Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    New Attack Recovers RSA Encryption Keys from EM Waves Within Seconds

Featured Deal: Get 98% off The Ultimate IT Certification Training Bundle Deal

Photo

virus found CSRCS.EXE

Started by edson4000 , Nov 23 2009 05:13 PM

  • This topic is locked This topic is locked
1 reply to this topic

#1 edson4000

edson4000

  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:02:56 AM

Posted 23 November 2009 - 05:13 PM

Hi everybody, please help-me

every time that i put my pendrive in my pc, the antivirus avast acuse the virus csrcs.exe, so, i already went to the register and found this and removed it.

but every time that I inicialize the operational system a message is show "cant find csrcs.exe" (something like that)
so, I run the combofix program and it generate this log, please, help-me:

thank you so much

ComboFix 09-11-22.08 - User 23/11/2009 19:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3033.2618 [GMT -3:00]
Executando de: c:\documents and settings\User\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091123-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-23 to 2009-11-23 ))))))))))))))))))))))))))))
.

2009-11-23 22:01 . 2009-11-23 22:01 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-11-23 20:58 . 2009-11-23 20:58 -------- d-----w- c:\arquivos de programas\Microsoft Visual Studio .NET
2009-11-23 20:57 . 2009-11-23 20:59 -------- d-----w- C:\oraclexe
2009-11-23 19:15 . 2009-11-23 19:15 216933372 ----a-w- c:\arquivos de programas\38127_oracle_database_express_edition_10g_release_2.exe
2009-11-22 19:50 . 2009-11-22 19:50 -------- d-----w- c:\arquivos de programas\VS Revo Group
2009-11-22 18:45 . 2009-11-22 18:45 -------- d-----w- c:\windows\Sun
2009-11-21 14:41 . 2009-11-21 14:41 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server
2009-11-21 14:41 . 2009-11-21 14:41 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2009-11-21 14:41 . 2009-11-21 14:41 -------- d-----w- c:\arquivos de programas\Microsoft Synchronization Services
2009-11-21 14:41 . 2009-11-21 14:41 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition
2009-11-21 14:41 . 2009-11-21 14:41 187328 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
2009-11-21 14:40 . 2009-11-21 14:40 416 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-11-21 14:39 . 2009-11-21 14:41 -------- d-----w- c:\arquivos de programas\Microsoft Visual Studio 9.0
2009-11-21 14:39 . 2009-11-21 14:39 -------- d-----w- c:\arquivos de programas\Microsoft.NET
2009-11-21 14:39 . 2009-11-21 14:39 -------- d-----w- c:\arquivos de programas\Microsoft SDKs
2009-11-21 14:38 . 2009-11-21 14:38 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-21 14:38 . 2009-11-21 14:38 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2009-11-21 14:38 . 2009-11-21 14:38 -------- d-----w- C:\f7b175f8ad51cb1a50e43c142df15f99
2009-11-21 14:38 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-21 14:38 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-21 14:38 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-21 14:38 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-21 14:38 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-21 14:38 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-21 14:38 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-20 03:31 . 2009-11-20 03:31 2729464 ----a-w- c:\arquivos de programas\vbsetup.exe
2009-11-20 03:30 . 2009-11-20 03:31 2714112 ----a-w- c:\arquivos de programas\vcssetup.exe
2009-11-14 13:13 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-11-14 13:13 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-11-14 13:13 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-11-14 13:13 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-11-14 13:13 . 2008-04-13 14:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-14 13:13 . 2008-04-13 14:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-14 13:13 . 2008-04-13 14:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-11-14 13:13 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-07 21:59 . 2009-11-23 20:00 -------- d-----w- c:\documents and settings\User\Tracing
2009-11-07 21:57 . 2009-11-07 21:57 -------- d-----w- c:\arquivos de programas\Microsoft
2009-11-07 21:56 . 2009-11-07 21:56 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2009-11-07 21:56 . 2009-11-07 21:57 -------- d-----w- c:\arquivos de programas\Windows Live
2009-11-07 21:50 . 2009-11-07 21:50 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2009-11-07 21:45 . 2009-11-07 21:45 -------- d-----w- c:\arquivos de programas\MSXML 4.0
2009-11-07 21:04 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-11-07 21:03 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-11-07 21:01 . 2009-08-05 01:57 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-11-07 21:01 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-11-07 21:01 . 2009-08-04 17:27 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-07 21:01 . 2009-06-25 08:27 732672 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-11-07 21:01 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-11-07 21:01 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-11-07 21:01 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-11-07 21:01 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-11-07 21:01 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-11-07 21:01 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-11-07 21:01 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-11-07 21:01 . 2009-08-04 17:27 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-11-07 21:00 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-11-07 21:00 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-11-07 20:59 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-07 20:59 . 2008-09-04 17:16 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-11-07 20:59 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-11-07 20:59 . 2008-05-01 14:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-11-07 20:58 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-11-07 20:58 . 2009-08-13 15:21 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2009-11-07 20:58 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2009-11-07 20:58 . 2008-05-09 10:55 430080 -c----w- c:\windows\system32\dllcache\vbscript.dll
2009-11-07 20:58 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2009-11-07 20:58 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2009-11-07 20:58 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2009-11-07 20:58 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2009-11-07 20:58 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-11-07 20:58 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-11-07 20:53 . 2008-10-16 17:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-11-07 20:47 . 2004-08-04 03:45 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-11-07 20:39 . 2008-04-13 22:20 32285 ------w- c:\windows\system32\hsfcisp2.dll
2009-11-07 20:38 . 2009-11-07 20:40 -------- d-----w- c:\windows\ServicePackFiles
2009-11-07 20:28 . 2009-11-07 20:28 -------- d-----w- C:\Tools
2009-11-07 19:27 . 2009-11-07 19:27 -------- d-----w- c:\windows\system32\Adobe
2009-11-07 19:23 . 2009-11-07 19:24 1962544 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-11-07 19:23 . 2009-11-07 20:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NOS
2009-11-07 19:22 . 2009-11-20 03:33 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\LimeWire
2009-11-07 19:22 . 2009-11-07 19:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-07 19:22 . 2009-11-07 19:22 -------- d-----w- c:\arquivos de programas\Java
2009-11-07 19:22 . 2009-11-07 19:22 152576 ----a-w- c:\documents and settings\User\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-07 19:20 . 2009-11-07 19:20 -------- d-----w- c:\arquivos de programas\LimeWire
2009-11-07 19:19 . 2009-11-07 19:19 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\TeamViewer
2009-11-07 19:19 . 2009-11-07 19:19 -------- d-----w- c:\arquivos de programas\TeamViewer
2009-11-07 19:19 . 2009-11-07 19:19 -------- d-----w- c:\documents and settings\User\temp
2009-11-07 19:19 . 2009-11-07 19:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-11-07 19:19 . 2009-11-07 19:19 -------- d-----w- c:\arquivos de programas\DVD Shrink
2009-11-07 19:15 . 2009-11-07 21:43 -------- d-----w- c:\windows\system32\pt-br
2009-11-07 19:13 . 2009-11-07 22:07 -------- d--h--w- c:\windows\$hf_mig$
2009-11-07 19:11 . 2008-04-13 22:20 26624 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-11-07 19:11 . 2009-11-07 19:11 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2
2009-11-07 19:10 . 2009-11-07 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-11-07 19:10 . 2009-11-07 19:10 -------- d-----w- c:\windows\system32\LogFiles
2009-11-07 19:01 . 2009-11-23 17:50 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\CyberLink
2009-11-07 19:00 . 2009-11-23 17:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-23 21:08 . 2009-11-07 18:24 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-11-23 20:59 . 2009-11-07 18:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-11-23 20:57 . 2009-11-07 18:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2009-11-21 15:05 . 2009-11-07 18:56 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware
2009-11-21 14:39 . 2001-10-28 13:07 80464 ----a-w- c:\windows\system32\perfc016.dat
2009-11-21 14:39 . 2001-10-28 13:07 473672 ----a-w- c:\windows\system32\perfh016.dat
2009-11-21 14:38 . 2009-11-07 18:21 -------- d-----w- c:\arquivos de programas\MSBuild
2009-11-07 22:12 . 2009-11-07 18:21 -------- d-----w- c:\arquivos de programas\Microsoft Works
2009-11-07 20:40 . 2009-11-07 18:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-07 19:09 . 2009-11-07 19:09 2232 ----a-w- c:\windows\java\Packages\Data\JBXRHVFZ.DAT
2009-11-07 19:09 . 2009-11-07 19:09 155995 ----a-w- c:\windows\java\Packages\3VVNLNZZ.ZIP
2009-11-07 19:09 . 2009-11-07 19:09 2678 ----a-w- c:\windows\java\Packages\Data\GLVP3F35.DAT
2009-11-07 19:09 . 2009-11-07 19:09 2678 ----a-w- c:\windows\java\Packages\Data\S931J1N9.DAT
2009-11-07 19:09 . 2009-11-07 19:09 2678 ----a-w- c:\windows\java\Packages\Data\MLBVP3JR.DAT
2009-11-07 19:09 . 2009-11-07 19:09 2678 ----a-w- c:\windows\java\Packages\Data\GVLRXVDR.DAT
2009-11-07 19:09 . 2009-11-07 19:09 2678 ----a-w- c:\windows\java\Packages\Data\3ZB79337.DAT
2009-11-07 18:59 . 2009-11-07 18:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WinZip
2009-11-07 18:58 . 2009-11-07 18:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-11-07 18:57 . 2009-11-07 18:57 117760 ----a-w- c:\documents and settings\User\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-07 18:56 . 2009-11-07 18:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com
2009-11-07 18:56 . 2009-11-07 18:56 -------- d-----w- c:\documents and settings\User\Dados de aplicativos\SUPERAntiSpyware.com
2009-11-07 18:56 . 2009-11-07 18:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2009-09-11 14:19 . 2004-08-04 03:45 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:29 . 2004-08-04 03:45 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:29 . 2004-08-04 03:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:29 . 2004-08-04 03:45 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:01 . 2004-08-04 03:45 247326 ----a-w- c:\windows\system32\strmdll.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-11-07 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-23 18077696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 17:21 548352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\TeamViewer\\Version4\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/11/2009 15:52 114768]
R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 20:24 9968]
R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 20:24 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/11/2009 15:52 20560]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 00:49 204800]
S3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 20:24 7408]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 19:54
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3604)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2009-11-23 19:55
ComboFix-quarantined-files.txt 2009-11-23 22:55

Pré-execução: 9 pasta(s) 486.315.294.720 bytes disponíveis
Pós execução: 12 pasta(s) 486.342.799.360 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 839669E46F49915080492E3473D83B1F

BC AdBot (Login to Remove)

 

#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,338 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:12:56 AM

Posted 23 November 2009 - 05:36 PM

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM a Moderator.
The BC Staff/Animal

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+
Back to Windows XP Home and Professional


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Microsoft Windows Support
  3. Windows XP Home and Professional
  4. Privacy Policy
  5. Rules ·