Ganhe dinheiro  escrevendo tutoriais para o Fórum do BABOO! Conheça os Tutoriais Pagos 2016

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

oninot

pastas de arquivo viraram proteção de tela

14 posts neste tópico

coloquei um pendrive infectado em meu PC e logo em seguida tadas as minhas pastas viraram proteção de tela. agora em lugar de abrir, aparece o nome testar o arquivo.

e o que é mais curioso toadas as pastas tem o mesmo tamanho.Já fiz todos os procedimentos pedidos, segue meu log para análise:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:01:42, on 17/12/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Windows\System32\svchost.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\hkcmd.exe

C:\Windows\system32\igfxpers.exe

C:\Windows\SOUNDMAN.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Windows\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Windows\System32\alg.exe

C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe

C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.Microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxtray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [updateReminder] C:\Arquivos de programas\Eset\UpdateReminder.exe

O4 - HKLM\..\Run: [C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe] C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Micros...b?1289002397546

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BFE32563-60FE-41A6-AD7C-857A63165F7D}: NameServer = 10.15.0.1,208.62.222.222

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

--

End of file - 8929 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:25:19, on 18/12/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Windows\System32\svchost.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\hkcmd.exe

C:\Windows\system32\igfxpers.exe

C:\Windows\SOUNDMAN.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Windows\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Windows\system32\wscntfy.exe

C:\Windows\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.Microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxtray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [updateReminder] C:\Arquivos de programas\Eset\UpdateReminder.exe

O4 - HKLM\..\Run: [C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe] C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289002397546

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BFE32563-60FE-41A6-AD7C-857A63165F7D}: NameServer = 10.15.0.1,208.62.222.222

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

--

End of file - 8742 bytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versão da Base de Dados: 4052

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

18/12/2010 00:15:39

mbam-log-2010-12-18 (00-15-39).txt

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 118318

Tempo decorrido: 16 minuto(s), 7 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 3

Pastas Infectadas: 0

Arquivos Infectados: 1

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

C:\Windows\$NtUninstallKB960803$ .scr (Trojan.Agent) -> Quarantined and deleted successfully.

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Faça o download do ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

Dê um duplo-clique no combofix.exe, tecle 1 e em seguida Enter para prosseguir o Fix. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz conforme solicitado, e agira estou postando os logs.

ComboFix 10-12-18.02 - Prof Francisco 19/12/2010 10:18:24.1.1 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1014.823 [GMT -3:00]

Executando de: c:\documents and settings\Prof Francisco\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA não tem O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

ADS - drivers: deleted 204 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Prof Francisco\Menu Iniciar\Programas .scr

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_USNJSVC

-------\Service_usnjsvc

(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-19 to 2010-12-19 ))))))))))))))))))))))))))))

.

2010-12-17 19:01 . 2010-12-17 19:01 -------- d-sh--r- c:\arquivos de programas\Trend Micro

2010-12-17 18:28 . 2010-12-15 16:05 418304 ------w- c:\Windows\msagent .scr

2010-12-17 18:26 . 2010-12-15 16:05 418304 ------w- c:\arquivos de programas\xerox .scr

2010-12-12 19:17 . 2010-12-17 18:50 -------- d-----w- c:\documents and settings\Prof Francisco\Dados de aplicativos\Media Player Classic

2010-12-09 19:34 . 2010-12-09 19:34 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2010-12-09 18:48 . 2010-07-09 16:18 20328 ----a-w- c:\Windows\system32\drivers\cpuz134_x32.sys

2010-12-09 18:48 . 2010-12-09 18:48 -------- d-sh--r- c:\arquivos de programas\CPUID

2010-12-09 18:37 . 2010-12-09 18:37 -------- d-sh--r- c:\arquivos de programas\FinalWire

2010-12-04 10:47 . 2010-12-04 10:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-15 16:05 . 2005-01-01 03:10 418304 ------w- c:\arquivos de programas\Trend Micro .scr

2010-12-03 11:57 . 2010-09-28 15:01 47008 ----a-w- c:\Windows\system32\drivers\gbpkm.sys

2010-10-28 15:21 . 2010-10-28 15:22 73728 ----a-w- c:\Windows\system32\javacpl.cpl

2010-10-28 15:21 . 2010-10-28 15:22 472808 ----a-w- c:\Windows\system32\deployJava1.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-09-16 5724184]

"Google Update"="c:\documents and settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-09-07 136176]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\Windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\Windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\Windows\system32\igfxpers.exe" [2005-09-20 114688]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\Windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-12-03 11:56 351008 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Documents and Settings\\Prof Francisco\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Google\\Google Earth\\plugin\\geplugin.exe"=

R0 GbpKm;Gbp KernelMode;c:\Windows\system32\drivers\gbpkm.sys [28/9/2010 12:01 47008]

R2 cpuz134;cpuz134;c:\Windows\system32\drivers\cpuz134_x32.sys [9/12/2010 15:48 20328]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [28/9/2010 12:01 55072]

R2 regi;regi;c:\Windows\system32\drivers\regi.sys [3/1/2007 11:19 11032]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [24/9/2010 09:28 136176]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-12-19 c:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-24 12:28]

2010-12-18 c:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-24 12:28]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: {BFE32563-60FE-41A6-AD7C-857A63165F7D} = 10.15.0.1,208.62.222.222

.

- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-hpqSRMon - (no file)

HKLM-Run-c:\docume~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe - c:\docume~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-19 10:28

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(720)

c:\arquivos de programas\GbPlugin\gbieh.dll

- - - - - - - > 'explorer.exe'(2036)

c:\Windows\system32\WININET.dll

c:\Windows\system32\webcheck.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\Windows\SOUNDMAN.EXE

c:\Windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-12-19 10:31:45 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-12-19 13:31

Pré-execução: 4 pasta(s) 19.834.179.584 bytes disponíveis

Pós execução: 7 pasta(s) 20.447.076.352 bytes disponíveis

- - End Of File - - 87F704BFC93F013BB0D4384D5AE5FEFF

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:46:19, on 19/12/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\hkcmd.exe

C:\Windows\system32\igfxpers.exe

C:\Windows\SOUNDMAN.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Windows\system32\wscntfy.exe

C:\Windows\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Windows\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxtray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289002397546

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BFE32563-60FE-41A6-AD7C-857A63165F7D}: NameServer = 10.15.0.1,208.62.222.222

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--

End of file - 7386 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo (Y)

Finalizando.......

Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do Sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR/ Propiedades/ Restauração do Sistema/ marque Desativar Restauração do Sistema/ Aplicar > OK.

Depois desmarque novamente. Aplicar > OK.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, amigo! em primeiro lugar gostaria de pedir desculpas pela demora em responder, é que eu precisei viajar.

bem vamos ao que interessa.

Primeiro, não consegui desinstalar o combofix, pois quando tentei ele reiniciou o programa.

Segundo minhas pastas continuam como proteção de tela e o pior é que agora eu não consigo mais nem abrir a caixa executar, nem arrastar nem um programa. e apareceu um arquivo esquisito com o nome ct_6$

será que é algum virus

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
Primeiro, não consegui desinstalar o combofix, pois quando tentei ele reiniciou o programa.

É assim mesmo.......

Download Norman Malware Cleaner

Siga as instruções.

Poste o resultado juntamente com um novo Log do HijackThis...



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

consegui desinstalar o combofix.

fiz como você solicitou e agora estou postando os logs.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:26:41, on 28/12/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe

C:\Windows\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\hkcmd.exe

C:\Windows\system32\igfxpers.exe

C:\Windows\SOUNDMAN.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\wscntfy.exe

C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxtray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe] C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289002397546

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BFE32563-60FE-41A6-AD7C-857A63165F7D}: NameServer = 10.15.0.1,208.62.222.222

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--

End of file - 8087 bytes

Norman Malware Cleaner

Version 1.8.3

Copyright © 1990 - 2010, Norman ASA. Built 2010/12/27 20:56:57

Norman Scanner Engine Version: 6.06.12

Nvcbin.def Version: 6.06.00, Date: 2010/12/27 20:56:57, Variants: 8525174

Scan started: 2010/12/28 20:49:14

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2

Logged on user: A-4FEF89676B534\Prof Francisco

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Scanning kernel...

Kernel scan complete

Scanning bootsectors...

Number of sectors found: 1

Number of sectors scanned: 1

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s 109ms

Scanning running processes and process memory...

Number of processes/threads found: 3678

Number of processes/threads scanned: 3678

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 5m 5s

Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Arquivos de programas\Adobe .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Arquivos comuns .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Aurélio - Século XXI .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\AxBx .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\CCleaner .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\ComPlus Applications .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\CPUID .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Diagnostico .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Eset .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\FinalWire .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Foxit Software .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\GbPlugin .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Google .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Hewlett-Packard .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\HP .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\InstallShield Installation Information .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Internet Explorer .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\InterVideo .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Java .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\K-Lite Codec Pack .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Malwarebytes' Anti-Malware .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Messenger .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Microsoft frontpage .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Microsoft Office .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Microsoft Silverlight .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Microsoft Visual Studio .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Microsoft Works .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Movie Maker .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Mozilla Firefox .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\MSBuild .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\MSN Gaming Zone .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\MSXML 4.0 .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Nero .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\NetMeeting .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Outlook Express .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Power Translator Pro .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Serviços on-line .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Terra Networks .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Trend Micro .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Uninstall Information .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Windows Live .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Windows Media Player .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Windows NT .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\WindowsUpdate .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\WinRAR\Default.SFX (Infected with W32/Ardamax.LSM)

Deleted file

C:\Arquivos de programas\WinRAR .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\xerox .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Yahoo! .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Acessibilidade .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Entretenimento .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Aplicativos de programas .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Clean Virus MSN .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\CPUID .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ESET .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\FinalWire .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\GameTop.com\Age Of Emerald .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\GameTop.com .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Earth .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\HijackThis .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\HP .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Silverlight .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Ambiente de impressão .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Ambiente de rede .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Configurações locais\Temp\nen^e3.exe (Infected with W32/Malware.OCYZ)

Removed registry value: HKLM\Software\Microsoft\Windows\CurrentVersion\Run -> C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe = "C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe"

Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe = "C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe:*:Enabled:Windows Update"

Removed registry value: HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe = "C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe:*:Enabled:Windows Update"

Deleted file

C:\Documents and Settings\Prof Francisco\Configurações locais .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Contacts .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Cookies .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Dados de aplicativos .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Desktop\Atalhos não utilizados da área de trabalho .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Desktop\cronogramas do sales .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Desktop\fiChas 06 Sales .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Desktop\IVANILDE .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Desktop\plan. Osmarina .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Desktop .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Favoritos .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\IECompatCache .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\IETldCache .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Menu Iniciar\Programas\Acessórios .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Menu Iniciar\Programas\CCleaner .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Menu Iniciar\Programas\Google Chrome .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Menu Iniciar\Programas .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Menu Iniciar .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Meus documentos .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Modelos .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\PrivacIE .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Recent .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\SendTo .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\RECYCLER\S-1-5-21-839522115-2077806209-725345543-1003\Dc34.scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\RECYCLER\S-1-5-21-839522115-2077806209-725345543-1003\Dc35.scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\RECYCLER\S-1-5-21-839522115-2077806209-725345543-1003\Dc36.scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$hf_mig$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB2229593$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB898461$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB923561$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB932823-v3$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB946648$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB950760$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB950762$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB950974$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB951376-v2$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB951748$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB952004$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB952069_WM9$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB952287$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB952954$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB954155_WM9$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB955069$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB955759$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB956572$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB956802$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB956803$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB956844$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB958470$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB958644$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB958869$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB959426$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB960803$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB960859$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB961501$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB967715$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB968389$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB969059$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB970238$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB970430$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB971032$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB971468$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB971657$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB971737$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB972270$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB973507$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB973540_WM9L$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB973687$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB973815$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB973869$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB973904$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB974112$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB974318$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB974392$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB974571$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB975025$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB975467$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB975560$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB975561$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB975562$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB975713$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB977816$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB977914$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB978037$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB978338$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB978542$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB978601$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB978695_WM9$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB978706$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB979309$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB979402_WM9L$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB979482$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB979559$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB979683$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB980195$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB980218$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB980232$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB981793$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\addins .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\AppPatch .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\assembly .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Config .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Connection Wizard .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Cursors .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Debug .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Downloaded Program Files .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Driver Cache .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\ehome .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\ERDNT .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Fonts .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Help .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\ie8 .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\ie8updates .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\ime .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\inf .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Installer .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\java .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\LastGood .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\LastGood.Tmp .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Media .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Microsoft.NET .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Minidump .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\msagent .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\msapps .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\mui .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Offline Web Pages .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\pchealth .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\PeerNet .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Prefetch .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Provisioning .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Registration .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\repair .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Resources .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\security .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\ServicePackFiles .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\SHELLNEW .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\SoftwareDistribution .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\srchasst .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Sun .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\system .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\system32 .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Tasks .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Temp .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\twain_32 .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\WBEM .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Web .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\WinSxS .scr (Infected with W32/Malware.OCYZ)

Deleted file

Scanning: D:\*.*

D:\backup_DESKTOP\GESTAR II .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\backup_DESKTOP\Grand Theft Auto 3 ( GTA ) .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\backup_DESKTOP .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Desktop .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Dictionaries .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads\Caderno do Futuro - Matemática - 5º Ano .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads\conteudo de matemática .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads\IMposto de renda .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads\Jogos .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads\Músicas variadas .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads\PDF .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads\PROGRAMAS .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Favoritos .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\GTA3 User Files .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\InterVideo .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\mensagens de refrexão .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\MENSAGENS EM PPS .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Meus arquivos recebidos .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Meus vídeos\DivX Movies\Temporary Downloaded Files .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Meus vídeos\DivX Movies .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Meus vídeos .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens\Aniversário da Vitória de Lourdes .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens\BATIZADO DA VITÓRIA DE LOURDES .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens\fotos da Vitória .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens\Fotos diversaas .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens\fotos do celular .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens\fotos para selecionar .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens\Imagem .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas músicas .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\PROGRAMAS\docProps .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\PROGRAMAS\word .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\PROGRAMAS\_rels .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\PROGRAMAS .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\RECYCLER .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\System Volume Information .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\ZEFINHA .scr (Infected with W32/Malware.OCYZ)

Deleted file

Scanning: C:\System Volume Information\*.*

Scanning: D:\System Volume Information\*.*

Scanning: postscan

Running post-scan cleanup routine:

Number of files found: 197872

Number of archives unpacked: 1450

Number of files scanned: 197870

Number of files not scanned: 2

Number of files skipped due to exclude list: 0

Number of infected files found: 255

Number of infected files repaired/deleted: 255

Number of infections removed: 255

Total scanning time: 2h 29m 43s

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Como está o PC agora ?



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

O desempenho melhorou 100%, mas todos os arquivos do disco D continuam como proteção de tela e a caixa executar continua sem abrir.

Valeu cara. Sem sua ajuda eu não teria limpado meu PC. Muito obrigado.

Se tiver como excluir essa proteção de tela me avise. Mais uma vez obrigado!

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
    • 2 Mensagens
    • 88 Visualizações
    • 1 Mensagens
    • 41 Visualizações
    • 1 Mensagens
    • 74 Visualizações
    • 3 Mensagens
    • 80 Visualizações
    • 6 Mensagens
    • 116 Visualizações