Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
oninot

pastas de arquivo viraram proteção de tela

14 posts neste tópico

coloquei um pendrive infectado em meu PC e logo em seguida tadas as minhas pastas viraram proteção de tela. agora em lugar de abrir, aparece o nome testar o arquivo.

e o que é mais curioso toadas as pastas tem o mesmo tamanho.Já fiz todos os procedimentos pedidos, segue meu log para análise:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:01:42, on 17/12/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Windows\System32\svchost.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\hkcmd.exe

C:\Windows\system32\igfxpers.exe

C:\Windows\SOUNDMAN.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Windows\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Windows\System32\alg.exe

C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe

C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.Microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxtray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [updateReminder] C:\Arquivos de programas\Eset\UpdateReminder.exe

O4 - HKLM\..\Run: [C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe] C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Micros...b?1289002397546

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BFE32563-60FE-41A6-AD7C-857A63165F7D}: NameServer = 10.15.0.1,208.62.222.222

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

--

End of file - 8929 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:25:19, on 18/12/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Windows\System32\svchost.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\hkcmd.exe

C:\Windows\system32\igfxpers.exe

C:\Windows\SOUNDMAN.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Windows\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Windows\system32\wscntfy.exe

C:\Windows\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.Microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxtray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [updateReminder] C:\Arquivos de programas\Eset\UpdateReminder.exe

O4 - HKLM\..\Run: [C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe] C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289002397546

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BFE32563-60FE-41A6-AD7C-857A63165F7D}: NameServer = 10.15.0.1,208.62.222.222

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

--

End of file - 8742 bytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versão da Base de Dados: 4052

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

18/12/2010 00:15:39

mbam-log-2010-12-18 (00-15-39).txt

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 118318

Tempo decorrido: 16 minuto(s), 7 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 3

Pastas Infectadas: 0

Arquivos Infectados: 1

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

C:\Windows\$NtUninstallKB960803$ .scr (Trojan.Agent) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Faça o download do ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

Dê um duplo-clique no combofix.exe, tecle 1 e em seguida Enter para prosseguir o Fix. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz conforme solicitado, e agira estou postando os logs.

ComboFix 10-12-18.02 - Prof Francisco 19/12/2010 10:18:24.1.1 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1014.823 [GMT -3:00]

Executando de: c:\documents and settings\Prof Francisco\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA não tem O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

ADS - drivers: deleted 204 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Prof Francisco\Menu Iniciar\Programas .scr

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_USNJSVC

-------\Service_usnjsvc

(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-19 to 2010-12-19 ))))))))))))))))))))))))))))

.

2010-12-17 19:01 . 2010-12-17 19:01 -------- d-sh--r- c:\arquivos de programas\Trend Micro

2010-12-17 18:28 . 2010-12-15 16:05 418304 ------w- c:\Windows\msagent .scr

2010-12-17 18:26 . 2010-12-15 16:05 418304 ------w- c:\arquivos de programas\xerox .scr

2010-12-12 19:17 . 2010-12-17 18:50 -------- d-----w- c:\documents and settings\Prof Francisco\Dados de aplicativos\Media Player Classic

2010-12-09 19:34 . 2010-12-09 19:34 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2010-12-09 18:48 . 2010-07-09 16:18 20328 ----a-w- c:\Windows\system32\drivers\cpuz134_x32.sys

2010-12-09 18:48 . 2010-12-09 18:48 -------- d-sh--r- c:\arquivos de programas\CPUID

2010-12-09 18:37 . 2010-12-09 18:37 -------- d-sh--r- c:\arquivos de programas\FinalWire

2010-12-04 10:47 . 2010-12-04 10:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-15 16:05 . 2005-01-01 03:10 418304 ------w- c:\arquivos de programas\Trend Micro .scr

2010-12-03 11:57 . 2010-09-28 15:01 47008 ----a-w- c:\Windows\system32\drivers\gbpkm.sys

2010-10-28 15:21 . 2010-10-28 15:22 73728 ----a-w- c:\Windows\system32\javacpl.cpl

2010-10-28 15:21 . 2010-10-28 15:22 472808 ----a-w- c:\Windows\system32\deployJava1.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-09-16 5724184]

"Google Update"="c:\documents and settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-09-07 136176]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\Windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\Windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\Windows\system32\igfxpers.exe" [2005-09-20 114688]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\Windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-12-03 11:56 351008 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Documents and Settings\\Prof Francisco\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Google\\Google Earth\\plugin\\geplugin.exe"=

R0 GbpKm;Gbp KernelMode;c:\Windows\system32\drivers\gbpkm.sys [28/9/2010 12:01 47008]

R2 cpuz134;cpuz134;c:\Windows\system32\drivers\cpuz134_x32.sys [9/12/2010 15:48 20328]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [28/9/2010 12:01 55072]

R2 regi;regi;c:\Windows\system32\drivers\regi.sys [3/1/2007 11:19 11032]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [24/9/2010 09:28 136176]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-12-19 c:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-24 12:28]

2010-12-18 c:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-24 12:28]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: {BFE32563-60FE-41A6-AD7C-857A63165F7D} = 10.15.0.1,208.62.222.222

.

- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-hpqSRMon - (no file)

HKLM-Run-c:\docume~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe - c:\docume~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-19 10:28

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(720)

c:\arquivos de programas\GbPlugin\gbieh.dll

- - - - - - - > 'explorer.exe'(2036)

c:\Windows\system32\WININET.dll

c:\Windows\system32\webcheck.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\Windows\SOUNDMAN.EXE

c:\Windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-12-19 10:31:45 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-12-19 13:31

Pré-execução: 4 pasta(s) 19.834.179.584 bytes disponíveis

Pós execução: 7 pasta(s) 20.447.076.352 bytes disponíveis

- - End Of File - - 87F704BFC93F013BB0D4384D5AE5FEFF

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:46:19, on 19/12/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\hkcmd.exe

C:\Windows\system32\igfxpers.exe

C:\Windows\SOUNDMAN.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Windows\system32\wscntfy.exe

C:\Windows\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Windows\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxtray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289002397546

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BFE32563-60FE-41A6-AD7C-857A63165F7D}: NameServer = 10.15.0.1,208.62.222.222

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--

End of file - 7386 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo (Y)

Finalizando.......

Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do Sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR/ Propiedades/ Restauração do Sistema/ marque Desativar Restauração do Sistema/ Aplicar > OK.

Depois desmarque novamente. Aplicar > OK.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, amigo! em primeiro lugar gostaria de pedir desculpas pela demora em responder, é que eu precisei viajar.

bem vamos ao que interessa.

Primeiro, não consegui desinstalar o combofix, pois quando tentei ele reiniciou o programa.

Segundo minhas pastas continuam como proteção de tela e o pior é que agora eu não consigo mais nem abrir a caixa executar, nem arrastar nem um programa. e apareceu um arquivo esquisito com o nome ct_6$

será que é algum virus

Compartilhar este post


Link para o post
Compartilhar em outros sites

consegui desinstalar o combofix.

fiz como você solicitou e agora estou postando os logs.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:26:41, on 28/12/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe

C:\Windows\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\hkcmd.exe

C:\Windows\system32\igfxpers.exe

C:\Windows\SOUNDMAN.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\wscntfy.exe

C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxtray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe] C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Prof Francisco\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289002397546

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BFE32563-60FE-41A6-AD7C-857A63165F7D}: NameServer = 10.15.0.1,208.62.222.222

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--

End of file - 8087 bytes

Norman Malware Cleaner

Version 1.8.3

Copyright © 1990 - 2010, Norman ASA. Built 2010/12/27 20:56:57

Norman Scanner Engine Version: 6.06.12

Nvcbin.def Version: 6.06.00, Date: 2010/12/27 20:56:57, Variants: 8525174

Scan started: 2010/12/28 20:49:14

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2

Logged on user: A-4FEF89676B534\Prof Francisco

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Scanning kernel...

Kernel scan complete

Scanning bootsectors...

Number of sectors found: 1

Number of sectors scanned: 1

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s 109ms

Scanning running processes and process memory...

Number of processes/threads found: 3678

Number of processes/threads scanned: 3678

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 5m 5s

Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Arquivos de programas\Adobe .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Arquivos comuns .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Aurélio - Século XXI .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\AxBx .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\CCleaner .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\ComPlus Applications .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\CPUID .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Diagnostico .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Eset .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\FinalWire .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Foxit Software .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\GbPlugin .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Google .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Hewlett-Packard .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\HP .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\InstallShield Installation Information .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Internet Explorer .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\InterVideo .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Java .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\K-Lite Codec Pack .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Malwarebytes' Anti-Malware .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Messenger .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Microsoft frontpage .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Microsoft Office .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Microsoft Silverlight .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Microsoft Visual Studio .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Microsoft Works .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Movie Maker .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Mozilla Firefox .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\MSBuild .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\MSN Gaming Zone .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\MSXML 4.0 .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Nero .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\NetMeeting .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Outlook Express .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Power Translator Pro .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Serviços on-line .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Terra Networks .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Trend Micro .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Uninstall Information .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Windows Live .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Windows Media Player .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Windows NT .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\WindowsUpdate .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\WinRAR\Default.SFX (Infected with W32/Ardamax.LSM)

Deleted file

C:\Arquivos de programas\WinRAR .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\xerox .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Arquivos de programas\Yahoo! .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Acessibilidade .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Entretenimento .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Aplicativos de programas .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Clean Virus MSN .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\CPUID .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ESET .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\FinalWire .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\GameTop.com\Age Of Emerald .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\GameTop.com .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Earth .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\HijackThis .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\HP .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Silverlight .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Ambiente de impressão .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Ambiente de rede .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Configurações locais\Temp\nen^e3.exe (Infected with W32/Malware.OCYZ)

Removed registry value: HKLM\Software\Microsoft\Windows\CurrentVersion\Run -> C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe = "C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe"

Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe = "C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe:*:Enabled:Windows Update"

Removed registry value: HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe = "C:\DOCUME~1\PROFFR~1\CONFIG~1\Temp\nen^e3.exe:*:Enabled:Windows Update"

Deleted file

C:\Documents and Settings\Prof Francisco\Configurações locais .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Contacts .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Cookies .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Dados de aplicativos .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Desktop\Atalhos não utilizados da área de trabalho .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Desktop\cronogramas do sales .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Desktop\fiChas 06 Sales .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Desktop\IVANILDE .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Desktop\plan. Osmarina .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Desktop .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Favoritos .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\IECompatCache .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\IETldCache .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Menu Iniciar\Programas\Acessórios .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Menu Iniciar\Programas\CCleaner .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Menu Iniciar\Programas\Google Chrome .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Menu Iniciar\Programas .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Menu Iniciar .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Meus documentos .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Modelos .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\PrivacIE .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\Recent .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Documents and Settings\Prof Francisco\SendTo .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\RECYCLER\S-1-5-21-839522115-2077806209-725345543-1003\Dc34.scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\RECYCLER\S-1-5-21-839522115-2077806209-725345543-1003\Dc35.scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\RECYCLER\S-1-5-21-839522115-2077806209-725345543-1003\Dc36.scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$hf_mig$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB2229593$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB898461$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB923561$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB932823-v3$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB946648$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB950760$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB950762$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB950974$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB951376-v2$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB951748$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB952004$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB952069_WM9$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB952287$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB952954$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB954155_WM9$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB955069$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB955759$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB956572$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB956802$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB956803$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB956844$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB958470$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB958644$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB958869$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB959426$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB960803$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB960859$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB961501$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB967715$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB968389$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB969059$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB970238$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB970430$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB971032$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB971468$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB971657$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB971737$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB972270$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB973507$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB973540_WM9L$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB973687$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB973815$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB973869$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB973904$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB974112$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB974318$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB974392$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB974571$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB975025$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB975467$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB975560$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB975561$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB975562$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB975713$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB977816$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB977914$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB978037$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB978338$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB978542$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB978601$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB978695_WM9$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB978706$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB979309$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB979402_WM9L$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB979482$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB979559$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB979683$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB980195$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB980218$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB980232$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\$NtUninstallKB981793$ .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\addins .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\AppPatch .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\assembly .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Config .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Connection Wizard .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Cursors .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Debug .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Downloaded Program Files .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Driver Cache .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\ehome .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\ERDNT .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Fonts .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Help .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\ie8 .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\ie8updates .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\ime .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\inf .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Installer .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\java .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\LastGood .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\LastGood.Tmp .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Media .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Microsoft.NET .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Minidump .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\msagent .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\msapps .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\mui .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Offline Web Pages .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\pchealth .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\PeerNet .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Prefetch .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Provisioning .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Registration .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\repair .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Resources .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\security .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\ServicePackFiles .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\SHELLNEW .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\SoftwareDistribution .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\srchasst .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Sun .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\system .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\system32 .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Tasks .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Temp .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\twain_32 .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\WBEM .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\Web .scr (Infected with W32/Malware.OCYZ)

Deleted file

C:\Windows\WinSxS .scr (Infected with W32/Malware.OCYZ)

Deleted file

Scanning: D:\*.*

D:\backup_DESKTOP\GESTAR II .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\backup_DESKTOP\Grand Theft Auto 3 ( GTA ) .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\backup_DESKTOP .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Desktop .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Dictionaries .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads\Caderno do Futuro - Matemática - 5º Ano .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads\conteudo de matemática .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads\IMposto de renda .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads\Jogos .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads\Músicas variadas .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads\PDF .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads\PROGRAMAS .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Downloads .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Favoritos .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\GTA3 User Files .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\InterVideo .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\mensagens de refrexão .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\MENSAGENS EM PPS .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Meus arquivos recebidos .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Meus vídeos\DivX Movies\Temporary Downloaded Files .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Meus vídeos\DivX Movies .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Meus vídeos .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens\Aniversário da Vitória de Lourdes .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens\BATIZADO DA VITÓRIA DE LOURDES .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens\fotos da Vitória .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens\Fotos diversaas .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens\fotos do celular .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens\fotos para selecionar .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens\Imagem .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas imagens .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\Minhas músicas .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\PROGRAMAS\docProps .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\PROGRAMAS\word .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\PROGRAMAS\_rels .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\PROGRAMAS .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\RECYCLER .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\System Volume Information .scr (Infected with W32/Malware.OCYZ)

Deleted file

D:\ZEFINHA .scr (Infected with W32/Malware.OCYZ)

Deleted file

Scanning: C:\System Volume Information\*.*

Scanning: D:\System Volume Information\*.*

Scanning: postscan

Running post-scan cleanup routine:

Number of files found: 197872

Number of archives unpacked: 1450

Number of files scanned: 197870

Number of files not scanned: 2

Number of files skipped due to exclude list: 0

Number of infected files found: 255

Number of infected files repaired/deleted: 255

Number of infections removed: 255

Total scanning time: 2h 29m 43s

Compartilhar este post


Link para o post
Compartilhar em outros sites

O desempenho melhorou 100%, mas todos os arquivos do disco D continuam como proteção de tela e a caixa executar continua sem abrir.

Valeu cara. Sem sua ajuda eu não teria limpado meu PC. Muito obrigado.

Se tiver como excluir essa proteção de tela me avise. Mais uma vez obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Quer postar a sua dúvida? Cadastre-se pois é rápido e fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora
Esse tópico é útil para você?
Então compartilhe e ajude outros internautas!
Entre para seguir isso  
Seguidores 0

  • NOVIDADES DO SITE BABOO

  • Posts

    • Ola... Formatei meu note com o Windows 10 por um pendriver mas ele veio sem audio. Isso não é novidade pq em outras vezes que formatei ele tbem ficou sem audio. Não lembro o que eu fiz para o audio voltar . Eu ja instalei os drivers de audio do site do fabricante,ja rodei o programa slim drivers e ja instalei o driver universal de audio e não deu resultado. Como  proceder para o audio voltar? waleuu
    • Pessoal     Tenho uma pasta que eu mesmo criei, mas quando vou gravar com alguns programas, não todos, exibe a mensagem   Unable to write to   <diretorio que criei>   E isto não acontece somente nesta pasta , acontece em outros de forma esporádica        Já tentei olha a Segurança da Pasta , mas não entendo nada    
    • Ok. As filtragens seriam: Eu preciso a coluna B que é de data de ocorrência(filtro de intervalo, ex: de 01/02/2017 até 30/02/2017), filtro D que é de setor notificado e filtro da coluna AH(remover as células que contém "Cancelada". Essas informações estão nas imagens acima. Os 3 filtros serão realizados ao mesmo tempo. Baixei a planilha da nuvem e vou anexar aqui(Somente a aba "Banco de Dados". Qual resultado que eu espero? Depois de fazer os 3 tipos de filtros, contabilizar as informações por meio da fórmula que eu não sei como elaborar. A fórmula deve ignorar as informações das células filtradas/ocultas. Pasta1.xlsx
    • Disponibilize uma amostra do seu arquivo pois em imagens não é possível realizar testes. No arquivo mande somente a planilha na qual você quer aplicar a contagem (me parece que é a planilha "Banco de Dados"), indique qual o resultado esperado e explique com exatidão o que são "algumas filtragens". Ajudaria se você colocasse duas vias da planilha, uma com "algumas filtragens" aplicadas e outra sem.
    • 1. Desabilite o seu Antivírus e AntiSpyware para não haver conflitos e Mantenha-os desativados até terminar as instruções. 2. Faça download do Zoek e execute-o. 3. Copie as linhas abaixo (selecione-as e tecle CTRL+C) e cole (CTRL+V) no espaço do Zoek: createsrpoint;
      autoclean;
      resetieproxy;
      resethosts;
      iedefaults;
      chrdefaults;
      emptyCHRcache;
      ffdefaults;
      firefoxlook;
      emptyalltemp;
      shortcutfix; 4. Feche todos os navegadores e clique em Run Script: Durante o Scan a mensagem abaixo será apresentada. Seja paciente e aguarde o término da execução do script pois a análise pode demorar alguns minutos.. 5. Caso seja solicitada a reinicialização do computador, faça isso clicando em OK 6.  O Zoek abrirá uma janela com o resultado da análise. Poste o conteúdo dessa janela e também um novo Log do HijackThis.
    •   Boa Noite, # AdwCleaner v6.043 - Relatório criado 23/02/2017 às 20:19:40
      # Atualizado em 27/01/2017 por Malwarebytes
      # Banco de dados : 2017-02-23.4 [Servidor]
      # Sistema operacional : Windows 10 Home Single Language  (X64)
      # Usuário : Antonio - NOTECASA
      # Executando de : C:\Users\Antonio\Desktop\AdwCleaner.exe
      # Modo: Limpo
      # Apoio : https://www.malwarebytes.com/support ***** [ Serviços ] ***** ***** [ Pastas ] ***** ***** [ Arquivos ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Atalhos ] ***** ***** [ Atividades agendadas ] ***** ***** [ Registro ] ***** [-] Chave excluída:HKU\S-1-5-21-1854858768-2379830173-2305500913-1001\Software\Conduit
      [#] Chave excluída na reinicialização:HKCU\Software\Conduit
      [#] Chave excluída na reinicialização:[x64] HKCU\Software\Conduit
      ***** [ Verificando navegadores ... ] ***** ************************* :: Chaves "Tracing" excluídas
      :: Configurações Winsock restauradas ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1299 Bytes] - [02/11/2016 14:10:50]
      C:\AdwCleaner\AdwCleaner[C2].txt - [1448 Bytes] - [06/11/2016 11:23:12]
      C:\AdwCleaner\AdwCleaner[C3].txt - [1777 Bytes] - [28/11/2016 11:25:03]
      C:\AdwCleaner\AdwCleaner[C4].txt - [1676 Bytes] - [12/01/2017 08:43:15]
      C:\AdwCleaner\AdwCleaner[C5].txt - [1329 Bytes] - [23/02/2017 20:19:40]
      C:\AdwCleaner\AdwCleaner[S0].txt - [1270 Bytes] - [30/09/2016 20:56:41]
      C:\AdwCleaner\AdwCleaner[S1].txt - [1352 Bytes] - [02/11/2016 14:10:20]
      C:\AdwCleaner\AdwCleaner[S2].txt - [1500 Bytes] - [06/11/2016 11:22:36]
      C:\AdwCleaner\AdwCleaner[S3].txt - [1728 Bytes] - [12/01/2017 08:42:36]
      C:\AdwCleaner\AdwCleaner[S4].txt - [2035 Bytes] - [23/02/2017 20:18:59] ########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [1767 Bytes] ##########
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.0 (12.05.2016)
      Operating System: Windows 10 Home Single Language x64 
      Ran by Antonio (Administrator) on 23/02/2017 at 20:28:57,62
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      File System: 0 
      Registry: 0  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 23/02/2017 at 20:47:57,05
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 21:14:46, on 23/02/2017
      Platform: Unknown Windows (WinNT 6.02.1008)
      MSIE: Internet Explorer v11.0 (11.00.14393.0000)
      Boot mode: Normal Running processes:
      C:\PROGRA~2\GbPlugin\GbpSv.exe
      C:\Program Files\AVAST Software\Avast\AvastUI.exe
      C:\Windows\SysWOW64\ctfmon.exe
      C:\Users\Antonio\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
      O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
      O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
      O4 - Startup: AutorunsDisabled
      O4 - Global Startup: AutorunsDisabled
      O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
      O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
      O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: imagem.caixa.gov.br
      O15 - Trusted Zone: internetbanking.caixa.gov.br
      O15 - Trusted Zone: internetbankingpf.caixa.gov.br
      O15 - Trusted Zone: www.caixa.gov.br
      O15 - Trusted Zone: http://www.caixa.gov.br
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
      O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
      O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
      O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
      O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
      O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
      O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
      O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
      O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
      O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
      O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
      O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe --
      End of file - 11425 bytes
       
    • Eu vi algumas coisas na internet, gente falando que com subtotal daria para fazer. Mas eu não conheço a fórmula. Estou com dificuldades para formular. Essas duas imagens que anexei aqui mostram minha planilha. O que eu preciso é o seguinte: eu preciso que a célula AK2 conte quantas vezes o valor "Prescrição" aparece no intervalo J:J. Só que eu preciso fazer algumas filtragens antes de realizar a contagem e aí que está minha dificuldades. A fórmula que solucionará meus problemas deve ignorar células ocultas. Se puder me ajudar a formular a fórmula ficarei muito grato.
    • Mas eu executei os dois e melhorou.....agora está intermitente
    • Boa noite Tenho um desktop em casa que tem uns 7 anos, e ele tem apenas DDR2 2gb de memória ram. Estou querendo aumentar. Tem um pente da Kingston KVR800D2N6/2G 2gb (channel single) Para isso tenho que colocar a mesma que já está no computador ou pode ser outra? Obrigada
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.