Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Kaio Neves

[Arquivado] Perda do arquivo UW08.exe

Recommended Posts

Desculpe pela invasão do tópico alheio, agora vai corretamente

 

Estou tendo problemas referente a esse arquivo, que ao entrar no perfil aparece uma mensagem de erro, onde diz que não se encontra esse arquivo, se poderem me ajudar de forma bem fácil pois não sou muito bom em trabalhar no computador, ficaria muito agradecido.

Aqui está o relatório do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:44:23, on 12/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe

C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Razer\DeathAdder\razerhid.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\Windows UpdateSP8.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Documents and Settings\Kaio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Razer\DeathAdder\razertra.exe

C:\Arquivos de programas\Razer\DeathAdder\razerofa.exe

C:\Documents and Settings\Kaio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kaio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kaio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kaio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kaio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Kaio\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kaio\Meus documentos\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [DeathAdder] C:\Arquivos de programas\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [OneCareUI] "C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Windows Defender] VSFPNC

O4 - HKLM\..\Run: [Windows Update SP8] C:\WINDOWS\system32\Windows UpdateSP8.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kaio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-21-2025429265-1757981266-725345543-1003\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Leonardo')

O4 - HKUS\S-1-5-21-2025429265-1757981266-725345543-1003\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (User 'Leonardo')

O4 - HKUS\S-1-5-21-2025429265-1757981266-725345543-1003\..\Run: [steam] "c:\arquivos de programas\valve\steam\steam.exe" -silent (User 'Leonardo')

O4 - HKUS\S-1-5-21-2025429265-1757981266-725345543-1003\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background (User 'Leonardo')

O4 - HKUS\S-1-5-21-2025429265-1757981266-725345543-1003\..\Run: [Google Update] "C:\Documents and Settings\Leonardo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c (User 'Leonardo')

O4 - HKUS\S-1-5-21-2025429265-1757981266-725345543-1003\..\Run: [Media Codec Update Service] C:\Arquivos de programas\Essentials Codec Pack\WECPUpdate.exe -s (User 'Leonardo')

O4 - HKUS\S-1-5-21-2025429265-1757981266-725345543-1005\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background (User 'Kassia e Paeco')

O4 - S-1-5-21-2025429265-1757981266-725345543-1003 Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Leonardo')

O4 - S-1-5-21-2025429265-1757981266-725345543-1003 User Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Leonardo')

O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')

O4 - Global Startup: msnmsgr_.exe

O4 - Global Startup: Windows UpdateSP8.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230329009609

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230328997640

O20 - Winlogon Notify: aGBPluginAdm - asteca.dll (file missing)

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 10939 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Siga minhas etapas na seqüencia passo a passo.

 

1° Primeiro.

 

Faça o download do bankerfix clicando no link abaixo:

http://www.linhadefensiva.org/dl/bankerfix

 

- Salve a ferramenta no seu disco rígido.

- Dê um duplo-clique no bankerfix.exe.

- Uma janela pedirá a confirmação para a instalação da ferramenta. Clique em Sim.

- Feche todas as janelas e programas, com exceção do BankerFix

- Agora é so aguarda a execução do bankerfix.

- O relatório da ferramenta, informando sobre todos os arquivos detectados e removidos, fica no arquivo relatorio.txt, presente na pasta C:\LinhaDefensiva poste-o na sua proxima resposta.

 

2° Segundo.

 

• Vá a este Link,e baixe: < Malwarebytes >

Atualize o programa!

• Escolha o escaneamento Rápido!

Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste,os relatórios: mbam-log-2008-xx-xx (00-00-00).txt

 

3° Terceiro.

 

• Baixe: < ComboFix.exe >

• Salve-o no Desktop!

Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

Feche todas as janelas e execute a ferramenta!

• Na solicitação: "Negação de garantia de software" --> Clique em Sim!

• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

• Abrir-se-á a janela Auto Scan. --> Aguarde!

• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

Aguarde a conclusão!

Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

• Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

• Terminando,poste os relatórios: C:\ComboFix.txt.

 

◘ Na sua proxima resposta poste o(s) log(s) da(s) ferramenta(s) hijackthis, bankerfix, mbam-log-2008-xx-xx (00-00-00).txt e combofix atualizados.

Compartilhar este post


Link para o post
Compartilhar em outros sites

1° HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:16:53, on 12/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Razer\DeathAdder\razerhid.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\Windows UpdateSP8.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Documents and Settings\Kaio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Razer\DeathAdder\razertra.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Razer\DeathAdder\razerofa.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\cmd.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Kaio\Meus documentos\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [DeathAdder] C:\Arquivos de programas\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Windows Update SP8] C:\WINDOWS\system32\Windows UpdateSP8.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Windows Update SP8] C:\WINDOWS\system32\UW08.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kaio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')

O4 - Global Startup: msnmsgr_.exe

O4 - Global Startup: Windows UpdateSP8.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230329009609

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230328997640

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 8118 bytes

 

 

2° Relatório do Bankerfix

 

De acordo com o programa nenhum problema doi encontrado:

 

"Execucao concluida com exito!!

 

Nenhum problema foi encontrado no seu computador"

 

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-04-12 - 13:27

-------------------------------------------------------

Lista de Definição: 2009-01-21-2 | CORE: 2009-01-21-1

=======================================================

 

 

 

----- Fim -------------------------

 

 

3° Relatório do Malwarebytes

 

Malwarebytes' Anti-Malware 1.36

Versão do banco de dados: 1970

Windows 5.1.2600 Service Pack 3

 

12/4/2009 14:04:26

mbam-log-2009-04-12 (14-04-26).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 81832

Tempo decorrido: 40 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 5

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 3

Arquivos infectados: 8

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9b71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__gbpluginbb (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

C:\Arquivos de programas\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

 

Arquivos infectados:

C:\Arquivos de programas\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Bifrost\klog.dat (Backdoor.Bifrose) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\svchost.tmp (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\svchost.t__ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

 

4° Relatório do ComboFix

 

ComboFix 09-04-12.03 - Kaio 2009-04-12 13:50.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2047.1539 [GMT -3:00]

Executando de: c:\documents and settings\Kaio\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\Turkojan

c:\arquivos de programas\Turkojan\English.lng

c:\arquivos de programas\Turkojan\German.lng

c:\arquivos de programas\Turkojan\MESAJ.DAT

c:\arquivos de programas\Turkojan\Portuguese.lng

c:\arquivos de programas\Turkojan\Spanish.lng

c:\arquivos de programas\Turkojan\Turkce.lng

c:\arquivos de programas\Turkojan\unins000.dat

c:\arquivos de programas\Turkojan\unins000.exe

c:\documents and settings\All Users\Menu Iniciar\Programas\Turkojan

c:\documents and settings\All Users\Menu Iniciar\Programas\Turkojan\Turkojan 4.0.lnk

c:\documents and settings\All Users\Menu Iniciar\Programas\Turkojan\Uninstall Turkojan 4.0.lnk

c:\documents and settings\All Users\Menu Iniciar\Programas\Turkojan\Web Site.url

c:\windows\KB8888239.log

c:\windows\system32\uninstall.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-12 to 2009-04-12 ))))))))))))))))))))))))))))

.

 

2009-04-12 16:30 . 2009-04-12 16:30 -------- d-----w c:\documents and settings\Kaio\Dados de aplicativos\Malwarebytes

2009-04-12 16:30 . 2009-04-12 16:30 2967816 ----a-w C:\mbam-setup.exe

2009-04-12 16:26 . 2009-04-12 16:27 -------- d-----w C:\LinhaDefensiva

2009-04-12 16:06 . 2009-04-12 16:06 178597 ----a-w C:\bankerfix.exe

2009-04-12 11:45 . 2009-04-12 11:45 49 ----a-w c:\windows\system32\wrm12.04.09UP.ini

2009-04-12 11:45 . 2009-04-12 11:45 2791424 ----a-w c:\windows\system32\wgalog.dll

2009-04-11 17:59 . 2009-04-11 17:59 49 ----a-w c:\windows\system32\wrm11.04.09UP.ini

2009-04-10 03:43 . 2009-04-10 03:43 49 ----a-w c:\windows\system32\wrm10.04.09UP.ini

2009-04-09 09:44 . 2009-04-09 09:44 49 ----a-w c:\windows\system32\wrm09.04.09UP.ini

2009-04-08 10:01 . 2009-04-08 10:01 49 ----a-w c:\windows\system32\wrm08.04.09UP.ini

2009-04-07 10:04 . 2009-04-07 10:04 49 ----a-w c:\windows\system32\wrm07.04.09UP.ini

2009-04-06 14:12 . 2009-04-06 14:12 -------- d-----w C:\StreetFighterOnline

2009-04-06 14:12 . 2009-04-06 14:12 -------- d-----w c:\arquivos de programas\Game Vindicator

2009-04-06 14:11 . 1998-06-18 03:00 89360 ----a-w c:\windows\system32\VB5DB.DLL

2009-04-06 14:11 . 2009-04-06 17:40 -------- d-----w c:\arquivos de programas\SFO

2009-04-06 12:28 . 2009-04-06 10:35 371200 ----a-w c:\windows\BOOTL6662.BAK

2009-04-06 10:48 . 2009-04-06 10:35 371200 ----a-w c:\windows\BOOTL6661.BAK

2009-04-06 10:38 . 2009-04-06 10:38 49 ----a-w c:\windows\system32\wrm06.04.09UP.ini

2009-04-06 10:38 . 2009-04-12 11:45 188928 ----a-w c:\windows\system32\msnmsgr_.exe

2009-04-06 10:36 . 2009-04-06 10:35 371200 ----a-w c:\windows\system32\Windows UpdateSP8.exe

2009-04-03 13:51 . 2009-04-03 13:52 -------- d-----w c:\arquivos de programas\Essentials Codec Pack

2009-03-28 09:08 . 2009-03-28 09:08 -------- d-----w C:\Brasfoot2009

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-12 16:52 . 2009-04-12 16:52 12406 ----a-w C:\avenger.txt

2009-04-12 16:30 . 2008-11-21 12:22 -------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-04-12 01:05 . 2008-06-24 02:15 -------- d-----w c:\arquivos de programas\Warcraft III

2009-04-12 00:09 . 2008-06-25 18:37 -------- d-----w c:\arquivos de programas\Garena

2009-04-11 18:08 . 2009-01-28 21:45 -------- d-----w c:\arquivos de programas\Microsoft Games

2009-04-09 16:14 . 2007-11-01 23:33 -------- d-----w c:\arquivos de programas\Java

2009-04-06 18:32 . 2008-11-21 12:22 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 18:32 . 2008-11-21 12:22 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-06 14:12 . 2007-11-01 20:16 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-03-26 19:32 . 2008-12-31 00:17 -------- d-----w c:\arquivos de programas\Microsoft Silverlight

2009-03-25 15:48 . 2009-03-25 15:48 2232 ----a-w c:\windows\java\Packages\Data\FD7FHJ53.DAT

2009-03-25 15:48 . 2009-03-25 15:48 155995 ----a-w c:\windows\java\Packages\9B9F379N.ZIP

2009-03-25 15:48 . 2009-03-25 15:48 2678 ----a-w c:\windows\java\Packages\Data\EUEU7VPV.DAT

2009-03-25 15:48 . 2009-03-25 15:48 2678 ----a-w c:\windows\java\Packages\Data\ZNLZPNFB.DAT

2009-03-25 15:48 . 2009-03-25 15:48 2678 ----a-w c:\windows\java\Packages\Data\WBPZ33DN.DAT

2009-03-25 15:48 . 2009-03-25 15:48 2678 ----a-w c:\windows\java\Packages\Data\I1R3JDBJ.DAT

2009-03-25 15:48 . 2009-03-25 15:48 2678 ----a-w c:\windows\java\Packages\Data\5BRXJ1J9.DAT

2009-03-25 00:07 . 2007-11-04 12:00 -------- d-----w c:\documents and settings\Kaio\Dados de aplicativos\uTorrent

2009-03-21 16:27 . 2009-02-11 00:47 -------- d-----w c:\documents and settings\Kaio\Dados de aplicativos\Audacity

2009-03-16 17:16 . 2007-11-15 15:43 -------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-03-13 00:25 . 2009-03-13 00:25 -------- d-----w c:\arquivos de programas\Free WMA to MP3 Converter

2009-03-13 00:20 . 2008-03-08 16:51 15525 ----a-w C:\MP4debug.log

2009-03-12 23:59 . 2009-03-12 23:59 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-12 23:59 . 2008-12-06 01:31 -------- d-----w c:\arquivos de programas\iTunes

2009-03-12 23:59 . 2009-03-12 23:59 -------- d-----w c:\arquivos de programas\iPod

2009-03-12 23:59 . 2007-11-05 09:37 -------- d-----w c:\arquivos de programas\Arquivos comuns\Apple

2009-03-12 23:58 . 2008-09-15 11:41 -------- d-----w c:\arquivos de programas\QuickTime

2009-03-11 15:12 . 2007-11-01 21:53 -------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-09 08:19 . 2008-12-20 00:16 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-08 19:30 . 2008-02-02 19:35 46528 ----a-w c:\documents and settings\Kaio\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-03-06 02:59 . 2009-03-12 23:56 1900544 ----a-w c:\windows\system32\usbaaplrc.dll

2009-03-06 02:59 . 2007-11-05 09:37 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys

2009-02-20 19:12 . 2008-06-21 02:59 -------- d-----w c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-02-20 19:11 . 2009-02-10 20:23 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-02-20 18:30 . 2001-10-28 17:07 90908 ----a-w c:\windows\system32\perfc016.dat

2009-02-20 18:30 . 2001-10-28 17:07 494898 ----a-w c:\windows\system32\perfh016.dat

2009-02-20 18:22 . 2009-02-20 18:22 -------- d-----w c:\arquivos de programas\MSXML 4.0

2009-02-20 01:47 . 2004-08-04 01:59 251696 --sha-r C:\ntldr

2009-02-19 23:08 . 2009-02-19 23:08 34296 ---ha-w c:\windows\system32\mlfcache.dat

2009-02-19 11:45 . 2008-12-21 02:32 -------- d-----w c:\arquivos de programas\Microsoft

2009-02-19 11:44 . 2008-02-26 16:36 -------- d-----w c:\arquivos de programas\Windows Live

2009-02-16 15:33 . 2009-02-16 15:33 -------- d-----w c:\arquivos de programas\TouchStoneSoftware

2009-02-16 15:28 . 2009-02-16 15:28 -------- d-----w c:\arquivos de programas\PC Inspector File Recovery

2009-02-16 15:20 . 2009-02-16 15:20 -------- d-----w c:\arquivos de programas\Recuva

2009-02-16 15:15 . 2009-02-14 16:24 -------- d-----w c:\arquivos de programas\Messenger Detect

2009-02-16 15:07 . 2009-02-14 20:07 -------- d-----w c:\arquivos de programas\Ardamax keylogger registrado

2009-02-14 16:24 . 2009-02-06 08:47 -------- d-----w c:\arquivos de programas\WinPcap

2009-02-14 14:47 . 2009-02-14 14:47 -------- d-----w c:\arquivos de programas\Password Recovery for Windows Live

2009-02-13 00:42 . 2008-10-13 23:10 -------- d-----w c:\documents and settings\Kaio\Dados de aplicativos\teamspeak2

2009-02-09 14:06 . 2004-08-04 03:38 1846912 ----a-w c:\windows\system32\win32k.sys

2009-02-07 20:31 . 2009-02-06 12:04 1374 ----a-w C:\drive.ini

2009-02-06 22:14 . 2009-02-06 22:14 308088 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 21:52 . 2009-02-06 21:52 49504 ----a-w c:\windows\system32\sirenacm.dll

2009-01-23 11:36 . 2007-11-05 20:03 50677 ----a-w C:\debug.log

2009-01-20 02:58 . 2009-01-20 02:58 72 ----a-w C:\656.txt

2009-01-19 19:37 . 2009-01-19 19:37 0 ----a-w C:\pagewin.ntl

2009-01-19 19:37 . 2009-01-19 19:37 512 --sha-r C:\svchost1.exe

2009-01-15 06:19 . 2009-01-15 06:19 1599488 --sh--w c:\documents and settings\Leonardo\DesktopDdd76d_cfdg.exe

2009-01-15 05:57 . 2009-01-15 05:57 1599488 --sh--w c:\documents and settings\Leonardo\DesktopKwS326_cfdg.exe

2009-01-11 16:23 . 2008-12-06 05:38 98092 ----a-w c:\arquivos de programas\Settings.bin

2008-12-28 13:51 . 2008-02-05 15:50 45360 ----a-w c:\documents and settings\Kassia e Paeco\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-09-24 04:11 . 2008-01-27 17:17 44176 ----a-w c:\documents and settings\Leonardo\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2008-01-17 17:13 . 2008-01-17 17:13 36868 ----a-w c:\arquivos de programas\uninst-Starglow.exe

2008-01-17 17:13 . 2008-01-17 17:13 36868 ----a-w c:\arquivos de programas\uninst-SoundKeys.exe

2008-01-17 17:13 . 2008-01-17 17:13 36868 ----a-w c:\arquivos de programas\uninst-shine.exe

2008-01-17 17:13 . 2008-01-17 17:13 36868 ----a-w c:\arquivos de programas\uninst-Particular.exe

2008-01-17 17:12 . 2008-01-17 17:12 36868 ----a-w c:\arquivos de programas\uninst-Lux.exe

2008-01-17 17:04 . 2008-01-17 17:04 36868 ----a-w c:\arquivos de programas\uninst-3DStroke.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-13 1695232]

"Google Update"="c:\documents and settings\Kaio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-02-19 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DeathAdder"="c:\arquivos de programas\Razer\DeathAdder\razerhid.exe" [2007-05-07 159744]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-02-19 185896]

"AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]

"PCSuiteTrayApplication"="c:\arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]

"fssui"="c:\arquivos de programas\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-03-11 342312]

"Windows Update SP8"="c:\windows\system32\Windows UpdateSP8.exe" [2009-04-06 371200]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"nwiz"="nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]

 

c:\documents and settings\Leonardo\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

msnmsgr_.exe [2009-04-12 188928]

Windows UpdateSP8.exe [2009-04-06 371200]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

"vidc.hfyu"= huffyuv.dll

"msacm.divxa32"= DivXa32.acm

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.avis"= ff_acm.acm

"vidc.X264"= x264vfw.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ masterx autocheck autochk *

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\HLSW\\hlsw.exe"=

"c:\\Documents and Settings\\Kaio\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\guara567\\counter-strike source\\hl2.exe"=

"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\guara567\\source dedicated server\\srcds.exe"=

"c:\\Arquivos de programas\\Valve\\Steam\\Steam.exe"=

"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\guara567\\half-life 2 deathmatch\\hl2.exe"=

"c:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\fireangel06\\counter-strike source\\hl2.exe"=

"c:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"c:\\Arquivos de programas\\Garena\\Garena.exe"=

"c:\\Arquivos de programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\cannon_high\\counter-strike source\\hl2.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\revolt1337\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\Sports Interactive\\Football Manager 2009\\fm.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

 

R3 GarenaPEngine;GarenaPEngine; [x]

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]

R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

R3 SjyPkt;SjyPkt;c:\windows\System32\Drivers\SjyPkt.sys [2006-03-31 13532]

R4 Microsoft Inet Services;Microsoft Inet Services; [x]

S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]

S2 fsssvc;Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-04-12 10880]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2006-06-16 176128]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{581ce8cc-6957-11dd-a169-0015af22c827}]

\Shell\AutoRun\command - wbitoo.exe

\Shell\explore\Command - wbitoo.exe

\Shell\open\Command - wbitoo.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2009-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1757981266-725345543-1003.job

- c:\documents and settings\Leonardo\Configura []

 

2009-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1757981266-725345543-1004.job

- c:\documents and settings\Kaio\Configura []

 

2009-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1757981266-725345543-1005.job

- c:\documents and settings\Kassia e Paeco\Configura []

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-RunOnce-Windows Update SP8 - c:\windows\system32\UW08.exe

Notify- aGBPluginAdm - asteca.dll

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.globo.com/

uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046

uInternet Settings,ProxyOverride = *.local

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-12 13:53

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\Kaio\CONFIG~1\Temp\LKS17A.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]

@DACL=

"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]

@DACL=

"CTE_32 Name"="2454739:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{07D2211F-442F-A312-483D-E5316A893357}\Version 1.1]

@DACL=

"dat"="806585365:{2596015D-7FAD-3E4D-3650-F8C02F3720FC}"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]

@DACL=

"DefaultSettings"="2454760:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{07D2211F-442F-A312-483D-E5316A893357}\Version 3.x]

@DACL=

"dat"="1767914624:{79BA292C-AB3E-C60A-EA2D-091C59A4118E}"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver]

@DACL=

"KnownSvcs"="923715073:{E0B27390-1443-18EF-EB33-BF24AB4BAD23}"

 

[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{1A8BB4B7-73C4-0EFC-4A2A-61503A58158D}\xga-1\Install*Loc]

@DACL=

"{19620715-0001-1211-574574-30001}"="234522581:{806C986B-276D-41E4-88B0-B9B853EB805F}"

 

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]

@DACL=

"CTE_32 Name"="8:{19C42D30-D844-8A07-12A4-E783E7D228F7}"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(3004)

c:\windows\system32\WPDShServiceObj.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 6\PCSCM.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_por-br.nlr

c:\arquivos de programas\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\arquivos de programas\Microsoft Office\Office10\msohev.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

c:\arquivos de programas\Razer\DeathAdder\razertra.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\iPod\bin\iPodService.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\arquivos de programas\Razer\DeathAdder\razerofa.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-04-12 13:56 - Máquina reiniciou [Kaio]

ComboFix-quarantined-files.txt 2009-04-12 16:56

 

Pré-execução: 32 pasta(s) 117,260,566,528 bytes disponíveis

Pós execução: 31 pasta(s) 117,489,836,032 bytes disponíveis

 

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4

296 --- E O F --- 2009-03-29 12:46

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

c:\windows\system32\wrm11.04.09UP.ini

c:\windows\system32\wrm10.04.09UP.ini

c:\windows\system32\wrm09.04.09UP.ini

c:\windows\system32\wrm08.04.09UP.ini

c:\windows\system32\wrm07.04.09UP.ini

c:\windows\system32\wrm06.04.09UP.ini

C:\svchost1.exe

c:\windows\system32\Windows UpdateSP8.exe

C:\WINDOWS\system32\UW08.exe

c:\windows\system32\msnmsgr_.exe

c:\windows\BOOTL6662.BAK

c:\windows\BOOTL6661.BAK

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Update SP8"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{581ce8cc-6957-11dd-a169-0015af22c827}]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000000

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.