20:03 . 2008-02-03 20:03 <DIR> d-------- C:\Documents and Settings\Rogério\Arquivos de programas

    2008-02-02 14:23 . 2008-02-02 14:23 268 --ah-c--- C:\sqmdata19.sqm

    2008-02-02 14:23 . 2008-02-02 14:23 244 --ah-c--- C:\sqmnoopt19.sqm

    2008-02-02 11:09 . 2008-02-02 11:09 268 --ah-c--- C:\sqmdata18.sqm

    2008-02-02 11:09 . 2008-02-02 11:09 244 --ah-c--- C:\sqmnoopt18.sqm

    2008-01-30 17:28 . 2008-02-11 09:04 <DIR> d-------- C:\Documents and Settings\Rose\Dados de aplicativos\Apple Computer

    2008-01-29 23:18 . 2008-01-31 06:52 <DIR> d----c--- C:\Arquivos de programas\eMule

    2008-01-29 17:42 . 2008-02-08 18:47 <DIR> d-------- C:\Documents and Settings\Angélica\Dados de aplicativos\MEGAUPLOADTOOLBAR

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-02-29 03:49 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

    2008-02-20 03:41 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

    2008-02-14 03:45 --------- d-----w C:\Documents and Settings\Rogério\Dados de aplicativos\Ahead

    2008-02-08 22:20 --------- d-----w C:\Documents and Settings\Rogério\Dados de aplicativos\Apple Computer

    2008-02-06 21:39 --------- d-----w C:\Documents and Settings\Rosâna\Dados de aplicativos\MEGAUPLOADTOOLBAR

    2008-02-05 14:58 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

    2008-02-05 14:15 --------- dc----w C:\Arquivos de programas\uTorrent

    2008-02-04 20:23 --------- d-----w C:\Documents and Settings\Angélica\Dados de aplicativos\Apple Computer

    2008-01-31 22:13 --------- d-----w C:\Documents and Settings\Rose\Dados de aplicativos\MEGAUPLOADTOOLBAR

    2008-01-28 19:01 --------- d-----w C:\Documents and Settings\Rosâna\Dados de aplicativos\fltk.org

    2008-01-28 17:44 --------- d-----w C:\Documents and Settings\Rosâna\Dados de aplicativos\Apple Computer

    2008-01-26 01:53 --------- dc----w C:\Arquivos de programas\QuickTime

    2008-01-24 04:57 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

    2008-01-24 04:45 --------- dc----w C:\Arquivos de programas\iTunes

    2008-01-24 04:45 --------- dc----w C:\Arquivos de programas\iPod

    2008-01-24 04:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

    2008-01-24 04:43 --------- dc----w C:\Arquivos de programas\Bonjour

    2008-01-24 04:41 --------- dc----w C:\Arquivos de programas\Apple Software Update

    2008-01-24 04:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple

    2008-01-24 04:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Apple

    2008-01-24 01:57 --------- dc----w C:\Arquivos de programas\vdownloader

    2008-01-22 14:07 --------- d-----w C:\Arquivos de programas\Google

    2008-01-22 03:56 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

    2008-01-22 03:45 --------- dc----w C:\Arquivos de programas\Syncsoft

    2008-01-13 01:27 --------- d-----w C:\Arquivos de programas\Jogos roms

    2008-01-12 20:25 --------- d-----w C:\Documents and Settings\Rogério\Dados de aplicativos\fltk.org

    2008-01-11 12:28 --------- dc----w C:\Arquivos de programas\Project64 1.7.0.55

    2008-01-02 23:47 --------- dc----w C:\Arquivos de programas\Windows Live

    2008-01-02 23:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

    2007-12-28 19:35 --------- d-----w C:\Documents and Settings\Angélica\Dados de aplicativos\Talkback

    2007-12-28 16:24 --------- d-----w C:\Documents and Settings\Rogério\Dados de aplicativos\Talkback

    2007-12-28 11:51 --------- d-----w C:\Documents and Settings\Rose\Dados de aplicativos\Talkback

    2007-12-28 09:44 --------- d-----w C:\Documents and Settings\Rosâna\Dados de aplicativos\Talkback

    2007-12-21 00:32 543,744 ----a-w C:\WINDOWS\system32\winlogon.exe

    2007-12-10 19:52 149,646 ----a-w C:\WINDOWS\addreg.exe

    2007-12-10 19:51 8,042 ----a-w C:\WINDOWS\PP.reg

    2007-12-10 19:51 22,528 ----a-w C:\WINDOWS\system32\Partizan.exe

    2007-12-07 01:07 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

    .

    ------- Sigcheck -------

    bf838d5fbd322c60f4c845b735311467 C:\WINDOWS\system32\winlogon.exe

    ----a-w 543,744 2007-12-21 00:32:56 C:\WINDOWS\system32\winlogon.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82A8A280-F026-413E-88EA-BD2A951E6FD5}]

    2008-02-15 19:23 282624 --a------ C:\WINDOWS\dmdvpndto.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

    "msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 10:34 5724184]

    "ViStart"="C:\Documents and Settings\Administrador\Desktop\vistart_brazilian_skin_default\ViStart" [ ]

    "PhotoShow Deluxe Media Manager"="C:\ARQUIV~1\Nero\data\Xtras\mssysmgr.exe" [2005-02-25 21:28 212992]

    "feedreader.exe"="C:\Arquivos de programas\FeedReader30\feedreader.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2008-01-10 14:27 385024]

    "WinampAgent"="C:\Arquivos de programas\Winamp\wianmpa.exe" [ ]

    "SoundMan"="SOUNDMAN.EXE" [2006-01-11 20:08 577536 C:\WINDOWS\SOUNDMAN.EXE]

    "SiSPower"="SiSPower.dll" [2006-03-09 08:04 49152 C:\WINDOWS\system32\SiSPower.dll]

    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

    "mngrss"="C:\WINDOWS\mngrss.exe" [ ]

    "KiweeHook"="C:\Arquivos de programas\Kiwee Toolbar\kwtbaim.exe" [ ]

    "iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-01-15 02:22 267048]

    "GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

    "Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [ ]

    "GlobalFlagorkutkut"="C:\WINDOWS\system32\orkutkut.exe" [ ]

    "GlobalFlagACER"="C:\WINDOWS\system32\ACER.exe" [ ]

    "Flashget"="C:\Arquivos de programas\FlashGet\FlashGet.exe" [ ]

    "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

    "AGRSMMSG"="AGRSMMSG.exe" [2006-02-15 21:51 88365 C:\WINDOWS\AGRSMMSG.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:45 15360]

    "msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 10:34 5724184]

    C:\Documents and Settings\Rosƒna\Menu Iniciar\Programas\Inicializar\

    Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

    C:\Documents and Settings\Ang‚lica\Menu Iniciar\Programas\Inicializar\

    Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

    C:\Documents and Settings\Rose\Menu Iniciar\Programas\Inicializar\

    Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

    Sum rio do OneNote.onetoc2 [2007-12-29 09:17:21 3656]

    C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

    Sum rio do OneNote.onetoc2 [2007-08-23 22:47:26 3656]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

    Source= file:///C:\WINDOWS\privacy_danger\index.htm

    FriendlyName= Privacy Protection

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

    "admgcx"= {D94E77BE-9D1B-4EB6-95CE-F7F5D9E884F0} - C:\WINDOWS\admgcx.dll [2008-02-15 19:23 270336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

    "UIHost"="LogonUI.EXE"

    S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [2007-12-10 16:51]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21d202ce-9441-11dc-9611-000ffeb59738}]

    \Shell\Auto\command - E:\fun.xls.exe

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    "2008-02-15 20:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"

    - C:\Arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe

    "2008-02-05 15:13:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-02-29 01:04:03

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-02-29 1:09:38

    ComboFix-quarantined-files.txt 2008-02-29 04:09:34

    ComboFix2.txt 2008-02-28 15:40:07

    .

    2008-02-29 01:27:49 --- E O F ---

    hijackthis

    Logfile of HijackThis v1.99.1

    Scan saved at 01:17:36, on 29/2/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\Explorer.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Arquivos de programas\QuickTime\QTTask.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

    C:\ARQUIV~1\Nero\data\Xtras\mssysmgr.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Downloads\hijackthis(2)\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: SXG Advisor - {82A8A280-F026-413E-88EA-BD2A951E6FD5} - C:\WINDOWS\dmdvpndto.dll

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\wianmpa.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [mngrss] C:\WINDOWS\mngrss.exe

    O4 - HKLM\..\Run: [KiweeHook] "C:\Arquivos de programas\Kiwee Toolbar\kwtbaim.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - HKLM\..\Run: [GlobalFlagorkutkut] C:\WINDOWS\system32\orkutkut.exe

    O4 - HKLM\..\Run: [GlobalFlagACER] C:\WINDOWS\system32\ACER.exe

    O4 - HKLM\..\Run: [Flashget] "C:\Arquivos de programas\FlashGet\FlashGet.exe" /min

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [ViStart] C:\Documents and Settings\Administrador\Desktop\vistart_brazilian_skin_default\ViStart

    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\ARQUIV~1\Nero\data\Xtras\mssysmgr.exe

    O4 - HKCU\..\Run: [feedreader.exe] "C:\Arquivos de programas\FeedReader30\feedreader.exe"

    O4 - Startup: Sumário do OneNote.onetoc2

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195354777796

    O17 - HKLM\System\CCS\Services\Tcpip\..\{9D7248FD-BA77-4A81-AD9D-03BFD01E47EB}: NameServer = 10.0.113.1

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O21 - SSODL: admgcx - {D94E77BE-9D1B-4EB6-95CE-F7F5D9E884F0} - C:\WINDOWS\admgcx.dll

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

    File::
    C:\WINDOWS\dmdvpndto.dll
    C:\WINDOWS\admgcx.dll
    C:\WINDOWS\fsxloqf.exe
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82A8A280-F026-413E-88EA-BD2A951E6FD5}]
    [-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "admgcx"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21d202ce-9441-11dc-9611-000ffeb59738}]

    - Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

    CF_Script.gif

    O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

    Não use o mouse nem o teclado quando o ComboFix estiver rodando.

    Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

    Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

    Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 08-02-25.3 - Administrador 2008-03-01 13:09:03.6 - NTFSx86

    Executando de: C:\ComboFix.exe

    Command switches used :: C:\CFScript.txt

    * Criado um novo ponto de restauro

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::

    C:\WINDOWS\admgcx.dll

    C:\WINDOWS\dmdvpndto.dll

    C:\WINDOWS\fsxloqf.exe

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

    C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

    C:\WINDOWS\admgcx.dll

    C:\WINDOWS\dat.txt

    C:\WINDOWS\dmdvpndto.dll

    C:\WINDOWS\fsxloqf.exe

    C:\WINDOWS\privacy_danger

    C:\WINDOWS\privacy_danger\images\capt.gif

    C:\WINDOWS\privacy_danger\images\danger.jpg

    C:\WINDOWS\privacy_danger\images\down.gif

    C:\WINDOWS\privacy_danger\images\spacer.gif

    C:\WINDOWS\privacy_danger\index.htm

    C:\WINDOWS\rs.txt

    C:\WINDOWS\search_res.txt

    ----- BITS: Possible infected sites -----

    hxxp://softworldnetwork.com

    hxxp://softworldnetwork2.com

    hxxp://onsafepro.com

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))))

    .

    2008-02-29 00:58 . 2008-02-28 12:29 1,573,742 --a--c--- C:\ComboFix.exe

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Vso

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Talkback

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Snapfish

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\NetMedia Providers

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\fltk.org

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\DivX

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d----c--- C:\Arquivos de programas\VSO

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d----c--- C:\Arquivos de programas\SopCast

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d----c--- C:\Arquivos de programas\DVDVideoSoft

    2008-02-29 00:49 . 2008-02-29 00:49 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft

    2008-02-29 00:48 . 2008-02-29 00:48 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Stardock

    2008-02-28 12:30 . 2008-02-29 00:48 <DIR> d----c--- C:\QooBox(2)

    2008-02-28 11:56 . 2008-02-29 00:48 <DIR> d----c--- C:\ComboFix(2)

    2008-02-24 15:39 . 2008-03-01 12:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn

    2008-02-24 15:39 . 2008-02-24 15:39 1,409 --a------ C:\WINDOWS\QTFont.for

    2008-02-23 18:52 . 2008-02-23 21:13 1,917 --a------ C:\WINDOWS\imsins.BAK

    2008-02-23 18:05 . 2008-02-23 18:06 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Help(2)

    2008-02-20 08:44 . 2008-02-23 15:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

    2008-02-20 00:41 . 2007-02-28 13:02 2,184,576 --a------ C:\WINDOWS\system32\ntoskrnl.exe.zottel

    2008-02-20 00:41 . 2007-02-28 13:02 2,061,824 --a------ C:\WINDOWS\system32\ntkrnlpa.exe.zottel

    2008-02-19 11:19 . 2008-02-19 11:19 <DIR> d----c--- C:\Arquivos de programas\CCleaner

    2008-02-17 01:09 . 2008-02-17 01:09 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

    2008-02-17 00:25 . 2006-05-05 06:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys

    2008-02-16 22:52 . 2008-02-16 22:52 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

    2008-02-16 22:52 . 2008-02-16 22:52 <DIR> d-------- C:\Documents and Settings\Rose\Configuraþ§es locais

    2008-02-16 22:52 . 2008-02-16 22:52 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

    2008-02-16 22:52 . 2008-02-16 22:52 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

    2008-02-16 22:50 . 2008-02-17 15:29 <DIR> d--h----- C:\WINDOWS\$hf_mig$

    2008-02-16 20:44 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

    2008-02-16 20:44 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

    2008-02-16 20:44 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

    2008-02-16 03:00 . 2008-02-16 03:00 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

    2008-02-16 03:00 . 2008-02-16 03:00 47,360 --a------ C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.sys

    2008-02-16 02:34 . 2008-02-16 16:23 <DIR> d----c--- C:\Arquivos de programas\PianoFX

    2008-02-16 02:34 . 2000-08-21 00:00 1,693,968 --a------ C:\WINDOWS\system32\VBA6.DLL

    2008-02-12 14:15 . 2008-02-12 14:15 796,672 --a------ C:\WINDOWS\GPInstall.exe

    2008-02-10 02:31 . 2008-02-10 02:31 <DIR> d----c--- C:\Arquivos de programas\Macromedia

    2008-02-10 02:23 . 2008-02-11 11:59 <DIR> d----c--- C:\Arquivos de programas\VDJ5

    2008-02-10 02:23 . 2005-11-30 21:20 2,314,332 --a------ C:\WINDOWS\system32\LIBMMD.DLL

    2008-02-10 02:23 . 1998-06-23 22:00 609,584 --a------ C:\WINDOWS\system32\comctl32.ocx

    2008-02-10 02:23 . 2001-03-13 11:49 120,320 --a------ C:\WINDOWS\system32\comdlg32.ocx

    2008-02-10 02:23 . 2000-05-22 15:58 115,920 --a------ C:\WINDOWS\system32\msinet.ocx

    2008-02-10 01:53 . 2008-02-10 01:53 <DIR> d----c--- C:\Arquivos de programas\EPCTV

    2008-02-10 01:13 . 2008-02-29 00:48 <DIR> d----c--- C:\Downloads

    2008-02-09 13:23 . 2008-02-14 00:48 <DIR> d-------- C:\Documents and Settings\Rogério\Dados de aplicativos\ppStream

    2008-02-09 11:41 . 2008-02-09 13:22 <DIR> d----c--- C:\Arquivos de programas\InternetPlayer

    2008-02-08 22:45 . 2008-02-08 22:45 <DIR> d----c--- C:\Arquivos de programas\Guitar Pro 5

    2008-02-05 18:34 . 2008-02-05 18:34 <DIR> d----c--- C:\Arquivos de programas\Mediacenter

    2008-02-03 20:03 . 2008-02-03 21:49 <DIR> d-------- C:\Documents and Settings\Rogério\Dados de aplicativos\uTorrent

    2008-02-03 20:03 . 2008-02-03 20:03 <DIR> d-------- C:\Documents and Settings\Rogério\Arquivos de programas

    2008-02-03 20:03 . 2008-02-03 20:03 <DIR> d-------- C:\Documents and Settings\Rogério\Arquivos de programas

    2008-02-02 14:23 . 2008-02-02 14:23 268 --ah-c--- C:\sqmdata19.sqm

    2008-02-02 14:23 . 2008-02-02 14:23 244 --ah-c--- C:\sqmnoopt19.sqm

    2008-02-02 11:09 . 2008-02-02 11:09 268 --ah-c--- C:\sqmdata18.sqm

    2008-02-02 11:09 . 2008-02-02 11:09 244 --ah-c--- C:\sqmnoopt18.sqm

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-02-29 03:49 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

    2008-02-20 03:41 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

    2008-02-14 03:45 --------- d-----w C:\Documents and Settings\Rogério\Dados de aplicativos\Ahead

    2008-02-11 12:04 --------- d-----w C:\Documents and Settings\Rose\Dados de aplicativos\Apple Computer

    2008-02-08 22:20 --------- d-----w C:\Documents and Settings\Rogério\Dados de aplicativos\Apple Computer

    2008-02-08 21:47 --------- d-----w C:\Documents and Settings\Angélica\Dados de aplicativos\MEGAUPLOADTOOLBAR

    2008-02-06 21:39 --------- d-----w C:\Documents and Settings\Rosâna\Dados de aplicativos\MEGAUPLOADTOOLBAR

    2008-02-05 14:58 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

    2008-02-05 14:15 --------- dc----w C:\Arquivos de programas\uTorrent

    2008-02-04 20:23 --------- d-----w C:\Documents and Settings\Angélica\Dados de aplicativos\Apple Computer

    2008-01-31 22:13 --------- d-----w C:\Documents and Settings\Rose\Dados de aplicativos\MEGAUPLOADTOOLBAR

    2008-01-31 09:52 --------- dc----w C:\Arquivos de programas\eMule

    2008-01-28 19:01 --------- d-----w C:\Documents and Settings\Rosâna\Dados de aplicativos\fltk.org

    2008-01-28 17:44 --------- d-----w C:\Documents and Settings\Rosâna\Dados de aplicativos\Apple Computer

    2008-01-26 01:53 --------- dc----w C:\Arquivos de programas\QuickTime

    2008-01-24 04:57 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

    2008-01-24 04:45 --------- dc----w C:\Arquivos de programas\iTunes

    2008-01-24 04:45 --------- dc----w C:\Arquivos de programas\iPod

    2008-01-24 04:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

    2008-01-24 04:43 --------- dc----w C:\Arquivos de programas\Bonjour

    2008-01-24 04:41 --------- dc----w C:\Arquivos de programas\Apple Software Update

    2008-01-24 04:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple

    2008-01-24 04:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Apple

    2008-01-24 01:57 --------- dc----w C:\Arquivos de programas\vdownloader

    2008-01-22 14:07 --------- d-----w C:\Arquivos de programas\Google

    2008-01-22 03:45 --------- dc----w C:\Arquivos de programas\Syncsoft

    2008-01-13 01:27 --------- d-----w C:\Arquivos de programas\Jogos roms

    2008-01-12 20:25 --------- d-----w C:\Documents and Settings\Rogério\Dados de aplicativos\fltk.org

    2008-01-11 12:28 --------- dc----w C:\Arquivos de programas\Project64 1.7.0.55

    2008-01-02 23:47 --------- dc----w C:\Arquivos de programas\Windows Live

    2008-01-02 23:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

    2007-12-21 00:32 543,744 ----a-w C:\WINDOWS\system32\winlogon.exe

    2007-12-10 19:52 149,646 ----a-w C:\WINDOWS\addreg.exe

    2007-12-10 19:51 8,042 ----a-w C:\WINDOWS\PP.reg

    2007-12-10 19:51 22,528 ----a-w C:\WINDOWS\system32\Partizan.exe

    2007-12-07 01:07 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

    .

    ------- Sigcheck -------

    bf838d5fbd322c60f4c845b735311467 C:\WINDOWS\system32\winlogon.exe

    ----a-w 543,744 2007-12-21 00:32:56 C:\WINDOWS\system32\winlogon.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

    "msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 10:34 5724184]

    "ViStart"="C:\Documents and Settings\Administrador\Desktop\vistart_brazilian_skin_default\ViStart" [ ]

    "PhotoShow Deluxe Media Manager"="C:\ARQUIV~1\Nero\data\Xtras\mssysmgr.exe" [2005-02-25 21:28 212992]

    "feedreader.exe"="C:\Arquivos de programas\FeedReader30\feedreader.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2008-01-10 14:27 385024]

    "WinampAgent"="C:\Arquivos de programas\Winamp\wianmpa.exe" [ ]

    "SoundMan"="SOUNDMAN.EXE" [2006-01-11 20:08 577536 C:\WINDOWS\SOUNDMAN.EXE]

    "SiSPower"="SiSPower.dll" [2006-03-09 08:04 49152 C:\WINDOWS\system32\SiSPower.dll]

    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

    "mngrss"="C:\WINDOWS\mngrss.exe" [ ]

    "KiweeHook"="C:\Arquivos de programas\Kiwee Toolbar\kwtbaim.exe" [ ]

    "iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-01-15 02:22 267048]

    "GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

    "Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [ ]

    "GlobalFlagorkutkut"="C:\WINDOWS\system32\orkutkut.exe" [ ]

    "GlobalFlagACER"="C:\WINDOWS\system32\ACER.exe" [ ]

    "Flashget"="C:\Arquivos de programas\FlashGet\FlashGet.exe" [ ]

    "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

    "AGRSMMSG"="AGRSMMSG.exe" [2006-02-15 21:51 88365 C:\WINDOWS\AGRSMMSG.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:45 15360]

    "msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 10:34 5724184]

    C:\Documents and Settings\Rosƒna\Menu Iniciar\Programas\Inicializar\

    Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

    C:\Documents and Settings\Ang‚lica\Menu Iniciar\Programas\Inicializar\

    Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

    C:\Documents and Settings\Rose\Menu Iniciar\Programas\Inicializar\

    Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

    Sum rio do OneNote.onetoc2 [2007-12-29 09:17:21 3656]

    C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

    Sum rio do OneNote.onetoc2 [2007-08-23 22:47:26 3656]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

    "UIHost"="LogonUI.EXE"

    S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [2007-12-10 16:51]

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    "2008-02-15 20:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"

    - C:\Arquivos de programas\TuneUp Utilities 2007\SystemOptimizer.exe

    "2008-02-05 15:13:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-03-01 13:12:58

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-03-01 13:17:10

    ComboFix-quarantined-files.txt 2008-03-01 16:16:47

    ComboFix2.txt 2008-02-28 15:40:07

    .

    2008-03-01 04:12:03 --- E O F ---

    HijackThis

    Logfile of HijackThis v1.99.1

    Scan saved at 13:28:09, on 1/3/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\Explorer.exe

    C:\Arquivos de programas\QuickTime\QTTask.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

    C:\ARQUIV~1\Nero\data\Xtras\mssysmgr.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Downloads\hijackthis(2)\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\wianmpa.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [mngrss] C:\WINDOWS\mngrss.exe

    O4 - HKLM\..\Run: [KiweeHook] "C:\Arquivos de programas\Kiwee Toolbar\kwtbaim.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - HKLM\..\Run: [GlobalFlagorkutkut] C:\WINDOWS\system32\orkutkut.exe

    O4 - HKLM\..\Run: [GlobalFlagACER] C:\WINDOWS\system32\ACER.exe

    O4 - HKLM\..\Run: [Flashget] "C:\Arquivos de programas\FlashGet\FlashGet.exe" /min

    O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [ViStart] C:\Documents and Settings\Administrador\Desktop\vistart_brazilian_skin_default\ViStart

    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\ARQUIV~1\Nero\data\Xtras\mssysmgr.exe

    O4 - HKCU\..\Run: [feedreader.exe] "C:\Arquivos de programas\FeedReader30\feedreader.exe"

    O4 - Startup: Sumário do OneNote.onetoc2

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195354777796

    O17 - HKLM\System\CCS\Services\Tcpip\..\{9D7248FD-BA77-4A81-AD9D-03BFD01E47EB}: NameServer = 10.0.113.1

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Faça o download do BankerFix

    Importante: A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.

    Clique em OK na primeira e na segunda vez que aparecerem caixas de mensagem. Se você estiver executando o BankerFix pela segunda vez, ele irá pedir para verificar por uma atualização. Diga que Sim e depois clique em OK.

    Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.

    Ao terminar, leia a mensagem na tela e aperte Enter novamente. Quando ele terminar, cole o conteúdo do arquivo C:\LinhaDefensiva\relatorio.txt na sua resposta;

    - Gere também um novo log do HijackThis para colocar na sua resposta.

    - Apague a pasta:

    C:\LinhaDefensiva

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×