Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Edvan

[Resolvido] &nbspApareceu outra maquina infectada

Recommended Posts

Estou baixando o Malwarebytes para executar nessa maquina.

 

Logo abaixo outros logs..

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2012-06-01 - 15:02

-------------------------------------------------------

Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1

=======================================================

 

Arquivo infectado detectado: C:\DOCUME~1\f003654\CONFIG~1\Temp\6.tmp

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Dados de aplicativos\cno.txt

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Dados de aplicativos\la.txt

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Dados de aplicativos\li.txt

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Dados de aplicativos\ls.txt

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Dados de aplicativos\wina.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Dados de aplicativos\wini.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Dados de aplicativos\wins.exe

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:09:54, on 01/06/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dklog.exe

C:\WINDOWS\system32\dkvcm.exe

C:\Fortes\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Fortes\RemProt\remprots.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dkcktkn.exe

C:\Fortes\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe

C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe

O4 - HKLM\..\Run: [AxMonitor] C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

O4 - HKLM\..\Run: [DkAutoReg] C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: DkWLNP - DkWLNP.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. - C:\WINDOWS\system32\dklog.exe

O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. - C:\WINDOWS\system32\dkcktkn.exe

O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: Firebird Guardian - Fortes_FB2_1 (FirebirdGuardianFortes_FB2_1) - Firebird Project - C:\Fortes\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - Fortes_FB2_1 (FirebirdServerFortes_FB2_1) - Firebird Project - C:\Fortes\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: RemProtNTService - Fortes Informática Ltda - C:\Fortes\RemProt\remprots.exe

 

--

End of file - 8916 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpa, nao pude mais editar, então estou postando aqui mais um log. :thumbsup:

 

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

 

Versão da Base de Dados: v2012.06.01.05

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

f003654 :: FUN0003 [limitado]

 

01/06/2012 15:17:59

mbam-log-2012-06-01 (15-17-59).txt

 

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 512586

Tempo decorrido: 1 hora(s), 35 minuto(s), 13 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 6

c:\documents and settings\all users\dados de aplicativos\winpro.exe (Trojan.Dropper.PGen) -> Enviado para a Quarentena e deletado com sucesso.

C:\Documents and Settings\f003269\Desktop\SoftonicDownloader_para_dvdfab.exe (PUP.BundleOffer.Downloader.S) -> Enviado para a Quarentena e deletado com sucesso.

C:\Documents and Settings\f003654\Configurações locais\Temp\ICReinstall_PDFCreatorSetup[1].exe (Adware.Agent) -> Enviado para a Quarentena e deletado com sucesso.

c:\linhadefensiva\qua\arquivos\dados de aplicativos\wina.exe.vir (Malware.Packer.Gen) -> Enviado para a Quarentena e deletado com sucesso.

c:\linhadefensiva\qua\arquivos\dados de aplicativos\wini.exe.vir (Spyware.Banker) -> Enviado para a Quarentena e deletado com sucesso.

c:\linhadefensiva\qua\arquivos\dados de aplicativos\wins.exe.vir (Spyware.Banker) -> Enviado para a Quarentena e deletado com sucesso.

 

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Edvan

 

 

1.

*Baixe o createsrp (...de Ramesh Srinivasan) e salve-o no desktop (Área de Trabalho)

 

*Execute-o e clique [OK]

 

 

2.

*Desative temporariamente seu antivírus

 

*Baixe o ComboFix (...de sUBs) e salve-o no desktop (Área de Trabalho)

 

*Execute-o e aceite o contrato.

 

*Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Usuários do Windows XP: Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação. Após a instalação do Console, clique [sim] e aguarde a conclusão das etapas

 

etapas.jpg

 

1) Não use o mouse nem o teclado durante as etapas!!

2) Para interromper o scan, tecle N

 

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia amigo.

 

Ao tentar baixar o createsrp apareceu a mensagem abaixo:

 

WikiFortio

File sharing serviceFile with ID '696317' doesn't exist or has expired and is no longer available

 

Pode rodar o combofix ou tem que seguir a ordem do que você postou?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia amigo.

 

Ao tentar baixar o createsrp apareceu a mensagem abaixo:

 

 

 

Pode rodar o combofix ou tem que seguir a ordem do que você postou?

Bom dia...

 

O link foi corrigido.

 

Eu gosto de criar um ponto de restauração antes.... :thumbsup:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ponto criado..

 

Log abaixo:

 

ComboFix 12-06-03.05 - f003654 04/06/2012 12:30:21.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.767.414 [GMT -3:00]

Executando de: c:\documents and settings\f003654\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 208 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\IsUn0416.exe

c:\windows\system\chron32.dll

c:\windows\system\libeay32.dll

c:\windows\system\ssleay32.dll

c:\windows\system32\dllcache\dlimport.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-05-04 to 2012-06-04 ))))))))))))))))))))))))))))

.

.

2012-06-01 18:15 . 2012-06-01 18:15 -------- d-----w- c:\documents and settings\f003654\Dados de aplicativos\Malwarebytes

2012-06-01 18:14 . 2012-06-01 18:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2012-06-01 18:14 . 2012-06-01 18:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2012-06-01 18:14 . 2012-04-04 18:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-01 18:08 . 2012-06-01 18:08 388608 ----a-w- C:\HiJackThis.exe

2012-06-01 18:02 . 2012-06-01 18:03 -------- d-----w- C:\LinhaDefensiva

2012-05-08 10:49 . 2012-05-08 10:50 -------- d-----w- c:\documents and settings\f002951

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-04 15:30 . 2012-03-12 19:53 28880 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys

2012-04-05 12:34 . 2012-03-12 19:52 46408 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2012-03-15 11:09 . 2011-07-01 19:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-07 00:15 . 2011-05-18 13:03 41184 ----a-w- c:\windows\avastSS.scr

2012-03-07 00:15 . 2011-05-18 12:56 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-07 00:03 . 2011-05-18 13:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-07 00:03 . 2011-05-18 12:56 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-07 00:02 . 2011-05-18 12:56 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-07 00:01 . 2011-05-18 12:56 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-07 00:01 . 2011-05-18 12:56 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-03-07 00:01 . 2011-05-18 12:56 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-03-07 00:01 . 2011-05-18 12:56 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-06 23:58 . 2011-05-18 12:56 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-07 00:15 123536 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"DkStartup"="c:\arquivos de programas\SafeNet\BSecClient\dkstartup.exe" [2008-07-29 49152]

"AxMonitor"="c:\arquivos de programas\SafeNet\BSecClient\axmonitor.exe" [2008-07-29 450560]

"DkAutoReg"="c:\arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe" [2008-07-29 253952]

"avast"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Acrobat Assistant.lnk - c:\arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-4-7 217190]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2012-05-09 12:01 1313864 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DkWLNP]

2008-07-29 10:01 61440 ----a-w- c:\windows\system32\DkWLNP.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Fortes\\RemProt\\remprots.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [12/03/2012 16:52 46408]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18/05/2011 10:03 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18/05/2011 09:56 337880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18/05/2011 09:56 20696]

R2 DkVcm;SafeNet Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [29/07/2008 07:01 122880]

R2 FirebirdGuardianFortes_FB2_1;Firebird Guardian - Fortes_FB2_1;c:\fortes\Firebird\Firebird_2_1\bin\fbguard.exe -s Fortes_FB2_1 --> c:\fortes\Firebird\Firebird_2_1\bin\fbguard.exe -s Fortes_FB2_1 [?]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [12/03/2012 16:52 214088]

R2 RemProtNTService;RemProtNTService;c:\fortes\RemProt\remprots.exe [15/04/2011 08:17 616448]

R3 FirebirdServerFortes_FB2_1;Firebird Server - Fortes_FB2_1;c:\fortes\Firebird\Firebird_2_1\bin\fbserver.exe -s Fortes_FB2_1 --> c:\fortes\Firebird\Firebird_2_1\bin\fbserver.exe -s Fortes_FB2_1 [?]

R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [18/03/2011 15:43 12240]

R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [18/03/2011 15:43 18704]

R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [12/03/2012 16:53 28880]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [24/08/2010 15:06 135664]

S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [24/08/2010 15:06 135664]

S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [12/03/2012 16:53 28880]

S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [18/03/2011 15:43 22096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-08-24 18:06]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-08-24 18:06]

.

2012-06-04 c:\windows\Tasks\User_Feed_Synchronization-{512CAFD7-828F-456F-A754-CFF6F3C345F3}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

2012-06-04 c:\windows\Tasks\User_Feed_Synchronization-{94810168-BB5B-4AB0-8C58-68F33B49B71B}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

2012-06-04 c:\windows\Tasks\User_Feed_Synchronization-{FEFF8D19-65CD-4838-9307-AE42D11262C9}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 10.4.65.16

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\f003654\Dados de aplicativos\Mozilla\Firefox\Profiles\xc9hfnuw.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: avast! WebRep: wrc@avast.com - c:\arquivos de programas\Alwil Software\Avast5\WebRep\FF

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORFÃOS REMOVIDOS - - - -

.

HKLM-Run-nwiz - nwiz.exe

MSConfigStartUp-swg - c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

AddRemove-TWAIN - c:\windows\IsUn0416.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-04 12:48

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

.

c:\windows\TEMP\_avast_\unp130431930.tmp 569344 bytes executable

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 1

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(964)

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\DkWLNP.dll

.

Tempo para conclusão: 2012-06-04 12:52:23

ComboFix-quarantined-files.txt 2012-06-04 15:52

.

Pré-execução: 11 pasta(s) 25.649.131.520 bytes disponíveis

Pós execução: 15 pasta(s) 28.746.264.576 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - B6380579ABA1A489D928322902FDD397

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Conhece o conteúdo desta pasta?

 

c:\documents and settings\f002951

 

 

2.

*Baixe o MBRCheck (...de ad13) e salve-o no desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

aabyvoQV.jpg

 

*Tecle N > [ENTER]

 

*Ao término tecle [ENTER]

 

*Cole o relatório MBRCheck_data_hora.txt criado no desktop

Compartilhar este post


Link para o post
Compartilhar em outros sites
.

*Conhece o conteúdo desta pasta?

 

c:\documents and settings\f002951

 

Sim, conheço, cada usuário que loga na maquina com sua senha cria uma pasta de sua matricula.

 

 

 

 

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0084800d

 

Kernel Drivers (total 120):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x80701000 \WINDOWS\system32\hal.dll

0xF7A2F000 \WINDOWS\system32\KDCOM.DLL

0xF793F000 \WINDOWS\system32\BOOTVID.dll

0xF74E0000 ACPI.sys

0xF7A31000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF74CF000 pci.sys

0xF752F000 isapnp.sys

0xF7AF7000 pciide.sys

0xF77AF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7A33000 intelide.sys

0xF753F000 MountMgr.sys

0xF74B0000 ftdisk.sys

0xF7A35000 dmload.sys

0xF748A000 dmio.sys

0xF77B7000 PartMgr.sys

0xF754F000 VolSnap.sys

0xF7472000 atapi.sys

0xF755F000 disk.sys

0xF756F000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF7452000 fltmgr.sys

0xF7440000 sr.sys

0xF7429000 KSecDD.sys

0xF739C000 Ntfs.sys

0xF757F000 gbpkm.sys

0xF736F000 NDIS.sys

0xF7355000 Mup.sys

0xF773F000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xF694A000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xF6936000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF690E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xF784F000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xF68EA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF7857000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF68BF000 \SystemRoot\system32\DRIVERS\e1000325.sys

0xF785F000 \SystemRoot\system32\DRIVERS\fdc.sys

0xF68AB000 \SystemRoot\system32\DRIVERS\parport.sys

0xF774F000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF7867000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF786F000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF775F000 \SystemRoot\system32\DRIVERS\serial.sys

0xF79E3000 \SystemRoot\system32\DRIVERS\serenum.sys

0xF776F000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF777F000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF778F000 \SystemRoot\system32\DRIVERS\redbook.sys

0xF6888000 \SystemRoot\system32\DRIVERS\ks.sys

0xF7B94000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF779F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF79EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF6871000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF75AF000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF75BF000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF7877000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF6860000 \SystemRoot\system32\DRIVERS\psched.sys

0xF75CF000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF787F000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF7887000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF788F000 \SystemRoot\system32\DRIVERS\gbpndisrd.sys

0xF6830000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xF75DF000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF7A4F000 \SystemRoot\system32\DRIVERS\ikeyenum.sys

0xF7A51000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF67AA000 \SystemRoot\system32\DRIVERS\update.sys

0xF7A0F000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF75EF000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF7A23000 \SystemRoot\system32\DRIVERS\ikeyifd.sys

0xF7A27000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS

0xF418D000 \SystemRoot\system32\drivers\ADIHdAud.sys

0xF4169000 \SystemRoot\system32\drivers\portcls.sys

0xF75FF000 \SystemRoot\system32\drivers\drmk.sys

0xF40A9000 \SystemRoot\system32\drivers\AEAudio.sys

0xF4049000 \SystemRoot\system32\drivers\Senfilt.sys

0xF760F000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF7A57000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF789F000 \SystemRoot\system32\DRIVERS\flpydisk.sys

0xF7A59000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7C6E000 \SystemRoot\System32\Drivers\Null.SYS

0xF7A5B000 \SystemRoot\System32\Drivers\Beep.SYS

0xF78AF000 \SystemRoot\System32\drivers\vga.sys

0xF7A5D000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7A5F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF78B7000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF78BF000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF7311000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xF3FF6000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xF3F9D000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xF763F000 \SystemRoot\System32\Drivers\aswTdi.SYS

0xF3F4F000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF3F27000 \SystemRoot\system32\DRIVERS\netbt.sys

0xF764F000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xF78C7000 \SystemRoot\System32\Drivers\aswRdr.SYS

0xF79DB000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xF3F05000 \SystemRoot\System32\drivers\afd.sys

0xF765F000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF3EDA000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xF3E6A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF766F000 \SystemRoot\System32\Drivers\Fips.SYS

0xF3E19000 \SystemRoot\System32\Drivers\aswSP.SYS

0xF3D57000 \SystemRoot\System32\Drivers\aswSnx.SYS

0xF772F000 \SystemRoot\System32\Drivers\Aavmker4.SYS

0xF4139000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xF3D3F000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF7ADF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF6763000 \SystemRoot\System32\drivers\Dxapi.sys

0xF77FF000 \SystemRoot\System32\watchdog.sys

0xBD000000 \SystemRoot\System32\drivers\dxg.sys

0xF7B20000 \SystemRoot\System32\drivers\dxgthk.sys

0xBD012000 \SystemRoot\System32\nv4_disp.dll

0xB87F8000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0xB8780000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB8542000 \SystemRoot\System32\Drivers\aswMon2.SYS

0xB8425000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xF7A93000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xB828D000 \SystemRoot\system32\DRIVERS\srv.sys

0xB7F80000 \SystemRoot\system32\drivers\wdmaud.sys

0xB835D000 \SystemRoot\system32\drivers\sysaudio.sys

0xB785B000 \SystemRoot\System32\Drivers\HTTP.sys

0xB682E000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

 

Processes (total 41):

0 System Idle Process

4 System

880 C:\WINDOWS\system32\smss.exe

940 C:\WINDOWS\system32\csrss.exe

964 C:\WINDOWS\system32\winlogon.exe

1008 C:\WINDOWS\system32\services.exe

1020 C:\WINDOWS\system32\lsass.exe

1200 C:\WINDOWS\system32\nvsvc32.exe

1236 C:\ARQUIV~1\GbPlugin\gbpsv.exe

1272 C:\WINDOWS\system32\svchost.exe

1348 C:\WINDOWS\system32\svchost.exe

1472 C:\WINDOWS\system32\svchost.exe

1580 C:\WINDOWS\system32\svchost.exe

1720 C:\WINDOWS\system32\svchost.exe

1888 C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

1932 C:\WINDOWS\system32\spoolsv.exe

2004 C:\WINDOWS\system32\scardsvr.exe

172 C:\WINDOWS\system32\svchost.exe

336 C:\WINDOWS\system32\dklog.exe

472 C:\WINDOWS\system32\dkvcm.exe

552 C:\Fortes\Firebird\Firebird_2_1\bin\fbguard.exe

844 C:\Arquivos de programas\Java\jre6\bin\jqs.exe

896 C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

1024 C:\Fortes\RemProt\remprots.exe

1568 C:\WINDOWS\system32\svchost.exe

1988 C:\WINDOWS\system32\dkcktkn.exe

2476 C:\Fortes\Firebird\Firebird_2_1\bin\fbserver.exe

2804 C:\WINDOWS\system32\wbem\wmiapsrv.exe

2816 C:\WINDOWS\explorer.exe

3128 C:\WINDOWS\system32\alg.exe

1784 C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

2056 C:\WINDOWS\system32\rundll32.exe

2284 C:\Arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

2456 C:\Arquivos de programas\HP\Digital Imaging\bin\HpqSRmon.exe

2892 C:\Arquivos de programas\Safenet\BSecClient\AXMonitor.exe

3304 C:\Arquivos de programas\Safenet\BSecClient\dkAutoReg.exe

4092 C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe

2920 C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

1648 C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

3076 C:\WINDOWS\system32\ctfmon.exe

3664 C:\Documents and Settings\f003654\Desktop\MBRCheck.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

 

PhysicalDrive0 Model Number: SAMSUNGHD081GJ, Rev: GE100-07

 

Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: 2C6D77F4F50AA9DE10FCE2024558166E9012FC6F

 

 

Done!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia!

 

 

O PC está limpo....:)

 

 

1.

*Renomei o Combofix para Uninstall

 

*Execute-o, aguarde a mensagem ComboFix foi desinstalado e clique [OK]

 

aafTPQGe.jpg

 

*Delete o arquivo C:\Combofix.txt

 

 

2.

*Delete o MBRCheck

 

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Feito, valeu pela ajuda.

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.