Caio Teló 0 Denunciar post Postado Março 3, 2008 Analisem o Log e me ajudem Logfile of HijackThis v1.99.1 Scan saved at 17:47:37, on 3/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\peiedwwf.exe C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Windows Media Player\wmplayer.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/ O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GlobalFlagACER] C:\WINDOWS\system32\maindwxp.exe O4 - HKLM\..\Run: [ netnt] C:\WINDOWS\netfx20.exe O4 - HKLM\..\Run: [b41cda2d] rundll32.exe "C:\WINDOWS\system32\kxhvlcvf.dll",b O4 - HKLM\..\Run: [bMb72fe9b1] Rundll32.exe "C:\WINDOWS\system32\qygfrkbq.dll",s O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Mariane\Meus documentos\Programas\Tutorial_de_Desbloqueio_Definitivo_do_V3c-v2[1].5\Tutorial_de_Desbloqueio_Definitivo_do_V3c-v2[1].0\P2KCommander\P2kAutostart.exe O4 - Global Startup: maindwxp.exe O4 - Global Startup: netfx20.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BA667428-1F69-46F3-8089-BFDC53AEF4FD}: NameServer = 201.10.128.3,201.10.1.2 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: DomainService - - C:\WINDOWS\system32\peiedwwf.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Março 5, 2008 Olá Caio Teló! Baixe: ComboFix > salve na área de trabalho Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções. Dê um duplo-clique no combofix.exe, marque 1 e dê o enter para prosseguir o Fix. Aguarde pois é um pouco demorado. O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N". Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta, juntamente com um novo log do HijackThis. OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s) Compartilhar este post Link para o post Compartilhar em outros sites
Caio Teló 0 Denunciar post Postado Março 16, 2008 ComboFix 08-03-14.4 - Mariane 2008-03-16 16:56:10.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.326 [GMT -4:00] Executando de: C:\Documents and Settings\Mariane\Desktop\ComboFix.exe * Criado um novo ponto de restauro WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMb72fe9b1.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\adeeg.ini C:\WINDOWS\system32\adeeg.ini2 C:\WINDOWS\system32\adeyjgym.ini C:\WINDOWS\system32\anvxfkqp.ini C:\WINDOWS\system32\armstkwv.ini C:\WINDOWS\system32\awobdnae.ini C:\WINDOWS\system32\awtqo.dll C:\WINDOWS\system32\axcnarqj.ini C:\WINDOWS\system32\aybeg.bak1 C:\WINDOWS\system32\aybeg.bak2 C:\WINDOWS\system32\aybeg.ini C:\WINDOWS\system32\aybeg.ini2 C:\WINDOWS\system32\bbvmyrai.ini C:\WINDOWS\system32\bccdd.ini C:\WINDOWS\system32\bccdd.ini2 C:\WINDOWS\system32\belarqhp.ini C:\WINDOWS\system32\bgxkjkdn.dll C:\WINDOWS\system32\bkdkcoln.dll C:\WINDOWS\system32\blkkmkih.dll C:\WINDOWS\system32\blncelfv.ini C:\WINDOWS\system32\bpjmvtwm.dll C:\WINDOWS\system32\btlkntkt.ini C:\WINDOWS\system32\buuvmbeh.ini C:\WINDOWS\system32\cajbrylg.dll C:\WINDOWS\system32\cbqmgmvn.ini C:\WINDOWS\system32\cdppqyrf.ini C:\WINDOWS\system32\ckpvkfhi.ini C:\WINDOWS\system32\cuwqemvi.dll C:\WINDOWS\system32\dajrqepo.dll C:\WINDOWS\system32\dccafmla.dll C:\WINDOWS\system32\ddccb.dll C:\WINDOWS\system32\ddccdec.dll C:\WINDOWS\system32\ddwjwsqm.dll C:\WINDOWS\system32\dggobrjx.dll C:\WINDOWS\system32\dgptymll.ini C:\WINDOWS\system32\dgxojqrh.dll C:\WINDOWS\system32\dqudywjq.ini C:\WINDOWS\system32\dromsete.dll C:\WINDOWS\system32\eandbowa.dll C:\WINDOWS\system32\edsybsek.ini C:\WINDOWS\system32\efgkreql.ini C:\WINDOWS\system32\efhbqsfp.ini C:\WINDOWS\system32\egyaorod.ini C:\WINDOWS\system32\eibcrguq.ini C:\WINDOWS\system32\elfmedyl.ini C:\WINDOWS\system32\eotjdiic.dll C:\WINDOWS\system32\eovxyasr.ini C:\WINDOWS\system32\ewsmqkdk.ini C:\WINDOWS\system32\eygchdbi.ini C:\WINDOWS\system32\ffuxxxsx.dll C:\WINDOWS\system32\fgysitdy.dll C:\WINDOWS\system32\fjghefcs.dll C:\WINDOWS\system32\fnuyimnq.dll C:\WINDOWS\system32\folxdbfl.dll C:\WINDOWS\system32\fqaliwbx.dll C:\WINDOWS\system32\fwkiqdlm.dll C:\WINDOWS\system32\fxqguiqq.ini C:\WINDOWS\system32\fypjslrl.dll C:\WINDOWS\system32\gaygrbyi.ini C:\WINDOWS\system32\gbeviphs.ini C:\WINDOWS\system32\gbvsipfq.ini C:\WINDOWS\system32\gebya.dll C:\WINDOWS\system32\geeda.dll C:\WINDOWS\system32\gfueeckb.ini C:\WINDOWS\system32\gjkmp.ini C:\WINDOWS\system32\gjkmp.ini2 C:\WINDOWS\system32\glyrbjac.ini C:\WINDOWS\system32\gmolaolh.ini C:\WINDOWS\system32\grmdkvyr.dll C:\WINDOWS\system32\grvnjekt.dll C:\WINDOWS\system32\gwlogydl.dll C:\WINDOWS\system32\gxgttpns.dll C:\WINDOWS\system32\hdnwwbqx.ini C:\WINDOWS\system32\hetnhqad.ini C:\WINDOWS\system32\hikmkklb.ini C:\WINDOWS\system32\hjiabpyp.ini C:\WINDOWS\system32\hjysnqdo.dll C:\WINDOWS\system32\hloalomg.dll C:\WINDOWS\system32\hnxtlxkn.dll C:\WINDOWS\system32\hrfxrdlw.ini C:\WINDOWS\system32\hrqjoxgd.ini C:\WINDOWS\system32\hsstkptf.ini C:\WINDOWS\system32\htoqgxgu.ini C:\WINDOWS\system32\httajbql.dll C:\WINDOWS\system32\hutquvmk.ini C:\WINDOWS\system32\hwmfhmur.dll C:\WINDOWS\system32\hxnfubvj.ini C:\WINDOWS\system32\ifutyuay.dll C:\WINDOWS\system32\ifvufpdb.ini C:\WINDOWS\system32\igoscgty.ini C:\WINDOWS\system32\iiiaqjki.ini C:\WINDOWS\system32\ijyitlxp.ini C:\WINDOWS\system32\ikvvvwnr.dll C:\WINDOWS\system32\iueelbrv.dll C:\WINDOWS\system32\ivmeqwuc.ini C:\WINDOWS\system32\iwgxljmo.ini C:\WINDOWS\system32\ixvcdyec.dll C:\WINDOWS\system32\iybrgyag.dll C:\WINDOWS\system32\jadiucjb.dll C:\WINDOWS\system32\jfxqanol.ini C:\WINDOWS\system32\jmnvfggm.dll C:\WINDOWS\system32\jobeqbxg.dll C:\WINDOWS\system32\jpysbrof.dll C:\WINDOWS\system32\jwkknvwk.ini C:\WINDOWS\system32\jygvupgy.ini C:\WINDOWS\system32\jymdsfcd.dll C:\WINDOWS\system32\kfiqdheb.ini C:\WINDOWS\system32\kjmncdyf.ini C:\WINDOWS\system32\koqdhyss.ini C:\WINDOWS\system32\lbqjxpjv.ini C:\WINDOWS\system32\lcdfdqix.dll C:\WINDOWS\system32\letgaryy.ini C:\WINDOWS\system32\lghujirp.dll C:\WINDOWS\system32\lhgdpxut.dll C:\WINDOWS\system32\lhphodep.dll C:\WINDOWS\system32\lkknaase.ini C:\WINDOWS\system32\lkqpwrpq.ini C:\WINDOWS\system32\lldqwvws.dll C:\WINDOWS\system32\lnrceuup.ini C:\WINDOWS\system32\lvwdfqgq.ini C:\WINDOWS\system32\lxpvumqt.ini C:\WINDOWS\system32\lydemfle.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mcxnxdun.ini C:\WINDOWS\system32\mdcckujm.ini C:\WINDOWS\system32\metenohe.ini C:\WINDOWS\system32\mfrkavsa.dll C:\WINDOWS\system32\mggfvnmj.ini C:\WINDOWS\system32\mgkgjlav.ini C:\WINDOWS\system32\mkcovawa.dll C:\WINDOWS\system32\mqivrnhw.dll C:\WINDOWS\system32\mupcgfrk.dll C:\WINDOWS\system32\muxxnbev.dll C:\WINDOWS\system32\mxdbpbhf.ini C:\WINDOWS\system32\mygjyeda.dll C:\WINDOWS\system32\nbbjnruc.ini C:\WINDOWS\system32\nbrcejjn.ini C:\WINDOWS\system32\nbtakdfd.dll C:\WINDOWS\system32\ndkjkxgb.ini C:\WINDOWS\system32\neavbptk.ini C:\WINDOWS\system32\nkxltxnh.ini C:\WINDOWS\system32\nsvdaspp.ini C:\WINDOWS\system32\nsvmcmpe.dll C:\WINDOWS\system32\nudxnxcm.dll C:\WINDOWS\system32\nuvstipf.ini C:\WINDOWS\system32\nvbajnqr.dll C:\WINDOWS\system32\nvpfgisp.ini C:\WINDOWS\system32\nybpyfyc.ini C:\WINDOWS\system32\odevfvqu.ini C:\WINDOWS\system32\oiiwgioy.dll C:\WINDOWS\system32\okdfcpbs.ini C:\WINDOWS\system32\ompalqpj.dll C:\WINDOWS\system32\opeqrjad.ini C:\WINDOWS\system32\oqtwa.ini C:\WINDOWS\system32\oqtwa.ini2 C:\WINDOWS\system32\oshannpu.dll C:\WINDOWS\system32\ovxfmkky.dll C:\WINDOWS\system32\oyusmsno.dll C:\WINDOWS\system32\pavwxufj.dll C:\WINDOWS\system32\pbwhfuma.dll C:\WINDOWS\system32\pedohphl.ini C:\WINDOWS\system32\pfqyuesv.dll C:\WINDOWS\system32\plbdkwjv.dll C:\WINDOWS\system32\pmkjg.dll C:\WINDOWS\system32\pntuhwqp.ini C:\WINDOWS\system32\poiloapq.dll C:\WINDOWS\system32\pqkiukhq.ini C:\WINDOWS\system32\pqwhutnp.dll C:\WINDOWS\system32\prijuhgl.ini C:\WINDOWS\system32\ptovcwkq.ini C:\WINDOWS\system32\pvqlurqa.dll C:\WINDOWS\system32\pwaujhda.dll C:\WINDOWS\system32\pwbbugod.ini C:\WINDOWS\system32\qagrjsbc.dll C:\WINDOWS\system32\qbfpttcb.dll C:\WINDOWS\system32\qgqfdwvl.dll C:\WINDOWS\system32\QJ1e2aJU.dll C:\WINDOWS\system32\qnnrrxra.ini C:\WINDOWS\system32\qnqrmotm.dll C:\WINDOWS\system32\qpfylonf.dll C:\WINDOWS\system32\qqiugqxf.dll C:\WINDOWS\system32\qugrcbie.dll C:\WINDOWS\system32\quvwtiai.ini C:\WINDOWS\system32\qwgwmbqi.dll C:\WINDOWS\system32\qygfrkbq.dll C:\WINDOWS\system32\rbfqmnye.ini C:\WINDOWS\system32\rgfksctu.dll C:\WINDOWS\system32\rldutngu.dll C:\WINDOWS\system32\rnwydqlw.dll C:\WINDOWS\system32\rtstv.ini C:\WINDOWS\system32\rtstv.ini2 C:\WINDOWS\system32\rwerksdt.ini C:\WINDOWS\system32\sjcschry.dll C:\WINDOWS\system32\smftvfep.ini C:\WINDOWS\system32\sqaxsghi.ini C:\WINDOWS\system32\ssyhdqok.dll C:\WINDOWS\system32\svggoxjp.dll C:\WINDOWS\system32\swquioug.dll C:\WINDOWS\system32\swvwqdll.ini C:\WINDOWS\system32\taisnksj.ini C:\WINDOWS\system32\tkejnvrg.ini C:\WINDOWS\system32\tlrjdhsj.ini C:\WINDOWS\system32\tnqmhdlg.ini C:\WINDOWS\system32\tqmuvpxl.dll C:\WINDOWS\system32\tqqwjwqu.dll C:\WINDOWS\system32\twprqqha.ini C:\WINDOWS\system32\tymrrond.ini C:\WINDOWS\system32\tyyinxvu.ini C:\WINDOWS\system32\uevdyvcd.dll C:\WINDOWS\system32\ufofcdpc.ini C:\WINDOWS\system32\uihigxfx.dll C:\WINDOWS\system32\ujolvmjx.ini C:\WINDOWS\system32\ujvxgsfa.ini C:\WINDOWS\system32\ulbspwtc.ini C:\WINDOWS\system32\utcskfgr.ini C:\WINDOWS\system32\uurlixfw.ini C:\WINDOWS\system32\uvautcgm.dll C:\WINDOWS\system32\uvcmjdnn.ini C:\WINDOWS\system32\vdwhcxjm.dll C:\WINDOWS\system32\vefsptiy.ini C:\WINDOWS\system32\vflecnlb.dll C:\WINDOWS\system32\vhetwdif.ini C:\WINDOWS\system32\vivcrxss.ini C:\WINDOWS\system32\vjqpfqry.dll C:\WINDOWS\system32\vnxvtvro.ini C:\WINDOWS\system32\vqdxtpso.dll C:\WINDOWS\system32\vrbleeui.ini C:\WINDOWS\system32\vrindvnh.dll C:\WINDOWS\system32\vtstr.dll C:\WINDOWS\system32\vuqfkdfg.dll C:\WINDOWS\system32\vwktsmra.dll C:\WINDOWS\system32\vwttlbsn.dll C:\WINDOWS\system32\wdarhxsi.dll C:\WINDOWS\system32\wepxxkkt.ini C:\WINDOWS\system32\wgoyqibi.dll C:\WINDOWS\system32\whfpyift.dll C:\WINDOWS\system32\whnrviqm.ini C:\WINDOWS\system32\wifxmukc.ini C:\WINDOWS\system32\wjeghyos.ini C:\WINDOWS\system32\wjsvivdu.dll C:\WINDOWS\system32\wkaaruhv.dll C:\WINDOWS\system32\wmachdcx.dll C:\WINDOWS\system32\wnsdxwii.ini C:\WINDOWS\system32\wnxohayu.ini C:\WINDOWS\system32\xaebvjrf.ini C:\WINDOWS\system32\xbapdbuf.ini C:\WINDOWS\system32\xdnhefhw.ini C:\WINDOWS\system32\xhhvjpny.dll C:\WINDOWS\system32\xhqhflpm.ini C:\WINDOWS\system32\xilmvwtl.dll C:\WINDOWS\system32\xjmvloju.dll C:\WINDOWS\system32\xjrboggd.ini C:\WINDOWS\system32\xkgjeerd.dll C:\WINDOWS\system32\xnkwjdvu.dll C:\WINDOWS\system32\xsvlkhov.dll C:\WINDOWS\system32\xsxxxuff.ini C:\WINDOWS\system32\xuedqpyv.ini C:\WINDOWS\system32\yblyluhg.ini C:\WINDOWS\system32\ydldetoy.ini C:\WINDOWS\system32\yicavfaw.dll C:\WINDOWS\system32\yitpsfev.dll C:\WINDOWS\system32\ykgmpmbw.dll C:\WINDOWS\system32\ykkmfxvo.ini C:\WINDOWS\system32\ykwjiqae.ini C:\WINDOWS\system32\ymgbvhea.ini C:\WINDOWS\system32\ynpjvhhx.ini C:\WINDOWS\system32\yotedldy.dll C:\WINDOWS\system32\ytgcsogi.dll C:\WINDOWS\system32\yvflpiff.dll C:\WINDOWS\system32\yvocufrn.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\LEGACY_NPF -------\DomainService -------\NPF ((((((((((((((((((((((( Ficheiros criados de 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))) . 2008-03-16 16:08 . 2008-03-16 16:10 <DIR> d-------- C:\hijackthis 2008-03-14 12:57 . 2008-03-15 14:29 1,462,647 ---hs---- C:\WINDOWS\system32\ntcqsndi.ini 2008-03-13 12:56 . 2008-03-14 12:49 2,038,253 ---hs---- C:\WINDOWS\system32\ljinqwxk.ini 2008-03-10 17:57 . 2008-03-11 19:26 1,315,624 ---hs---- C:\WINDOWS\system32\fnrvkihg.ini 2008-03-09 17:52 . 2008-03-10 17:53 1,319,049 ---hs---- C:\WINDOWS\system32\iwggbcju.ini 2008-03-08 12:28 . 2008-03-09 17:49 1,308,401 ---hs---- C:\WINDOWS\system32\lhjnhgun.ini 2008-03-08 11:48 . 2008-03-08 12:21 1,307,621 ---hs---- C:\WINDOWS\system32\cxmoihdh.ini 2008-03-04 13:59 . 2008-03-05 16:26 1,304,715 ---hs---- C:\WINDOWS\system32\cjwmrfyd.ini 2008-03-03 18:55 . 2008-03-04 13:56 1,303,102 ---hs---- C:\WINDOWS\system32\lmmxkxmt.ini 2008-03-03 12:41 . 2008-03-03 18:44 714 ---hs---- C:\WINDOWS\system32\fvclvhxk.ini 2008-02-22 14:02 . 2008-03-08 13:38 69 --a------ C:\WINDOWS\NeroDigital.ini . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-16 20:16 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-03-16 20:16 --------- d-----w C:\Arquivos de programas\Motorola 2008-03-16 20:16 --------- d-----w C:\Arquivos de programas\CCLS 2008-03-16 20:15 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack 2008-03-14 20:50 --------- d-----w C:\Arquivos de programas\eMule 2008-03-03 02:26 28,224 ----a-w C:\WINDOWS\system32\vt75Qp4w.exe 2008-02-18 21:39 3,389,440 ----a-w C:\WINDOWS\netfx20.exe 2008-02-15 23:42 91,712 ----a-w C:\WINDOWS\system32\eqdlwfgi.dll 2008-02-14 17:07 91,200 ----a-w C:\WINDOWS\system32\cavoxyyv.dll 2008-02-13 17:06 93,248 ----a-w C:\WINDOWS\system32\dgtxvkba.dll 2008-02-12 17:06 93,248 ----a-w C:\WINDOWS\system32\gpftrgtt.dll 2008-02-11 17:06 93,248 ----a-w C:\WINDOWS\system32\foaqhxfu.dll 2008-02-10 17:05 93,248 ----a-w C:\WINDOWS\system32\dvvyrgua.dll 2008-02-10 16:38 93,248 ----a-w C:\WINDOWS\system32\hmilirfk.dll 2008-02-09 17:05 93,760 ----a-w C:\WINDOWS\system32\yhbnumtr.dll 2008-02-07 16:58 95,808 ----a-w C:\WINDOWS\system32\rcgwyqqv.dll 2008-02-07 15:57 95,808 ----a-w C:\WINDOWS\system32\khomhvlk.dll 2008-02-06 21:06 87,552 ----a-w C:\WINDOWS\system32\ascfix.dll 2008-02-06 21:06 3,123,712 ----a-w C:\WINDOWS\netspa.exe 2008-02-06 02:59 580,576 ----a-w C:\WINDOWS\system32\WinUpdatedata.exe 2008-02-06 02:57 94,272 ----a-w C:\WINDOWS\system32\hiwcklec.dll 2008-02-06 02:57 333,824 --sh--w C:\WINDOWS\system32\maindwxp.exe 2008-02-06 02:57 333,824 --sh--w C:\WINDOWS\system32\GbpServer32.exe 2008-02-06 02:57 15,360 ----a-w C:\WINDOWS\system32\windosremote.exe 2008-02-05 02:56 93,248 ----a-w C:\WINDOWS\system32\lqulmrtt.dll 2008-02-03 02:27 --------- d-----w C:\Arquivos de programas\Google 2008-02-03 02:27 --------- d-----w C:\Arquivos de programas\ESET 2008-02-02 23:12 96,832 ----a-w C:\WINDOWS\system32\onnxxyvl.dll 2008-02-02 22:21 96,832 ----a-w C:\WINDOWS\system32\xuvqmnlu.dll 2008-02-02 22:09 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2008-02-02 22:08 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-02-02 21:53 96,832 ----a-w C:\WINDOWS\system32\saqdxbiu.dll 2008-02-02 21:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\LightScribe 2008-02-02 21:46 --------- d-----w C:\Arquivos de programas\Ahead 2008-02-02 21:43 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero 2008-02-02 21:39 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ahead 2008-02-02 21:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead 2008-02-02 21:34 96,832 ----a-w C:\WINDOWS\system32\wogdsthr.dll 2008-02-02 20:46 96,832 ----a-w C:\WINDOWS\system32\vpiwhrru.dll 2008-02-02 20:18 96,832 ----a-w C:\WINDOWS\system32\yjnanqxr.dll 2008-02-01 21:49 92,224 ----a-w C:\WINDOWS\system32\pqkfxvna.dll 2008-02-01 16:05 92,224 ----a-w C:\WINDOWS\system32\puuecrnl.dll 2008-01-31 21:21 90,688 ----a-w C:\WINDOWS\system32\kdkqmswe.dll 2008-01-31 20:06 90,688 ----a-w C:\WINDOWS\system32\mjukccdm.dll 2008-01-31 16:38 95,296 ----a-w C:\WINDOWS\system32\clmrwssq.dll 2008-01-31 16:16 95,296 ----a-w C:\WINDOWS\system32\jvglqaww.dll 2008-01-31 14:44 95,296 ----a-w C:\WINDOWS\system32\cwvrtwpi.dll 2008-01-31 02:02 74,304 ----a-w C:\WINDOWS\system32\sukgqrou.exe 2008-01-30 22:50 74,304 ----a-w C:\WINDOWS\system32\dapplnxq.exe 2008-01-30 18:59 74,304 ----a-w C:\WINDOWS\system32\qmujomvw.exe 2008-01-29 21:55 74,304 ----a-w C:\WINDOWS\system32\rmhgkmls.exe 2008-01-29 19:58 74,304 ----a-w C:\WINDOWS\system32\ufhwpees.exe 2008-01-29 19:08 74,304 ----a-w C:\WINDOWS\system32\ngedbetl.exe 2008-01-29 16:01 74,304 ----a-w C:\WINDOWS\system32\brjmgawe.exe 2008-01-29 01:47 74,304 ----a-w C:\WINDOWS\system32\yntyllpe.exe 2008-01-28 23:44 74,304 ----a-w C:\WINDOWS\system32\mhgivgvd.exe 2008-01-28 23:14 74,304 ----a-w C:\WINDOWS\system32\vvjjrjvp.exe 2008-01-28 23:10 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live 2008-01-28 23:02 74,304 ----a-w C:\WINDOWS\system32\eqlninpu.exe 2008-01-28 16:47 74,304 ----a-w C:\WINDOWS\system32\eoopjucy.exe 2008-01-27 17:52 74,304 ----a-w C:\WINDOWS\system32\lnwlirdo.exe 2008-01-27 16:44 74,304 ----a-w C:\WINDOWS\system32\fnilwwuf.exe 2008-01-26 17:35 74,304 ----a-w C:\WINDOWS\system32\sqqnkcel.exe 2008-01-26 17:23 1,142,572 --sh--w C:\WINDOWS\system32\tyyinxvu.tmp 2008-01-26 17:19 74,304 ----a-w C:\WINDOWS\system32\iswowqpr.exe 2008-01-25 19:49 167,377 --sh--w C:\WINDOWS\system32\bbeeg.tmp 2008-01-25 16:21 74,304 ----a-w C:\WINDOWS\system32\ulhfwseh.exe 2008-01-25 16:04 74,304 ----a-w C:\WINDOWS\system32\oyahpcli.exe 2008-01-24 16:33 74,304 ----a-w C:\WINDOWS\system32\tplbjvmc.exe 2008-01-24 02:20 --------- d-----w C:\Arquivos de programas\Motorola Phone Tools 2008-01-24 02:19 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Motorola Shared 2008-01-24 02:18 92,064 ----a-w C:\Documents and Settings\Mariane\mqdmmdm.sys 2008-01-24 02:18 9,232 ----a-w C:\Documents and Settings\Mariane\mqdmmdfl.sys 2008-01-24 02:18 79,328 ----a-w C:\Documents and Settings\Mariane\mqdmserd.sys 2008-01-24 02:18 66,656 ----a-w C:\Documents and Settings\Mariane\mqdmbus.sys 2008-01-24 02:18 6,208 ----a-w C:\Documents and Settings\Mariane\mqdmcmnt.sys 2008-01-24 02:18 5,936 ----a-w C:\Documents and Settings\Mariane\mqdmwhnt.sys 2008-01-24 02:18 4,048 ----a-w C:\Documents and Settings\Mariane\mqdmcr.sys 2008-01-24 02:18 25,600 ----a-w C:\Documents and Settings\Mariane\usbsermptxp.sys 2008-01-24 02:18 22,768 ----a-w C:\Documents and Settings\Mariane\usbsermpt.sys 2008-01-24 01:30 --------- d-----w C:\Documents and Settings\Mariane\Dados de aplicativos\InstallShield 2008-01-24 01:30 --------- d-----w C:\Arquivos de programas\Avanquest update 2008-01-23 14:45 74,304 ----a-w C:\WINDOWS\system32\bmfjpfkr.exe 2008-01-22 14:43 74,304 ----a-w C:\WINDOWS\system32\hbeksecp.exe 2008-01-21 14:42 74,304 ----a-w C:\WINDOWS\system32\drnxixvf.exe 2008-01-20 04:22 74,304 ----a-w C:\WINDOWS\system32\peiedwwf.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "P2kAutostart"="C:\Documents and Settings\Mariane\Meus documentos\Programas\Tutorial_de_Desbloqueio_Definitivo_do_V3c-v2[1].5\Tutorial_de_Desbloqueio_Definitivo_do_V3c-v2[1].0\P2KCommander\P2kAutostart.exe" [2005-11-01 19:56 24064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 17:14 36975] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\soundman.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "GlobalFlagACER"="C:\WINDOWS\system32\maindwxp.exe" [2008-02-05 22:57 333824] "netnt"="C:\WINDOWS\netfx20.exe" [2008-02-18 17:39 3389440] C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\ maindwxp.e [2008-02-05 22:57:57 333824] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ maindwxp.exe [2008-02-05 22:57:57 333824] netfx20.exe [2008-02-18 17:39:02 3389440] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ ascfix] ascfix.dll 2008-02-06 17:06 87552 C:\WINDOWS\system32\ascfix.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\desp2k] C:\Arquivos de programas\Turbo\Manager\desp2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower] --a------ 2007-01-23 11:34 53248 C:\WINDOWS\system32\SiSPower.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wapp] C:\Arquivos de programas\Wapp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLogT] C:\WINDOWS\WinLogT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winpos] C:\WINDOWS\winpos.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= "C:\WINDOWS\system32\peiedwwf.exe"= C:\WINDOWS\system32\pei "C:\\Arquivos de programas\\eMule\\emule.exe"= "C:\\Documents and Settings\\Gabriela\\Meus documentos\\eMule\\emule.exe"= R3 Intels51;Intel® 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2002-05-10 06:31] R3 V0010bVd;Creative WebCam Vista #2;C:\WINDOWS\system32\DRIVERS\V0010bVd.sys [2003-04-21 08:19] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{068b32de-3170-11dc-96c5-00115b027a02}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe . Conteúdo da pasta 'Tarefas Agendadas' "2008-03-15 04:00:05 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-01-17 16:19:46 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-02 14:00:02 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-08 15:00:02 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-16 16:00:02 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-14 17:00:02 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-10 18:00:02 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-16 19:00:05 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-16 20:00:02 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-16 21:00:02 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-15 22:00:02 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-15 05:00:07 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-14 23:00:02 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-14 00:00:02 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-12 01:00:02 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-10 02:00:02 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-15 03:00:04 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-09 06:00:02 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-09 07:00:02 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-09 08:00:02 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-09 09:00:02 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-09 10:00:02 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-09 11:00:02 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-09 12:00:02 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\system32\vt75Qp4w.exe "2008-03-16 21:02:41 C:\WINDOWS\Tasks\startt.job" - c:\autoexec.bat . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 17:03:03 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] " netnt"="C:\\WINDOWS\\netfx20.exe" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\ascfix.dll . ------------------------ Other Running Processes ------------------------ . C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe C:\Documents and Settings\Mariane\Meus documentos\Programas\Tutorial_de_Desbloqueio_Definitivo_do_V3c-v2[1].5\Tutorial_de_Desbloqueio_Definitivo_do_V3c-v2[1].0\P2KCommander\P2kAutostart.exe C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\netfx20.exe . ************************************************************************** . Tempo para conclusão: 2008-03-16 17:05:23 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-16 21:05:20 Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Março 20, 2008 Ok, o ComboFix.txt mostrou também um vírus que infecta pendrives, drives de mp3/mp4. Também há uma infecção por um trojan banker. Este trojan captura senhas e as envia para um hacker. É recomendável que troque as mesmas, depois que limpar o PC. Baixe: PenClean BankerFix Salve ou imprima estas instruções: 1 - Delete a pasta C:\Qoobox (se ela existir), e delete o log anterior do Combofix -> C:\combofix.txt 2 - Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções. 3 - Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt. File::C:\WINDOWS\system32\ntcqsndi.ini C:\WINDOWS\system32\ljinqwxk.ini C:\WINDOWS\system32\fnrvkihg.ini C:\WINDOWS\system32\iwggbcju.ini C:\WINDOWS\system32\lhjnhgun.ini C:\WINDOWS\system32\cxmoihdh.ini C:\WINDOWS\system32\cjwmrfyd.ini C:\WINDOWS\system32\lmmxkxmt.ini C:\WINDOWS\system32\fvclvhxk.ini C:\WINDOWS\system32\vt75Qp4w.exe C:\WINDOWS\netfx20.exe C:\WINDOWS\system32\eqdlwfgi.dll C:\WINDOWS\system32\cavoxyyv.dll C:\WINDOWS\system32\dgtxvkba.dll C:\WINDOWS\system32\gpftrgtt.dll C:\WINDOWS\system32\foaqhxfu.dll C:\WINDOWS\system32\dvvyrgua.dll C:\WINDOWS\system32\hmilirfk.dll C:\WINDOWS\system32\yhbnumtr.dll C:\WINDOWS\system32\rcgwyqqv.dll C:\WINDOWS\system32\khomhvlk.dll C:\WINDOWS\system32\ascfix.dll C:\WINDOWS\netspa.exe C:\WINDOWS\system32\WinUpdatedata.exe C:\WINDOWS\system32\hiwcklec.dll C:\WINDOWS\system32\maindwxp.exe C:\WINDOWS\system32\GbpServer32.exe C:\WINDOWS\system32\windosremote.exe C:\WINDOWS\system32\lqulmrtt.dll C:\WINDOWS\system32\onnxxyvl.dll C:\WINDOWS\system32\xuvqmnlu.dll C:\WINDOWS\system32\saqdxbiu.dll C:\WINDOWS\system32\wogdsthr.dll C:\WINDOWS\system32\vpiwhrru.dll C:\WINDOWS\system32\yjnanqxr.dll C:\WINDOWS\system32\pqkfxvna.dll C:\WINDOWS\system32\puuecrnl.dll C:\WINDOWS\system32\kdkqmswe.dll C:\WINDOWS\system32\mjukccdm.dll C:\WINDOWS\system32\clmrwssq.dll C:\WINDOWS\system32\jvglqaww.dll C:\WINDOWS\system32\cwvrtwpi.dll C:\WINDOWS\system32\sukgqrou.exe C:\WINDOWS\system32\dapplnxq.exe C:\WINDOWS\system32\qmujomvw.exe C:\WINDOWS\system32\rmhgkmls.exe C:\WINDOWS\system32\ufhwpees.exe C:\WINDOWS\system32\ngedbetl.exe C:\WINDOWS\system32\brjmgawe.exe C:\WINDOWS\system32\yntyllpe.exe C:\WINDOWS\system32\mhgivgvd.exe C:\WINDOWS\system32\vvjjrjvp.exe C:\WINDOWS\system32\eqlninpu.exe C:\WINDOWS\system32\eoopjucy.exe C:\WINDOWS\system32\lnwlirdo.exe C:\WINDOWS\system32\fnilwwuf.exe C:\WINDOWS\system32\sqqnkcel.exe C:\WINDOWS\system32\tyyinxvu.tmp C:\WINDOWS\system32\iswowqpr.exe C:\WINDOWS\system32\bbeeg.tmp C:\WINDOWS\system32\ulhfwseh.exe C:\WINDOWS\system32\oyahpcli.exe C:\WINDOWS\system32\tplbjvmc.exe C:\WINDOWS\system32\bmfjpfkr.exe C:\WINDOWS\system32\hbeksecp.exe C:\WINDOWS\system32\drnxixvf.exe C:\WINDOWS\system32\peiedwwf.exe C:\Arquivos de programas\Wapp.exe c:\Windows\Tasks\At1.job c:\Windows\Tasks\At2.job c:\Windows\Tasks\At3.job c:\Windows\Tasks\At4.job c:\Windows\Tasks\At5.job c:\Windows\Tasks\At6.job c:\Windows\Tasks\At7.job c:\Windows\Tasks\At8.job c:\Windows\Tasks\At9.job c:\Windows\Tasks\At10.job c:\Windows\Tasks\At11.job c:\Windows\Tasks\At12.job c:\Windows\Tasks\At13.job c:\Windows\Tasks\At14.job c:\Windows\Tasks\At15.job c:\Windows\Tasks\At16.job c:\Windows\Tasks\At17.job c:\Windows\Tasks\At18.job c:\Windows\Tasks\At19.job c:\Windows\Tasks\At20.job c:\Windows\Tasks\At21.job c:\Windows\Tasks\At22.job c:\Windows\Tasks\At23.job c:\Windows\Tasks\At24.job C:\WINDOWS\Tasks\startt.job C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\maindwxp.exe C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\maindwxp.exe C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\netfx20.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "netnt"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ ascfix] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wapp] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\WINDOWS\system32\peiedwwf.exe"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{068b32de-3170-11dc-96c5-00115b027a02}] 4 - Se tiver um Pendrive ou um drive de MP3 ou MP4, conecte no PC (se tiver mais de um, tem de conectar todos). Não os tire até completar todas as instruções. Reinicie o PC e aperte F8 intermitentemente. No menu escolha: modo seguro. Execute o PenClean. Selecione a opção Verificar o computador e clique no botão Verificar. <<Aguarde alguns instantes, o exame é bem rápido>> Será informado se algo foi encontrado, se for encontrado será pedido para reiniciar, clique em Sim. O computador será reiniciado. 5 - Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo. O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. 6 - Dê dois cliques no bankerfix.exe para executá-lo. Clique em OK na primeira e na segunda vez que aparecerem caixas de mensagem. Se você estiver executando o BankerFix pela segunda vez, ele irá pedir para verificar por uma atualização. Diga que Sim e depois clique em OK. Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo. Ao terminar, leia a mensagem na tela e aperte Enter novamente. 7 - Remova o Pendrive\MP3\MP4 que tenha conectado. 8 - Gere um novo log com o HijackThis. Poste: ComboFix.txt log do HijackThis relatorio.txt do BankerFix > está em C:\LinhaDefensiva Relatório do PenClean > está em C:\PenClean\PenClean.txt Depois de fazer sua resposta você pode apagar a pasta: C:\LinhaDefensiva Atenção: não rode o BankerFix, nem o ComboFix, mais de uma vez, pois isso sobrescreverá os resultados e não se saberá se a remoção foi bem-sucedida. Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Maio 14, 2008 Tópico Arquivado Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
