[Resolvido] &nbspO windows Explorer não abre a Unidade de Disco (C:)

[Alef Jesus Souza 0]

O meu XP começou a apresentar problemas ao iniciar programas, quando eu clicava nos respectivos atalhos eles não iniciavam, então tentei acessar pelos Arquivos de Programas mas ao tentar no Disco C ele não entrava do modo correto (aparecia aquela janela de escolher um programa para iniciar, como se o "Unidade de Disco C:" fosse um arquivo desconhecido), então passei o Avira (que encontrou e excluiu 1 vírus) e os programas voltaram a sua inicialização normal mas não o Disco C.

Pelo menu de árvore do explorer é possível acessar o disco, mas não pelo atalho, que por sua vez, escolho o programa Explorer.exe da pasta Windows e ele vai, só que não tem a opção de marcá-lo para sempre iniciar com esse programa.

Como vocês podem ver, o que parece é que o Explorer perdeu o vínculo com o gerenciamento de atalhos >eu acho<. Espero ter sido claro.

Também não funciona dando explorar nem abrir pelo botão direito.

Desde já fico grato.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:37:44, on 29/9/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

F:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

F:\Arquivos de programas\Java\jre6\bin\jqs.exe

F:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

F:\WINDOWS\Explorer.EXE

F:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

F:\Arquivos de programas\Analog Devices\SoundMAX\DrvLsnr.exe

F:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

F:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

F:\Arquivos de programas\Ask.com\Updater\Updater.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Arquivos de programas\Messenger\msmsgs.exe

F:\Arquivos de programas\Google\Chrome\Application\chrome.exe

F:\Arquivos de programas\Google\Chrome\Application\chrome.exe

F:\Arquivos de programas\Google\Chrome\Application\chrome.exe

F:\Arquivos de programas\Google\Chrome\Application\chrome.exe

F:\Documents and Settings\Ambulatório\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pedreira.cep/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [smapp] F:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [DrvLsnr] F:\Arquivos de programas\Analog Devices\SoundMAX\DrvLsnr.exe

O4 - HKLM\..\Run: [avgnt] "F:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [EPSON Stylus C67 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"

O4 - HKLM\..\Run: [ApnUpdater] "F:\Arquivos de programas\Ask.com\Updater\Updater.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "F:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [EPSON Stylus C67 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P23 "EPSON Stylus C67 Series" /M "Stylus C67" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - F:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - F:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - F:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 5454 bytes

[wings 22]

Olá Alef Jesus Souza

 

 

1.

*Baixe o AD-Remover e salve-o no desktop

*Execute-o, clique [Clean] > [sim] > [OK] > [sim]. O PC poderá ser reiniciado

*Cole o relatório C:\Ad-Report-CLEAN[1].txt

 

2.

*Baixe o USBFix e salve-o no desktop

*Conecte o pen drive no PC, execute-o e clique [Pesquisa]

*Cole o relatório apresentado

 

3.

*você conhece este link?

http://pedreira.cep/

[Alef Jesus Souza 0]

Olá Alef Jesus Souza

 

 

1.

*Baixe o AD-Remover e salve-o no desktop

*Execute-o, clique [Clean] > [sim] > [OK] > [sim]. O PC poderá ser reiniciado

*Cole o relatório C:\Ad-Report-CLEAN[1].txt

 

2.

*Baixe o USBFix e salve-o no desktop

*Conecte o pen drive no PC, execute-o e clique [Pesquisa]

*Cole o relatório apresentado

 

3.

*você conhece este link?

http://pedreira.cep/

 

 

1. ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

F:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 14:31:05 on 30/09/2011, Normal boot

 

Microsoft Windows XP Professional Service Pack 2 (X86)

Ambulatório@AMB01 ( )

 

============== ACTION(S) ==============

 

 

File deleted: F:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

Folder deleted: F:\Documents and Settings\Ambulatório\Dados de aplicativos\Mozilla\FireFox\Profiles\c3vevsva.default\extensions\toolbar@ask.com

Folder deleted: F:\Arquivos de programas\Ask.com

Folder deleted: F:\Documents and Settings\Ambulatório\Configurações locais\Dados de aplicativos\AskToolbar

 

(!) -- Temporary files deleted.

 

 

-- File opened: F:\Documents and Settings\Ambulatório\Dados de aplicativos\Mozilla\FireFox\Profiles\c3vevsva.default\Prefs.js --

Line deleted: user_pref("extensions.asktb.abar-war-timeout", "4000");

Line deleted: user_pref("extensions.asktb.autofill-competitor-query-enabled", true);

Line deleted: user_pref("extensions.asktb.autofill-text-highlight-enabled", true);

Line deleted: user_pref("extensions.asktb.cbid", "F3");

Line deleted: user_pref("extensions.asktb.config-updated", false);

Line deleted: user_pref("extensions.asktb.crumb", "2010.12.15+10.07.22-toolbar008iad-US-RnJlbW9udCxDQSxVbml0ZWQgU3...

Line deleted: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}...

Line deleted: user_pref("extensions.asktb.displaybehavior", "");

Line deleted: user_pref("extensions.asktb.displaytext", "");

Line deleted: user_pref("extensions.asktb.dtid", "YYYYYYYYUS");

Line deleted: user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);

Line deleted: user_pref("extensions.asktb.fresh-install", false);

Line deleted: user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com...

Line deleted: user_pref("extensions.asktb.l", "dis");

Line deleted: user_pref("extensions.asktb.last-config-req", "1317230901818");

Line deleted: user_pref("extensions.asktb.last-v", "3.12.2.100006");

Line deleted: user_pref("extensions.asktb.locale", "en_US");

Line deleted: user_pref("extensions.asktb.lstation", "");

Line deleted: user_pref("extensions.asktb.o", "101703");

Line deleted: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Line deleted: user_pref("extensions.asktb.pstate", "");

Line deleted: user_pref("extensions.asktb.qsrc", "2871");

Line deleted: user_pref("extensions.asktb.r", "2");

Line deleted: user_pref("extensions.asktb.search-suggestions-enabled", true);

Line deleted: user_pref("extensions.asktb.silent-upgrade", true);

Line deleted: user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);

Line deleted: user_pref("extensions.asktb.socialmini-first", true);

Line deleted: user_pref("extensions.asktb.socialmini-interval", "1200000");

Line deleted: user_pref("extensions.asktb.socialmini-max-char-ticker", "33");

Line deleted: user_pref("extensions.asktb.socialmini-max-items", "30");

Line deleted: user_pref("extensions.asktb.socialmini-native-on", true);

Line deleted: user_pref("extensions.asktb.socialmini-speed", "5000");

Line deleted: user_pref("extensions.asktb.socialmini-transition-first-open", false);

Line deleted: user_pref("extensions.asktb.volume", "");

Line deleted: user_pref("extensions.enabledItems", "{5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0,{CAFEEFAC-0016-0000...

-- File closed --

 

 

Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key deleted: HKLM\Software\AskToolbar

Key deleted: HKCU\Software\Ask.com

Key deleted: HKCU\Software\AskToolbar

Key deleted: HKCU\Software\AppDataLow\AskToolbarInfo

Key deleted: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

 

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== ADDITIONNAL SCAN ==============

 

**** Mozilla Firefox Version [3.6.13 (pt-BR)] ****

 

HKLM_MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf (x)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

Extensions\{B13721C7-F507-4982-B2E5-502A71474FED} (Skype extension for Firefox )

 

-- F:\Documents and Settings\Ambulatório\Dados de aplicativos\Mozilla\FireFox\Profiles\c3vevsva.default --

Extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} (UltraSurf Firefox Tool)

Prefs.js - browser.startup.homepage, pedreira.cep

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

 

========================================

 

**** Internet Explorer Version [6.0.2900.2180] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?)

 

========================================

 

F:\Arquivos de programas\Ad-Remover\Quarantine: 228 File(s)

F:\Arquivos de programas\Ad-Remover\Backup: 13 File(s)

 

F:\Ad-Report-CLEAN[1].txt - 30/09/2011 14:31:21 (7481 Byte(s))

 

End at: 14:32:20, 30/09/2011

 

============== E.O.F ==============

 

2.

 

############################## | UsbFix 7.060 | [Pesquisa]

 

Usuário: Ambulatório (Administrador) # AMB01

Atualizado em 22/09/2011 por El Desaparecido

Começou em 15:05:32 | 30/09/2011

 

Site: http://eldesaparecido.com

Arquivo suspeito ? : http://eldesaparecido.com/support.php

Contato: contact@eldesaparecido.com

 

PC: Hewlett-Packard (HP d325 uT(DS718A)) (X86-based PC) # Desktop Computer

CPU: AMD Athlon XP 2600+ (1913)

RAM -> [ Total : 319 | Free : 66 ]

BIOS: 786A5 v2.09

BOOT: Normal boot

 

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2

WB: Windows Internet Explorer 6.0.2900.2180

 

SC: Security Center Service [ (!) Disabled ]

WU: Windows Update Service [ (!) Disabled ]

FW: Windows FireWall Service [ (!) Disabled ]

 

D:\ -> CD-ROM

F:\ (%systemdrive%) -> Disco fixo # 26 Gb (18 Mb livre - 67%) [Disco Local] # NTFS

 

################## | Processos Ativos |

 

F:\WINDOWS\System32\smss.exe (396)

F:\WINDOWS\system32\winlogon.exe (572)

F:\WINDOWS\system32\services.exe (616)

F:\WINDOWS\system32\lsass.exe (628)

F:\WINDOWS\system32\svchost.exe (788)

F:\WINDOWS\System32\svchost.exe (916)

F:\WINDOWS\system32\spoolsv.exe (1164)

F:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (1224)

F:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (1528)

F:\Arquivos de programas\Java\jre6\bin\jqs.exe (1588)

F:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe (1716)

F:\WINDOWS\Explorer.EXE (2036)

F:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe (244)

F:\Arquivos de programas\Analog Devices\SoundMAX\DrvLsnr.exe (252)

F:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (260)

F:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (112)

F:\WINDOWS\system32\ctfmon.exe (464)

F:\Arquivos de programas\Messenger\msmsgs.exe (476)

F:\Arquivos de programas\Google\Chrome\Application\chrome.exe (2636)

F:\Arquivos de programas\Google\Chrome\Application\chrome.exe (2716)

F:\Arquivos de programas\Google\Chrome\Application\chrome.exe (2800)

F:\Arquivos de programas\Google\Chrome\Application\chrome.exe (2924)

F:\UsbFix\UsbFix.exe (3072)

 

################## | Ficheiros # pastas infeciosos |

 

Presente ! F:\DOCUME~1\AMBULA~1\CONFIG~1\Temp\setup.exe

Presente ! F:\autorun.inf

 

################## | Registro |

 

Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr

 

################## | Mountpoints2 |

 

HKCU\.\.\.\.\Explorer\MountPoints2\{56dfdd0a-1ca2-11e0-bd79-002654152945}

Shell\aUTOpLAY\Command = nsefw.pif

Shell\AutoRun\Command = nsefw.pif

Shell\ExPlore\Command = nsefw.pif

Shell\Open\Command = nsefw.pif

 

HKCU\.\.\.\.\Explorer\MountPoints2\{c932b054-01ef-11e0-8297-806d6172696f}

Shell\aUtOplAY\Command = jxhwow.exe

Shell\AutoRun\Command = jxhwow.exe

Shell\explOre\Command = jxhwow.exe

Shell\OpeN\Command = jxhwow.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{e2dfd02c-66c0-11e0-bdc6-002654152945}

Shell\AutoRun\Command = C:\urDrive.exe

 

 

################## | Listing |

 

[30/09/2011 - 14:32:21 | A | 7785] F:\Ad-Report-CLEAN[1].txt

[30/09/2011 - 14:32:00 | RD ] F:\Arquivos de programas

[09/12/2010 - 07:22:11 | RSH | 276] F:\autorun.inf

[07/12/2010 - 08:07:37 | SH | 210] F:\boot.ini

[02/03/2006 - 09:00:00 | RASH | 4952] F:\Bootfont.bin

[11/08/2011 - 15:11:34 | HD ] F:\CanonMF

[07/12/2010 - 14:21:54 | D ] F:\Documents and Settings

[17/08/2011 - 15:45:05 | D ] F:\driver

[30/09/2011 - 14:34:17 | ASH | 335073280] F:\hiberfil.sys

[17/08/2011 - 15:14:03 | D ] F:\HP LJP2015 PCL5

[08/12/2010 - 16:15:05 | RHD ] F:\MSOCache

[02/03/2006 - 09:00:00 | RASH | 47564] F:\NTDETECT.COM

[02/03/2006 - 09:00:00 | RASH | 251168] F:\ntldr

[30/09/2011 - 14:33:58 | ASH | 503316480] F:\pagefile.sys

[08/12/2010 - 14:41:58 | SHD ] F:\RECYCLER

[09/12/2010 - 08:15:29 | SHD ] F:\System Volume Information

[30/09/2011 - 15:06:19 | D ] F:\UsbFix

[30/09/2011 - 15:08:33 | A | 2420] F:\UsbFix.txt

[13/09/2011 - 14:23:58 | D ] F:\WINDOWS

 

################## | Vaccin |

 

(!) Este computador não é vacinada!

 

################## | E.O.F |

 

e 3. Conheço sim, é um site interno da empresa que eu trabalho.

[wings 22]

1.

*Execute o AD-Remover e clique [uninstall] > [Não] > [Close]

 

2.

*Conecte o pen drive no PC

*Execute o UsbFix e clique [supressão]

*Ao finalizar, desconecte o pen drive e cole o relatório apresentado

 

Informe como está o PC

[Alef Jesus Souza 0]

1.

*Execute o AD-Remover e clique [uninstall] > [Não] > [Close]

 

2.

*Conecte o pen drive no PC

*Execute o UsbFix e clique [supressão]

*Ao finalizar, desconecte o pen drive e cole o relatório apresentado

 

Informe como está o PC

 

 

1.

Desinstalado!

 

2.

 

 

############################## | UsbFix 7.060 | [supressão]

 

Usuário: Ambulatório (Administrador) # AMB01

Atualizado em 22/09/2011 por El Desaparecido

Começou em 14:38:13 | 03/10/2011

 

Site: http://eldesaparecido.com

Arquivo suspeito ? : http://eldesaparecido.com/support.php

Contato: contact@eldesaparecido.com

 

PC: Hewlett-Packard (HP d325 uT(DS718A)) (X86-based PC) # Desktop Computer

CPU: AMD Athlon XP 2600+ (1913)

RAM -> [ Total : 319 | Free : 131 ]

BIOS: 786A5 v2.09

BOOT: Normal boot

 

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2

WB: Windows Internet Explorer 6.0.2900.2180

 

SC: Security Center Service [ (!) Disabled ]

WU: Windows Update Service [ (!) Disabled ]

FW: Windows FireWall Service [ (!) Disabled ]

 

D:\ -> CD-ROM

F:\ (%systemdrive%) -> Disco fixo # 26 Gb (18 Mb livre - 67%) [Disco Local] # NTFS

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! F:\DOCUME~1\AMBULA~1\CONFIG~1\Temp\setup.exe

Supprimido ! F:\Recycler\S-1-5-21-1801674531-1957994488-682003330-1003

Supprimido ! F:\autorun.inf

 

(!) Ficheiros temporários suprimido.

 

################## | Registro |

 

Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr

 

################## | Mountpoints2 |

 

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{56dfdd0a-1ca2-11e0-bd79-002654152945}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{e2dfd02c-66c0-11e0-bdc6-002654152945}

 

################## | Listing |

 

[30/09/2011 - 14:32:21 | N | 7785] F:\Ad-Report-CLEAN[1].txt

[30/09/2011 - 14:32:00 | D ] F:\Arquivos de programas

[07/12/2010 - 08:07:37 | N | 210] F:\boot.ini

[02/03/2006 - 09:00:00 | N | 4952] F:\Bootfont.bin

[11/08/2011 - 15:11:34 | D ] F:\CanonMF

[07/12/2010 - 14:21:54 | D ] F:\Documents and Settings

[17/08/2011 - 15:45:05 | D ] F:\driver

[03/10/2011 - 08:12:51 | ASH | 335073280] F:\hiberfil.sys

[17/08/2011 - 15:14:03 | D ] F:\HP LJP2015 PCL5

[08/12/2010 - 16:15:05 | RHD ] F:\MSOCache

[02/03/2006 - 09:00:00 | N | 47564] F:\NTDETECT.COM

[02/03/2006 - 09:00:00 | N | 251168] F:\ntldr

[03/10/2011 - 08:12:32 | ASH | 503316480] F:\pagefile.sys

[03/10/2011 - 14:39:37 | SHD ] F:\RECYCLER

[09/12/2010 - 08:15:29 | SHD ] F:\System Volume Information

[03/10/2011 - 14:39:37 | D ] F:\UsbFix

[03/10/2011 - 14:41:44 | A | 1301] F:\UsbFix.txt

[13/09/2011 - 14:23:58 | D ] F:\WINDOWS

 

################## | Vaccin |

 

F:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

 

################## | Upload |

 

Favor enviar o arquivo: F:\UsbFix_Upload_Me_AMB01.zip

http://eldesaparecido.com/support.php

Obrigado pela sua contribuição.

 

################## | E.O.F |

 

3.

O computador voltou ao normal, MUITO OBRIGADO!!!

 

(será que você poderia me explicar o por quê da execução desses passos, e o que eles realmente fizeram no sistema?)

 

Muito grato, Alef.

[wings 22]

Contaminação através do pen drive.

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.