SCF Portal Stats

Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43438
  • Total Topics: 16532
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 2928
Total: 2931









« previous next »
Pages: [1] 2

Author Topic: Pendrive Autorun Menu  (Read 13201 times)

0 Members and 2 Guests are viewing this topic.

Duar97

  • SCF Member
  • **
  • Posts: 43
  • KARMA: 7
Pendrive Autorun Menu
« on: 08. October 2011., 12:57:08 »
Hi guys...

I have some corrupted entrys in the autorun menu that pops-up when i plug a pendrive...
And I was wondering if you know how to remove those entrys.

Regards, Duar97
Logged

Samker's Computer Forum - SCforum.info

Pendrive Autorun Menu
« on: 08. October 2011., 12:57:08 »

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Pendrive Autorun Menu (corrupted entrys in the autorun menu that pops-up...)
« Reply #1 on: 08. October 2011., 15:50:29 »
Quote from: Duar97 on 08. October 2011., 12:57:08
Hi guys...

I have some corrupted entrys in the autorun menu that pops-up when i plug a pendrive...
And I was wondering if you know how to remove those entrys.

Regards, Duar97

Of course D. that We'll help you.  ;)


For the start We need to check is your PC infected with some Malware.

Please follow my next instructions and provide us results, ASAP:

1. Run BitDefender or Panda Online AntiVirus Scan: http://scforum.info/index.php/topic,734.0.html

2. Download & run HijackThis: http://scforum.info/index.php/topic,785.0.html

3. Provide us logs from HijackThis & AntiVirus Online Scan


I'll wait your reply (with logs).

Regards,

Samker
Logged

Duar97

  • SCF Member
  • **
  • Posts: 43
  • KARMA: 7
Re: Pendrive Autorun Menu
« Reply #2 on: 08. October 2011., 17:51:46 »
Before I start the scans and that...
I want to be sure that yuo're sure of what menu im talking...
I trust in you but i think that start with scans is a bit... Too much.

Is the menu where appears some options like:
Transfer photos to computer
Play video files
...

Regards Duar97
Logged

jheysen

  • SCF Global Moderator
  • *****
  • Posts: 879
  • KARMA: 121
  • Gender: Male
Re: Pendrive Autorun Menu
« Reply #3 on: 08. October 2011., 18:05:21 »
TuneUp Utilities scan?
Logged

Duar97

  • SCF Member
  • **
  • Posts: 43
  • KARMA: 7
Re: Pendrive Autorun Menu
« Reply #4 on: 08. October 2011., 18:12:11 »
im sorry can you specify?
Logged

Samker's Computer Forum - SCforum.info

Re: Pendrive Autorun Menu
« Reply #4 on: 08. October 2011., 18:12:11 »

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Pendrive Autorun Menu
« Reply #5 on: 08. October 2011., 18:46:38 »
Quote from: Duar97 on 08. October 2011., 17:51:46
Before I start the scans and that...
I want to be sure that yuo're sure of what menu im talking...
I trust in you but i think that start with scans is a bit... Too much.

Is the menu where appears some options like:
Transfer photos to computer
Play video files
...

Regards Duar97




Something like this??

If yes, first of all We need to be sure that some Worm doesn't make troubles...

If no, please provide us some screenshot (or/and error code if you have some?).



Logged

jheysen

  • SCF Global Moderator
  • *****
  • Posts: 879
  • KARMA: 121
  • Gender: Male
Re: Pendrive Autorun Menu
« Reply #6 on: 09. October 2011., 05:54:46 »
Quote from: Duar97 on 08. October 2011., 18:12:11
im sorry can you specify?
Do you have TuneUp Utilities or other windows configuration enchanser or something (like Norton SystemWorks for example)?
If so, then a scan should correct any corrupted autorun entry
Logged

Duar97

  • SCF Member
  • **
  • Posts: 43
  • KARMA: 7
Re: Pendrive Autorun Menu
« Reply #7 on: 09. October 2011., 09:20:36 »
R: Samker yes that window.
R: jheysen yes I use Advanced System Care from IObit (really good one).

Regards, Duar97
Logged

Duar97

  • SCF Member
  • **
  • Posts: 43
  • KARMA: 7
Re: Pendrive Autorun Menu
« Reply #8 on: 09. October 2011., 09:26:30 »
BitDefender log:



QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Data da análise:  Sun Oct 09 09:23:14 2011
ID da máquina: 4C8A3440



Não foram encontradas infecções.
--------------------------------



Processos
---------
             IoctlSvc Application                    2252    C:\WINDOWS\system32\IoctlSvc.exe
            Advanced SystemCare 4 Tray                596    C:\Programas\IObit\Advanced SystemCare 4\ASCTray.exe
            ATI Desktop Component                    1044    C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
            ati2evxx.exe                             1488    C:\WINDOWS\system32\ati2evxx.exe
            COMODO Internet Security                 1844    C:\Programas\COMODO\COMODO Internet Security\cfp.exe
            COMODO Internet Security                 1644    C:\Programas\COMODO\COMODO Internet Security\cmdagent.exe
            Dropbox                                   712    C:\Documents and Settings\ZE CARLOS\Application Data\Dropbox\bin\Dropbox.exe
            Google Chrome                            3668    C:\Programas\Google\Chrome\Application\chrome.exe
            Google Chrome                            3440    C:\Programas\Google\Chrome\Application\chrome.exe
            Google Chrome                            3400    C:\Programas\Google\Chrome\Application\chrome.exe
            Google Chrome                            4020    C:\Programas\Google\Chrome\Application\chrome.exe
            Google Chrome                            3260    C:\Programas\Google\Chrome\Application\chrome.exe
            Google Chrome                            3240    C:\Programas\Google\Chrome\Application\chrome.exe
            Google Chrome                            2628    C:\Programas\Google\Chrome\Application\chrome.exe
            Google Chrome                            1124    C:\Programas\Google\Chrome\Application\chrome.exe
            Google Chrome                            3380    C:\Programas\Google\Chrome\Application\chrome.exe
            Google Chrome                            2284    C:\Programas\Google\Chrome\Application\chrome.exe
            Google Chrome                            2204    C:\Programas\Google\Chrome\Application\chrome.exe
            Google Chrome                            1352    C:\Programas\Google\Chrome\Application\chrome.exe
            Google Update                             280    C:\Programas\Google\Update\1.3.21.69\GoogleCrashHandler.exe
            HP DeskJet                               1148    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
            Java(TM) Platform SE 6 U27               1196    C:\Programas\Java\jre6\bin\jqs.exe
            McAfee Common Framework                  1020    C:\Programas\McAfee\Common Framework\Mctray.exe
            McAfee Common Framework                   980    C:\Programas\McAfee\Common Framework\UdaterUI.exe
            McAfee SiteAdvisor                       1508    C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
            Nalpeiron License Management             2196    C:\WINDOWS\system32\nlssrv32.exe
            SoundMAX Integrated Digital Audio        1984    C:\Programas\Analog Devices\SoundMAX\SMTray.exe
            VirusScan Enterprise                     1312    C:\Programas\McAfee\VirusScan Enterprise\shstat.exe
(verificado) Hewlett-Packard hpotdd01                 1180    C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
(verificado) McAfee Common Framework                   904    C:\Programas\McAfee\Common Framework\FrameworkService.exe
(verificado) McAfee Common Framework                  2224    C:\Programas\McAfee\Common Framework\naPrdMgr.exe
(verificado) Microsoft® Visual Studio .NET            1748    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
(verificado) Microsoft® Windows Live ID               2536    C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
(verificado) Microsoft® Windows Live ID               3716    C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(verificado) Microsoft® Windows® Operating System     2184    C:\WINDOWS\system32\alg.exe
(verificado) Microsoft® Windows® Operating System     1188    C:\WINDOWS\system32\csrss.exe
(verificado) Microsoft® Windows® Operating System      328    C:\WINDOWS\system32\ctfmon.exe
(verificado) Microsoft® Windows® Operating System     1284    C:\WINDOWS\system32\lsass.exe
(verificado) Microsoft® Windows® Operating System     1936    C:\WINDOWS\system32\spoolsv.exe
(verificado) Microsoft® Windows® Operating System     1676    C:\WINDOWS\system32\svchost.exe
(verificado) Microsoft® Windows® Operating System     1792    C:\WINDOWS\system32\svchost.exe
(verificado) Microsoft® Windows® Operating System     1568    C:\WINDOWS\system32\svchost.exe
(verificado) Microsoft® Windows® Operating System     1888    C:\WINDOWS\system32\svchost.exe
(verificado) Microsoft® Windows® Operating System     1504    C:\WINDOWS\system32\svchost.exe
(verificado) Microsoft® Windows® Operating System     2688    C:\WINDOWS\system32\wuauclt.exe
(verificado) Sistema operativo Microsoft® Windows®     728    C:\WINDOWS\explorer.exe
(verificado) Sistema operativo Microsoft® Windows®     256    C:\WINDOWS\system32\rundll32.exe
(verificado) Sistema operativo Microsoft® Windows®    1272    C:\WINDOWS\system32\services.exe
(verificado) Sistema operativo Microsoft® Windows®    1080    C:\WINDOWS\system32\smss.exe
(verificado) Sistema operativo Microsoft® Windows®    3888    C:\WINDOWS\system32\wbem\wmiapsrv.exe
(verificado) Sistema operativo Microsoft® Windows®    1228    C:\WINDOWS\system32\winlogon.exe
(verificado) SoundMAX service agent                   2472    C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
(verificado) VirusScan Enterprise                      324    C:\Programas\McAfee\VirusScan Enterprise\VsTskMgr.exe
(verificado) VSCORE.13.3.2.137.x86                     940    C:\Programas\McAfee\VirusScan Enterprise\Mcshield.exe


Atividade da Rede
-----------------
Processo Dropbox.exe (712) conectado à porta 80 (HTTP) --> 199.47.217.147
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 88.221.69.115
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 173.193.197.53
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 173.193.197.53
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 173.193.197.53
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 173.193.197.53
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 74.125.230.172
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 66.220.146.50
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 66.220.146.50
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 66.220.146.50
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 66.220.146.50
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 66.220.146.50
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 74.125.230.185
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 74.125.230.185
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 74.125.230.185
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 74.125.230.185
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 92.123.165.229
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 92.123.167.139
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 209.85.229.95
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 194.65.2.9
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 194.65.2.26
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 194.65.2.26
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 194.65.2.26
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 194.65.2.26
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 194.65.2.26
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 194.65.2.26
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 69.171.242.40
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 69.171.242.40
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 66.235.142.14
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 74.125.230.164
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 74.125.230.188
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 74.125.230.188
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 194.65.2.27
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 194.65.2.27
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 74.125.230.161
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 74.125.230.166
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 74.125.230.172
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 184.73.184.227
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 66.220.149.48
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 72.21.214.39
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 69.171.229.26
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 69.171.229.26
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 69.171.229.26
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 69.171.229.26
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 69.171.229.26
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 69.171.229.26
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 209.85.229.96
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 2.16.43.55
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 209.85.229.96
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 209.85.229.120
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 87.248.211.228
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 2.16.43.55
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 2.16.43.55
Processo chrome.exe (3260) conectado à porta 80 (HTTP) --> 92.123.164.20
Processo chrome.exe (3260) conectado à porta 443 (HTTP over SSL) --> 209.85.169.132

Processo Dropbox.exe (712) escuta na porta: 17500
Processo svchost.exe (1568) escuta na porta: 135 (RPC)


Autoruns e arquivos críticos
----------------------------
            Advanced SystemCare                      C:\Programas\IObit\Advanced SystemCare 4\AutoCare.exe
            Advanced SystemCare 4 Tray               C:\Programas\IObit\Advanced SystemCare 4\ASCTray.exe
            ATI 2D Component                         C:\WINDOWS\system32\Ati2mdxx.exe
            ATI Desktop Component                    C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
            COMODO Internet Security                 C:\Programas\COMODO\COMODO Internet Security\cfp.exe
            COMODO Internet Security                 C:\WINDOWS\system32\guard32.dll
            Dropbox                                  C:\Documents and Settings\ZE CARLOS\Application Data\Dropbox\bin\Dropbox.exe
            HP DeskJet                               C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
            McAfee Common Framework                  C:\Programas\McAfee\Common Framework\UdaterUI.exe
            PSDrvCheck.exe                           C:\WINDOWS\system32\PSDrvCheck.exe
            Sistema operativo Microsoft® Windows®    C:\WINDOWS\system32\CRYPT32.dll
            SoundMAX Integrated Digital Audio        C:\Programas\Analog Devices\SoundMAX\SMTray.exe
            VirusScan Enterprise                     C:\Programas\McAfee\VirusScan Enterprise\shstat.exe
            Windows Genuine Advantage                C:\WINDOWS\system32\WgaLogon.dll
(verificado) Adobe Updater Startup Utility            C:\Programas\Ficheiros comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(verificado) Advanced SystemCare Updater              C:\Programas\IObit\Advanced SystemCare 4\AutoUpdate.exe
(verificado) Apple Software Update                    C:\Programas\Apple Software Update\SoftwareUpdate.exe
(verificado) Google Update                            C:\Programas\Google\Update\GoogleUpdate.exe
(verificado) Hewlett-Packard hpotdd01                 C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
(verificado) Microsoft® Windows® Operating System     C:\WINDOWS\system32\cryptnet.dll
(verificado) Microsoft® Windows® Operating System     C:\WINDOWS\system32\ctfmon.exe
(verificado) Microsoft® Windows® Operating System     C:\WINDOWS\System32\dimsntfy.dll
(verificado) Microsoft® Windows® Operating System     C:\WINDOWS\system32\WPDShServiceObj.dll
(verificado) Sistema operativo Microsoft® Windows®    C:\WINDOWS\system32\BROWSEUI.dll
(verificado) Sistema operativo Microsoft® Windows®    C:\WINDOWS\System32\CSCDLL.dll
(verificado) Sistema operativo Microsoft® Windows®    C:\WINDOWS\system32\logon.scr
(verificado) Sistema operativo Microsoft® Windows®    C:\WINDOWS\system32\logonui.exe
(verificado) Sistema operativo Microsoft® Windows®    C:\WINDOWS\system32\sclgntfy.dll
(verificado) Sistema operativo Microsoft® Windows®    C:\WINDOWS\system32\SHELL32.dll
(verificado) Sistema operativo Microsoft® Windows®    C:\WINDOWS\system32\stobject.dll
(verificado) Sistema operativo Microsoft® Windows®    c:\windows\system32\userinit.exe
(verificado) Sistema operativo Microsoft® Windows®    C:\WINDOWS\system32\WlNotify.dll
(verificado) Windows® Internet Explorer               C:\WINDOWS\system32\webcheck.dll
(verificado) Windows® Search                          c:\programas\windows desktop search\msnlnamespacemgr.dll


Plugins do navegador
--------------------
            AcroIEHelperShim Library                 c:\programas\ficheiros comuns\adobe\acrobat\activex\acroiehelpershim.dll
            BitDefender QuickScan                    C:\Documents and Settings\ZE CARLOS\Definições locais\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.99_0\npqscan.dll
            Google Update                            C:\Programas\Google\Update\1.3.21.69\npGoogleUpdate3.dll
            i-drop control                           C:\WINDOWS\Downloaded Program Files\IDrop.ocx
            i-drop control                           C:\WINDOWS\Downloaded Program Files\IDropENU.dll
            Java(TM) Platform SE 6 U27               c:\programas\java\jre6\bin\jp2ssv.dll
            Java(TM) Platform SE 6 U27               C:\Programas\Java\jre6\bin\new_plugin\npjp2.dll
            Java(TM) Platform SE 6 U27               c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
            McAfee SiteAdvisor                       C:\Documents and Settings\ZE CARLOS\Definições locais\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
            McAfee SiteAdvisor                       c:\programas\mcafee\siteadvisor\mcieplg.dll
            Microsoft Office Live Plug-in for Firef  C:\Programas\Microsoft\Office Live\npOLW.dll
            Microsoft® Windows Live ID               c:\programas\ficheiros comuns\microsoft shared\windows live\windowslivelogin.dll
            RadioWMPCoreGecko6.dll                   C:\Documents and Settings\ZE CARLOS\Application Data\Mozilla\Firefox\Profiles\fpyhcl3k.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCoreGecko6.dll
            Silverlight Plug-In                      c:\Programas\Microsoft Silverlight\4.0.60531.0\npctrl.dll
            Unity Player                             C:\Documents and Settings\ZE CARLOS\Definições locais\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
            VLC Multimedia Plug-in                   C:\Programas\VideoLAN\VLC\npvlc.dll
            VSCORE.13.3.2.137.x86                    c:\programas\mcafee\virusscan enterprise\scriptcl.dll
            Windows Live® Photo Gallery              C:\Programas\Windows Live\Photo Gallery\NPWLPG.dll
            Windows Presentation Foundation          c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(não assinado) QuickTime Plug-in 7.6.9                  C:\Programas\Internet Explorer\plugins\npqtplugin.dll
(não assinado) QuickTime Plug-in 7.6.9                  C:\Programas\Internet Explorer\plugins\npqtplugin2.dll
(não assinado) QuickTime Plug-in 7.6.9                  C:\Programas\Internet Explorer\plugins\npqtplugin3.dll
(não assinado) QuickTime Plug-in 7.6.9                  C:\Programas\Internet Explorer\plugins\npqtplugin4.dll
(não assinado) QuickTime Plug-in 7.6.9                  C:\Programas\Internet Explorer\plugins\npqtplugin5.dll
(não assinado) QuickTime Plug-in 7.6.9                  C:\Programas\Internet Explorer\plugins\npqtplugin6.dll
(não assinado) QuickTime Plug-in 7.6.9                  C:\Programas\Internet Explorer\plugins\npqtplugin7.dll
(não assinado) RadioWMPCoreGecko5.dll                   C:\Documents and Settings\ZE CARLOS\Application Data\Mozilla\Firefox\Profiles\fpyhcl3k.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCoreGecko5.dll
(não assinado) Shockwave for Director                   C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

(verificado) Adobe Acrobat                            C:\Programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
(verificado) Adobe Acrobat                            C:\Programas\Internet Explorer\plugins\nppdf32.dll
(verificado) Messenger                                C:\Programas\Messenger\msmsgs.exe
(verificado) Microsoft® Windows® Operating System     C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verificado) Microsoft® Windows® Operating System     C:\WINDOWS\system32\rsvpsp.dll
(verificado) Microsoft® Windows® Operating System     C:\WINDOWS\System32\winrnr.dll
(verificado) NPSWF32.dll                              C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
(verificado) RadioWMPCoreGecko19.dll                  C:\Documents and Settings\ZE CARLOS\Application Data\Mozilla\Firefox\Profiles\fpyhcl3k.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCoreGecko19.dll
(verificado) Sistema operativo Microsoft® Windows®    C:\WINDOWS\system32\MSWSOCK.dll
(verificado) SPICtrl Dynamic Link Library             C:\Programas\IObit\Advanced SystemCare 3\SPICtrl.dll
(verificado) Windows® Internet Explorer               C:\WINDOWS\system32\ieframe.dll


Análise
-------
MD5: 05a72e267523163acdb753a6ec36ce2f  C:\Documents and Settings\ZE CARLOS\Application Data\Dropbox\bin\Dropbox.exe
MD5: 6d74290856347cf8682277a54b433d4b  C:\Documents and Settings\ZE CARLOS\Application Data\Dropbox\bin\DropboxExt.14.dll
MD5: 0b02d9aa67eea2c5524943b69418512e  C:\Documents and Settings\ZE CARLOS\Application Data\Dropbox\bin\PYTHON25.DLL
MD5: c2ad81a8cb014376dcc05257bc31ca23  C:\Documents and Settings\ZE CARLOS\Application Data\Mozilla\Firefox\Profiles\fpyhcl3k.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCoreGecko5.dll
MD5: 402f5c01b3629e70015d4eac29bd4b80  C:\Documents and Settings\ZE CARLOS\Application Data\Mozilla\Firefox\Profiles\fpyhcl3k.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCoreGecko6.dll
MD5: 16c25d0d0a5f64c16459a19cb29c0606  C:\Documents and Settings\ZE CARLOS\Definições locais\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
MD5: f4a569f89a90205a095965ae628625e1  C:\Documents and Settings\ZE CARLOS\Definições locais\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.99_0\npqscan.dll
MD5: 0c4fd8129ad7f2b84495de9caea1d657  C:\Documents and Settings\ZE CARLOS\Definições locais\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
MD5: 00ec08331def75c56a62dbbfd3be47f5  C:\Programas\Analog Devices\SoundMAX\SMTray.exe
MD5: c0accceb1f2f236873e09d23a306e34d  C:\Programas\ATI Technologies\ATI Control Panel\atipdsxx.dll
MD5: 4aeaa72d4714eef6a051a3aa2724ac52  C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
MD5: 88fe9488e3d91d7e5a364f8c1d877ea6  C:\PROGRAMAS\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.PTB
MD5: 895e17bff96d3114fd19cec65a0e749e  C:\Programas\COMODO\COMODO Internet Security\cfp.exe
MD5: 43f37e8f60f3677e84c6afc70c784afd  C:\Programas\COMODO\COMODO Internet Security\cmdagent.exe
MD5: d2ada8af0ee98f3f76536015d74ee4bf  c:\programas\ficheiros comuns\adobe\acrobat\activex\acroiehelpershim.dll
MD5: f577910a133a592234ebaad3f3afa258  C:\Programas\Ficheiros comuns\Adobe\SwitchBoard\SwitchBoard.exe
MD5: 193fa51dddd0bffded1c340f0434999a  C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
MD5: 77e9ce0672e3d3d0399d9de2c657da2d  C:\Programas\Ficheiros comuns\Microsoft Shared\office11\mso.dll
MD5: b00c1315bdfdf39ccfb8edeff4256c56  c:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\csm.dll
MD5: 3d811bf538d6f359735d757c94f484b6  C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MSDBG2.DLL
MD5: 6a3c3ff4437675da77eaab64fc235f58  C:\Programas\Ficheiros comuns\System\MSMAPI\2070\MSMAPI32.DLL
MD5: 9067cdb31b28e8829a92b65c558dc2a4  C:\Programas\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MD5: abf0cc66860da23eae95e37bdb0d3b21  C:\Programas\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MD5: 39a310707c449b2364bdcfefbdee472b  C:\Programas\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MD5: c9e11e88de8839226aa3628f344eca3c  C:\Programas\Google\Chrome\Application\14.0.835.202\chrome.dll
MD5: 0a98c00d657ce2482a368722f6afbca7  C:\Programas\Google\Chrome\Application\14.0.835.202\gcswf32.dll
MD5: 0c0533d0afac63d46df532e30a515f9f  C:\Programas\Google\Chrome\Application\14.0.835.202\icudt.dll
MD5: 4dbc0f1698057403b3129a9a85c587b5  C:\Programas\Google\Chrome\Application\14.0.835.202\locales\pt-PT.dll
MD5: fe77473c28bb70bef5fdcfdcae246eb9  C:\Programas\Google\Chrome\Application\14.0.835.202\pdf.dll
MD5: e98069a4c551735298dbc9b64f6c7cad  C:\Programas\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
MD5: fdcb1e0cfb84e48d28e059e360c11762  C:\Programas\Google\Chrome\Application\chrome.exe
MD5: a9867222ae8a4a96d18ce6db6e3a2310  C:\Programas\Google\Update\1.3.21.69\GoogleCrashHandler.exe
MD5: 1ef2b1701180fa141aba0dad072db2e0  C:\Programas\Google\Update\1.3.21.69\goopdate.dll
MD5: 0d54bde041a1b094adb33648dce3fcfa  C:\Programas\Google\Update\1.3.21.69\npGoogleUpdate3.dll
MD5: b98fd86f2803291f76715025eacd60fe  C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll
MD5: 82eed563be76e18607202aea759297f3  C:\Programas\Internet Explorer\plugins\npqtplugin.dll
MD5: 82eed563be76e18607202aea759297f3  C:\Programas\Internet Explorer\plugins\npqtplugin2.dll
MD5: 82eed563be76e18607202aea759297f3  C:\Programas\Internet Explorer\plugins\npqtplugin3.dll
MD5: 82eed563be76e18607202aea759297f3  C:\Programas\Internet Explorer\plugins\npqtplugin4.dll
MD5: 82eed563be76e18607202aea759297f3  C:\Programas\Internet Explorer\plugins\npqtplugin5.dll
MD5: 82eed563be76e18607202aea759297f3  C:\Programas\Internet Explorer\plugins\npqtplugin6.dll
MD5: 82eed563be76e18607202aea759297f3  C:\Programas\Internet Explorer\plugins\npqtplugin7.dll
MD5: 01199ae166e4621c51d9963fa82c86b6  C:\Programas\IObit\Advanced SystemCare 4\ASCTray.exe
MD5: 2bb21f4cf0169f1263377aaca57341a0  C:\Programas\IObit\Advanced SystemCare 4\AutoCare.exe
MD5: 250d232bd0004f2485c37f6792c9b9cc  C:\Programas\IObit\Advanced SystemCare 4\datastate.dll
MD5: 1a31f36b502bb131103627489173f88e  C:\Programas\IObit\Advanced SystemCare 4\vclx120.bpl
MD5: 6f158c6029d841a5f37708cc2bbf3362  c:\programas\java\jre6\bin\jp2ssv.dll
MD5: 91061352084424820ac6268808cb8ee3  C:\Programas\Java\jre6\bin\jqs.exe
MD5: 41700402834f793a8c06731e5cfba62a  C:\Programas\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 79ac29dbbda1f2e11a827ccbcfed5563  c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: 1c44da2cbd94a67bcced0201d3fcbaba  C:\Programas\McAfee\Common Framework\0409\AgentRes.dll
MD5: 9dd071b28dc2f687f509d9d3f46601e8  C:\Programas\McAfee\Common Framework\0409\UpdRes.dll
MD5: bbd3a3aeb1caf07b8ea70dcb2d03e51d  C:\Programas\McAfee\Common Framework\cmalib.dll
MD5: a369c64ec5c08b57fc127de2a1b07687  C:\Programas\McAfee\Common Framework\GenEvtInf20110821171402.dll
MD5: 2a06ec652449c965c9f53a89cf0efeef  C:\Programas\McAfee\Common Framework\InternetManager.dll
MD5: ae985da3c9e4b33d88155222190267b1  C:\Programas\McAfee\Common Framework\Logging.dll
MD5: 3e6dd14e076ac05a1cc4b186f6de5b15  C:\Programas\McAfee\Common Framework\Management.dll
MD5: d90a9028e7db2617b20c61ebb813eed9  C:\Programas\McAfee\Common Framework\Mctray.exe
MD5: 778ddfbe7a4af9f3ec731ddf013a7f38  C:\Programas\McAfee\Common Framework\naCmnLib2_71.dll
MD5: 227681d0d00e5b569ada3e814fe0b7b6  C:\Programas\McAfee\Common Framework\nailog2.dll
MD5: ef383e41f3881f72613c719a1e3222f2  C:\Programas\McAfee\Common Framework\naXML2_71.dll
MD5: 22ba1d33383193fb7fe1b072f7885047  C:\Programas\McAfee\Common Framework\Scheduler.dll
MD5: e2c561d1db621921bd7a320fe9cf4bb9  C:\Programas\McAfee\Common Framework\ScriptSubSys.dll
MD5: 7793e5e88f89205db802bf10e4a32dc4  C:\Programas\McAfee\Common Framework\TCSubSys.dll
MD5: 8bce4a9a1021bfb7dea30727ea8b8a56  C:\Programas\McAfee\Common Framework\UdaterUI.exe
MD5: d5890da089a5f049e9ef4183b624ad2a  C:\Programas\McAfee\Common Framework\UpdateSubSys.dll
MD5: 9c96e02ca1fdf9ee3f8b7bee6c45cbe0  c:\Programas\McAfee\SiteAdvisor\mcbrwctl.dll
MD5: 00a2083bd077c1300ae9493bad920416  c:\programas\mcafee\siteadvisor\mcieplg.dll
MD5: 0455b5115f102e1aae62f2c8485bca2a  c:\Programas\McAfee\SiteAdvisor\McSACore.exe
MD5: 80e806c7e7da5737074abc7424950feb  c:\Programas\McAfee\SiteAdvisor\McSACorePS.dll
MD5: af1a0573ed0e7f4766f886eaf7833ebe  c:\Programas\McAfee\SiteAdvisor\sahook.dll
MD5: b692147daa8b917f2ec2871d9b8dba72  c:\Programas\McAfee\SiteAdvisor\SaSSHMod.dll
MD5: a6360992070cd80dacc07e36c8633ed6  c:\Programas\McAfee\SiteAdvisor\saupkeep.dll
MD5: 728f82737cccc9574628c17f8f37e6e7  C:\Programas\McAfee\VirusScan Enterprise\condl.dll
MD5: 079b0161b9b45fba19693aee3b457c6c  C:\Programas\McAfee\VirusScan Enterprise\ftcfg.dll
MD5: 781c94660851635b2d4eb8b140762943  C:\Programas\McAfee\VirusScan Enterprise\FTL.Dll
MD5: 4eda447657086fff7d06f32e77b6cb96  C:\Programas\McAfee\VirusScan Enterprise\Graphics.dll
MD5: 637931afdae50c44afbf759b873659af  C:\Programas\McAfee\VirusScan Enterprise\mfeapfa.dll
MD5: c7d994601be4be20d4e928f165756d64  C:\Programas\McAfee\VirusScan Enterprise\mfeavfa.dll
MD5: 138a7508c41f1337df03de842d614762  C:\Programas\McAfee\VirusScan Enterprise\mfebopa.dll
MD5: 5fa5f50c9278e149c767f8373331a079  C:\Programas\McAfee\VirusScan Enterprise\mfehida.dll
MD5: 6e1e4bb2866260f2949a3b7a0759e3c6  C:\Programas\McAfee\VirusScan Enterprise\mferkdk.sys
MD5: 4001d7331938d1798c2b620cfabd99bf  C:\Programas\McAfee\VirusScan Enterprise\MIDUtil.Dll
MD5: 276a3e2faee6400294d72d68dababd16  C:\Programas\McAfee\VirusScan Enterprise\mytilus.dll
MD5: ced35df1ee3168b3c5178d49390e21e6  C:\Programas\McAfee\VirusScan Enterprise\NAEvent.dll
MD5: e80b8f4ceb539735e7e6efc9a3b76fb7  C:\Programas\McAfee\VirusScan Enterprise\naiann.dll
MD5: dfd2d0d65777a559a43f8c902f62ab56  c:\programas\mcafee\virusscan enterprise\scriptcl.dll
MD5: a3a47cde47e8d71ca6b211fa3bdcdf09  C:\Programas\McAfee\VirusScan Enterprise\shstat.exe
MD5: 4b65465659d1d61f55e437d4ab94ba31  C:\Programas\McAfee\VirusScan Enterprise\VsPlugin.dll
MD5: 38ec7a01e2a6f5763ade78a017731cce  C:\Programas\McAfee\VirusScan Enterprise\wmain.dll
MD5: c3e42cbf8215171a524d123a54ae3233  c:\Programas\Microsoft Silverlight\4.0.60531.0\npctrl.dll
MD5: 3bae2bfcb6d69e19c8373f635dd544dc  C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe
MD5: 7198bbfbe46c0070257278c536386687  C:\Programas\Secunia\PSI\PSIA.exe
MD5: d2fca567f9be87e29b9a9fa32ffe79ca  C:\Programas\Secunia\PSI\sua.exe
MD5: 255144d9c764241c897c85c798c52241  C:\Programas\VideoLAN\VLC\npvlc.dll
MD5: 0455b5115f102e1aae62f2c8485bca2a  C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
MD5: 2720a2593f55d5354d26cc555d3e40e2  C:\WINDOWS\Downloaded Program Files\IDrop.ocx
MD5: e3815cd387f4e37269914d7762903ce4  C:\WINDOWS\Downloaded Program Files\IDropENU.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67  c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: f5df6846f30e9f54ea60ccaeb3fb2055  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: b07511c6f3bbc07b1e09e44f20ee5b8a  C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
MD5: f9da4053e23da83c4810a7a9de934861  C:\WINDOWS\system32\ati2evxx.exe
MD5: fae95d6d7651b5629c4e19adbc9a3863  C:\WINDOWS\system32\Ati2mdxx.exe
MD5: 0e25d62d70eff7db219a1b9e7ab9bee7  C:\WINDOWS\system32\CFGMGR32.dll
MD5: 62ffac0cd93f28c1f9f2e648c1a701b3  C:\WINDOWS\system32\CRYPT32.dll
MD5: e353cb4d44454643bd81e0ffd3e3832c  C:\WINDOWS\system32\DRIVERS\ACPI.sys
MD5: 22db33b677912455c5a21133d1c07d0e  C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
MD5: 5fe5a2c2330c376a1d8dcff8d2680a2d  C:\WINDOWS\system32\DRIVERS\avgldx86.sys
MD5: 251f906328af49e7927a1ad12b543a2f  C:\WINDOWS\System32\DRIVERS\cmdguard.sys
MD5: 207f06d08afcdd3bbc801eab1a845cfb  C:\WINDOWS\System32\DRIVERS\cmdhlp.sys
MD5: 651554e483712b708ede864d0ca1aa73  C:\WINDOWS\system32\Drivers\DrvAgent32.sys
MD5: 0b044aac3e9b7e94d939824ac7e105ae  C:\WINDOWS\system32\DRIVERS\el90Xbc5.SYS
MD5: 624535d92df138fd37a0f0737c8ad20e  C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys
MD5: aae88d91b75eefd3429ca49b07451812  C:\WINDOWS\system32\DRIVERS\ftdisk.sys
MD5: 7edadcb7d0161a33ae3e00e163759c36  C:\WINDOWS\system32\DRIVERS\i8042prt.sys
MD5: c9953067b2c9e3d3dd44ec22d1e0815a  C:\WINDOWS\System32\DRIVERS\inspect.sys
MD5: c5e9ce8183f978ad5a210fa36290f6b1  C:\WINDOWS\system32\DRIVERS\intelppm.sys
MD5: fabff8a637ecc7fd67e4799403c0100e  C:\WINDOWS\system32\DRIVERS\isapnp.sys
MD5: bd70df1c21082c9115d9fbcb11d871eb  C:\WINDOWS\system32\DRIVERS\kbdclass.sys
MD5: 11115e2281dd9b885b038abb11dd8a75  C:\WINDOWS\system32\drivers\mfeapfk.sys
MD5: a14941aea876c395214f918b011a1371  C:\WINDOWS\system32\drivers\mfeavfk.sys
MD5: 8468969c92d1dd1fa872cc6c936e4d60  C:\WINDOWS\system32\drivers\mfetdik.sys
MD5: 4722326253a4b2f51259535d11933193  C:\WINDOWS\system32\DRIVERS\mouclass.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0  C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: b772ba8c5f3dfcbfc062fc52313086a6  C:\WINDOWS\system32\DRIVERS\pci.sys
MD5: ba058da99ae2f815d3df74009b6d50a8  C:\WINDOWS\system32\DRIVERS\pcmcia.sys
MD5: d24dfd16a1e2a76034df5aa18125c35d  C:\WINDOWS\system32\DRIVERS\psi_mf.sys
MD5: b169d51385049145a8ddb1a87ab5f7bf  C:\WINDOWS\system32\DRIVERS\redbook.sys
MD5: d801b66244d750792ec2b74c0e8bc183  C:\WINDOWS\system32\DRIVERS\serial.sys
MD5: 13739b36bd8d94d0fed7662aa7a4235d  C:\WINDOWS\system32\drivers\smwdm.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7  C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: 8f861eda21c05857eb8197300a92501c  C:\WINDOWS\system32\DRIVERS\tunmp.sys
MD5: bf69f5c6ecaf24ca5ff0d9394baad7b9  C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
MD5: 9e1bb090d2d8dbf73d9042b4fae99a6b  C:\WINDOWS\system32\epoPGPSDK.dll
MD5: 38875bb3f5a94d8a1b76993a01c92881  C:\WINDOWS\system32\guard32.dll
MD5: bd94927532d2da7e7fd451b47232ad24  C:\WINDOWS\system32\hpzsnt09.dll
MD5: 875e4e0661f3a5994df9e5e3a0a4f96b  C:\WINDOWS\system32\IoctlSvc.exe
MD5: b97f26c77e60044d1a6110c7ae4cea39  C:\WINDOWS\system32\LPK.DLL
MD5: 70d4dc467343f7a0be4cb8ecf27a42a5  C:\WINDOWS\system32\MFC42.DLL
MD5: d1db6b1c6cd75d894336bc8421b6c8c4  C:\WINDOWS\system32\MSVCP60.dll
MD5: b1ef4686961986dffb7fe8f18e6fcb5b  C:\WINDOWS\system32\nlssrv32.exe
MD5: 65b89d5783f45b811a877ffbbf74a407  C:\WINDOWS\system32\ntdll.dll
MD5: 4bad4b995be42123587b2b28a0767e1f  C:\WINDOWS\system32\odbcint.dll
MD5: 39d31d333c39caa9a13b738804b43284  C:\WINDOWS\system32\PSDrvCheck.exe
MD5: 55bf135778ef971c5484a5078090ec3e  C:\WINDOWS\system32\pwdrvio.sys
MD5: f61e7726cdb5bd3e3a4aca2f74147224  C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZR3209.dll
MD5: 5ad8c9b7c23428ab2e795f1d4b423805  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
MD5: 7ed35ff767a5af766b3e7afa5f04ff92  C:\WINDOWS\system32\WgaLogon.dll
MD5: c9564cf4976e7e96b4052737aa2492b4  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll


Nenhum arquivo carregado.

Fim da Análise - a comunicação levou 1 seg
Tráfego Total - 0.01 MB enviados, 0.60 KB receb
Analisados 648 arquivos e módulos - 60 segundos

==============================================================================
Logged

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Pendrive Autorun Menu
« Reply #9 on: 09. October 2011., 18:06:43 »
Quote

---

Não foram encontradas infecções. (There were no infections.)

---


This is really good news.  ;)


My next advice is to download and use CCleaner: http://scforum.info/index.php/topic,1133.0.html (be careful, don't delete Desktop Shortcuts & Hotfix Uninstallers) ;)

After that go to My Computer, select PenDrive, right click with mouse and choose Properties, open Autoplay tab, under actions select "Select an option to perform" and click on "Restore Defaults"... after that confirm with Ok's.

For Windows 7 & Vista you have possibility to go to Control Panel, open Auto Play options and change them as you wish. ;)


Let me know are these advices help you... if no, We'll try something else but it'll be good to provide us HJT log and some screenshots...
 
cya later,

S.


Logged

Samker's Computer Forum - SCforum.info

Re: Pendrive Autorun Menu
« Reply #9 on: 09. October 2011., 18:06:43 »
Pages: [1] 2
« previous next »
 

+ Quick Reply

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023