Jump to content

Foto

pastas de arquivo viraram proteção de tela




Existem 13 respostas neste tópico

#1 oninot    

oninot
  • Participante
  • 72 mensagens

Publicado 17 December 2010 - 04:03 PM

coloquei um pendrive infectado em meu PC e logo em seguida tadas as minhas pastas viraram proteção de tela. agora em lugar de abrir, aparece o nome testar o arquivo.
e o que é mais curioso toadas as pastas tem o mesmo tamanho.Já fiz todos os procedimentos pedidos, segue meu log para análise:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:42, on 17/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Windows\System32\svchost.exe
C:\Arquivos de programas\Eset\nod32krn.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxpers.exe
C:\Windows\SOUNDMAN.EXE
C:\Arquivos de programas\Eset\nod32kui.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Windows\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Windows\System32\alg.exe
C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe
C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.Microsof...ss/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UpdateReminder] C:\Arquivos de programas\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe] C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsof...ss/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Micros...b?1289002397546
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFE32563-60FE-41A6-AD7C-857A63165F7D}: NameServer = 10.15.0.1,208.62.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

--
End of file - 8929 bytes

#2 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 64594 mensagens

Publicado 17 December 2010 - 04:37 PM

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
Verifique se as caixas
Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
Se houver atualizações a serem feitas, serão baixadas e instaladas.
Ao final da atualização, com o programa aberto, marque
Verificação Rápida e clique no botão Verificar.
Começará então o exame. Aguarde, pois pode demorar.
Ao acabar o exame, clique em OK, depois no botão
Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .


MillionMPV.gif

#3 oninot    

oninot
  • Participante
  • 72 mensagens

Publicado 18 December 2010 - 12:27 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:25:19, on 18/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Windows\System32\svchost.exe
C:\Arquivos de programas\Eset\nod32krn.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxpers.exe
C:\Windows\SOUNDMAN.EXE
C:\Arquivos de programas\Eset\nod32kui.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Windows\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\System32\alg.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.Microsof...ss/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UpdateReminder] C:\Arquivos de programas\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe] C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsof...ss/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Micros...b?1289002397546
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFE32563-60FE-41A6-AD7C-857A63165F7D}: NameServer = 10.15.0.1,208.62.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

--
End of file - 8742 bytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versão da Base de Dados: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

18/12/2010 00:15:39
mbam-log-2010-12-18 (00-15-39).txt

Tipo de Verificação: Verificação Rápida
Objetos escaneados: 118318
Tempo decorrido: 16 minuto(s), 7 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 3
Pastas Infectadas: 0
Arquivos Infectados: 1

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
C:\Windows\$NtUninstallKB960803$ .scr (Trojan.Agent) -> Quarantined and deleted successfully.




#4 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 64594 mensagens

Publicado 18 December 2010 - 09:44 AM

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Faça o download do ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)
Feche todas as janelas e programas.
Dê um duplo-clique no combofix.exe, tecle 1 e em seguida Enter para prosseguir o Fix. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.
Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.
Mais informações sobre o Console:
http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.


MillionMPV.gif

#5 oninot    

oninot
  • Participante
  • 72 mensagens

Publicado 19 December 2010 - 10:46 AM

Fiz conforme solicitado, e agira estou postando os logs.

ComboFix 10-12-18.02 - Prof Francisco 19/12/2010 10:18:24.1.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1014.823 [GMT -3:00]
Executando de: c:\documents and settings\Prof Francisco\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA não tem O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
ADS - drivers: deleted 204 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Prof Francisco\Menu Iniciar\Programas .scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USNJSVC
-------\Service_usnjsvc


(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-19 to 2010-12-19 ))))))))))))))))))))))))))))
.

2010-12-17 19:01 . 2010-12-17 19:01 -------- d-sh--r- c:\arquivos de programas\Trend Micro
2010-12-17 18:28 . 2010-12-15 16:05 418304 ------w- c:\Windows\msagent .scr
2010-12-17 18:26 . 2010-12-15 16:05 418304 ------w- c:\arquivos de programas\xerox .scr
2010-12-12 19:17 . 2010-12-17 18:50 -------- d-----w- c:\documents and settings\Prof Francisco\Dados de aplicativos\Media Player Classic
2010-12-09 19:34 . 2010-12-09 19:34 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2010-12-09 18:48 . 2010-07-09 16:18 20328 ----a-w- c:\Windows\system32\drivers\cpuz134_x32.sys
2010-12-09 18:48 . 2010-12-09 18:48 -------- d-sh--r- c:\arquivos de programas\CPUID
2010-12-09 18:37 . 2010-12-09 18:37 -------- d-sh--r- c:\arquivos de programas\FinalWire
2010-12-04 10:47 . 2010-12-04 10:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-15 16:05 . 2005-01-01 03:10 418304 ------w- c:\arquivos de programas\Trend Micro .scr
2010-12-03 11:57 . 2010-09-28 15:01 47008 ----a-w- c:\Windows\system32\drivers\gbpkm.sys
2010-10-28 15:21 . 2010-10-28 15:22 73728 ----a-w- c:\Windows\system32\javacpl.cpl
2010-10-28 15:21 . 2010-10-28 15:22 472808 ----a-w- c:\Windows\system32\deployJava1.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-09-16 5724184]
"Google Update"="c:\documents and settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-09-07 136176]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\Windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\Windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\Windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\Windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows nt\currentversion\winlogon\notify\ GbPluginBb]
2010-12-03 11:56 351008 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Prof Francisco\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Arquivos de programas\\Google\\Google Earth\\plugin\\geplugin.exe"=

R0 GbpKm;Gbp KernelMode;c:\Windows\system32\drivers\gbpkm.sys [28/9/2010 12:01 47008]
R2 cpuz134;cpuz134;c:\Windows\system32\drivers\cpuz134_x32.sys [9/12/2010 15:48 20328]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [28/9/2010 12:01 55072]
R2 regi;regi;c:\Windows\system32\drivers\regi.sys [3/1/2007 11:19 11032]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [24/9/2010 09:28 136176]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-12-19 c:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-24 12:28]

2010-12-18 c:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-24 12:28]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: {BFE32563-60FE-41A6-AD7C-857A63165F7D} = 10.15.0.1,208.62.222.222
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-hpqSRMon - (no file)
HKLM-Run-c:\docume~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe - c:\docume~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-19 10:28
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\arquivos de programas\GbPlugin\gbieh.dll

- - - - - - - > 'explorer.exe'(2036)
c:\Windows\system32\WININET.dll
c:\Windows\system32\webcheck.dll
c:\arquivos de programas\GbPlugin\gbieh.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\Windows\SOUNDMAN.EXE
c:\Windows\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-12-19 10:31:45 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-12-19 13:31

Pré-execução: 4 pasta(s) 19.834.179.584 bytes disponíveis
Pós execução: 7 pasta(s) 20.447.076.352 bytes disponíveis

- - End Of File - - 87F704BFC93F013BB0D4384D5AE5FEFF

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:19, on 19/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxpers.exe
C:\Windows\SOUNDMAN.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Windows\system32\wscntfy.exe
C:\Windows\explorer.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Windows\system32\ctfmon.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsof...ss/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Micros...b?1289002397546
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFE32563-60FE-41A6-AD7C-857A63165F7D}: NameServer = 10.15.0.1,208.62.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 7386 bytes




#6 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 64594 mensagens

Publicado 19 December 2010 - 02:46 PM

Ok, o PC está limpo (Y)
Finalizando.......
Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do Sistema limpo.
Clique com o botão direito do mouse em cima do MEU COMPUTADOR/ Propiedades/ Restauração do Sistema/ marque Desativar Restauração do Sistema/ Aplicar > OK.
Depois desmarque novamente. Aplicar > OK.


MillionMPV.gif

#7 oninot    

oninot
  • Participante
  • 72 mensagens

Publicado 28 December 2010 - 10:34 AM

Olá, amigo! em primeiro lugar gostaria de pedir desculpas pela demora em responder, é que eu precisei viajar.
bem vamos ao que interessa.
Primeiro, não consegui desinstalar o combofix, pois quando tentei ele reiniciou o programa.
Segundo minhas pastas continuam como proteção de tela e o pior é que agora eu não consigo mais nem abrir a caixa executar, nem arrastar nem um programa. e apareceu um arquivo esquisito com o nome ct_6$
será que é algum virus

#8 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 64594 mensagens

Publicado 28 December 2010 - 11:35 AM

Primeiro, não consegui desinstalar o combofix, pois quando tentei ele reiniciou o programa.


É assim mesmo.......

Download Norman Malware Cleaner

Siga as instruções.

Poste o resultado juntamente com um novo Log do HijackThis...


MillionMPV.gif

#9 oninot    

oninot
  • Participante
  • 72 mensagens

Publicado 28 December 2010 - 11:31 PM

consegui desinstalar o combofix.
fiz como você solicitou e agora estou postando os logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:41, on 28/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe
C:\Windows\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxpers.exe
C:\Windows\SOUNDMAN.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wscntfy.exe
C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe] C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsof...ss/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Micros...b?1289002397546
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFE32563-60FE-41A6-AD7C-857A63165F7D}: NameServer = 10.15.0.1,208.62.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 8087 bytes

Norman Malware Cleaner
Version 1.8.3
Copyright © 1990 - 2010, Norman ASA. Built 2010/12/27 20:56:57

Norman Scanner Engine Version: 6.06.12
Nvcbin.def Version: 6.06.00, Date: 2010/12/27 20:56:57, Variants: 8525174

Scan started: 2010/12/28 20:49:14

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user: A-4FEF89676B534\Prof Francisco

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Scanning kernel...

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 109ms


Scanning running processes and process memory...

Number of processes/threads found: 3678
Number of processes/threads scanned: 3678
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 5m 5s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Arquivos de programas\Adobe .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Arquivos comuns .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Aurélio - Século XXI .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\AxBx .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\CCleaner .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\ComPlus Applications .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\CPUID .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Diagnostico .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Eset .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\FinalWire .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Foxit Software .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\GbPlugin .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Google .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Hewlett-Packard .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\HP .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\InstallShield Installation Information .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Internet Explorer .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\InterVideo .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Java .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\K-Lite Codec Pack .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Malwarebytes' Anti-Malware .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Messenger .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Microsoft frontpage .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Microsoft Office .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Microsoft Silverlight .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Microsoft Visual Studio .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Microsoft Works .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Movie Maker .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Mozilla Firefox .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\MSBuild .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\MSN Gaming Zone .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\MSXML 4.0 .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Nero .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\NetMeeting .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Outlook Express .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Power Translator Pro .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Serviços on-line .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Terra Networks .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Trend Micro .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Uninstall Information .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Windows Live .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Windows Media Player .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Windows NT .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\WindowsUpdate .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\WinRAR\Default.SFX (Infected with W32/Ardamax.LSM)
Deleted file

C:\Arquivos de programas\WinRAR .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\xerox .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Arquivos de programas\Yahoo! .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Acessibilidade .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Entretenimento .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Aplicativos de programas .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Clean Virus MSN .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\CPUID .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ESET .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\FinalWire .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\GameTop.com\Age Of Emerald .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\GameTop.com .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Earth .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\HijackThis .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\HP .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Silverlight .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Ambiente de impressão .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Ambiente de rede .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Configurações locais\Temp\nen^e3.exe (Infected with W32/Malware.OCYZ)
Removed registry value: HKLM\Software\Microsoft\Windows\CurrentVersion\Run -> C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe = "C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe"
Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe = "C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe:*:Enabled:Windows Update"
Removed registry value: HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe = "C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe:*:Enabled:Windows Update"
Deleted file

C:\Documents and Settings\Prof Francisco\Configurações locais .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Contacts .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Cookies .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Dados de aplicativos .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Desktop\Atalhos não utilizados da área de trabalho .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Desktop\cronogramas do sales .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Desktop\fiChas 06 Sales .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Desktop\IVANILDE .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Desktop\plan. Osmarina .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Desktop .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Favoritos .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\IECompatCache .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\IETldCache .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Menu Iniciar\Programas\Acessórios .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Menu Iniciar\Programas\CCleaner .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Menu Iniciar\Programas\Google Chrome .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Menu Iniciar\Programas .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Menu Iniciar .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Meus documentos .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Modelos .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\PrivacIE .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\Recent .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Documents and Settings\Prof Francisco\SendTo .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\RECYCLER\S-1-5-21-839522115-2077806209-725345543-1003\Dc34.scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\RECYCLER\S-1-5-21-839522115-2077806209-725345543-1003\Dc35.scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\RECYCLER\S-1-5-21-839522115-2077806209-725345543-1003\Dc36.scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$hf_mig$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB2229593$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB898461$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB923561$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB932823-v3$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB946648$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB950760$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB950762$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB950974$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB951376-v2$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB951748$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB952004$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB952069_WM9$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB952287$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB952954$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB954155_WM9$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB955069$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB955759$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB956572$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB956802$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB956803$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB956844$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB958470$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB958644$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB958869$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB959426$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB960803$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB960859$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB961501$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB967715$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB968389$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB969059$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB970238$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB970430$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB971032$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB971468$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB971657$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB971737$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB972270$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB973507$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB973540_WM9L$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB973687$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB973815$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB973869$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB973904$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB974112$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB974318$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB974392$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB974571$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB975025$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB975467$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB975560$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB975561$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB975562$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB975713$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB977816$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB977914$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB978037$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB978338$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB978542$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB978601$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB978695_WM9$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB978706$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB979309$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB979402_WM9L$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB979482$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB979559$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB979683$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB980195$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB980218$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB980232$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\$NtUninstallKB981793$ .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\addins .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\AppPatch .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\assembly .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Config .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Connection Wizard .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Cursors .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Debug .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Downloaded Program Files .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Driver Cache .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\ehome .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\ERDNT .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Fonts .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Help .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\ie8 .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\ie8updates .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\ime .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\inf .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Installer .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\java .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\LastGood .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\LastGood.Tmp .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Media .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Microsoft.NET .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Minidump .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\msagent .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\msapps .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\mui .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Offline Web Pages .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\pchealth .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\PeerNet .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Prefetch .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Provisioning .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Registration .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\repair .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Resources .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\security .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\ServicePackFiles .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\SHELLNEW .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\SoftwareDistribution .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\srchasst .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Sun .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\system .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\system32 .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Tasks .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Temp .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\twain_32 .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\WBEM .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\Web .scr (Infected with W32/Malware.OCYZ)
Deleted file

C:\Windows\WinSxS .scr (Infected with W32/Malware.OCYZ)
Deleted file

Scanning: D:\*.*

D:\backup_DESKTOP\GESTAR II .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\backup_DESKTOP\Grand Theft Auto 3 ( GTA ) .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\backup_DESKTOP .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Desktop .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Dictionaries .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Downloads\Caderno do Futuro - Matemática - 5º Ano .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Downloads\conteudo de matemática .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Downloads\IMposto de renda .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Downloads\Jogos .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Downloads\Músicas variadas .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Downloads\PDF .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Downloads\PROGRAMAS .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Downloads .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Favoritos .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\GTA3 User Files .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\InterVideo .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\mensagens de refrexão .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\MENSAGENS EM PPS .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Meus arquivos recebidos .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Meus vídeos\DivX Movies\Temporary Downloaded Files .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Meus vídeos\DivX Movies .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Meus vídeos .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Minhas imagens\Aniversário da Vitória de Lourdes .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Minhas imagens\BATIZADO DA VITÓRIA DE LOURDES .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Minhas imagens\fotos da Vitória .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Minhas imagens\Fotos diversaas .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Minhas imagens\fotos do celular .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Minhas imagens\fotos para selecionar .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Minhas imagens\Imagem .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Minhas imagens .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\Minhas músicas .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\PROGRAMAS\docProps .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\PROGRAMAS\word .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\PROGRAMAS\_rels .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\PROGRAMAS .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\RECYCLER .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\System Volume Information .scr (Infected with W32/Malware.OCYZ)
Deleted file

D:\ZEFINHA .scr (Infected with W32/Malware.OCYZ)
Deleted file

Scanning: C:\System Volume Information\*.*

Scanning: D:\System Volume Information\*.*

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 197872
Number of archives unpacked: 1450
Number of files scanned: 197870
Number of files not scanned: 2
Number of files skipped due to exclude list: 0
Number of infected files found: 255
Number of infected files repaired/deleted: 255
Number of infections removed: 255
Total scanning time: 2h 29m 43s




#10 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 64594 mensagens

Publicado 29 December 2010 - 10:22 AM

Como está o PC agora ?
MillionMPV.gif