Swivel 0 Denunciar post Postado Fevereiro 11, 2010 Tento instalar qualquer antivirus não consigo, já tentei avg, avast e avira. aqui está o log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:06:00 PM, on 2/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\XP-859BAE7A.EXE C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BrOffice.org 3\program\soffice.exe C:\Program Files\BrOffice.org 3\program\soffice.bin C:\Program Files\McAfee\Common Framework\McTray.exe C:\hijackthis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://webacc.prrr.mpf.gov.br/mpfproxy.pac R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [XP-859BAE7A] C:\WINDOWS\system32\XP-859BAE7A.EXE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe O4 - Startup: BrOffice.org 3.0.lnk = C:\Program Files\BrOffice.org 3\program\quickstart.exe O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-859BAE7A.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?090b36fae9094eb4b7e3922709eeab91 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?090b36fae9094eb4b7e3922709eeab91 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2C19B300-F50B-45F5-B881-3BF9D7480A4B}: NameServer = 200.155.132.155,200.165.132.148 O17 - HKLM\System\CCS\Services\Tcpip\..\{5E9AD548-A0FB-42EE-B14C-CF1C4246950F}: NameServer = 200.142.58.2,200.142.58.20 O17 - HKLM\System\CCS\Services\Tcpip\..\{B0E8A42D-D915-40C6-9F77-D31E68FEF758}: NameServer = 200.142.58.2,200.142.58.20 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 7197 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 12, 2010 Boa noite.... *Baixe o USBFix e salve-o no desktop *Espete o Pendrive no PC *Duplo clique em UsbFix *Tecle P > [ENTER] *Tecle 1 > [ENTER] e aguarde o término *Remova o Pendrive *Cole o relatório criado em C:\UsbFix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Swivel 0 Denunciar post Postado Fevereiro 18, 2010 Aqui está o log do USBFix ############################## | UsbFix V6.095 | ############################## | Processos activos | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\XP-859BAE7A.EXE C:\Program Files\McAfee\Common Framework\udaterui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BrOffice.org 3\program\soffice.exe C:\Program Files\BrOffice.org 3\program\soffice.bin C:\Program Files\McAfee\Common Framework\McTray.exe ################## | Ficheiros # pastas infeciosos | C:\Documents and Settings\user\RavMonLog C:\WINDOWS\System32\com.run C:\WINDOWS\System32\dp1.fne C:\WINDOWS\System32\eAPI.fne C:\WINDOWS\System32\internet.fne C:\WINDOWS\System32\krnln.fnr C:\WINDOWS\System32\nmdfgds0.dll C:\WINDOWS\System32\og.dll C:\WINDOWS\System32\og.edt C:\WINDOWS\System32\olhrwef.exe C:\WINDOWS\System32\RegEx.fnr C:\WINDOWS\System32\shell.fne C:\WINDOWS\System32\spec.fne C:\WINDOWS\System32\ul.dll C:\DOCUME~1\user\LOCALS~1\Temp\E_4\com.run C:\DOCUME~1\user\LOCALS~1\Temp\E_4\dp1.fne C:\DOCUME~1\user\LOCALS~1\Temp\E_4\eAPI.fne C:\DOCUME~1\user\LOCALS~1\Temp\E_4\internet.fne C:\DOCUME~1\user\LOCALS~1\Temp\E_4\krnln.fnr C:\DOCUME~1\user\LOCALS~1\Temp\E_4\RegEx.fnr C:\DOCUME~1\user\LOCALS~1\Temp\E_4\shell.fne C:\DOCUME~1\user\LOCALS~1\Temp\E_4\spec.fne C:\DOCUME~1\user\LOCALS~1\Temp\E_4 C:\autorun.inf -> ficheiro chamado : "C:\em8tqm.cmd" ( Presente ! ) C:\autorun.inf C:\AKON\BYONC\AKON.exe C:\AKON\BYONC\Desktop.ini C:\AKON\BYONC C:\em8tqm.cmd C:\NEXT\FILES\NEXT.exe C:\NEXT\FILES C:\NEXT E:\autorun.inf.exe E:\Recycled.exe ################## | MD5 | C:\Documents and Settings\Guest\Local Settings\Temp\000AD8EA_Rar\XP-859BAE7A.EXE C:\Documents and Settings\Guest\Local Settings\Temp\000AF2DB_Rar\XP-859BAE7A.EXE C:\Documents and Settings\user\Desktop\priscilla\Pendrive\59Tiag00_arquivos.exe C:\Documents and Settings\user\Desktop\priscilla\Pendrive\C.exe C:\Documents and Settings\user\Desktop\priscilla\Pendrive\F.exe C:\Documents and Settings\user\Desktop\priscilla\Pendrive\NEXT.exe C:\Documents and Settings\user\Local Settings\Temp\002733F3_Rar\XP-859BAE7A.EXE C:\Documents and Settings\user\Local Settings\Temp\002755F2_Rar\XP-859BAE7A.EXE C:\Documents and Settings\user\My Documents\My Music\cifras com virus\bom-estarmos-aqui_arquivos.exe C:\Documents and Settings\user\My Documents\My Music\cifras com virus\C.exe C:\Documents and Settings\user\My Documents\My Music\cifras com virus\em-espirito-em-verdade_arquivos.exe C:\Documents and Settings\user\My Documents\My Music\cifras com virus\F.exe C:\Documents and Settings\user\My Documents\My Music\cifras com virus\NEXT.exe C:\Documents and Settings\user\My Documents\My Pictures\Formandos2009\NEXT.exe C:\Documents and Settings\user\My Documents\My Pictures\Formandos2009\RECYCLER.exe C:\Documents and Settings\user\My Documents\My Pictures\Formandos2009\Tender.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP45\A0041557.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP45\A0041558.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP45\A0041559.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP45\A0041560.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP45\A0041562.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045373.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045374.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045375.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045376.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045378.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045468.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045469.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045470.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045471.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045473.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045550.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045551.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045552.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045553.exe C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045555.exe C:\WINDOWS\system32\XP-859BAE7A.EXE D:\Formandos2009\NEXT.exe E:\Recycled.exe E:\autorun.inf.exe ################## | Registro | [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft" [HKLM\software\microsoft\shared tools\msconfig\startupreg\RavAV] ################## | Mountpoints2 | HKCU\..\..\Explorer\MountPoints2\E Shell\AutoRun\command =E:\LaunchU3.exe -a HKCU\..\..\Explorer\MountPoints2\{08d73c14-1e0a-11dd-9182-0018dea6ab6d} Shell\AutoRun\command =F:\NEXT\FILES\NEXT.exe Shell\open\command =F:\NEXT\FILES\NEXT.exe HKCU\..\..\Explorer\MountPoints2\{0b5a0f62-0eea-11de-84cf-0018dea6ab6d} Shell\1\Command =E:\Recycled.exe Shell\AutoRun\command =E:\Recycled.exe HKCU\..\..\Explorer\MountPoints2\{0b72c2d2-9835-11dc-9077-0018dea6ab6d} Shell\Auto\command =E:\tel.xls.exe Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe HKCU\..\..\Explorer\MountPoints2\{12b71b68-bbd7-11dc-90c4-0018dea6ab6d} Shell\AutoRun\command =fooool.exe Shell\explore\Command =fooool.exe Shell\open\Command =fooool.exe HKCU\..\..\Explorer\MountPoints2\{172fd0e1-04df-11dc-8ec1-0018dea6ab6d} Shell\Auto\command =AdobeR.exe e Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e HKCU\..\..\Explorer\MountPoints2\{235422d4-7770-11dc-9018-0018dea6ab6d} Shell\AutoRun\command =ceb6eu HKCU\..\..\Explorer\MountPoints2\{298337e4-1bac-11dc-8f1c-0018dea6ab6d} SheLl\AUtOplAy\COmmand =E:\boit.pif SheLl\AutoRun\command =E:\boit.pif SheLl\EXPlOre\CommaND =E:\boit.pif SheLl\oPen\cOmmand =E:\boit.pif HKCU\..\..\Explorer\MountPoints2\{33e3a7fa-3072-11de-84ff-0018dea6ab6d} Shell\1\Command =E:\Recycled.exe Shell\AutoRun\command =E:\Recycled.exe HKCU\..\..\Explorer\MountPoints2\{3c73990f-0e99-11de-84ce-0018dea6ab6d} Shell\AUtoPlAY\CoMmAnd =E:\phgr.cmd Shell\AutoRun\command =E:\phgr.cmd Shell\exPLorE\CoMMand =E:\phgr.cmd Shell\Open\commAnd =E:\phgr.cmd HKCU\..\..\Explorer\MountPoints2\{4024c51a-ab86-11de-a449-0018dea6ab6d} Shell\AuToPlay\coMmaND =E:\vbomr.exe Shell\AutoRun\command =E:\vbomr.exe Shell\ExPlore\COMmanD =E:\vbomr.exe Shell\opeN\commaNd =E:\vbomr.exe HKCU\..\..\Explorer\MountPoints2\{4024c51b-ab86-11de-a449-0018dea6ab6d} Shell\AutoRun\command =F:\NEXT\FILES\NEXT.exe Shell\open\command =F:\NEXT\FILES\NEXT.exe HKCU\..\..\Explorer\MountPoints2\{4ff202be-420e-11dd-91af-0018dea6ab6d} sheLL\AuTOPlaY\cOmmaND =E:\fglp.cmd sheLL\AutoRun\command =E:\fglp.cmd sheLL\expLore\COmmand =E:\fglp.cmd sheLL\OpEN\commaND =E:\fglp.cmd HKCU\..\..\Explorer\MountPoints2\{507c06a0-408f-11de-8511-0018dea6ab6d} Shell\AUToplay\ComMAnd =E:\pkvtxq.exe Shell\AutoRun\command =E:\pkvtxq.exe Shell\exPlOre\COmmand =E:\pkvtxq.exe Shell\OPeN\coMmaNd =E:\pkvtxq.exe HKCU\..\..\Explorer\MountPoints2\{5722f96e-7e31-11db-8d22-806d6172696f} Shell\AutoRun\command =C:\em8tqm.cmd Shell\open\Command =C:\em8tqm.cmd HKCU\..\..\Explorer\MountPoints2\{59a65b24-1667-11dd-9170-0018dea6ab6d} Shell\AutoRun\command =F:\LaunchU3.exe -a HKCU\..\..\Explorer\MountPoints2\{59a65b25-1667-11dd-9170-0018dea6ab6d} Shell\AutoRun\command =G:\avc35.exe Shell\explore\command =G:\avc35.exe explore Shell\find\command =G:\avc35.exe Shell\open\command =G:\avc35.exe HKCU\..\..\Explorer\MountPoints2\{5bc17995-2033-11dd-9188-0018dea6ab6d} Shell\AutoRun\command =E:\ranvrgn.exe Shell\explore\Command =E:\ranvrgn.exe Shell\open\Command =E:\ranvrgn.exe HKCU\..\..\Explorer\MountPoints2\{5d1eb3c7-f451-11dc-911e-0018dea6ab6d} Shell\AutoRun\command =VIDI\UNUK\DRG.exe Shell\open\command =E:\VIDI\UNUK\DRG.exe HKCU\..\..\Explorer\MountPoints2\{605dc0ba-68ba-11de-a3f0-806d6172696f} Shell\1\Command =E:\Recycled.exe Shell\2\Command =E:\Recycled.exe Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe HKCU\..\..\Explorer\MountPoints2\{605dc0bd-68ba-11de-a3f0-0018dea6ab6d} shell\1\Command =E:\ shell\2\Command =E:\Recycled.exe shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe HKCU\..\..\Explorer\MountPoints2\{62d9c7a2-6aa5-11de-a3f4-0018dea6ab6d} SHELL\AuTopLaY\CommAnd =F:\qyuym.pif SHELL\AutoRun\command =F:\qyuym.pif SHELL\EXplOre\CoMMaNd =F:\qyuym.pif SHELL\oPEN\coMmaNd =F:\qyuym.pif HKCU\..\..\Explorer\MountPoints2\{66d1c9de-7db9-11dc-9028-0018dea6ab6d} Shell\Auto\command =fun.xls.exe Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe HKCU\..\..\Explorer\MountPoints2\{68215534-3e3a-11dc-8f68-0018dea6ab6d} Shell\Auto\command =AdobeR.exe e Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e HKCU\..\..\Explorer\MountPoints2\{6c2d2d76-68b1-11de-8549-0018dea6ab6d} Shell\1\Command =E:\Recycled.exe Shell\2\Command =E:\ Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL HKCU\..\..\Explorer\MountPoints2\{6caf7a42-1c81-11dd-917d-0018dea6ab6d} Shell\AutoRun\command =F:\jfvkcsy.bat Shell\explore\Command =F:\jfvkcsy.bat Shell\open\Command =F:\jfvkcsy.bat HKCU\..\..\Explorer\MountPoints2\{72ad7d12-6679-11dd-91e1-0018dea6ab6d} Shell\AutoRun\command =E:\ceb6eu98.bat Shell\explore\Command =E:\ceb6eu98.bat Shell\open\Command =E:\ceb6eu98.bat HKCU\..\..\Explorer\MountPoints2\{980f6242-043f-11df-a4bd-0018dea6ab6d} Shell\1\Command =E:\Recycled.exe Shell\2\Command =E:\Recycled.exe Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe HKCU\..\..\Explorer\MountPoints2\{980f6243-043f-11df-a4bd-0018dea6ab6d} Shell\AutoRun\command =F:\F\UCK\FK.exe Shell\open\command =F:\F\UCK\FK.exe HKCU\..\..\Explorer\MountPoints2\{9f1d9754-c037-11db-8dc6-00a0d15e8dc7} Shell\Auto\command =E:\RavMonE.exe e Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e HKCU\..\..\Explorer\MountPoints2\{a1699d98-0fb1-11de-84d0-0018dea6ab6d} Shell\AutoRun\command =ktly.exe Shell\open\Command =ktly.exe HKCU\..\..\Explorer\MountPoints2\{a3d4cafa-b22b-11db-8d7e-0018dea6ab6d} Shell\Auto\command =AdobeR.exe e Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e HKCU\..\..\Explorer\MountPoints2\{a3d4cafd-b22b-11db-8d7e-0018dea6ab6d} Shell\Auto\command =E:\AdobeR.exe e Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e HKCU\..\..\Explorer\MountPoints2\{a7320da6-c8cf-11dd-8469-0018dea6ab6d} Shell\1\Command =E:\Recycled.exe Shell\2\Command =E:\Recycled.exe Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe HKCU\..\..\Explorer\MountPoints2\{a7320da7-c8cf-11dd-8469-0018dea6ab6d} Shell\AutoRun\command =G:\NEXT\FILES\NEXT.exe Shell\open\command =G:\NEXT\FILES\NEXT.exe HKCU\..\..\Explorer\MountPoints2\{a7c4bd85-1039-11de-84d1-0018dea6ab6d} Shell\AutoRun\command =E:\DUB\WONK\tux.exe Shell\open\command =E:\DUB\WONK\tux.exe HKCU\..\..\Explorer\MountPoints2\{b2797772-435f-11dc-8f74-0018dea6ab6d} sHell\AUTOPlAy\command =E:\ sHell\AutoRun\command =E:\ sHell\exPLorE\ComMAnd =E:\ sHell\opEN\COMmand =E:\cmuhl.pif HKCU\..\..\Explorer\MountPoints2\{b4070dd6-1273-11de-84d9-0018dea6ab6d} Shell\AutoRun\command =E:\VIDI\UNUK\DRG.exe Shell\open\command =E:\VIDI\UNUK\DRG.exe HKCU\..\..\Explorer\MountPoints2\{b4be628c-a147-11db-8d54-00038a000015} Shell\auto\command =E:\explorer.exe Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorer.exe HKCU\..\..\Explorer\MountPoints2\{b4f35f6e-3e5e-11dc-8f6a-0018dea6ab6d} Shell\Auto\command =E:\AdobeR.exe e Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e HKCU\..\..\Explorer\MountPoints2\{bb8427ae-f9e9-11dc-9128-0018dea6ab6d} Shell\AutoRun\command =Boha\Elsabah\boh.exe Shell\open\command =Boha\Elsabah\boh.exe HKCU\..\..\Explorer\MountPoints2\{c0fe8918-cdfb-11dd-846f-0018dea6ab6d} Shell\Auto\command =E:\MicrosoftPowerPoint.exe Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe HKCU\..\..\Explorer\MountPoints2\{c51b0a4e-2de1-11de-84fc-0018dea6ab6d} sHELL\AUtoplAy\cOmMand =E:\pbidch.exe sHELL\AutoRun\command =E:\pbidch.exe sHELL\exPlOre\CoMmAnd =E:\pbidch.exe sHELL\OpEN\coMmand =E:\pbidch.exe HKCU\..\..\Explorer\MountPoints2\{c62e84cd-548f-11de-8526-0018dea6ab6d} Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\..\..\Explorer\MountPoints2\{c793404a-bf5c-11de-a476-0018dea6ab6d} Shell\1\Command =E:\Recycled.exe Shell\2\Command =E:\Recycled.exe Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe HKCU\..\..\Explorer\MountPoints2\{c7976558-d43d-11de-a494-0018dea6ab6d} Shell\1\Command =Recycled.exe Shell\2\Command =Recycled.exe Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe HKCU\..\..\Explorer\MountPoints2\{caa31e30-3198-11dc-8f52-0018dea6ab6d} Shell\Auto\command =E:\MicrosoftPowerPoint.exe Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe HKCU\..\..\Explorer\MountPoints2\{cbf55d3b-7535-11dc-9010-0018dea6ab6d} Shell\AutoRun\command =E:\LaunchU3.exe -a HKCU\..\..\Explorer\MountPoints2\{cc6ac868-0d55-11de-84cd-0018dea6ab6d} Shell\AutoRun\command =E:\i6a0.bat Shell\open\Command =E:\i6a0.bat HKCU\..\..\Explorer\MountPoints2\{cc706b4b-859b-11db-8d2f-00038a000015} Shell\Auto\command =F:\AdobeR.exe e Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e HKCU\..\..\Explorer\MountPoints2\{d31f6a38-ada6-11dc-90b1-0018dea6ab6d} Shell\Auto\command =AdobeR.exe e Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e HKCU\..\..\Explorer\MountPoints2\{d41a5090-3525-11de-8505-0018dea6ab6d} SHell\AUTopLAy\coMmand =E:\muhnyw.pif SHell\AutoRun\command =E:\muhnyw.pif SHell\EXPloRe\ComManD =E:\muhnyw.pif SHell\opEn\commAnD =E:\muhnyw.pif HKCU\..\..\Explorer\MountPoints2\{d80a7485-06a7-11de-84c4-0018dea6ab6d} sHELl\auToplay\coMmAnd =F:\smufd.exe sHELl\AutoRun\command =F:\smufd.exe sHELl\expLore\COmMAnd =F:\smufd.exe sHELl\Open\CoMmand =F:\smufd.exe HKCU\..\..\Explorer\MountPoints2\{d979c4e4-800f-11db-8d28-00038a000015} Shell\Auto\command =AdobeR.exe e Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e HKCU\..\..\Explorer\MountPoints2\{e520ef06-548a-11dd-91c9-0018dea6ab6d} Shell\AutoRun\command =E:\9qqigqwf.exe Shell\open\Command =E:\9qqigqwf.exe HKCU\..\..\Explorer\MountPoints2\{e86a03da-1fde-11de-84eb-0018dea6ab6d} Shell\1\Command =E:\Recycled.exe Shell\2\Command =E:\Recycled.exe Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe HKCU\..\..\Explorer\MountPoints2\{eb5d4417-cf93-11de-a488-0018dea6ab6d} Shell\1\Command =G:\Recycled.exe Shell\2\Command =G:\ Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL HKCU\..\..\Explorer\MountPoints2\{ebf544a5-2618-11dc-8f37-00a0d15e8dc7} shELl\AutOpLAY\comMAnD =H:\ shELl\AutoRun\command =H:\bkvbk.cmd shELl\eXplorE\CoMmand =H:\bkvbk.cmd shELl\open\commANd =H:\ HKCU\..\..\Explorer\MountPoints2\{f02f212d-ae97-11dc-90b4-0018dea6ab6d} Shell\Auto\command =E:\MicrosoftPowerPoint.exe Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe HKCU\..\..\Explorer\MountPoints2\{f06bc9e0-af07-11dc-90b6-0018dea6ab6d} Shell\AutoRun\command =E:\3wcxx91.cmd Shell\explore\Command =E:\3wcxx91.cmd Shell\open\Command =E:\3wcxx91.cmd HKCU\..\..\Explorer\MountPoints2\{f5e77646-702f-11dd-91ee-0018dea6ab6d} Shell\AutoRun\command =G:\VIDI\UNUK\DRG.exe Shell\open\command =G:\VIDI\UNUK\DRG.exe ################## | Vaccin | (!) Este computador não é vacinada! ################## | ! Fim do relatório # UsbFix V6.095 ! | Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 18, 2010 *Espete novamente o Pendrive no PC *Duplo clique em UsbFix *Tecle P > [ENTER] *Tecle 2 > [ENTER] e aguarde o término *Remova o Pendrive *Cole o relatório criado em C:\UsbFix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Swivel 0 Denunciar post Postado Fevereiro 18, 2010 É preciso estar conectado? Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 19, 2010 É preciso estar conectado? Sim...mantenha-se conectado. Compartilhar este post Link para o post Compartilhar em outros sites
Swivel 0 Denunciar post Postado Fevereiro 19, 2010 ############################## | UsbFix V6.095 | ############################## | Processos activos | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe ################## | Ficheiros # pastas infeciosos | Supprimido ! C:\WINDOWS\System32\com.run Supprimido ! C:\WINDOWS\System32\dp1.fne Supprimido ! C:\WINDOWS\System32\eAPI.fne Supprimido ! C:\WINDOWS\System32\internet.fne Supprimido ! C:\WINDOWS\System32\krnln.fnr Supprimido ! C:\WINDOWS\System32\og.dll Supprimido ! C:\WINDOWS\System32\og.edt Supprimido ! C:\WINDOWS\System32\RegEx.fnr Supprimido ! C:\WINDOWS\System32\shell.fne Supprimido ! C:\WINDOWS\System32\spec.fne Supprimido ! C:\WINDOWS\System32\ul.dll Supprimido ! C:\DOCUME~1\user\LOCALS~1\Temp\E_4\com.run Supprimido ! C:\DOCUME~1\user\LOCALS~1\Temp\E_4\dp1.fne Supprimido ! C:\DOCUME~1\user\LOCALS~1\Temp\E_4\eAPI.fne Supprimido ! C:\DOCUME~1\user\LOCALS~1\Temp\E_4\internet.fne Supprimido ! C:\DOCUME~1\user\LOCALS~1\Temp\E_4\krnln.fnr Supprimido ! C:\DOCUME~1\user\LOCALS~1\Temp\E_4\RegEx.fnr Supprimido ! C:\DOCUME~1\user\LOCALS~1\Temp\E_4\shell.fne Supprimido ! C:\DOCUME~1\user\LOCALS~1\Temp\E_4\spec.fne Supprimido ! C:\DOCUME~1\user\LOCALS~1\Temp\E_4 Supprimido ! C:\Recycler\S-1-5-21-2290266962-1972622354-254095172-1005 Supprimido ! E:\autorun.inf.exe Supprimido ! E:\Recycled.exe ################## | MD5 | Supprimido ! C:\Documents and Settings\Guest\Local Settings\Temp\000AD8EA_Rar\XP-859BAE7A.EXE Supprimido ! C:\Documents and Settings\Guest\Local Settings\Temp\000AF2DB_Rar\XP-859BAE7A.EXE Supprimido ! C:\Documents and Settings\user\Desktop\priscilla\Pendrive\59Tiag00_arquivos.exe Supprimido ! C:\Documents and Settings\user\Desktop\priscilla\Pendrive\C.exe Supprimido ! C:\Documents and Settings\user\Desktop\priscilla\Pendrive\F.exe Supprimido ! C:\Documents and Settings\user\Desktop\priscilla\Pendrive\NEXT.exe Supprimido ! C:\Documents and Settings\user\My Documents\My Music\cifras com virus\bom-estarmos-aqui_arquivos.exe Supprimido ! C:\Documents and Settings\user\My Documents\My Music\cifras com virus\C.exe Supprimido ! C:\Documents and Settings\user\My Documents\My Music\cifras com virus\em-espirito-em-verdade_arquivos.exe Supprimido ! C:\Documents and Settings\user\My Documents\My Music\cifras com virus\F.exe Supprimido ! C:\Documents and Settings\user\My Documents\My Music\cifras com virus\NEXT.exe Supprimido ! C:\Documents and Settings\user\My Documents\My Pictures\Formandos2009\NEXT.exe Supprimido ! C:\Documents and Settings\user\My Documents\My Pictures\Formandos2009\RECYCLER.exe Supprimido ! C:\Documents and Settings\user\My Documents\My Pictures\Formandos2009\Tender.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP45\A0041557.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP45\A0041558.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP45\A0041559.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP45\A0041560.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP45\A0041562.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045373.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045374.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045375.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045376.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045378.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045468.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045469.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045470.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045471.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045473.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045550.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045551.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045552.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045553.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP48\A0045555.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP49\A0045731.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP49\A0045732.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP49\A0045733.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP49\A0045734.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP49\A0045736.exe Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP49\A0045788.EXE Supprimido ! C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP49\A0045912.EXE Supprimido ! C:\WINDOWS\system32\XP-859BAE7A.EXE (!) Não supprimido ! D:\Formandos2009\NEXT.exe Supprimido ! E:\fix.exe ################## | Registro | ################## | Mountpoints2 | ################## | Listing | [11/05/2009 12:31 PM|--a------|19] C:\.systemPath [02/02/2010 02:32 PM|--a------|0] C:\10ab911 [07/18/2006 11:37 PM|--a------|0] C:\AUTOEXEC.BAT [03/04/2008 04:49 AM|-rahs----|209] C:\boot.ini [07/18/2006 11:37 PM|--a------|0] C:\CONFIG.SYS [10/04/2008 11:32 PM|--a------|0] C:\DTSHDSpOut.txt [11/14/2007 07:59 PM|--a------|81] C:\DVDPATH.TXT [04/24/2006 08:02 PM|--a------|219780] C:\EULA.pdf [06/24/2008 12:53 PM|--a------|9830] C:\exefix.reg [?|?|?] C:\hiberfil.sys [07/18/2006 11:37 PM|-rahs----|0] C:\IO.SYS [07/19/2006 11:41 PM|--ah-----|1206] C:\IPH.PH [07/18/2006 11:37 PM|-rahs----|0] C:\MSDOS.SYS [08/10/2004 09:00 AM|-rahs----|47564] C:\NTDETECT.COM [06/25/2008 07:36 PM|-rahs----|250048] C:\ntldr [?|?|?] C:\pagefile.sys [05/17/2007 11:53 PM|--a------|1753] C:\photodex-presenter-install.log [05/07/2008 11:39 PM|--a------|700] C:\photodex_dshow.log [02/19/2010 09:08 AM|--a------|7580] C:\UsbFix.txt [10/05/2008 02:06 PM|-r-------|3007880] D:\DSC01217.JPG [10/05/2008 02:07 PM|-r-------|3094890] D:\DSC01219.JPG [10/05/2008 02:07 PM|-r-------|2969955] D:\DSC01220.JPG [10/05/2008 02:08 PM|-r-------|3022850] D:\DSC01221.JPG [10/05/2008 02:08 PM|-r-------|3035000] D:\DSC01222.JPG [10/05/2008 02:10 PM|-r-------|3072190] D:\DSC01224.JPG [02/05/2008 05:47 PM|-r-------|2587013] D:\foto mocidade.JPG [09/05/2009 03:29 PM|-r-------|127286] D:\td q eu gosto (72).jpg [02/18/2010 06:32 PM|--a------|225792] E:\avira_antivir_personal_ptbr.exe [02/18/2010 07:32 PM|--a------|18252] E:\UsbFix.txt [02/18/2010 07:42 PM|--a------|280] E:\viagem.txt ################## | Vaccinação | # C:\autorun.inf -> Folder criado por UsbFix (El Desaparecido). ################## | Upload | Favor enviar o arquivo : C:\UsbFix_Upload_Me_TOSHIBA-USER.zip : http://chiquitine.changelog.fr/Sample/Upload.php Obrigado pela sua contribuição . ################## | ! Fim do relatório # UsbFix V6.095 ! | Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 19, 2010 *Baixe o DDS e salve-o no desktop *Duplo clique em dds e aguarde. Salve os relatórios no desktop *Cole o relatório criado em DDS.txt Informe também se já consegue instalar o seu antvírus. Compartilhar este post Link para o post Compartilhar em outros sites
Swivel 0 Denunciar post Postado Fevereiro 19, 2010 Estou dando duplo click no dds.scr mas não acontece nada, nem gera relatório. Quando o windows inicializa abre uma janela de mensagem dizendo que não consegue abrir o arquivo XP-859BAE7A.EXE.UsbFix , pede para escolher um programa que consiga. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 19, 2010 1. *Duplo clique em UsbFix *Tecle P > [ENTER] *Tecle 5 > [ENTER] 2. *Baixe o ComboFix e salve-o no desktop *Duplo-clique no arquivo Combofix.exe *Aceite o contrato *Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [sIM] para aceitar a instalação do mesmo. *Após a instalação, clique em [sIM] para continuar. *Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER. *O programa será fechado automaticamente *Cole o relatório criado em C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Swivel 0 Denunciar post Postado Fevereiro 19, 2010 ComboFix 10-02-18.06 - user 02/19/2010 17:01:44.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.222 [GMT -3:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Guest\Start Menu\Programs\Startup\¡¡¡¡¡¡.lnk c:\documents and settings\user\.java\Start Menu\Programs\Startup\¡¡¡¡¡¡.lnk c:\documents and settings\user\Update.exe c:\program files\AskSearch\bin\DefaultSearch.dll C:\VIDI c:\vidi\UNUK\DesKTop.ini c:\vidi\UNUK\DRG.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR -------\Service_asc3360pr ((((((((((((((((((((((((( Files Created from 2010-01-19 to 2010-02-19 ))))))))))))))))))))))))))))))) . 2010-02-19 12:29 . 2010-02-19 12:29 58125480 ----a-w- C:\UsbFix_Upload_Me_TOSHIBA-USER.zip 2010-02-19 11:34 . 2008-04-14 08:42 151552 ----a-w- c:\windows\system32\irftp.exe 2010-02-19 11:34 . 2008-04-14 08:42 8192 ----a-w- c:\windows\system32\wshirda.dll 2010-02-19 11:34 . 2008-04-14 08:41 28160 ----a-w- c:\windows\system32\irmon.dll 2010-02-11 23:04 . 2010-02-11 23:06 -------- d-----w- C:\hijackthis 2010-02-11 14:00 . 2010-02-11 14:00 -------- d-----w- c:\program files\Common Files\Cisco Systems 2010-02-11 14:00 . 2010-02-11 14:01 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP 2010-02-09 22:32 . 2010-02-09 22:38 -------- d-----w- C:\FontStock . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-12 15:46 . 2007-05-03 03:35 -------- d-----w- c:\program files\Bible 2010-02-11 22:23 . 2009-03-01 18:16 -------- d-----w- c:\program files\TuneUp Utilities 2009 2010-02-11 14:22 . 2006-07-20 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-02-11 14:00 . 2006-07-20 01:54 -------- d-----w- c:\program files\McAfee 2010-02-09 22:45 . 2006-07-19 22:18 54968 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-18 15:49 . 2007-06-29 08:15 -------- d-----w- c:\documents and settings\user\Application Data\U3 2009-12-30 14:57 . 2009-12-30 14:57 53248 ----a-w- c:\documents and settings\user\Application Data\EuroTalk\TalkBusiness\Externals\revwin32.dll 2009-12-30 14:57 . 2009-12-30 14:57 245760 ----a-w- c:\documents and settings\user\Application Data\EuroTalk\TalkBusiness\Externals\revzip.dll 2009-12-30 14:57 . 2009-12-30 14:57 4709751 ----a-w- c:\documents and settings\user\Application Data\EuroTalk\TalkBusiness\TalkBusiness.exe 2009-12-30 14:57 . 2009-12-30 14:57 -------- d-----w- c:\documents and settings\user\Application Data\EuroTalk 2008-09-29 10:07 . 2010-02-11 14:01 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 835676] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 872448] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-03 880640] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-20 167936] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 108400] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 210240] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] c:\documents and settings\Guest\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864] c:\documents and settings\user\.java\Start Menu\Programs\Startup\ BrOffice.org 3.0.lnk - c:\program files\BrOffice.org 3\program\quickstart.exe [2008-12-15 465920] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk backup=c:\windows\pss\RAMASST.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^svhost.exe] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\svhost.exe backup=c:\windows\pss\svhost.exeCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=c:\documents and settings\user\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^svhost.exe] path=c:\documents and settings\user\Start Menu\Programs\Startup\svhost.exe backup=c:\windows\pss\svhost.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe] CFSServ.exe -NoClient [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] 2006-03-18 15:22 89541 ----a-w- c:\windows\agrsmmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ----a-w- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 08:42 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon] 2006-04-26 00:57 368640 ----a-w- c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 05:41 118784 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2006-03-23 04:13 77824 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2006-03-23 04:17 118784 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2006-03-23 04:17 94208 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] 2005-12-16 09:41 258048 ----a-w- c:\program files\ltmoh\ltmoh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch] 2005-12-06 05:06 1146954 ----a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger] 2005-03-18 00:37 225280 ----a-w- c:\toshiba\IVP\ISM\pinger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-07-20 02:40 167936 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-08-23 12:08 16050688 ----a-w- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2006-05-16 10:04 2879488 ----a-w- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] 2005-04-26 23:13 192512 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-11-10 20:03 110703 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey] 2006-08-02 23:52 434176 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain] 2005-06-01 04:00 282624 ----a-w- c:\windows\system32\TPSMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs] 2006-02-02 19:11 143360 ----a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "ose"=3 (0x3) "gusvc"=3 (0x3) "TODDSrv"=2 (0x2) "TAPPSRV"=2 (0x2) "Swupdtmr"=2 (0x2) "ScsiAccess"=2 (0x2) "EvtEng"=2 (0x2) "DVD-RAM_Service"=2 (0x2) "CFSvcs"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\apache\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\WINDOWS\\system32\\wscntfy.exe"= "c:\\Program Files\\TOSHIBA\\TOSHIBA Disc Creator\\ToDisc.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe"= "c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "c:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"= "c:\\Program Files\\Windows Live Toolbar\\MSNTBUP.EXE"= "c:\\Program Files\\Synaptics\\SynTP\\Toshiba.exe"= "c:\\Program Files\\Movie Maker\\moviemk.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgl.exe"= "c:\\Program Files\\MSN Messenger\\usnsvc.exe"= "c:\\WINDOWS\\system32\\taskmgr.exe"= "c:\\Documents and Settings\\user\\Desktop\\aswclear.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\Program Files\\BrOffice.org 3\\program\\soffice.exe"= "c:\\Program Files\\BrOffice.org 3\\program\\soffice.bin"= "c:\\C\\Settings\\cl.exe"= "c:\\F\\UCK\\FK.exe"= "c:\\Program Files\\BrOffice.org 3\\program\\quickstart.exe"= "c:\\Program Files\\Common Files\\Adobe\\Updater6\\Adobe_Updater.exe"= "c:\\Program Files\\InterVideo\\WinDVD\\WinDVD.exe"= "c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Documents and Settings\\user\\Desktop\\p\\Tools\\setpath.exe"= "c:\\Documents and Settings\\user\\Desktop\\p\\tools\\fsum.exe"= "c:\\Documents and Settings\\user\\Desktop\\p\\Tools\\Kill.exe"= "c:\\Documents and Settings\\user\\Desktop\\p\\Tools\\KProcess.exe"= "c:\\WINDOWS\\system32\\cmd.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1201:TCP"= 1201:TCP:szhkoiyx "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 3:50 PM 98816] S2 ksmda;Update Driver;c:\windows\system32\svchost.exe -k netsvcs [7/18/2006 9:47 PM 14336] S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [1/25/2002 1:30 AM 20480] S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?] S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?] S3 yc893xm;C893 USB Data Modem Driver;c:\windows\system32\drivers\yc893xm.sys [1/30/2008 3:16 PM 36480] S3 yc893xs;C893 GUI Port;c:\windows\system32\drivers\yc893xs.sys [1/30/2008 3:16 PM 55936] --- Other Services/Drivers In Memory --- *NewlyCreated* - ASC3360PR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ksmda [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-01WE-AAX2-5657QCA224112}] 2009-09-28 22:06 167936 --sha-r- c:\dub\WONK\tux.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67XOR2B0-3GMC-89VV-JIJ1-32KL2R3233771}] 2009-06-24 23:38 111616 ----a-w- c:\c\Settings\cl.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67XOR2B0-3GMC-89VV-JIJ1-32KL2R3423321}] 2009-07-09 03:29 109568 ----a-w- c:\f\UCK\FK.exe . Contents of the 'Scheduled Tasks' folder 2010-02-19 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 13:20] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?090b36fae9094eb4b7e3922709eeab91 IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?090b36fae9094eb4b7e3922709eeab91 TCP: {2C19B300-F50B-45F5-B881-3BF9D7480A4B} = 200.155.132.155,200.165.132.148 TCP: {5E9AD548-A0FB-42EE-B14C-CF1C4246950F} = 200.142.58.2,200.142.58.20 TCP: {B0E8A42D-D915-40C6-9F77-D31E68FEF758} = 200.142.58.2,200.142.58.20 . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{C94E154B-1459-4A47-966B-4B843BEFC7DB} - c:\program files\AskSearch\bin\DefaultSearch.dll HKLM-Run-XP-859BAE7A - c:\windows\system32\XP-859BAE7A.EXE Notify-WgaLogon - (no file) MSConfigStartUp-NDSTray - NDSTray.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe MSConfigStartUp-SymantecFilterCheck - c:\windows\system32\svhost.exe MSConfigStartUp-TFncKy - TFncKy.exe ActiveSetup-{63MAD6M8-1MAD-81AD-JIM6-26OP5G6789085} - c:\akon\BYONC\AKON.exe ActiveSetup-{67KLN5J0-4OPM-01WE-AAX2-5657QCA554112} - c:\vidi\UNUK\DRG.exe ActiveSetup-{67KLN5J0-4OPM-33WE-AAX5-24KC2A3453431} - c:\next\FILES\NEXT.exe AddRemove-HijackThis - C:\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-19 17:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ksmda] "ServiceDll"="c:\windows\system32\bmkme.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2500) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~3\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\windows\system32\HPZipm12.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\program files\Synaptics\SynTP\Toshiba.exe c:\windows\system32\rundll32.exe c:\program files\McAfee\Common Framework\McTray.exe c:\program files\BrOffice.org 3\program\soffice.exe c:\program files\BrOffice.org 3\program\soffice.bin . ************************************************************************** . Completion time: 2010-02-19 17:19:55 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-19 20:19 Pre-Run: 1,923,203,072 bytes free Post-Run: 2,479,763,456 bytes free - - End Of File - - 48AAC4E48A8D91646E8E34ED96AF2972 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 19, 2010 *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo: File::c:\documents and settings\user\Start Menu\Programs\Startup\svhost.exe c:\documents and settings\All Users\Start Menu\Programs\Startup\svhost.exe c:\windows\pss\svhost.exe c:\windows\system32\bmkme.dll Registry:: [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^svhost.exe] [-HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^svhost.exe] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1201:TCP"=- Driver:: ksmda *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório criado em C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Swivel 0 Denunciar post Postado Fevereiro 19, 2010 ComboFix 10-02-18.06 - user 02/19/2010 18:12:21.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.183 [GMT -3:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\All Users\Start Menu\Programs\Startup\svhost.exe" "c:\documents and settings\user\Start Menu\Programs\Startup\svhost.exe" "c:\windows\pss\svhost.exe" "c:\windows\system32\bmkme.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR -------\Legacy_KSMDA -------\Service_ksmda ((((((((((((((((((((((((( Files Created from 2010-01-19 to 2010-02-19 ))))))))))))))))))))))))))))))) . 2010-02-19 12:29 . 2010-02-19 12:29 58125480 ----a-w- C:\UsbFix_Upload_Me_TOSHIBA-USER.zip 2010-02-19 11:34 . 2008-04-14 08:42 151552 ----a-w- c:\windows\system32\irftp.exe 2010-02-19 11:34 . 2008-04-14 08:42 8192 ----a-w- c:\windows\system32\wshirda.dll 2010-02-19 11:34 . 2008-04-14 08:41 28160 ----a-w- c:\windows\system32\irmon.dll 2010-02-11 23:04 . 2010-02-11 23:06 -------- d-----w- C:\hijackthis 2010-02-11 14:00 . 2010-02-11 14:00 -------- d-----w- c:\program files\Common Files\Cisco Systems 2010-02-11 14:00 . 2010-02-11 14:01 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP 2010-02-09 22:32 . 2010-02-09 22:38 -------- d-----w- C:\FontStock . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-19 20:36 . 2009-07-31 22:41 -------- d-----w- c:\program files\BrOffice.org 3 2010-02-19 20:27 . 2006-07-20 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-02-19 20:27 . 2006-07-20 01:54 -------- d-----w- c:\program files\McAfee 2010-02-19 20:25 . 2006-07-19 22:54 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-12 15:46 . 2007-05-03 03:35 -------- d-----w- c:\program files\Bible 2010-02-11 22:23 . 2009-03-01 18:16 -------- d-----w- c:\program files\TuneUp Utilities 2009 2010-02-09 22:45 . 2006-07-19 22:18 54968 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-18 15:49 . 2007-06-29 08:15 -------- d-----w- c:\documents and settings\user\Application Data\U3 2009-12-30 14:57 . 2009-12-30 14:57 53248 ----a-w- c:\documents and settings\user\Application Data\EuroTalk\TalkBusiness\Externals\revwin32.dll 2009-12-30 14:57 . 2009-12-30 14:57 245760 ----a-w- c:\documents and settings\user\Application Data\EuroTalk\TalkBusiness\Externals\revzip.dll 2009-12-30 14:57 . 2009-12-30 14:57 4709751 ----a-w- c:\documents and settings\user\Application Data\EuroTalk\TalkBusiness\TalkBusiness.exe 2009-12-30 14:57 . 2009-12-30 14:57 -------- d-----w- c:\documents and settings\user\Application Data\EuroTalk 2008-09-29 10:07 . 2010-02-11 14:01 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 835676] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 872448] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-03 880640] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-20 167936] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 108400] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] c:\documents and settings\Guest\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk backup=c:\windows\pss\RAMASST.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=c:\documents and settings\user\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe] CFSServ.exe -NoClient [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] 2006-03-18 15:22 89541 ----a-w- c:\windows\agrsmmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ----a-w- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 08:42 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon] 2006-04-26 00:57 368640 ----a-w- c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 05:41 118784 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2006-03-23 04:13 77824 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2006-03-23 04:17 118784 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2006-03-23 04:17 94208 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] 2005-12-16 09:41 258048 ----a-w- c:\program files\ltmoh\ltmoh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch] 2005-12-06 05:06 1146954 ----a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger] 2005-03-18 00:37 225280 ----a-w- c:\toshiba\IVP\ISM\pinger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-07-20 02:40 167936 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-08-23 12:08 16050688 ----a-w- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2006-05-16 10:04 2879488 ----a-w- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] 2005-04-26 23:13 192512 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-11-10 20:03 110703 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey] 2006-08-02 23:52 434176 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain] 2005-06-01 04:00 282624 ----a-w- c:\windows\system32\TPSMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs] 2006-02-02 19:11 143360 ----a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "ose"=3 (0x3) "gusvc"=3 (0x3) "TODDSrv"=2 (0x2) "TAPPSRV"=2 (0x2) "Swupdtmr"=2 (0x2) "ScsiAccess"=2 (0x2) "EvtEng"=2 (0x2) "DVD-RAM_Service"=2 (0x2) "CFSvcs"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\apache\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\WINDOWS\\system32\\wscntfy.exe"= "c:\\Program Files\\TOSHIBA\\TOSHIBA Disc Creator\\ToDisc.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe"= "c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "c:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"= "c:\\Program Files\\Windows Live Toolbar\\MSNTBUP.EXE"= "c:\\Program Files\\Synaptics\\SynTP\\Toshiba.exe"= "c:\\Program Files\\Movie Maker\\moviemk.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgl.exe"= "c:\\Program Files\\MSN Messenger\\usnsvc.exe"= "c:\\WINDOWS\\system32\\taskmgr.exe"= "c:\\Documents and Settings\\user\\Desktop\\aswclear.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\C\\Settings\\cl.exe"= "c:\\F\\UCK\\FK.exe"= "c:\\Program Files\\Common Files\\Adobe\\Updater6\\Adobe_Updater.exe"= "c:\\Program Files\\InterVideo\\WinDVD\\WinDVD.exe"= "c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Documents and Settings\\user\\Desktop\\p\\Tools\\setpath.exe"= "c:\\Documents and Settings\\user\\Desktop\\p\\tools\\fsum.exe"= "c:\\Documents and Settings\\user\\Desktop\\p\\Tools\\Kill.exe"= "c:\\Documents and Settings\\user\\Desktop\\p\\Tools\\KProcess.exe"= "c:\\WINDOWS\\system32\\cmd.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 3:50 PM 98816] R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\nnknqn.sys --> c:\windows\system32\drivers\nnknqn.sys [?] S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [1/25/2002 1:30 AM 20480] S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?] S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?] S3 yc893xm;C893 USB Data Modem Driver;c:\windows\system32\drivers\yc893xm.sys [1/30/2008 3:16 PM 36480] S3 yc893xs;C893 GUI Port;c:\windows\system32\drivers\yc893xs.sys [1/30/2008 3:16 PM 55936] --- Other Services/Drivers In Memory --- *NewlyCreated* - ASC3360PR [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-01WE-AAX2-5657QCA224112}] 2009-09-28 22:06 167936 --sha-r- c:\dub\WONK\tux.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67XOR2B0-3GMC-89VV-JIJ1-32KL2R3233771}] 2009-06-24 23:38 111616 ----a-w- c:\c\Settings\cl.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67XOR2B0-3GMC-89VV-JIJ1-32KL2R3423321}] 2009-07-09 03:29 109568 ----a-w- c:\f\UCK\FK.exe . Contents of the 'Scheduled Tasks' folder 2010-02-19 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 13:20] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?090b36fae9094eb4b7e3922709eeab91 IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?090b36fae9094eb4b7e3922709eeab91 TCP: {2C19B300-F50B-45F5-B881-3BF9D7480A4B} = 200.155.132.155,200.165.132.148 TCP: {5E9AD548-A0FB-42EE-B14C-CF1C4246950F} = 200.142.58.2,200.142.58.20 TCP: {B0E8A42D-D915-40C6-9F77-D31E68FEF758} = 200.142.58.2,200.142.58.20 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-19 18:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2320) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~3\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\windows\system32\HPZipm12.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\program files\Synaptics\SynTP\Toshiba.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2010-02-19 18:27:18 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-19 21:27 ComboFix2.txt 2010-02-19 20:19 Pre-Run: 3,004,977,152 bytes free Post-Run: 2,926,481,408 bytes free - - End Of File - - 14296B1F9A40519B77A3A33AE6D6246D Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 19, 2010 *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo: File::c:\windows\system32\drivers\nnknqn.sys c:\c\Settings\cl.exe c:\dub\WONK\tux.exe c:\f\UCK\FK.exe Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-01WE-AAX2-5657QCA224112}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67XOR2B0-3GMC-89VV-JIJ1-32KL2R3233771}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67XOR2B0-3GMC-89VV-JIJ1-32KL2R3423321}] Driver:: asc3360pr *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório criado em C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Swivel 0 Denunciar post Postado Fevereiro 19, 2010 ComboFix 10-02-18.06 - user 02/19/2010 19:13:14.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.205 [GMT -3:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\c\Settings\cl.exe" "c:\dub\WONK\tux.exe" "c:\f\UCK\FK.exe" "c:\windows\system32\drivers\nnknqn.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\c\Settings\cl.exe c:\dub\WONK\tux.exe c:\f\UCK\FK.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR -------\Service_asc3360pr ((((((((((((((((((((((((( Files Created from 2010-01-19 to 2010-02-19 ))))))))))))))))))))))))))))))) . 2010-02-19 12:29 . 2010-02-19 12:29 58125480 ----a-w- C:\UsbFix_Upload_Me_TOSHIBA-USER.zip 2010-02-19 11:34 . 2008-04-14 08:42 151552 ----a-w- c:\windows\system32\irftp.exe 2010-02-19 11:34 . 2008-04-14 08:42 8192 ----a-w- c:\windows\system32\wshirda.dll 2010-02-19 11:34 . 2008-04-14 08:41 28160 ----a-w- c:\windows\system32\irmon.dll 2010-02-11 23:04 . 2010-02-11 23:06 -------- d-----w- C:\hijackthis 2010-02-11 14:00 . 2010-02-11 14:00 -------- d-----w- c:\program files\Common Files\Cisco Systems 2010-02-11 14:00 . 2010-02-11 14:01 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP 2010-02-09 22:32 . 2010-02-09 22:38 -------- d-----w- C:\FontStock . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-19 20:36 . 2009-07-31 22:41 -------- d-----w- c:\program files\BrOffice.org 3 2010-02-19 20:27 . 2006-07-20 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-02-19 20:27 . 2006-07-20 01:54 -------- d-----w- c:\program files\McAfee 2010-02-19 20:25 . 2006-07-19 22:54 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-12 15:46 . 2007-05-03 03:35 -------- d-----w- c:\program files\Bible 2010-02-11 22:23 . 2009-03-01 18:16 -------- d-----w- c:\program files\TuneUp Utilities 2009 2010-02-09 22:45 . 2006-07-19 22:18 54968 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-18 15:49 . 2007-06-29 08:15 -------- d-----w- c:\documents and settings\user\Application Data\U3 2009-12-30 14:57 . 2009-12-30 14:57 53248 ----a-w- c:\documents and settings\user\Application Data\EuroTalk\TalkBusiness\Externals\revwin32.dll 2009-12-30 14:57 . 2009-12-30 14:57 245760 ----a-w- c:\documents and settings\user\Application Data\EuroTalk\TalkBusiness\Externals\revzip.dll 2009-12-30 14:57 . 2009-12-30 14:57 4709751 ----a-w- c:\documents and settings\user\Application Data\EuroTalk\TalkBusiness\TalkBusiness.exe 2009-12-30 14:57 . 2009-12-30 14:57 -------- d-----w- c:\documents and settings\user\Application Data\EuroTalk 2008-09-29 10:07 . 2010-02-11 14:01 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 835676] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 872448] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-03 880640] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-20 167936] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 108400] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] c:\documents and settings\Guest\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk backup=c:\windows\pss\RAMASST.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=c:\documents and settings\user\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe] CFSServ.exe -NoClient [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] 2006-03-18 15:22 89541 ----a-w- c:\windows\agrsmmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ----a-w- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 08:42 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon] 2006-04-26 00:57 368640 ----a-w- c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 05:41 118784 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2006-03-23 04:13 77824 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2006-03-23 04:17 118784 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2006-03-23 04:17 94208 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] 2005-12-16 09:41 258048 ----a-w- c:\program files\ltmoh\ltmoh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch] 2005-12-06 05:06 1146954 ----a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger] 2005-03-18 00:37 225280 ----a-w- c:\toshiba\IVP\ISM\pinger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-07-20 02:40 167936 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-08-23 12:08 16050688 ----a-w- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2006-05-16 10:04 2879488 ----a-w- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] 2005-04-26 23:13 192512 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-11-10 20:03 110703 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey] 2006-08-02 23:52 434176 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain] 2005-06-01 04:00 282624 ----a-w- c:\windows\system32\TPSMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs] 2006-02-02 19:11 143360 ----a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "ose"=3 (0x3) "gusvc"=3 (0x3) "TODDSrv"=2 (0x2) "TAPPSRV"=2 (0x2) "Swupdtmr"=2 (0x2) "ScsiAccess"=2 (0x2) "EvtEng"=2 (0x2) "DVD-RAM_Service"=2 (0x2) "CFSvcs"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\apache\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\WINDOWS\\system32\\wscntfy.exe"= "c:\\Program Files\\TOSHIBA\\TOSHIBA Disc Creator\\ToDisc.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe"= "c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "c:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"= "c:\\Program Files\\Windows Live Toolbar\\MSNTBUP.EXE"= "c:\\Program Files\\Synaptics\\SynTP\\Toshiba.exe"= "c:\\Program Files\\Movie Maker\\moviemk.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgl.exe"= "c:\\Program Files\\MSN Messenger\\usnsvc.exe"= "c:\\WINDOWS\\system32\\taskmgr.exe"= "c:\\Documents and Settings\\user\\Desktop\\aswclear.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\Program Files\\Common Files\\Adobe\\Updater6\\Adobe_Updater.exe"= "c:\\Program Files\\InterVideo\\WinDVD\\WinDVD.exe"= "c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Documents and Settings\\user\\Desktop\\p\\Tools\\setpath.exe"= "c:\\Documents and Settings\\user\\Desktop\\p\\tools\\fsum.exe"= "c:\\Documents and Settings\\user\\Desktop\\p\\Tools\\Kill.exe"= "c:\\Documents and Settings\\user\\Desktop\\p\\Tools\\KProcess.exe"= "c:\\WINDOWS\\system32\\cmd.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 3:50 PM 98816] S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [1/25/2002 1:30 AM 20480] S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?] S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?] S3 yc893xm;C893 USB Data Modem Driver;c:\windows\system32\drivers\yc893xm.sys [1/30/2008 3:16 PM 36480] S3 yc893xs;C893 GUI Port;c:\windows\system32\drivers\yc893xs.sys [1/30/2008 3:16 PM 55936] --- Other Services/Drivers In Memory --- *NewlyCreated* - ASC3360PR . Contents of the 'Scheduled Tasks' folder 2010-02-19 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 13:20] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?090b36fae9094eb4b7e3922709eeab91 IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?090b36fae9094eb4b7e3922709eeab91 TCP: {2C19B300-F50B-45F5-B881-3BF9D7480A4B} = 200.155.132.155,200.165.132.148 TCP: {5E9AD548-A0FB-42EE-B14C-CF1C4246950F} = 200.142.58.2,200.142.58.20 TCP: {B0E8A42D-D915-40C6-9F77-D31E68FEF758} = 200.142.58.2,200.142.58.20 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-19 19:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2668) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~3\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\windows\system32\HPZipm12.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\program files\Synaptics\SynTP\Toshiba.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2010-02-19 19:28:15 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-19 22:28 ComboFix2.txt 2010-02-19 21:27 ComboFix3.txt 2010-02-19 20:19 Pre-Run: 2,922,090,496 bytes free Post-Run: 2,828,488,704 bytes free - - End Of File - - 8B38C069CDB07EAFCEA8E47652842712 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 19, 2010 1. *Clique em [iniciar] > [Executar] > digite: Combofix /uninstall *Clique [OK] *Clique em [Executar] *Aguarde até surgir a mensagem: "ComboFix está desinstalado" *Clique [OK] 2. *Baixe o MalwareBytes Anti-malware e salve-o no desktop: *Instale o programa *Se alguma atualização existir,o download será automático. Aguarde... *O programa será aberto automaticamente. *Na aba [Verificação], selecione a opção [Verificação completa] *Clique em [Verificar] e selecione as unidades a serem examinadas *Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados] *Selecione todos os resultados e clique em [Remover Selecionados] *Um relatório (mbam-log-ano-mês-data.txt) será apresentado. *Cole-o na sua próxima resposta Compartilhar este post Link para o post Compartilhar em outros sites
Swivel 0 Denunciar post Postado Fevereiro 19, 2010 Malwarebytes' Anti-Malware 1.44 Versão do banco de dados: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 2/19/2010 8:40:49 PM mbam-log-2010-02-19 (20-40-49).txt Tipo de Verificação: Completa (C:\|) Objetos verificados: 226675 Tempo decorrido: 53 minute(s), 14 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 4 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 1 Arquivos infectados: 15 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{63mad6m8-1mad-81ad-jim6-26op5g6789085} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j0-4opm-01we-aax2-5657qca554112} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{67xor2b0-3gmc-89vv-jij1-32kl2r3423321} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j0-4opm-33we-aax5-24kc2a3453431} (Worm.AutoRun) -> Quarantined and deleted successfully. Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: C:\F\UCK (Backdoor.Bot) -> Quarantined and deleted successfully. Arquivos infectados: C:\Documents and Settings\user\Desktop\p\Quarantine\C\WINDOWS\system32\nmdfgds0.dll.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\user\My Documents\My Pictures\Formandos2009\MakeTheWebBetter.exe (Adware.MakeTheWebBetter) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP45\A0041382.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP49\A0045799.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP49\A0046201.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP49\A0046283.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP53\A0047338.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP53\A0047408.exe (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP53\A0047409.exe (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP53\A0047521.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP53\A0047570.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP53\A0047638.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP53\A0047667.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\F\UCK\dEsKtOp.InI (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system\msn.exe (Trojan.Banker) -> Quarantined and deleted successfully. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Fevereiro 20, 2010 *Acesse o site ConfickerWorkingGroup *Interprete e informe. *Informe também como está a máquina e se consegue instalar o antivírus. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Março 20, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
