Logo Hardware.com.br
kikokiko15
kikokiko15 Membro Junior Registrado
96 Mensagens 0 Curtidas

Virus, olhem o log [Tit. Edit.]

#1 Por kikokiko15 23/07/2009 - 02:20
Olá amigos;

Tô com um virus no pc da minha casa, o anti-virús e os anti-spyware localizam eles mas não conseguem remove-lôs... dá acesso negado !


Detalhe importantíssimo é .: Ele não me deixa conectar na internet, to sem net em casa..eu tenho um log aqui:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:13:04, on 23/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\msa.exe
C:\Arquivos de programas\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Kadu\Desktop\HiJackThis.exe
C:\Arquivos de programas\the_best\mbam.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
O2 - BHO: (no name) - {94BB4372-19B2-4687-83C9-12B8097C202B} - c:\windows\system32\ofjttey.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Arquivos de programas\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - Startup: Mais Comunicador.lnk = C:\Arquivos de programas\GeminiSistemas\Mais Comunicador2\Mais.exe
O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: yewkzoyi - C:\WINDOWS\SYSTEM32\ofjttey.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 3638 bytes




Obrigado a todos.
Felipe_88
Felipe_88 Ubbergeek Registrado
4.1K Mensagens 256 Curtidas
#2 Por Felipe_88
23/07/2009 - 10:17
Olá, kikokiko15!

- Faça o download do ComboFix e salve-o na área de trabalho;

- Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
- Duplo clique no ícone combofix.exe para iniciar o scan;
- Leia o contrato que aparecerá e clique em Sim para continuar;
- Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
- Aguarde enquanto o ComboFix faz o scan;
- Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
- Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
- Se quiser sair ou parar o ComboFix, tecle N;
- Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
- Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.


Fico no aguardo!
carq
carq Geek Registrado
3.3K Mensagens 64 Curtidas
#5 Por carq
24/07/2009 - 14:54
Baixe o Malwarebytes Anti-Malware


Inicie a instalação clicando em "mbam-setup.exe"...
Marque "Atualizar Malwarebytes Anti-Malware" e clique em concluir...
Reinicie o micro e entra em Modo de Segurança...
Execute o programa MalwareBytes Anti-Malware...
Clique na aba: "Verificação", selecione a opção "Verificação completa"....
Clique então em "Verificar"...
Selecione tudo que deseja escanear.....
Clique então em "Verificar"....
Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log...
Se algo for detectado, veja se tudo está marcado e clique em "Remover"....
Se perguntar se você deseja remover objetos da memória, clica em Sim...
O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal...
Copie e cole esse log aqui....
kikokiko15
kikokiko15 Membro Junior Registrado
96 Mensagens 0 Curtidas
#8 Por kikokiko15
25/07/2009 - 15:11
ai...

ComboFix 09-07-23.04 - Kadu 25/07/2009 0:56.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.767.528 [GMT -3:00]
Executando de: c:\documents and settings\Kadu\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\7bbf84.msi
c:\windows\ios.dat
c:\windows\msa.exe
c:\windows\system32\a99k.bin
c:\windows\system32\aimsmx.dll
c:\windows\system32\aosmx.dll
c:\windows\system32\drivers\bqriaare.sys
c:\windows\system32\drivers\gaopdxypexrhov.sys
c:\windows\system32\drivers\hjgruixylnhary.sys
c:\windows\system32\drivers\kjwhuxug.sys
c:\windows\system32\gaopdxyaneulxf.dll
c:\windows\system32\gtalsmx.dll
c:\windows\system32\hjgruidetbcpaw.dll
c:\windows\system32\hjgruilonejykd.dll
c:\windows\system32\hjgruiqbuyxmkm.dat
c:\windows\system32\hjgruiucwyovkt.dat
c:\windows\system32\ofjttey.dll
c:\windows\system32\smtsmxpfx.dll
c:\windows\system32\spmsmtsmxpfx.dll
c:\windows\system32\wxwxfqvb.dll
c:\windows\system32\xxelamj.dll
c:\windows\system32\ymsgsmx.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Service_hjgruitvairxdd
-------\Legacy_KJWHUXUG
-------\Legacy_RBADZA
-------\Legacy_SK9OU0S
-------\Legacy_SROSA
-------\Legacy_TPXSQIPH
-------\Service_kjwhuxug
-------\Service_rbadza
-------\Service_sK9Ou0s
-------\Service_tpxsqiph


(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-25 to 2009-07-25 ))))))))))))))))))))))))))))
.

2009-07-18 19:25 . 2009-07-18 19:25 8704 ----a-w- c:\windows\system32\sporder.dll
2009-07-18 19:07 . 2009-07-18 19:07 -------- d-----w- c:\documents and settings\Kadu\Dados de aplicativos\mfjivlxu
2009-07-18 19:02 . 2009-07-18 19:02 -------- d-----w- c:\documents and settings\NetworkService\Dados de aplicativos\mfjivlxu
2009-07-04 22:11 . 2005-10-25 15:56 61440 ----a-w- c:\windows\VM303_STI.EXE
2009-07-04 22:11 . 2005-05-18 13:55 32768 ----a-w- c:\windows\VMZoom.exe
2009-07-04 22:11 . 2005-05-18 13:54 24576 ----a-w- c:\windows\VMPipe.dll
2009-07-04 22:11 . 2005-05-02 19:45 53248 ----a-w- c:\windows\Sti303.exe
2009-07-04 22:11 . 2005-04-30 21:46 81920 ----a-w- c:\windows\system32\VM303STI.dll
2009-07-04 22:11 . 2005-04-30 21:46 102400 ----a-w- c:\windows\VM303Cap.exe
2009-07-04 22:11 . 2009-07-04 22:11 -------- d-----w- c:\windows\CatRoot
2009-07-04 22:11 . 2005-10-27 17:34 390849 ----a-w- c:\windows\system32\drivers\usbVM303.sys
2009-07-04 22:11 . 2009-07-04 22:11 -------- d-----w- c:\windows\EffectResources
2009-07-04 22:11 . 2009-07-04 22:11 -------- d-----w- c:\arquivos de programas\Vimicro
2009-06-27 19:39 . 2009-07-18 23:50 -------- d-----w- c:\arquivos de programas\IFCam
2009-06-27 19:35 . 2005-05-03 18:51 176128 ----a-w- c:\windows\amcap.exe
2009-06-27 19:24 . 2008-12-04 04:25 120832 ----a-w- c:\documents and settings\Kadu\Dados de aplicativos\Mozilla\Firefox\Profiles\4owx9pe1.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-27 19:08 . 2009-06-27 19:08 -------- d-----w- C:\cabs

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 04:33 . 2009-01-16 19:18 427530272 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-25 04:29 . 2009-01-13 20:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon
2009-07-25 04:28 . 2009-01-16 19:18 5010428 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-24 05:05 . 2009-01-16 14:51 -------- d-----w- c:\arquivos de programas\FindyKill
2009-07-24 04:10 . 2009-01-16 13:41 -------- d-----w- c:\arquivos de programas\UsbFix
2009-07-20 17:53 . 2001-10-28 18:07 48846 ----a-w- c:\windows\system32\perfc016.dat
2009-07-20 17:53 . 2001-10-28 18:07 344734 ----a-w- c:\windows\system32\perfh016.dat
2009-07-19 01:33 . 2009-05-25 01:29 -------- d-----w- c:\arquivos de programas\Megacubo
2009-07-07 06:09 . 2008-11-13 18:15 -------- d-----w- c:\arquivos de programas\Teamviwer
2009-07-04 22:11 . 2008-10-20 22:07 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-06-13 22:42 . 2009-06-13 22:42 15256 ----a-w- c:\documents and settings\Kadu\Dados de aplicativos\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
2009-05-30 17:50 . 2009-05-30 17:50 -------- d-----w- c:\arquivos de programas\7-Zip
2009-05-28 04:12 . 2009-01-17 16:59 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-01-15 23:02 . 2009-01-15 23:13 1848024 -c--a-w- c:\arquivos de programas\TeamViewer_Setup.exe
2009-06-13 19:37 . 2008-10-20 23:17 134648 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[-] 2004-08-31 09:39 359040 7B11118B078B88F87183FE69EDA43137 c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OpwareSE2"="c:\arquivos de programas\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Babylon Client"="c:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe" [2009-01-13 3166432]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-01-14 136600]
"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

c:\documents and settings\Kadu\Menu Iniciar\Programas\Inicializar\
Mais Comunicador.lnk - c:\arquivos de programas\GeminiSistemas\Mais Comunicador2\Mais.exe [2009-5-8 7324672]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Arquivos de programas\\IFCam\\IFRun.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11440:TCP"= 11440:TCP:@xpsp2res.dll,-22009
"31924:TCP"= 31924:TCP:@xpsp2res.dll,-22009
"48717:TCP"= 48717:TCP:@xpsp2res.dll,-22009
"955:TCP"= 955:TCP:@xpsp2res.dll,-22009
"8889:TCP"= 8889:TCP:@xpsp2res.dll,-22009
"51896:TCP"= 51896:TCP:@xpsp2res.dll,-22009
"64432:TCP"= 64432:TCP:@xpsp2res.dll,-22009
"26191:TCP"= 26191:TCP:@xpsp2res.dll,-22009

R1 is-72R36drv;is-72R36drv;c:\windows\system32\drivers\39894342.sys [14/1/2009 20:59 148496]
R1 is-FBJ23drv;is-FBJ23drv;c:\windows\system32\drivers\18383011.sys [14/1/2009 21:00 148496]
S2 mmgkql;mmgkql;c:\windows\system32\drivers\kdljazjy.sys --> c:\windows\system32\drivers\kdljazjy.sys [?]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - KJWHUXUG
*Deregistered* - kjwhuxug
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{05157CAA-6C56-49B5-A8CE-B177F489BE28} - c:\windows\system32\wxwxfqvb.dll
SafeBoot-rbadza.sys
SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr


.
------- Scan Suplementar -------
.
uStart Page = about:blank
IE: Translate with &Babylon - c:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Kadu\Dados de aplicativos\Mozilla\Firefox\Profiles\4owx9pe1.default\
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 01:30
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(4036)
c:\arquivos de programas\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\arquivos de programas\Babylon\Babylon-Pro\Captlib.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-07-25 1:36 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-07-25 04:36

Pré-execução: 12 pasta(s) 18.888.056.832 bytes disponíveis
Pós execução: 12 pasta(s) 18.833.543.168 bytes disponíveis

179
Felipe_88
Felipe_88 Ubbergeek Registrado
4.1K Mensagens 256 Curtidas
#9 Por Felipe_88
25/07/2009 - 15:33
kikokiko15,

Seu PC está com sugestiva contaminação por Bagles, o combofix removeu algumas entradas...

Com essa contaminação seu antivírus e antispyware foram corrompidos, por isso, que o antivírus não conseguia remover os vírus do seu computador.

Desinstale o USBFix e Findkill que está no seu PC, no diretório C:\Arquivos de Programa\, depois faça os procedimentos abaixo:
______________________________________________________________

- Faça o download do USBFix no link abaixo e salve-o no desktop (área de trabalho):
http://sd-1.archive-host.com/membres...653/UsbFix.exe


- Dê um duplo clique sobre o ícone do instalador do USBFix que estará no desktop.
- Clique no botão Next >
- marque a opção: I agree with the above terms and conditions;
- Clique no botão Next >
- Clique no botão Next >;
- Clique no botão Start;
- Clique no botão Exit.
- Dê um duplo clique no ícone que será criado no desktop;
- Será aberta uma tela onde você deve escolher a linguagem de mais fácil entendimento para você. Caso seja o português que você tenha mais facilidade, digite P e tecle a tecla Enter.
- Na tela que abrir, pressione a tecla digite 2 e tecle a tecla Enter para remover as infecções;
● Insira o pen drive ou outra mídia removível que você suspeite que possa estar infectada na porta USB do PC (caso você tenha alguma mídia), tecle 2 e pressione a tecla Enter > Clique em Ok > clique em Ok novamente.
● Será apresentado uma mensagem que seu computador será desligado. Aguarde e espere-o reiniciar;
● O PC será reiniciado. Mantenha o pen drive (ou outra mídia removível) no local. Não remova!!
● Ao reiniciar o PC a ferramenta será executada automaticamente. Apenas aguarde, sem mover o mouse ou usar o teclado. Seja paciente, o escaneamento pode demorar.
● Será aberto o log no bloco de notas automaticamente. O log também estará em C:\USBFix.txt

OBS: Se após reiniciar o seu desktop sumir, tecle Ctrl + Alt + Delete para rodar o gerenciador de tarefas. Clique em Arquivo > Executar nova tarefa, digite: explorer.exe e clique em OK.


Fico no aguardo!
kikokiko15
kikokiko15 Membro Junior Registrado
96 Mensagens 0 Curtidas
#10 Por kikokiko15
25/07/2009 - 17:21
ai esta o log... mas quando eu pluguei o meu pen drive
o usbfix parece ter travado ai eu executei o precesso novamente sem o pendrive....queria saber como eu faço pra limpar ele tb !

log:


############################## | UsbFix V6.011 |

User : Kadu (Administradores) # PC-KADU
Update on 24/07/09 by Chiquitine29 & C_XX
Start at: 16:38:53 | 25/7/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Pentium(R) 4 CPU 2.40GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | (!) Outdated ]

A:\ -> Unidade de disquete de 3 1/2 polegadas
C:\ -> Disco fixo local # 38,28 Go (17,35 Go free) # NTFS
D:\ -> Disco CD-ROM

############################## | Processos activos |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Ficheiros # pastas infeciosos |


################## | All Drives ... |


################## | Registro # Chaves Run infectieuses |


################## | Registro # Mountpoints2 |


################## | Listing |

[20/10/2008 18:56|--a------|0] -> C:\AUTOEXEC.BAT
[16/01/2009 19:10|---hs----|211] -> C:\boot.ini
[28/10/2001 15:06|-rahs----|4952] -> C:\Bootfont.bin
[20/10/2008 18:56|--a------|0] -> C:\CONFIG.SYS
[?|?|?] -> C:\hiberfil.sys
[20/10/2008 18:56|-rahs----|0] -> C:\IO.SYS
[20/07/2009 14:51|-rahs----|0] -> C:\khu
[20/10/2008 18:56|-rahs----|0] -> C:\MSDOS.SYS
[03/08/2004 21:38|-rahs----|47564] -> C:\NTDETECT.COM
[03/08/2004 21:59|-rahs----|251168] -> C:\ntldr
[?|?|?] -> C:\pagefile.sys
[15/01/2009 10:37|--a------|13526] -> C:\Safe_Mode_Repair.reg
[21/10/2008 00:49|--ah-----|268] -> C:\sqmdata00.sqm
[21/10/2008 01:58|--ah-----|268] -> C:\sqmdata01.sqm
[21/10/2008 01:58|--ah-----|268] -> C:\sqmdata02.sqm
[21/10/2008 01:59|--ah-----|268] -> C:\sqmdata03.sqm
[18/07/2009 12:14|--ah-----|268] -> C:\sqmdata04.sqm
[21/10/2008 00:49|--ah-----|244] -> C:\sqmnoopt00.sqm
[21/10/2008 01:58|--ah-----|244] -> C:\sqmnoopt01.sqm
[21/10/2008 01:58|--ah-----|244] -> C:\sqmnoopt02.sqm
[21/10/2008 01:59|--ah-----|244] -> C:\sqmnoopt03.sqm
[18/07/2009 12:14|--ah-----|244] -> C:\sqmnoopt04.sqm
[25/07/2009 16:51|--a------|2938] -> C:\UsbFix.txt

################## | Vaccinação |

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## | Cracks / Keygens / Serials |


################## | ! Fim do relatório # UsbFix V6.011 ! |
kikokiko15
kikokiko15 Membro Junior Registrado
96 Mensagens 0 Curtidas
#12 Por kikokiko15
25/07/2009 - 18:06
Agora deu certo ! agora ta blz ?


############################## | UsbFix V6.011 |

User : Kadu (Administradores) # PC-KADU
Update on 24/07/09 by Chiquitine29 & C_XX
Start at: 17:52:34 | 25/7/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Pentium(R) 4 CPU 2.40GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | (!) Outdated ]

A:\ -> Unidade de disquete de 3 1/2 polegadas
C:\ -> Disco fixo local # 38,28 Go (17,38 Go free) # NTFS
D:\ -> Disco CD-ROM
F:\ -> Disco removível # 1,96 Go (1,96 Go free) [WEB SERVICE] # FAT32

############################## | Processos activos |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE

################## | Ficheiros # pastas infeciosos |


################## | All Drives ... |


################## | Registro # Chaves Run infectieuses |


################## | Registro # Mountpoints2 |


################## | Listing |

[20/10/2008 18:56|--a------|0] -> C:\AUTOEXEC.BAT
[16/01/2009 19:10|---hs----|211] -> C:\boot.ini
[28/10/2001 15:06|-rahs----|4952] -> C:\Bootfont.bin
[20/10/2008 18:56|--a------|0] -> C:\CONFIG.SYS
[?|?|?] -> C:\hiberfil.sys
[20/10/2008 18:56|-rahs----|0] -> C:\IO.SYS
[20/07/2009 14:51|-rahs----|0] -> C:\khu
[20/10/2008 18:56|-rahs----|0] -> C:\MSDOS.SYS
[03/08/2004 21:38|-rahs----|47564] -> C:\NTDETECT.COM
[03/08/2004 21:59|-rahs----|251168] -> C:\ntldr
[?|?|?] -> C:\pagefile.sys
[15/01/2009 10:37|--a------|13526] -> C:\Safe_Mode_Repair.reg
[21/10/2008 00:49|--ah-----|268] -> C:\sqmdata00.sqm
[21/10/2008 01:58|--ah-----|268] -> C:\sqmdata01.sqm
[21/10/2008 01:58|--ah-----|268] -> C:\sqmdata02.sqm
[21/10/2008 01:59|--ah-----|268] -> C:\sqmdata03.sqm
[18/07/2009 12:14|--ah-----|268] -> C:\sqmdata04.sqm
[21/10/2008 00:49|--ah-----|244] -> C:\sqmnoopt00.sqm
[21/10/2008 01:58|--ah-----|244] -> C:\sqmnoopt01.sqm
[21/10/2008 01:58|--ah-----|244] -> C:\sqmnoopt02.sqm
[21/10/2008 01:59|--ah-----|244] -> C:\sqmnoopt03.sqm
[18/07/2009 12:14|--ah-----|244] -> C:\sqmnoopt04.sqm
[25/07/2009 18:02|--a------|3109] -> C:\UsbFix.txt
[03/08/2004 13:56|-rahs----|713394] -> F:\ycghbr.exe
[13/04/2008 16:35|-rahs----|713394] -> F:\gcxthr.exe
[24/07/2009 01:48|--a------|975] -> F:\vi.txt
[22/07/2009 23:47|--a------|401720] -> F:\HiJackThis.exe
[04/08/2004 02:19|-rahs----|713394] -> F:\cmxutl.exe
[24/07/2009 15:11|-ra------|3150548] -> F:\ComboFix.exe
[25/07/2009 15:52|--a------|1474] -> F:\BOOTEX.LOG
[13/04/2008 11:50|-rahs----|414384] -> F:\pztgfp.exe

################## | Vaccinação |

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# F:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## | Cracks / Keygens / Serials |


################## | ! Fim do relatório # UsbFix V6.011 ! |
Felipe_88
Felipe_88 Ubbergeek Registrado
4.1K Mensagens 256 Curtidas
#13 Por Felipe_88
30/07/2009 - 21:44
kikokiko15,

Caro amigo, desculpa a demora, dando continuidade ao caso...

Ainda há vírus no seu PC e no Pendrive, então vamos refazer alguns passos, sendo por estapa.


- Abra o Windows Live Messenger e conecte-se.
* Depois clique em [Ferramentas] > [Opções] > [Geral] > [Aprimoramento de Qualidade]
* Desmarque "Permitir que a Microsoft colete informações anônimas sobre como eu utilizo o Windows Live Messenger"
* Na tela principal do Windows Live Messenger, clique em [Ajuda] > [Programa de Aperfeiçoamento da Experiência do Usuário]
* Selecione a opção "Não desejo participar imediatamente" > [OK]


Rode novamente o Combofix no seu PC com seu pendrive conectado, depois poste o Log do Combofix e nos diga em qual unidade seu pendrive está conectado;

Após estes procedimentos preparemos Scripts para exclusão dos malwares que estão no PC e no Pendrive.

Forte Abraço! isso_ai.png
kikokiko15
kikokiko15 Membro Junior Registrado
96 Mensagens 0 Curtidas
#14 Por kikokiko15
01/08/2009 - 22:35
Ai está amigo, o log :

ComboFix 09-08-01.06 - Kadu 01/08/2009 22:21.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.767.506 [GMT -3:00]
Executando de: c:\documents and settings\Kadu\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-02 to 2009-08-02 ))))))))))))))))))))))))))))
.

2009-08-01 22:02 . 2009-08-02 00:56 -------- d-----w- c:\documents and settings\Kadu\Dados de aplicativos\Audacity
2009-08-01 22:02 . 2009-08-01 22:02 -------- d-----w- c:\arquivos de programas\Audacity 1.3 Beta (Unicode)
2009-07-27 05:14 . 2008-07-09 07:34 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-27 00:58 . 2009-07-27 00:58 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-07-27 00:39 . 2008-06-14 17:59 272384 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-27 00:39 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-27 00:38 . 2008-06-20 10:45 360320 -c----w- c:\windows\system32\dllcache\tcpip.sys
2009-07-26 17:46 . 2009-07-27 05:16 -------- d--h--w- c:\windows\$hf_mig$
2009-07-25 21:03 . 2009-02-09 11:50 2061952 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-25 21:02 . 2009-02-09 11:50 2019840 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-25 21:02 . 2009-02-09 11:50 2184704 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-25 21:02 . 2009-02-09 11:50 2140160 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-25 18:48 . 2009-07-25 21:04 -------- d-----w- C:\UsbFix
2009-07-25 06:00 . 2008-10-16 17:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-07-25 05:59 . 2008-10-16 17:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-18 19:25 . 2009-07-18 19:25 8704 ----a-w- c:\windows\system32\sporder.dll
2009-07-18 19:07 . 2009-07-18 19:07 -------- d-----w- c:\documents and settings\Kadu\Dados de aplicativos\mfjivlxu
2009-07-18 19:02 . 2009-07-18 19:02 -------- d-----w- c:\documents and settings\NetworkService\Dados de aplicativos\mfjivlxu
2009-07-04 22:11 . 2005-10-25 15:56 61440 ----a-w- c:\windows\VM303_STI.EXE
2009-07-04 22:11 . 2005-05-18 13:55 32768 ----a-w- c:\windows\VMZoom.exe
2009-07-04 22:11 . 2005-05-18 13:54 24576 ----a-w- c:\windows\VMPipe.dll
2009-07-04 22:11 . 2005-05-02 19:45 53248 ----a-w- c:\windows\Sti303.exe
2009-07-04 22:11 . 2005-04-30 21:46 81920 ----a-w- c:\windows\system32\VM303STI.dll
2009-07-04 22:11 . 2005-04-30 21:46 102400 ----a-w- c:\windows\VM303Cap.exe
2009-07-04 22:11 . 2009-07-04 22:11 -------- d-----w- c:\windows\CatRoot
2009-07-04 22:11 . 2005-10-27 17:34 390849 ----a-w- c:\windows\system32\drivers\usbVM303.sys
2009-07-04 22:11 . 2009-07-04 22:11 -------- d-----w- c:\windows\EffectResources
2009-07-04 22:11 . 2009-07-04 22:11 -------- d-----w- c:\arquivos de programas\Vimicro

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 01:25 . 2009-01-16 19:18 432379936 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-01 15:25 . 2009-01-13 20:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon
2009-08-01 06:00 . 2009-01-16 19:18 5046524 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-28 06:04 . 2001-10-28 18:07 48628 ----a-w- c:\windows\system32\perfc016.dat
2009-07-28 06:04 . 2001-10-28 18:07 344380 ----a-w- c:\windows\system32\perfh016.dat
2009-07-27 01:08 . 2009-05-25 01:29 -------- d-----w- c:\arquivos de programas\Megacubo
2009-07-25 05:57 . 2009-06-27 19:39 -------- d-----w- c:\arquivos de programas\IFCam
2009-07-07 06:09 . 2008-11-13 18:15 -------- d-----w- c:\arquivos de programas\Teamviwer
2009-07-04 22:11 . 2008-10-20 22:07 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-06-13 22:42 . 2009-06-13 22:42 15256 ----a-w- c:\documents and settings\Kadu\Dados de aplicativos\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
2009-06-03 19:26 . 2004-08-04 02:45 1295360 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 04:12 . 2009-01-17 16:59 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-01-15 23:02 . 2009-01-15 23:13 1848024 -c--a-w- c:\arquivos de programas\TeamViewer_Setup.exe
2009-07-25 20:18 . 2008-10-20 23:17 134648 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-25_04.31.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-01 15:25 . 2009-08-01 15:25 16384 c:\windows\TEMP\Perflib_Perfdata_578.dat
+ 2007-07-30 21:19 . 2008-10-16 17:09 43544 c:\windows\system32\wups2.dll
+ 2008-10-20 21:53 . 2008-10-16 17:08 34328 c:\windows\system32\wups.dll
+ 2008-10-20 21:53 . 2008-10-16 17:09 51224 c:\windows\system32\wuauclt.exe
+ 2008-10-21 00:49 . 2007-11-30 11:18 18296 c:\windows\system32\spmsg.dll
+ 2009-07-25 05:59 . 2008-10-16 17:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-07-25 05:59 . 2008-10-16 17:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2004-08-04 02:45 . 2009-02-03 20:10 55808 c:\windows\system32\secur32.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 55808 c:\windows\system32\secur32.dll
+ 2001-10-28 18:07 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
- 2004-08-04 02:45 . 2004-08-04 02:45 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 39424 c:\windows\system32\pngfilt.dll
+ 2001-10-28 18:07 . 2009-07-28 06:04 39992 c:\windows\system32\perfc009.dat
+ 2008-10-20 21:51 . 2008-06-12 14:18 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-04 02:45 . 2008-06-12 14:18 66560 c:\windows\system32\mtxclu.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 66560 c:\windows\system32\mtxclu.dll
- 2008-10-20 21:51 . 2004-08-04 02:45 58880 c:\windows\system32\msdtclog.dll
+ 2008-10-20 21:51 . 2008-06-12 14:18 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 16384 c:\windows\system32\jsproxy.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 96768 c:\windows\system32\inseng.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 96768 c:\windows\system32\inseng.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 81920 c:\windows\system32\ieencode.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 81920 c:\windows\system32\ieencode.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 55808 c:\windows\system32\extmgr.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 55808 c:\windows\system32\extmgr.dll
+ 2008-10-20 21:53 . 2008-10-16 17:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2008-10-20 21:53 . 2008-10-16 17:09 51224 c:\windows\system32\dllcache\wuauclt.exe
- 2004-08-04 02:45 . 2004-08-04 02:45 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 02:45 . 2009-02-03 20:10 55808 c:\windows\system32\dllcache\secur32.dll
+ 2001-10-28 18:07 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-04 02:45 . 2009-04-29 04:52 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-20 21:51 . 2008-06-12 14:18 91648 c:\windows\system32\dllcache\mtxoci.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-04 02:45 . 2008-06-12 14:18 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-10-20 21:51 . 2008-06-12 14:18 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2008-10-20 21:51 . 2004-08-04 02:45 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 96768 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 96768 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 81920 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 81920 c:\windows\system32\dllcache\ieencode.dll
- 2008-10-20 21:53 . 2004-08-04 02:45 18432 c:\windows\system32\dllcache\iedw.exe
+ 2008-10-20 21:53 . 2009-04-27 09:17 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-04 02:45 . 2009-04-29 04:52 55808 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-20 21:51 . 2005-07-26 04:40 60416 c:\windows\system32\dllcache\colbact.dll
+ 2004-08-04 02:45 . 2008-10-16 17:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2008-09-17 18:29 . 2008-09-17 18:29 20040 c:\windows\system32\config\systemprofile\Dados de aplicativos\Microsoft\IdentityCRL\production\ppcrlconfig.dll
+ 2008-10-20 21:51 . 2005-07-26 04:40 60416 c:\windows\system32\colbact.dll
+ 2004-08-04 02:45 . 2008-10-16 17:09 92696 c:\windows\system32\cdm.dll
- 2008-10-21 02:24 . 2008-10-21 02:24 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-10-21 02:24 . 2009-07-27 05:15 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-10-21 02:24 . 2008-10-21 02:24 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-10-21 02:24 . 2009-07-27 05:15 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-10-21 02:24 . 2008-10-21 02:24 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-10-21 02:24 . 2009-07-27 05:15 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-10-21 02:24 . 2009-07-27 05:15 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-10-21 02:24 . 2008-10-21 02:24 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-10-21 02:24 . 2009-07-27 05:15 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-10-21 02:24 . 2008-10-21 02:24 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-10-21 02:24 . 2009-07-27 05:15 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-10-21 02:24 . 2008-10-21 02:24 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-10-21 02:24 . 2008-10-21 02:24 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-10-21 02:24 . 2009-07-27 05:15 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-04-27 18:18 . 2009-04-27 18:18 360448 c:\windows\system32\xpsp3res.dll
+ 2008-10-20 21:53 . 2008-10-16 17:13 202776 c:\windows\system32\wuweb.dll
+ 2008-10-20 21:53 . 2008-10-16 17:12 323608 c:\windows\system32\wucltui.dll
+ 2008-10-20 21:53 . 2008-10-16 17:12 561688 c:\windows\system32\wuapi.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 661504 c:\windows\system32\wininet.dll
+ 2004-08-04 02:45 . 2008-12-16 12:50 351232 c:\windows\system32\winhttp.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 351232 c:\windows\system32\winhttp.dll
+ 2008-10-20 21:51 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2008-10-20 21:51 . 2009-02-09 10:19 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2008-10-20 21:51 . 2009-02-09 10:19 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-04 02:45 . 2007-12-18 14:42 417792 c:\windows\system32\vbscript.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 417792 c:\windows\system32\vbscript.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 617472 c:\windows\system32\urlmon.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-04 02:45 . 2009-02-09 10:08 111104 c:\windows\system32\services.exe
+ 2004-08-04 02:45 . 2009-02-09 10:19 399360 c:\windows\system32\rpcss.dll
+ 2001-10-28 18:07 . 2009-07-28 06:04 311604 c:\windows\system32\perfh009.dat
+ 2004-08-04 02:45 . 2009-03-06 14:46 285696 c:\windows\system32\pdh.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 285696 c:\windows\system32\pdh.dll
+ 2004-08-04 02:45 . 2009-02-09 10:19 730624 c:\windows\system32\ntdll.dll
+ 2004-08-04 02:45 . 2008-10-15 16:59 332800 c:\windows\system32\netapi32.dll
+ 2004-08-04 02:45 . 2008-06-20 17:41 247808 c:\windows\system32\mswsock.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 247808 c:\windows\system32\mswsock.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 532480 c:\windows\system32\mstime.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 146432 c:\windows\system32\msrating.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 146432 c:\windows\system32\msrating.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 449024 c:\windows\system32\mshtmled.dll
+ 2008-10-20 21:51 . 2008-06-12 14:18 161792 c:\windows\system32\msdtcuiu.dll
+ 2008-10-20 21:51 . 2008-06-12 14:18 956928 c:\windows\system32\msdtctm.dll
+ 2008-10-20 21:51 . 2008-06-12 14:18 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-04 02:45 . 2009-02-09 10:19 726016 c:\windows\system32\lsasrv.dll
+ 2004-08-04 02:45 . 2007-12-18 14:42 450560 c:\windows\system32\jscript.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 450560 c:\windows\system32\jscript.dll
+ 2008-10-20 21:53 . 2008-04-11 18:51 683520 c:\windows\system32\inetcomm.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 251392 c:\windows\system32\iepeers.dll
- 2008-10-20 19:40 . 2009-02-14 14:17 110992 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-20 19:40 . 2009-07-28 03:24 110992 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 02:45 . 2008-07-07 20:31 253952 c:\windows\system32\es.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 205312 c:\windows\system32\dxtrans.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 01:07 . 2008-06-20 18:22 225920 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-31 09:39 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2001-10-28 18:07 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2004-08-04 01:14 . 2008-06-20 10:44 138368 c:\windows\system32\drivers\afd.sys
+ 2004-08-04 02:45 . 2008-06-21 02:11 148992 c:\windows\system32\dnsapi.dll
+ 2008-10-20 21:53 . 2008-10-16 17:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-20 21:53 . 2008-10-16 17:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-20 21:53 . 2008-10-16 17:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-20 21:51 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2008-10-20 21:51 . 2009-02-09 10:19 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 661504 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 02:45 . 2008-12-16 12:50 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-04 02:45 . 2007-12-18 14:42 417792 c:\windows\system32\dllcache\vbscript.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 617472 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 01:07 . 2008-06-20 18:22 225920 c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-04 02:45 . 2009-04-29 04:52 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 02:45 . 2009-02-09 10:08 111104 c:\windows\system32\dllcache\services.exe
+ 2004-08-04 02:45 . 2009-02-09 10:19 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2001-10-28 18:07 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
+ 2004-08-04 02:45 . 2009-03-06 14:46 285696 c:\windows\system32\dllcache\pdh.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 285696 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-04 02:45 . 2009-02-09 10:19 730624 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-04 02:45 . 2008-10-15 16:59 332800 c:\windows\system32\dllcache\netapi32.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 247808 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-04 02:45 . 2008-06-20 17:41 247808 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 146432 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-20 21:51 . 2008-06-12 14:18 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-10-20 21:51 . 2008-06-12 14:18 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-10-20 21:51 . 2008-06-12 14:18 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2004-08-04 02:45 . 2009-02-09 10:19 726016 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-04 02:45 . 2007-12-18 14:42 450560 c:\windows\system32\dllcache\jscript.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 450560 c:\windows\system32\dllcache\jscript.dll
+ 2008-10-20 21:53 . 2008-04-11 18:51 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-20 21:51 . 2009-02-09 10:19 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-04 02:45 . 2008-07-07 20:31 253952 c:\windows\system32\dllcache\es.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 02:45 . 2008-06-21 02:11 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 151552 c:\windows\system32\dllcache\cdfview.dll
+ 2004-08-04 01:14 . 2008-06-20 10:44 138368 c:\windows\system32\dllcache\afd.sys
- 2004-08-04 02:45 . 2004-08-04 02:45 683008 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 02:45 . 2009-02-09 10:19 683008 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 02:45 . 2006-08-16 11:59 100352 c:\windows\system32\dllcache\6to4svc.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 100352 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 151552 c:\windows\system32\cdfview.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 683008 c:\windows\system32\advapi32.dll
+ 2004-08-04 02:45 . 2009-02-09 10:19 683008 c:\windows\system32\advapi32.dll
+ 2004-08-04 02:45 . 2006-08-16 11:59 100352 c:\windows\system32\6to4svc.dll
- 2004-08-04 02:45 . 2004-08-04 02:45 100352 c:\windows\system32\6to4svc.dll
+ 2009-07-27 05:15 . 2009-07-27 05:15 140288 c:\windows\Installer\ffa472.msi
- 2008-10-21 02:24 . 2008-10-21 02:24 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-10-21 02:24 . 2009-07-27 05:15 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-10-21 02:24 . 2008-10-21 02:24 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-10-21 02:24 . 2009-07-27 05:15 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-10-21 02:24 . 2008-10-21 02:24 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-10-21 02:24 . 2009-07-27 05:15 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-10-21 02:24 . 2009-07-27 05:15 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-21 02:24 . 2008-10-21 02:24 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-10-21 02:24 . 2009-07-27 05:15 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-10-21 02:24 . 2008-10-21 02:24 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-10-21 02:24 . 2009-07-27 05:15 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-10-21 02:24 . 2008-10-21 02:24 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-07-27 00:39 . 2008-06-14 17:59 272384 c:\windows\Driver Cache\i386\bthport.sys
+ 2008-10-20 21:53 . 2008-10-16 17:13 1809944 c:\windows\system32\wuaueng.dll
+ 2004-08-04 02:45 . 2006-12-07 05:29 2374472 c:\windows\system32\wmvcore.dll
+ 2004-08-04 02:38 . 2009-04-19 20:10 1846784 c:\windows\system32\win32k.sys
+ 2004-08-04 02:45 . 2008-07-03 13:15 8484352 c:\windows\system32\shell32.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 1495552 c:\windows\system32\shdocvw.dll
+ 2004-08-04 02:40 . 2009-02-09 11:50 2184704 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 00:40 . 2009-02-09 11:50 2061952 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 02:45 . 2008-09-04 16:45 1106944 c:\windows\system32\msxml3.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 3081728 c:\windows\system32\mshtml.dll
+ 2004-08-04 02:45 . 2009-03-21 14:20 1025024 c:\windows\system32\kernel32.dll
+ 2008-10-20 21:53 . 2008-10-16 17:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-04 02:45 . 2006-12-07 05:29 2374472 c:\windows\system32\dllcache\wmvcore.dll
+ 2004-08-04 02:38 . 2009-04-19 20:10 1846784 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 02:45 . 2008-07-03 13:15 8484352 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 1495552 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 02:45 . 2009-06-03 19:26 1295360 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-04 02:45 . 2008-09-04 16:45 1106944 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 3081728 c:\windows\system32\dllcache\mshtml.dll
+ 2004-08-04 02:45 . 2009-03-21 14:20 1025024 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 1055744 c:\windows\system32\dllcache\danim.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 1024000 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 1055744 c:\windows\system32\danim.dll
+ 2004-08-04 02:45 . 2009-04-29 04:52 1024000 c:\windows\system32\browseui.dll
+ 2005-10-26 17:59 . 2005-10-26 17:59 2883072 c:\windows\Installer\ffa486.msp
+ 2009-07-25 21:02 . 2009-02-09 11:50 2184704 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-07-25 21:02 . 2009-02-09 11:50 2019840 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-07-25 21:03 . 2009-02-09 11:50 2061952 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-07-25 21:02 . 2009-02-09 11:50 2140160 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snapshot resetado para data atual --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OpwareSE2"="c:\arquivos de programas\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Babylon Client"="c:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe" [2009-01-13 3166432]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-01-14 136600]
"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

c:\documents and settings\Kadu\Menu Iniciar\Programas\Inicializar\
Mais Comunicador.lnk - c:\arquivos de programas\GeminiSistemas\Mais Comunicador2\Mais.exe [2009-5-8 7324672]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Arquivos de programas\\IFCam\\IFRun.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11440:TCP"= 11440:TCP:@xpsp2res.dll,-22009
"31924:TCP"= 31924:TCP:@xpsp2res.dll,-22009
"48717:TCP"= 48717:TCP:@xpsp2res.dll,-22009
"955:TCP"= 955:TCP:@xpsp2res.dll,-22009
"8889:TCP"= 8889:TCP:@xpsp2res.dll,-22009
"51896:TCP"= 51896:TCP:@xpsp2res.dll,-22009
"64432:TCP"= 64432:TCP:@xpsp2res.dll,-22009
"26191:TCP"= 26191:TCP:@xpsp2res.dll,-22009

R1 is-72R36drv;is-72R36drv;c:\windows\system32\drivers\39894342.sys [14/1/2009 20:59 148496]
R1 is-FBJ23drv;is-FBJ23drv;c:\windows\system32\drivers\18383011.sys [14/1/2009 21:00 148496]
S2 mmgkql;mmgkql;c:\windows\system32\drivers\kdljazjy.sys --> c:\windows\system32\drivers\kdljazjy.sys [?]
.
.
------- Scan Suplementar -------
.
IE: Translate with &Babylon - c:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Kadu\Dados de aplicativos\Mozilla\Firefox\Profiles\4owx9pe1.default\
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-01 22:25
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(2308)
c:\arquivos de programas\ScanSoft\OmniPageSE2.0\ophookSE2.dll
.
Tempo para conclusão: 2009-08-02 22:28
ComboFix-quarantined-files.txt 2009-08-02 01:28

Pré-execução: 13 pasta(s) 17.235.820.544 bytes disponíveis
Pós execução: 13 pasta(s) 17.242.046.464 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

334 --- E O F --- 2009-08-01 05:59
Felipe_88
Felipe_88 Ubbergeek Registrado
4.1K Mensagens 256 Curtidas
#15 Por Felipe_88
02/08/2009 - 08:41
kikokiko15,

Ok.

Agora vá, por gentileza, no menu: Iniciar - Executar - digite:

combofix /u

Tecle enter para que o Combofix seja desinstalado.

__________________________________________________ _________

- Faça download do Kaspersky Virus Removal Tool

* Salve na pasta de Arquivos de programas.
* Instale o programa normalmente seguindo todos os seus passos.
*Não faça ainda scan!
*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).
* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal
* Na tela principal do programa marque todas as caixas disponíveis


Imagem

* Clique no botão Scan.
* Seja paciente, o scan pode demorar
* Se ele encontrar alguma infecção confirme a solicitação de remoção aos arquivos detectados.
* Após completar tudo clique na aba Events, desmarque a caixa de seleção "Show all events" e depois clique em Reports... e clique em "Save to file".
* Dê um nome para o arquivo e salve numa pasta de sua preferência (de preferência salve este relatório no Desktop (área de trabalho) para facilitar a sua localização.
* Poste o conteúdo desse relatório em sua próxima resposta juntamente com um novo log do Hijackthis e nos diga como está o seu PC depois destes procedimentos.

Ficamos no aguardo.

© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal