Ir para conteúdo
Fórum Script Brasil
  • 0

Virus bat\deleteall. C


Sarah

Pergunta

Boa noite, meu antivirus AVIRA tem indicado um virus toda vez que eu ligo o pc mas eu clico em remover e parece que não esta resolvendo.

Acho que o pc continua infectado. Poderia me ajudar? Segue meu log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:43:01, on 21/06/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18470)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\SiS VGA Utilities\SiSTray.exe

C:\Windows\BisonCam\BisonHK.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0DTAPQT\SoftonicDownloader34177[1].exe

C:\Users\Sarah\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.positivoinformatica.com.br

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files\Softonic_Brasil\tbSoft.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files\Softonic_Brasil\tbSoft.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files\Softonic_Brasil\tbSoft.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe

O4 - HKLM\..\Run: [VivoAds] vivoads.exe

O4 - HKLM\..\Run: [bisonHK] C:\Windows\BisonCam\BisonHK.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: Monitor.lnk = ?

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

--

End of file - 6553 bytes

Editado por quintelab
Removido Caixa Alta do título e AJUDA da descrição
Link para o comentário
Compartilhar em outros sites

7 respostass a esta questão

Posts Recomendados

  • 0

1. Faça o download do DDS e salve no desktop.

Links Alternativos

Link2

  • Temporariamente desative seus programas de proteção.
  • Duplo clique em dds.scr.
  • Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
  • Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
  • Salve os resultados e cole-os no seu tópico.
Link para o comentário
Compartilhar em outros sites

  • 0

ok...segue :

DDS (Ver_10-03-17.01) - NTFSx86

Run by Sarah at 0:01:39,06 on 29/06/2010

Internet Explorer: 7.0.6001.18000

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.55.1046.18.2940.1315 [GMT -3:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\SiS VGA Utilities\SiSTray.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\BisonCam\BisonHK.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\program files\avira\antivir desktop\avcenter.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Sarah\Desktop\dds.pif

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

mDefault_Page_URL = hxxp://www.positivoinformatica.com.br

mURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll

mURLSearchHooks: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\program files\softonic_brasil\tbSoft.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\program files\softonic_brasil\tbSoft.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\program files\gbplugin\gbieh.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\program files\softonic_brasil\tbSoft.dll

TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe

mRun: [VivoAds] vivoads.exe

mRun: [bisonHK] c:\windows\bisoncam\BisonHK.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\monitor.lnk - c:\program files\positivo informática\sw_cadastro\Monitor.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: GbPluginBb - c:\program files\gbplugin\gbieh.dll

se: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

se: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\program files\gbplugin\gbieh.dll

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-3-5 45472]

R1 Cloverh;Cloverh;c:\windows\system32\drivers\Cloverh.sys [2009-7-8 7680]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-12 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-12 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-12 60936]

R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2010-3-5 55072]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-8 113504]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-7-8 346112]

R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2009-7-8 463360]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2009-7-8 48128]

============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-06-23 15:26:28 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-23 15:26:28 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-23 15:26:28 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-06-23 15:26:28 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-23 15:26:28 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-06-22 22:50:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-06-22 22:50:46 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-06-22 01:42:19 0 d-----w- c:\program files\Softonic_Brasil

2010-06-11 23:09:46 67072 ----a-w- c:\windows\system32\asycfilt.dll

2010-06-11 23:09:42 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-06-11 23:09:41 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-06-11 23:08:38 1314816 ----a-w- c:\windows\system32\quartz.dll

2010-06-11 22:55:55 2036224 ----a-w- c:\windows\system32\win32k.sys

2010-06-05 22:47:40 0 d-----w- c:\users\sarah\appdata\roaming\BSplayer Pro

2010-06-05 22:47:40 0 d-----w- c:\users\sarah\appdata\roaming\BSplayer

2010-06-05 22:47:39 0 d-----w- c:\program files\Webteh

2010-06-05 22:29:34 0 d-----w- c:\program files\uTorrent

2010-06-05 22:28:06 0 d-----w- c:\users\sarah\appdata\roaming\uTorrent

2010-05-31 00:32:31 0 d-----w- c:\programdata\Apple Computer

2010-05-31 00:30:53 0 d-----w- c:\programdata\Apple

==================== Find3M ====================

2010-05-31 00:45:49 51200 ----a-w- c:\windows\inf\infpub.dat

2010-05-31 00:45:48 86016 ----a-w- c:\windows\inf\infstor.dat

2010-05-31 00:45:48 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-05-26 13:48:08 45472 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2010-05-21 17:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-04 18:42:57 833024 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 18:37:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-05-04 16:53:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2010-04-23 13:55:52 2048 ----a-w- c:\windows\system32\tzres.dll

2009-03-30 16:40:07 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-01-21 06:29:51 37412 ----a-w- c:\windows\inf\perflib416\perfd.dat

2008-01-21 06:29:51 37412 ----a-w- c:\windows\inf\perflib416\perfc.dat

2008-01-21 06:29:51 318818 ----a-w- c:\windows\inf\perflib416\perfi.dat

2008-01-21 06:29:51 318818 ----a-w- c:\windows\inf\perflib416\perfh.dat

2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib000\perfc.dat

2009-03-30 16:29:15 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 0:03:11,82 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume1

Install Date: 07/09/2009 20:10:55

System Uptime: 28/06/2010 15:43:07 (9 hours ago)

Motherboard: clevo | | M7x0S

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | uPGA 479M | 1200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 291 GiB total, 208,213 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP382: 07/06/2010 18:30:50 - Windows Update

RP383: 08/06/2010 21:45:16 - Ponto de Verificação Agendado

RP384: 11/06/2010 19:29:37 - Windows Update

RP385: 12/06/2010 09:32:48 - Windows Update

RP386: 13/06/2010 10:48:08 - Ponto de Verificação Agendado

RP387: 14/06/2010 19:02:14 - Windows Update

RP388: 15/06/2010 17:52:14 - Ponto de Verificação Agendado

RP389: 16/06/2010 19:32:24 - Ponto de Verificação Agendado

RP390: 17/06/2010 18:34:41 - Windows Update

RP391: 19/06/2010 20:13:57 - Ponto de Verificação Agendado

RP392: 20/06/2010 17:11:02 - Ponto de Verificação Agendado

RP393: 21/06/2010 19:42:54 - Windows Update

RP394: 22/06/2010 21:32:24 - Ponto de Verificação Agendado

RP395: 23/06/2010 12:25:52 - Windows Update

RP396: 24/06/2010 19:23:31 - Windows Update

RP397: 26/06/2010 03:18:39 - Ponto de Verificação Agendado

RP398: 26/06/2010 19:24:48 - Ponto de Verificação Agendado

RP399: 27/06/2010 13:52:33 - Ponto de Verificação Agendado

RP400: 28/06/2010 15:48:26 - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Reader 9.2 - Português

Advanced SystemCare 3

Apple Application Support

Apple Software Update

Assistente de Conexão do Windows Live

µTorrent

Link para o comentário
Compartilhar em outros sites

  • 0

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em File to upload coloque: C:\Windows\system32vivoads.exe

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Obs: caso não encontre no caminho acima, tente em C:\Windows\vivoads.exe

Link para o comentário
Compartilhar em outros sites

  • 0

Este arquivo vivoads.exe é de uma promoçao da vivo que veio no computador na pasta positivo informatica.

Atalho para vivoads.exe: C:\ProgramData\microsoft\windows\Menu Iniciar\Programas\ Positivo Informática

Usei este atalho para analisar. Seria isso?

O arquivo já foi reanalisado:

MD5: 30b1c00c82ba54f456f5082a06446a20

First received: 2010.03.08 16:52:52 UTC

Data 2010.03.08 16:52:52 UTC [>116D]

Resultados 0/42

Permalink: analisis/c3b79f0654c6d9919b3a9adfd883ecd9cc79c79f7ffa6f0fe7f1002dadccdd3f-1268067172

Link para o comentário
Compartilhar em outros sites

  • 0

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:
  2. Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
  3. Duplo clique no icone desktopicon.png que está no desktop.
  4. Leia e aceite as condições, digitando 1 e enter.
  5. Computadores com Windows XP deverão instalar o Console de Recuperação:
    • Se o seu computador tem instaldo o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.
  6. O ComboFix será executado, por favor seja paciente e aguarde.
  7. Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
  8. Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

  9. Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.
Link para o comentário
Compartilhar em outros sites

  • 0

Boa noite, por estes dias o pc parou de dar mensagens de virus, não sei se realmente tem algum virus ainda.

Segue relatorio do combofix:

ComboFix 10-07-06.02 - Sarah 06/07/2010 23:22:39.1.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.55.1046.18.2940.2065 [GMT -3:00]

Executando de: c:\users\Sarah\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

ADS - drivers: deleted 204 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Sarah\AppData\Local\Temp\wrd1fc.~lk.mdd

c:\users\Sarah\AppData\Local\Temp\wrd1fc.~lk\1.mdd

c:\users\Sarah\AppData\Local\Temp\wrd1fc.~lk\2.mdd

c:\users\Sarah\AppData\Local\Temp\wrd1fc.~lk\3.mdd

c:\users\Sarah\AppData\Local\Temp\wrd1fc.~lk\4.mdd

c:\windows\system\BisonC07.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-06-07 to 2010-07-07 ))))))))))))))))))))))))))))

.

2010-06-23 15:26 . 2009-11-08 13:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-23 15:26 . 2009-11-08 13:55 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-23 15:26 . 2009-11-08 13:55 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-06-23 15:26 . 2009-11-08 13:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-23 15:26 . 2009-11-08 13:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-06-22 22:50 . 2010-04-16 16:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-06-22 22:50 . 2010-04-16 14:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-06-22 01:42 . 2010-06-22 01:42 -------- d-----w- c:\program files\Softonic_Brasil

2010-06-11 23:09 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll

2010-06-11 23:09 . 2010-05-26 14:25 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-06-11 23:09 . 2010-05-26 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-06-11 23:08 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll

2010-06-11 22:55 . 2010-05-01 13:53 2036224 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-02 02:03 . 2010-03-04 22:54 439816 ----a-w- c:\users\Sarah\AppData\Roaming\Real\Update\setup3.10\setup.exe

2010-06-23 15:22 . 2010-03-05 22:29 -------- d-----w- c:\programdata\GbPlugin

2010-06-22 01:16 . 2010-06-05 22:28 -------- d-----w- c:\users\Sarah\AppData\Roaming\uTorrent

2010-06-20 19:33 . 2009-10-06 01:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-12 21:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-06-12 12:45 . 2009-08-10 16:51 -------- d-----w- c:\programdata\Microsoft Help

2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe

2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe

2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe

2010-06-08 22:33 . 2010-03-05 22:29 -------- d-----w- c:\program files\GbPlugin

2010-06-06 02:44 . 2010-06-05 22:47 -------- d-----w- c:\users\Sarah\AppData\Roaming\BSplayer

2010-06-05 22:47 . 2010-06-05 22:47 -------- d-----w- c:\users\Sarah\AppData\Roaming\BSplayer Pro

2010-06-05 22:47 . 2010-06-05 22:47 -------- d-----w- c:\program files\Webteh

2010-06-05 22:29 . 2010-06-05 22:29 -------- d-----w- c:\program files\uTorrent

2010-05-31 00:47 . 2009-08-08 18:52 -------- d-----w- c:\programdata\Kaspersky Lab

2010-05-31 00:33 . 2010-05-31 00:32 -------- d-----w- c:\program files\QuickTime

2010-05-31 00:32 . 2010-05-31 00:32 -------- d-----w- c:\programdata\Apple Computer

2010-05-31 00:31 . 2010-05-31 00:31 -------- d-----w- c:\program files\Common Files\Apple

2010-05-31 00:30 . 2010-05-31 00:30 -------- d-----w- c:\program files\Apple Software Update

2010-05-31 00:30 . 2010-05-31 00:30 -------- d-----w- c:\programdata\Apple

2010-05-26 13:48 . 2010-03-05 22:29 45472 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2010-05-21 17:14 . 2009-10-03 17:34 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-21 00:21 . 2010-05-21 00:21 -------- d-----w- c:\users\Sarah\AppData\Roaming\Avira

2010-05-12 22:56 . 2010-05-12 22:56 -------- d-----w- c:\programdata\Avira

2010-05-12 22:56 . 2010-05-12 22:56 -------- d-----w- c:\program files\Avira

2010-05-04 18:42 . 2010-06-11 23:10 833024 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 18:37 . 2010-06-11 23:10 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-05-04 16:53 . 2010-06-11 23:10 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2010-04-29 18:39 . 2009-10-06 01:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 18:39 . 2009-10-06 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-23 13:55 . 2010-05-25 22:09 2048 ----a-w- c:\windows\system32\tzres.dll

2009-03-30 16:29 . 2009-03-30 16:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12fc3d37-2a42-4fe3-8489-81296878cba5}]

2010-03-17 18:45 2355224 ----a-w- c:\program files\Softonic_Brasil\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

2009-10-01 19:29 2166296 ----a-w- c:\program files\IObitCom\tbIObi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\program files\Softonic_Brasil\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

"{12FC3D37-2A42-4FE3-8489-81296878CBA5}"= "c:\program files\Softonic_Brasil\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 6265376]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-18 102400]

"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2009-03-02 552960]

"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-09 198160]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-16 149280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor.lnk - c:\program files\Positivo Inform tica\SW_Cadastro\Monitor.exe [2009-7-8 3671427]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-05-26 13:47 335136 ----a-w- c:\program files\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-05-26 45472]

S1 Cloverh;Cloverh;c:\windows\system32\DRIVERS\Cloverh.sys [2009-02-25 7680]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2010-05-26 55072]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-03-12 113504]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-01-13 346112]

S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2009-03-02 463360]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-03-03 48128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-07-07 c:\windows\Tasks\AWC Startup.job

- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-09-14 17:54]

2010-07-06 c:\windows\Tasks\User_Feed_Synchronization-{BBF94817-6D9F-478D-9B51-37A0DFA46C7D}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

.

.

------- Associação de arquivos/ficheiros -------

.

.scr=AutoCADScriptFile

.

- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-VivoAds - vivoads.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-06 23:33

Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conime.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-07-06 23:39:58 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-07-07 02:39

Pré-execução: 226.584.416.256 bytes disponíveis

Pós execução: 226.595.041.280 bytes disponíveis

- - End Of File - - DD6669794CC27449D3A127BFF445A7A0

Link para o comentário
Compartilhar em outros sites

  • 0

Você instalou a barra do Softsonic?

Leia atentamente toda a instrução abaixo antes de executar o programa.

Faça download do Kaspersky Removal Tool e salve em seu desktop.

  • Instale o programa normalmente, seguindo todas as instruções.
  • Uma pasta chamada Virus Removal Tool será criada no desktop.
  • Na tela do programa clique nas opções:
    • Meu computador
    • Hidden Startup objects
    • Disk boot sectors
    • System Memory
  • Clique no botão Start Scan.
  • Seja paciente, o scan é demorado!
  • Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.
  • Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:
    • Desinfection (quando possível)
    • Delete
    • Skip
  • Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
  • Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
    • Autoscan
    • Group by result
    • All Events
  • Expanda Autoscan clicando no sinal ao lado de +
  • Expanda Result: Detected.
  • Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.
  • Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.
  • Abra o Bloco de Notas e cole (ctrl + v)
  • Dê um nome para o arquivo e salve numa pasta de sua preferência.
  • Feche o resultado clicando no botão Exit.
  • Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.
  • Reinicie o computador quando for pedido.
  • Poste o conteúdo desse arquivo em sua próxima resposta.

OBSERVAÇÃO1:
Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,
  • verde
    :
    baixo risco
  • amarelo
    :
    médio risco
  • vermelho
    :
    alto risco
Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em
Skip
.

OBSERVAÇÃO2:
Se no resultado final do scan apenas tiver
Result:
OK
, não precisa gerar um relatório, apenas informe deste.

OBSERVAÇÃO3:
Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus:
c:\
QooBox
. Caso isto aconteça escolha a opção
Skip
, pois a mesma pertence ao
ComboFix
e será removida quando o mesmo for desinstalado.

Link para o comentário
Compartilhar em outros sites

Participe da discussão

Você pode postar agora e se registrar depois. Se você já tem uma conta, acesse agora para postar com sua conta.

Visitante
Responder esta pergunta...

×   Você colou conteúdo com formatação.   Remover formatação

  Apenas 75 emoticons são permitidos.

×   Seu link foi incorporado automaticamente.   Exibir como um link em vez disso

×   Seu conteúdo anterior foi restaurado.   Limpar Editor

×   Você não pode colar imagens diretamente. Carregar ou inserir imagens do URL.



  • Estatísticas dos Fóruns

    • Tópicos
      152k
    • Posts
      651,8k
×
×
  • Criar Novo...