Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:59, on 23/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\internet explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{3282D6A7-1397-480F-9DBC-45A8B8B5BF31}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{3282D6A7-1397-480F-9DBC-45A8B8B5BF31}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 4349 bytes
Att.
X-Confused
Boa tarde jgarcia, obrigado pelo suporte. Segue log combo fix:
ComboFix 08-06-20.4 - Usuario 2008-06-24 12:06:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.258 [GMT -3:00]
Executando de: C:\Documents and Settings\Usuario\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((( Ficheiros criados de 2008-05-24 to 2008-06-24 ))))))))))))))))))))))))))))))))
.
2008-06-23 14:53 . 2008-06-23 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira
2008-06-23 14:53 . 2008-06-23 14:53 <DIR> d-------- C:\Arquivos de programas\Avira
2008-06-23 14:41 . 2008-06-23 14:41 <DIR> d-------- C:\Arquivos de programas\Trend Micro2008-06-23 14:41 . 2008-06-23 14:40 812,344 --a------ C:\HJTInstall.exe
2008-06-23 12:57 . 2008-06-23 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7
2008-06-12 16:01 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 16:01 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 10:25 . 2004-11-01 11:28 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 16:03 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2008-06-20 18:47 --------- d-----w C:\Arquivos de programas\EA Games
2008-06-20 00:21 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information
2008-06-12 19:36 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\AdobeUM
2008-06-12 19:26 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe
2008-06-12 19:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help
2008-06-12 19:13 --------- d-----w C:\Arquivos de programas\Macromedia
2008-06-11 00:40 --------- d-----w C:\Arquivos de programas\DreMule
2008-06-05 19:44 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Image Zone Express
2008-06-01 13:14 --------- d-----w C:\Arquivos de programas\Microsoft Games
2008-06-01 13:14 --------- d-----w C:\Arquivos de programas\Maxis
2008-05-17 16:22 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real
2008-05-17 16:10 --------- d-----w C:\Arquivos de programas\OnGame
2008-05-11 15:25 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Sony
2008-05-11 15:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Sony
2008-05-11 15:25 --------- d-----w C:\Arquivos de programas\QuickTime
2008-05-10 17:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple
2008-05-10 17:55 --------- d-----w C:\Arquivos de programas\Apple Software Update
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 07:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:49 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-02-10 00:39 774,144 ----a-w C:\Arquivos de programas\RngInterstitial.dll
2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe
2007-08-14 20:56 56 --sh--r C:\WINDOWS\system32\E21C6FF12C.sys
2007-08-14 20:56 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-23_13.11.21,51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-24 14:58:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-01-21 21:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 21:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 16:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 13:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Nota entradas vazias & legítimas por defeito não são mostradas.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 10:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 10:43 86016]
"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]
C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Inicializar\
PowerReg Scheduler.exe [2008-05-22 12:36:51 256000]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Usuario^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]
path=C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Usuario^Menu Iniciar^Programas^Inicializar^WinMySQLadmin.lnk]
path=C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Inicializar\WinMySQLadmin.lnk
backup=C:\WINDOWS\pss\WinMySQLadmin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Frag Ooze Cash Scr]
C:\Documents and Settings\All Users\Dados de aplicativos\close poke frag ooze\Deaf Glue.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 10:36 114688 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 10:35 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2006-07-12 06:58 1397760 C:\Arquivos de programas\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 13:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2006-08-11 10:43 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
C:\Arquivos de programas\Shareaza\Shareaza.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:31 22880040 C:\Arquivos de programas\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-09-23 12:41 860160 C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 09:11 1388544 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OracleXETNSListener"=2 (0x2)
"OracleXEClrAgent"=3 (0x3)
"OracleServiceXE"=2 (0x2)
"OracleMTSRecoveryService"=3 (0x3)
"MySql"=2 (0x2)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"aspnet_state"=3 (0x3)
"Apache"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"ImapiService"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"C:\\Jogos\\HalfLife\\hl.exe"=
"C:\\Arquivos de programas\\WS_FTP\\WS_FTP95.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Arquivos de programas\\DreMule\\emule.exe"=
"C:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"=
"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\WINDOWS\system32\DRIVERS\s916bus.sys [2007-11-02 07:47]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s916mdfl.sys [2007-11-02 07:47]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s916mdm.sys [2007-11-02 07:47]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s916mgmt.sys [2007-11-02 07:47]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s916obex.sys [2007-11-02 07:47]
Newly Created Service - SSMDRV
.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-06-24 15:00:00 C:\WINDOWS\Tasks\A65278199191ED1D.job"
"2008-05-17 13:35:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe
.**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 12:07:59
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"
.
Tempo para conclusão: 2008-06-24 12:09:59
ComboFix-quarantined-files.txt 2008-06-24 15:09:52
Pre-Run: 35,202,514,944 bytes disponíveis
Post-Run: 35,194,384,384 bytes disponíveis
188 --- E O F --- 2008-06-20 18:14:48
Att.
x_confused
Opa x_confused,
Siga as instruções:
1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":
File::C:\WINDOWS\Tasks\A65278199191ED1D.job
c:\docume~1\usuario\dadosd~1\realch~1\mealforstart.exe
C:\Documents and Settings\All Users\Dados de aplicativos\close poke frag ooze\Deaf Glue.exe
C:\WINDOWS\bootstat.dat
Folder::
c:\docume~1\usuario\dadosd~1\realch~1
C:\Documents and Settings\All Users\Dados de aplicativos\close poke frag ooze
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Frag Ooze Cash Scr]
ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.
-
2. Salve o arquivo como CFScript.txt;
3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i18.tinypic.com/645i642.gif&key=0a6b5aa4e4b0fd0ac5a4373f4da2f19f62f949295402102eed2f353c121538ce" alt="645i642.gif" />
4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.
Abraços.
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Opa x_confused,
Baixe o ComboFix em:
ComboFix
8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.
Abraços.