Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
fermenega

AnÁlise de log - situaÇÃo delicadissima!!!

Recommended Posts

Buenas srs. Analistas!!!

Bom, segui os passos e estão aí os dois LOGS!

O problema é o seguinte: não consigo instalar um anti-virus (já tentei Avast, Avg, Kasperski e Panda), nem abrir páginas no explorer (tanto online quanto offline...); a inicialização está LENTÍSSIMA (aparece uma tela azul entre as boas vindas e o plano de fundo), dentre outros problemas... Tô numa situação delicada =/. Por favor, ajudem-me!!!! Abração, valeu!!!

DDS (Ver_09-03-16.01) - NTFSx86

Run by Fernando Menegat at 22:50:53,95 on 02/04/2009

Internet Explorer: 7.0.6000.16809

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.55.1046.18.1014.326 [GMT -3:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

C:\Windows\system32\UI0Detect.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehmsas.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Fernando Menegat\Desktop\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.orkut.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\program files\scpad\scpsssh2.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.7.4.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [noun hide] "c:\programdata\play mail mail.qxqhn7"

uRun: [sHIM LINK FREE BALL] "c:\programdata\Clock Pop Poll.gnzg3yc"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"

mRun: [ALUAlert] c:\program files\symantec\liveupdate\ALuNotify.exe

mRun: [NWEReboot]

mRun: [WinampAgent] c:\program files\winamp\winampa.exe

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Baixar link usando &BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: Baixar todos os links usando BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: Baixar todos os vídeos usando BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} - c:\program files\bitcomet\tools\BitCometBHO_1.1.7.4.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: igfxcui - igfxdev.dll

SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\program files\scpad\scpLIB.dll

STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\program files\scpad\scpLIB.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\fernan~1\appdata\roaming\mozilla\firefox\profiles\kwfqk1y6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com/

FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - component: c:\users\fernando menegat\appdata\roaming\mozilla\firefox\profiles\kwfqk1y6.default\extensions\piclens@cooliris.com\components\piclensstub.dll

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-16 325640]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-16 107912]

S2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;c:\program files\symantec\liveupdate\AluSchedulerSvc.exe [2007-6-16 554616]

S2 scpVista;scpVista;c:\program files\scpad\scpVista.exe [2008-3-31 118328]

S2 SerND;Server Network Debug;c:\windows\system32\netdebug.exe -k localservice --> c:\windows\system32\NetDebug.exe -k LocalService [?]

S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-11-25 73600]

S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-11-25 43904]

=============== Created Last 30 ================

2009-03-16 13:13 2,048 a------- c:\windows\system32\tzres.dll

2009-03-16 12:59 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files

2009-03-16 12:59 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files

2009-03-16 12:47 241,152 a------- c:\windows\system32\PortableDeviceApi.dll

2009-03-16 12:47 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll

2009-03-16 12:47 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll

2009-03-16 12:45 7,680 a------- c:\windows\system32\spwmp.dll

2009-03-16 12:45 4,096 a------- c:\windows\system32\msdxm.ocx

2009-03-16 12:45 4,096 a------- c:\windows\system32\dxmasf.dll

2009-03-16 12:45 8,147,968 a------- c:\windows\system32\wmploc.DLL

2009-03-16 12:36 269,824 a------- c:\windows\system32\schannel.dll

2009-03-16 12:36 290,304 a------- c:\windows\system32\drivers\srv.sys

2009-03-16 12:36 1,645,568 a------- c:\windows\system32\connect.dll

2009-03-16 12:36 2,028,032 a------- c:\windows\system32\win32k.sys

2009-03-16 12:35 3,505,208 a------- c:\windows\system32\ntkrnlpa.exe

2009-03-16 12:35 3,470,904 a------- c:\windows\system32\ntoskrnl.exe

2009-03-16 12:33 1,341,440 a------- c:\windows\system32\msxml6.dll

2009-03-16 12:33 2,048 a------- c:\windows\system32\msxml6r.dll

2009-03-16 12:17 10,520 a------- c:\windows\system32\avgrsstx.dll

2009-03-16 12:17 107,912 a------- c:\windows\system32\drivers\avgtdix.sys

2009-03-16 12:17 325,640 a------- c:\windows\system32\drivers\avgldx86.sys

2009-03-16 12:16 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-03-16 12:16 <DIR> --d----- c:\program files\AVG

2009-03-16 12:16 <DIR> --d----- c:\programdata\avg8

2009-03-16 12:16 <DIR> --d----- c:\progra~2\avg8

2009-03-16 11:56 1,524,736 a------- c:\windows\system32\wucltux.dll

2009-03-16 11:55 83,456 a------- c:\windows\system32\wudriver.dll

2009-03-16 11:55 162,064 a------- c:\windows\system32\wuwebv.dll

2009-03-16 11:55 31,232 a------- c:\windows\system32\wuapp.exe

2009-03-13 21:38 <DIR> --d----- c:\users\fernando menegat\dwhelper

2009-03-11 18:28 6 a------- c:\windows\ini.dat

==================== Find3M ====================

2009-04-02 18:56 505,598 a------- c:\windows\system32\prfh0416.dat

2009-04-02 18:56 82,978 a------- c:\windows\system32\prfc0416.dat

2009-03-25 19:05 93,656 a------- c:\users\fernan~1\appdata\roaming\GDIPFONTCACHEV1.DAT

2009-03-16 13:23 174 a--sh--- c:\program files\desktop.ini

2009-01-15 01:16 826,368 a------- c:\windows\system32\wininet.dll

2009-01-15 01:16 56,320 a------- c:\windows\system32\iesetup.dll

2009-01-15 01:16 52,736 a------- c:\windows\apppatch\iebrshim.dll

2009-01-15 01:15 26,624 a------- c:\windows\system32\ieUnatt.exe

2008-10-12 14:17 86,016 a------- c:\windows\inf\infstrng.dat

2008-10-12 14:17 51,200 a------- c:\windows\inf\infpub.dat

2008-10-12 14:17 86,016 a------- c:\windows\inf\infstor.dat

2008-08-16 10:32 665,600 a------- c:\windows\inf\drvindex.dat

2007-08-11 02:43 87,608 a------- c:\users\fernan~1\appdata\roaming\inst.exe

2007-08-11 02:43 47,360 a------- c:\users\fernan~1\appdata\roaming\pcouffin.sys

2006-11-05 22:29 318,818 a------- c:\windows\inf\perflib\0416\perfi.dat

2006-11-05 22:29 318,818 a------- c:\windows\inf\perflib\0416\perfh.dat

2006-11-05 22:29 37,412 a------- c:\windows\inf\perflib\0416\perfd.dat

2006-11-05 22:29 37,412 a------- c:\windows\inf\perflib\0416\perfc.dat

2006-11-02 06:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 06:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 06:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 06:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

2008-04-02 14:00 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat

2008-04-02 14:00 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2008-04-02 14:00 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

2007-07-24 20:30 22 a--sh--- c:\windows\sminst\HPCD.sys

============= FINISH: 22:52:49,61 ===============

GMER 1.0.15.14966 - http://www.gmer.net

Rootkit scan 2009-04-02 23:37:28

Windows 6.0.6000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\SearchProtocolHost.exe[2492] @ C:\Windows\system32\ole32.dll [uSER32.dll!DialogBoxParamW] [6DB5D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Windows\system32\SearchProtocolHost.exe[2492] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!DialogBoxParamW] [6DB5D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Windows\system32\SearchProtocolHost.exe[2492] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!DialogBoxParamW] [6DB5D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dinâmico/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\tdx \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\tdx \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\tdx \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gerenciador de Filtro do Filesystem Microsoft/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\LogFiles\HTTPERR\httperr1.log (size mismatch) 1363/996 bytes

File C:\Windows\System32\LogFiles\Scm\SCM.EVM (size mismatch) 327680/294912 bytes

File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl (size mismatch) 3512/0 bytes

File C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl (size mismatch) 12288/4096 bytes

---- EOF - GMER 1.0.15 ----

É isso!!! Abraços!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rodei nesse combo fiz, mas no meio da verificação reiniciou sozinho do nada...

agora nao inicializa mais, fica a tela azul, e eu nao consigo desligar o pc senão à força...

TENHO DOCUMENTOS IMPORTANTES NA PASTA MEUS DOCUMENTOS, nao posso formatar sem ter copia disso...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização)

Rode o combofix em modo seguro e depois cole aqui o resultado.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá,

Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização)

Rode o combofix em modo seguro e depois cole aqui o resultado.

Abraço

O log em MS de erro (disse que nao tenho privilegio de administrador, mas tenho), reiniciei, cancelei e estou tentando de novo, novamente em modo normal! Espero que dê certo =p

Compartilhar este post


Link para o post
Compartilhar em outros sites

FINALMENTE!!!

ComboFix 09-04-01.01 - Fernando Menegat 2009-04-03 10:51:42.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1046.18.1014.320 [GMT -3:00]

Executando de: c:\users\Fernando Menegat\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- -------

.

c:\users\Fernando Menegat\AppData\Roaming\inst.exe

c:\windows\system\svchost.exe

c:\windows\system32\x64

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_SerND

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-03 to 2009-04-03 ))))))))))))))))))))))))))))

.

2009-03-16 13:13 . 2008-10-21 20:31 2,048 --a------ c:\windows\System32\tzres.dll

2009-03-16 12:59 . 2009-03-16 12:59 <DIR> d-------- c:\users\All Users\Kaspersky Lab Setup Files

2009-03-16 12:59 . 2009-03-16 12:59 <DIR> d-------- c:\programdata\Kaspersky Lab Setup Files

2009-03-16 12:47 . 2008-10-22 00:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2009-03-16 12:47 . 2008-10-22 00:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll

2009-03-16 12:47 . 2008-10-22 00:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll

2009-03-16 12:45 . 2008-12-16 01:00 8,147,968 --a------ c:\windows\System32\wmploc.DLL

2009-03-16 12:45 . 2008-12-16 02:53 7,680 --a------ c:\windows\System32\spwmp.dll

2009-03-16 12:45 . 2008-12-16 02:53 4,096 --a------ c:\windows\System32\msdxm.ocx

2009-03-16 12:45 . 2008-12-16 02:53 4,096 --a------ c:\windows\System32\dxmasf.dll

2009-03-16 12:36 . 2009-02-08 22:59 2,028,032 --a------ c:\windows\System32\win32k.sys

2009-03-16 12:36 . 2008-10-21 02:16 1,645,568 --a------ c:\windows\System32\connect.dll

2009-03-16 12:36 . 2008-12-16 00:14 290,304 --a------ c:\windows\System32\drivers\srv.sys

2009-03-16 12:36 . 2008-11-27 01:42 269,824 --a------ c:\windows\System32\schannel.dll

2009-03-16 12:35 . 2008-09-18 01:35 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe

2009-03-16 12:35 . 2008-09-18 01:35 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe

2009-03-16 12:33 . 2008-09-10 00:25 1,341,440 --a------ c:\windows\System32\msxml6.dll

2009-03-16 12:33 . 2008-09-10 00:21 2,048 --a------ c:\windows\System32\msxml6r.dll

2009-03-16 12:17 . 2009-03-16 12:17 325,640 --a------ c:\windows\System32\drivers\avgldx86.sys

2009-03-16 12:17 . 2009-03-16 12:17 107,912 --a------ c:\windows\System32\drivers\avgtdix.sys

2009-03-16 12:17 . 2009-03-16 12:17 10,520 --a------ c:\windows\System32\avgrsstx.dll

2009-03-16 12:16 . 2009-03-16 12:25 <DIR> d-------- c:\windows\System32\drivers\Avg

2009-03-16 12:16 . 2009-03-16 12:48 <DIR> d-------- c:\users\All Users\avg8

2009-03-16 12:16 . 2009-03-16 12:48 <DIR> d-------- c:\programdata\avg8

2009-03-16 12:16 . 2009-03-16 12:16 <DIR> d-------- c:\program files\AVG

2009-03-16 11:56 . 2008-10-16 18:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2009-03-16 11:56 . 2008-10-16 17:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2009-03-16 11:56 . 2008-10-16 18:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2009-03-16 11:56 . 2008-10-16 18:09 43,544 --a------ c:\windows\System32\wups2.dll

2009-03-16 11:55 . 2008-10-16 18:12 561,688 --a------ c:\windows\System32\wuapi.dll

2009-03-16 11:55 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2009-03-16 11:55 . 2008-10-16 17:55 83,456 --a------ c:\windows\System32\wudriver.dll

2009-03-16 11:55 . 2008-10-16 18:08 34,328 --a------ c:\windows\System32\wups.dll

2009-03-16 11:55 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2009-03-13 21:38 . 2009-03-13 21:38 <DIR> d-------- c:\users\Fernando Menegat\dwhelper

2009-03-11 18:28 . 2009-04-03 09:39 6 --a------ c:\windows\ini.dat

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-25 22:05 93,656 ----a-w c:\users\Fernando Menegat\AppData\Roaming\GDIPFONTCACHEV1.DAT

2009-03-16 16:23 174 --sha-w c:\program files\desktop.ini

2009-03-16 16:20 --------- d-----w c:\program files\Windows Mail

2009-03-16 16:20 --------- d-----w c:\program files\Microsoft Silverlight

2009-03-16 15:46 --------- d-----w c:\programdata\Avg7

2009-03-16 14:25 --------- d-----w c:\program files\Common Files\Adobe

2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll

2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll

2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe

2007-08-11 05:43 47,360 ----a-w c:\users\Fernando Menegat\AppData\Roaming\pcouffin.sys

2008-10-12 00:11 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2008-10-12 00:11 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2008-10-12 00:11 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2008-10-12 00:11 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2008-10-12 00:11 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-04-02 17:00 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-04-02 17:00 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-04-02 17:00 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2007-07-24 23:30 22 --sha-w c:\windows\SMINST\HPCD.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"noun hide"="c:\programdata\play mail mail.qxqhn7" [X]

"SHIM LINK FREE BALL"="c:\programdata\Clock Pop Poll.gnzg3yc" [X]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-06-16 77824]

"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2007-01-18 484984]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-09-09 196608]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-29 185632]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.avis"= ff_acm.acm

"msacm.l3fhg"= mp3fhg.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"msacm.ac3filter"= ac3filter.acm

"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{705EFC8D-AB89-4A9C-AE8E-9436E419C964}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP

"{70D66D0E-EE90-4B1E-9AFA-C3B872C5A6C6}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP

"TCP Query User{DF21FD95-97F9-4283-88A3-EA0328D54D9A}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{CEC57176-F61D-423C-A983-325EB7183393}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"TCP Query User{74697913-75CD-4D2C-9917-9DEB006313B0}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{E7394533-D6EA-4DDE-89C3-D8FBEE0F9C25}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"{FA305226-0D5F-4C11-A6C0-D8A162FA57D9}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza

"{2A0B5AC0-64A1-416A-8512-4F5A0EF88293}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza

"TCP Query User{87659025-1ED6-4A48-939E-0475E5B6E568}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{F2AC84A6-B006-4204-A14A-383AD598A067}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"TCP Query User{1A6144EA-A5A9-46C5-B4E4-49BBB74122BE}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{9454D853-739A-47D2-812C-41DF70A53E43}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"TCP Query User{14F73BED-D48C-43FD-8B65-2C368FFCBA40}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Barra Lateral do Windows

"UDP Query User{56021B5B-5582-49DB-B940-2AEF6391A8F6}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Barra Lateral do Windows

"{69EA9FB2-06EE-43AE-BE31-247AE8556339}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza

"{F595D364-A6FB-4C54-A266-F934D23FDBE5}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza

"{F5CEB9B5-1123-4B75-A11C-B9F77A83CB98}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-03-16 325640]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-03-16 107912]

S2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2008-03-31 118328]

S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2006-11-25 73600]

S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2006-11-25 43904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acb0eba3-56bf-11dc-a22d-0016d39f55a6}]

\shell\??(O)\command - system.exe

\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8df31ce-d750-11dc-b0fb-0016d39f55a6}]

\shell\AutoRun\command - G:\diskdrive.exe

\shell\open\command - G:\diskdrive.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8df31db-d750-11dc-b0fb-0016d39f55a6}]

\shell\AutoRun\command - diskdrive.exe

\shell\open\command - diskdrive.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-03-16 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-NWEReboot - (no file)

HKLM-RunOnce-<NO NAME> - (no file)

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.orkut.com/

uInternet Settings,ProxyOverride = *.local

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Baixar link usando &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: Baixar todos os links usando BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Baixar todos os vídeos usando BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Fernando Menegat\AppData\Roaming\Mozilla\Firefox\Profiles\kwfqk1y6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com/

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - component: c:\users\Fernando Menegat\AppData\Roaming\Mozilla\Firefox\Profiles\kwfqk1y6.default\extensions\piclens@cooliris.com\components\piclensstub.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-03 10:56:03

Windows 6.0.6000 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2009-04-03 10:57:40

ComboFix-quarantined-files.txt 2009-04-03 13:57:38

Pré-execução: 53,366,984,704 bytes disponíveis

Pós execução: 53,211,029,504 bytes disponíveis

215 --- E O F --- 2009-03-16 16:18:40

Abraços!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

1. Faça o download do Lop Uninstaller

Se ao tentar efetuar o Download, aparecer alguma mensagem de restrição, siga os seguintes passos:

  • Abra o Internet Explorer, clique em Ferramentas em seguida Opções da Internet, clique na guia Segurança clique em Sites Confiáveis e em seguida clique em Sites, no campo Adicionar este site à zona coloque:
    http://lop.com e clique em Adicionar
  • Desmarque a opção: Exigir Verificação do Servidor(https)
  • Clique em Ok em todas as janelas e tente realizar o download novamente.

Se o seu antivírus detectar algum problema no arquivo, ignore. O arquivo é seguro.

Desabilite seu antivírus e qualquer anti spyware. Rode-o. Coloque os números e confirme.

  • Abra novamente o Internet Explorer, clique em Ferramentas em seguida Opções da Internet, clique na guia Segurança clique em Sites Confiáveis em seguida clique em Sites.
  • Clique em: http://lop.com e clique em Remover.
  • Clique em Ok em todas as janelas.

2. Conecte o seu pendrive, mas não execute nada dele.

3. Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

4. Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Mostrar":


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acb0eba3-56bf-11dc-a22d-0016d39f55a6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8df31ce-d750-11dc-b0fb-0016d39f55a6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8df31db-d750-11dc-b0fb-0016d39f55a6}]
Registry::

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Cole o conteúdo desse arquivo C:\ComboFix.txt.

5. Faça o download de Panda USB Vaccine e salve no desktop.

  • Retire o arquivo do zip para o seu desktop. Será gerado uma novapasta com o nome: USBVaccine.
  • Duplo clique nessa pasta e depois dê duplo clique no arquivo USBVaccine.exe e clique em Run.
  • Clique no botão "Vaccinate computer".
  • Conecte agora o seu pendrive (USB). Quando o nome aparecer na caixa, clique no botão "Vaccinate USB".
  • Clique na seta vermelha para sair do programa.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fala amigo!!!

Completei o passo 4 agora mesmo, eis o LOG do Combofix unido àquele bloco de notas.

ComboFix 09-04-01.01 - Fernando Menegat 2009-04-03 14:11:35.4 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1046.18.1014.273 [GMT -3:00]

Executando de: c:\users\Fernando Menegat\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Fernando Menegat\Desktop\CFScript.txt

* Criado um novo ponto de restauro

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-03 to 2009-04-03 ))))))))))))))))))))))))))))

.

2009-03-16 13:13 . 2008-10-21 20:31 2,048 --a------ c:\windows\System32\tzres.dll

2009-03-16 12:59 . 2009-03-16 12:59 <DIR> d-------- c:\users\All Users\Kaspersky Lab Setup Files

2009-03-16 12:59 . 2009-03-16 12:59 <DIR> d-------- c:\programdata\Kaspersky Lab Setup Files

2009-03-16 12:47 . 2008-10-22 00:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2009-03-16 12:47 . 2008-10-22 00:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll

2009-03-16 12:47 . 2008-10-22 00:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll

2009-03-16 12:45 . 2008-12-16 01:00 8,147,968 --a------ c:\windows\System32\wmploc.DLL

2009-03-16 12:45 . 2008-12-16 02:53 7,680 --a------ c:\windows\System32\spwmp.dll

2009-03-16 12:45 . 2008-12-16 02:53 4,096 --a------ c:\windows\System32\msdxm.ocx

2009-03-16 12:45 . 2008-12-16 02:53 4,096 --a------ c:\windows\System32\dxmasf.dll

2009-03-16 12:36 . 2009-02-08 22:59 2,028,032 --a------ c:\windows\System32\win32k.sys

2009-03-16 12:36 . 2008-10-21 02:16 1,645,568 --a------ c:\windows\System32\connect.dll

2009-03-16 12:36 . 2008-12-16 00:14 290,304 --a------ c:\windows\System32\drivers\srv.sys

2009-03-16 12:36 . 2008-11-27 01:42 269,824 --a------ c:\windows\System32\schannel.dll

2009-03-16 12:35 . 2008-09-18 01:35 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe

2009-03-16 12:35 . 2008-09-18 01:35 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe

2009-03-16 12:33 . 2008-09-10 00:25 1,341,440 --a------ c:\windows\System32\msxml6.dll

2009-03-16 12:33 . 2008-09-10 00:21 2,048 --a------ c:\windows\System32\msxml6r.dll

2009-03-16 12:17 . 2009-03-16 12:17 325,640 --a------ c:\windows\System32\drivers\avgldx86.sys

2009-03-16 12:17 . 2009-03-16 12:17 107,912 --a------ c:\windows\System32\drivers\avgtdix.sys

2009-03-16 12:17 . 2009-03-16 12:17 10,520 --a------ c:\windows\System32\avgrsstx.dll

2009-03-16 12:16 . 2009-03-16 12:25 <DIR> d-------- c:\windows\System32\drivers\Avg

2009-03-16 12:16 . 2009-03-16 12:48 <DIR> d-------- c:\users\All Users\avg8

2009-03-16 12:16 . 2009-03-16 12:48 <DIR> d-------- c:\programdata\avg8

2009-03-16 12:16 . 2009-03-16 12:16 <DIR> d-------- c:\program files\AVG

2009-03-16 11:56 . 2008-10-16 18:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2009-03-16 11:56 . 2008-10-16 17:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2009-03-16 11:56 . 2008-10-16 18:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2009-03-16 11:56 . 2008-10-16 18:09 43,544 --a------ c:\windows\System32\wups2.dll

2009-03-16 11:55 . 2008-10-16 18:12 561,688 --a------ c:\windows\System32\wuapi.dll

2009-03-16 11:55 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2009-03-16 11:55 . 2008-10-16 17:55 83,456 --a------ c:\windows\System32\wudriver.dll

2009-03-16 11:55 . 2008-10-16 18:08 34,328 --a------ c:\windows\System32\wups.dll

2009-03-16 11:55 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2009-03-13 21:38 . 2009-03-13 21:38 <DIR> d-------- c:\users\Fernando Menegat\dwhelper

2009-03-11 18:28 . 2009-04-03 09:39 6 --a------ c:\windows\ini.dat

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-25 22:05 93,656 ----a-w c:\users\Fernando Menegat\AppData\Roaming\GDIPFONTCACHEV1.DAT

2009-03-16 16:23 174 --sha-w c:\program files\desktop.ini

2009-03-16 16:20 --------- d-----w c:\program files\Windows Mail

2009-03-16 16:20 --------- d-----w c:\program files\Microsoft Silverlight

2009-03-16 15:46 --------- d-----w c:\programdata\Avg7

2009-03-16 14:25 --------- d-----w c:\program files\Common Files\Adobe

2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll

2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll

2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe

2007-08-11 05:43 47,360 ----a-w c:\users\Fernando Menegat\AppData\Roaming\pcouffin.sys

2008-10-12 00:11 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2008-10-12 00:11 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2008-10-12 00:11 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2008-10-12 00:11 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2008-10-12 00:11 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-04-02 17:00 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-04-02 17:00 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-04-02 17:00 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2007-07-24 23:30 22 --sha-w c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-04-03_10.56.50.50 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-04-03 13:47:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-04-03 16:50:17 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-04-03 13:47:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-04-03 16:50:17 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-04-03 13:49:59 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat

+ 2009-04-03 16:52:28 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat

+ 2009-04-03 16:52:28 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-04-03 13:49:49 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2009-04-03 16:52:23 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat

- 2009-04-03 13:56:08 103,924 ----a-w c:\windows\System32\perfc009.dat

+ 2009-04-03 17:10:54 103,924 ----a-w c:\windows\System32\perfc009.dat

- 2009-04-03 13:56:08 610,142 ----a-w c:\windows\System32\perfh009.dat

+ 2009-04-03 17:10:54 610,142 ----a-w c:\windows\System32\perfh009.dat

- 2009-04-03 13:56:08 82,978 ----a-w c:\windows\System32\prfc0416.dat

+ 2009-04-03 17:10:54 82,978 ----a-w c:\windows\System32\prfc0416.dat

- 2009-04-03 13:56:08 505,598 ----a-w c:\windows\System32\prfh0416.dat

+ 2009-04-03 17:10:54 505,598 ----a-w c:\windows\System32\prfh0416.dat

- 2009-04-03 13:50:14 10,252 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2156179424-303468164-3151241196-1000_UserData.bin

+ 2009-04-03 16:52:41 10,252 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2156179424-303468164-3151241196-1000_UserData.bin

- 2009-04-03 13:50:13 66,004 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-04-03 16:52:40 66,020 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-04-03 13:50:12 44,028 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-04-03 16:52:39 44,028 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-06-16 77824]

"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2007-01-18 484984]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-09-09 196608]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-29 185632]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.avis"= ff_acm.acm

"msacm.l3fhg"= mp3fhg.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"msacm.ac3filter"= ac3filter.acm

"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{705EFC8D-AB89-4A9C-AE8E-9436E419C964}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP

"{70D66D0E-EE90-4B1E-9AFA-C3B872C5A6C6}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP

"TCP Query User{DF21FD95-97F9-4283-88A3-EA0328D54D9A}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{CEC57176-F61D-423C-A983-325EB7183393}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"TCP Query User{74697913-75CD-4D2C-9917-9DEB006313B0}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{E7394533-D6EA-4DDE-89C3-D8FBEE0F9C25}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"{FA305226-0D5F-4C11-A6C0-D8A162FA57D9}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza

"{2A0B5AC0-64A1-416A-8512-4F5A0EF88293}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza

"TCP Query User{87659025-1ED6-4A48-939E-0475E5B6E568}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{F2AC84A6-B006-4204-A14A-383AD598A067}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"TCP Query User{1A6144EA-A5A9-46C5-B4E4-49BBB74122BE}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{9454D853-739A-47D2-812C-41DF70A53E43}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"TCP Query User{14F73BED-D48C-43FD-8B65-2C368FFCBA40}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Barra Lateral do Windows

"UDP Query User{56021B5B-5582-49DB-B940-2AEF6391A8F6}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Barra Lateral do Windows

"{69EA9FB2-06EE-43AE-BE31-247AE8556339}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza

"{F595D364-A6FB-4C54-A266-F934D23FDBE5}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza

"{F5CEB9B5-1123-4B75-A11C-B9F77A83CB98}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-03-16 325640]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-03-16 107912]

S2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2008-03-31 118328]

S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2006-11-25 73600]

S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2006-11-25 43904]

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-03-16 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.orkut.com/

uInternet Settings,ProxyOverride = *.local

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Baixar link usando &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: Baixar todos os links usando BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Baixar todos os vídeos usando BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

FF - ProfilePath -

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-03 14:14:37

Windows 6.0.6000 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2009-04-03 14:16:01

ComboFix-quarantined-files.txt 2009-04-03 17:15:59

Pré-execução: 52.984.479.744 bytes disponíveis

Pós execução: 52,847,181,824 bytes disponíveis

213 --- E O F --- 2009-03-16 16:18:40

Compartilhar este post


Link para o post
Compartilhar em outros sites

Só pra confirmar, o passo 1 e 2 foram realizados antes do 4, como na ordem que você passou, e acabei de realizar o passo 5. Aguardo suas instruções!

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu log está limpo

  • Clique em Iniciar depois em Executar
  • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

CF_Cleanup.png

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Utilize um navegador alternativo e mais seguro:
    firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Se não utiliza roteador, utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

O ComboFix nao foi encontrado, mas acho que nem tem problema né...

Já rodei o Cleaner, estou reiniciando!

Vou testar a velocidade de inicialização...

Ih, cara, a tela azul continua aqui...e agora nao incializou direito =/ travou na tela azul! Foi pro pau windows pelo jeito...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá fermenega,

O seu problema não está relacionado a malwares. Sugiro que procure ajuda na área do fórum correspondente ao seu sistema operativo.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×