[Arquivado] PrdMgr.exe - Não consigo acessar a rede do meu Notebo

andreluis.mathias · Novembro 24, 2008

Sr. Perfect ai está o Tópico como você solicitou.

Logfile of HijackThis v1.99.1

Scan saved at 16:33:47, on 23/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Ares\Ares.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\system32\drivers\FmMgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.593\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://e+/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.10.1:8090

F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\PrdMgr.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [FmMgr.exe] C:\WINDOWS\system32\drivers\FmMgr.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{9DB06CA8-F4A7-4296-B01C-42F894EBA843}: NameServer = 10.1.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{9DB06CA8-F4A7-4296-B01C-42F894EBA843}: NameServer = 10.1.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{9DB06CA8-F4A7-4296-B01C-42F894EBA843}: NameServer = 10.1.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

Se possivel me ajuda.

Obrigado.

André.

Jackson Dias · Novembro 24, 2008

Movido:

iMasters Fóruns » Conteúdo Técnico » Segurança & Malwares »

PedroN · Novembro 24, 2008

<@> Baixe: < ComboFix.exe >

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

<@> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

andreluis.mathias · Novembro 24, 2008

Sr. Perfect ai estão os logs atualizados

ComboFix 08-11-22.02 - Administrador 2008-11-24 20:30:08.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.672 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\Microsoft\backup.ftp

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-24 to 2008-11-24 ))))))))))))))))))))))))))))

.

2008-11-24 20:21 . 2008-11-24 20:21 244 --ah----- C:\sqmnoopt18.sqm

2008-11-24 20:21 . 2008-11-24 20:21 232 --ah----- C:\sqmdata18.sqm

2008-11-23 12:38 . 2008-11-23 12:38 268 --ah----- C:\sqmdata17.sqm

2008-11-23 12:38 . 2008-11-23 12:38 244 --ah----- C:\sqmnoopt17.sqm

2008-11-23 11:02 . 2008-11-23 11:02 268 --ah----- C:\sqmdata16.sqm

2008-11-23 11:02 . 2008-11-23 11:02 244 --ah----- C:\sqmnoopt16.sqm

2008-11-23 09:09 . 2008-11-23 09:09 <DIR> d-------- c:\windows\system32\xircom

2008-11-23 09:09 . 2008-11-23 09:09 <DIR> d-------- c:\windows\system32\oobe

2008-11-23 08:39 . 2008-11-23 08:39 268 --ah----- C:\sqmdata15.sqm

2008-11-23 08:39 . 2008-11-23 08:39 244 --ah----- C:\sqmnoopt15.sqm

2008-11-23 08:30 . 2008-11-23 08:30 <DIR> d-------- c:\windows\vnDrvBas

2008-11-23 08:27 . 2008-11-23 08:27 268 --ah----- C:\sqmdata14.sqm

2008-11-23 08:27 . 2008-11-23 08:27 244 --ah----- C:\sqmnoopt14.sqm

2008-11-23 08:15 . 2008-11-23 08:15 268 --ah----- C:\sqmdata13.sqm

2008-11-23 08:15 . 2008-11-23 08:15 244 --ah----- C:\sqmnoopt13.sqm

2008-11-22 15:49 . 2008-11-22 15:49 268 --ah----- C:\sqmdata12.sqm

2008-11-22 15:49 . 2008-11-22 15:49 244 --ah----- C:\sqmnoopt12.sqm

2008-11-17 21:30 . 2008-11-17 21:30 268 --ah----- C:\sqmdata11.sqm

2008-11-17 21:30 . 2008-11-17 21:30 244 --ah----- C:\sqmnoopt11.sqm

2008-11-17 21:27 . 2008-11-17 21:27 <DIR> d--h----- c:\windows\PIF

2008-11-17 19:56 . 2008-11-17 19:56 268 --ah----- C:\sqmdata10.sqm

2008-11-17 19:56 . 2008-11-17 19:56 244 --ah----- C:\sqmnoopt10.sqm

2008-11-17 19:31 . 2008-11-17 19:31 268 --ah----- C:\sqmdata09.sqm

2008-11-17 19:31 . 2008-11-17 19:31 244 --ah----- C:\sqmnoopt09.sqm

2008-11-17 19:11 . 2008-11-17 19:11 268 --ah----- C:\sqmdata08.sqm

2008-11-17 19:11 . 2008-11-17 19:11 244 --ah----- C:\sqmnoopt08.sqm

2008-11-17 19:07 . 2008-11-17 19:07 268 --ah----- C:\sqmdata07.sqm

2008-11-17 19:07 . 2008-11-17 19:07 244 --ah----- C:\sqmnoopt07.sqm

2008-11-17 18:58 . 2008-11-17 18:58 <DIR> d-------- c:\arquivos de programas\Lavasoft

2008-11-17 18:54 . 2008-11-17 18:54 <DIR> d-------- c:\arquivos de programas\CCleaner

2008-11-17 18:42 . 2008-11-17 18:42 268 --ah----- C:\sqmdata06.sqm

2008-11-17 18:42 . 2008-11-17 18:42 244 --ah----- C:\sqmnoopt06.sqm

2008-11-12 14:13 . 2008-11-12 14:13 268 --ah----- C:\sqmdata05.sqm

2008-11-12 14:13 . 2008-11-12 14:13 244 --ah----- C:\sqmnoopt05.sqm

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-24 22:26 45,056 ----a-w c:\windows\system32\ftp.exe

2008-11-24 22:26 359,936 ------w c:\windows\system32\drivers\tcpip.sys

2008-10-01 20:22 89,600 ----a-w C:\8b4l8r9h1v9.exe

2008-09-30 22:37 76,288 --sh--r c:\windows\system32\drivers\FmMgr.exe

2008-09-09 20:18 52,701 ----a-w c:\windows\BricoPackUninst.cmd

2008-09-09 20:18 5,997 ----a-w c:\windows\BricoPackFoldersDelete.cmd

2008-09-09 20:18 219,648 ----a-w c:\windows\system32\uxtheme.dll

2008-07-27 01:18 0 ----a-w c:\documents and settings\Administrador\jagex_runescape_preferences.dat

2008-03-18 15:54 32 ----a-w c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat

.

((((((((((((((((((((((((((((( snapshot@2008-11-23_ 9.10.53.21 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-23 10:51:32 38,094 ----a-w c:\windows\system32\perfc009.dat

+ 2008-11-23 18:33:25 38,094 ----a-w c:\windows\system32\perfc009.dat

- 2008-11-23 10:51:32 46,642 ----a-w c:\windows\system32\perfc016.dat

+ 2008-11-23 18:33:25 46,642 ----a-w c:\windows\system32\perfc016.dat

- 2008-11-23 10:51:32 305,652 ----a-w c:\windows\system32\perfh009.dat

+ 2008-11-23 18:33:25 305,652 ----a-w c:\windows\system32\perfh009.dat

- 2008-11-23 10:51:32 338,832 ----a-w c:\windows\system32\perfh016.dat

+ 2008-11-23 18:33:25 338,832 ----a-w c:\windows\system32\perfh016.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 3739672]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2008-02-20 963072]

"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]

"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"FmMgr.exe"="c:\windows\system32\drivers\FmMgr.exe" [2008-09-30 76288]

"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

-ra------ 2007-01-23 00:24 724992 c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-03-27 04:35 36352 c:\arquivos de programas\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-03-18 180480]

R3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2008-03-18 634880]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29b229a6-4391-11dd-a683-0015af24af92}]

\Shell\Auto\command - F:\msnmsgr.exe