Paladinow 0 Denunciar post Postado Junho 25, 2010 Bom eu estou com um Grande problema ao logar meu TS, sempre que tento me conectar no server 69.162.99.119.8767 aparece essa Mensagem de error # 11004 to desesperado nao sei o que fazer ... Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Junho 26, 2010 Mas suspeita mesmo ser vírus? Se sim post um log conforme regra 2 deste fórum http://forum.imasters.com.br/index.php?showtopic=165906 Senão melhor redirecionar a outro fórum mais adequado Compartilhar este post Link para o post Compartilhar em outros sites
Paladinow 0 Denunciar post Postado Junho 26, 2010 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:29:20, on 26/6/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe C:\Arquivos de programas\VVSN\VVSN.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Software Informer\softinfo.exe C:\Arquivos de programas\Electronic Arts\EADM\Core.exe C:\Arquivos de programas\Free Download Manager\fdm.exe C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\PC Tools\sMonitor\StartManSvc.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\All Users\Dados de aplicativos\Sukoku\sukoku125.exe C:\Arquivos de programas\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Arquivos de programas\Sukoku\sukoku.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Level Up! Games\Perfect World\element\ElementClient.exe C:\Level Up! Games\Perfect World\element\reportbugs\pwprotector.exe C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Hijack\HiJackThis (1).exe C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: Softonic VLC BR Toolbar - {d9e9b38c-886d-466d-b41c-afe634ac74ec} - C:\Arquivos de programas\Softonic_VLC_BR\tbSof1.dll R3 - URLSearchHook: Softonic BR Toolbar - {e6e46d3a-3f73-471e-97a2-a2bd307da4a0} - C:\Arquivos de programas\Softonic_BR\tbSof1.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Arquivos de programas\ChameleonTom\wit4ie.dll (file missing) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll O2 - BHO: Flash Video Decoder for SWF - {D9B32E5C-78AD-4614-8C52-A7E0FB6238A2} - C:\WINDOWS\system32\flash10swf.dll O2 - BHO: Softonic VLC BR Toolbar - {d9e9b38c-886d-466d-b41c-afe634ac74ec} - C:\Arquivos de programas\Softonic_VLC_BR\tbSof1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: Softonic BR Toolbar - {e6e46d3a-3f73-471e-97a2-a2bd307da4a0} - C:\Arquivos de programas\Softonic_BR\tbSof1.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Flash Video Decoder for FLV - {F7C79362-DDEA-4AF6-AB9F-19F9AF6B94E3} - (no file) O3 - Toolbar: Softonic VLC BR Toolbar - {d9e9b38c-886d-466d-b41c-afe634ac74ec} - C:\Arquivos de programas\Softonic_VLC_BR\tbSof1.dll O3 - Toolbar: Softonic BR Toolbar - {e6e46d3a-3f73-471e-97a2-a2bd307da4a0} - C:\Arquivos de programas\Softonic_BR\tbSof1.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [VVSN] C:\Arquivos de programas\VVSN\VVSN.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [userini] C:\WINDOWS\system32\userini.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Multi File Downloader] C:\Arquivos de programas\Multi File Downloader\MultiFileDownloader.exe O4 - HKCU\..\Run: [software Informer] "C:\Arquivos de programas\Software Informer\softinfo.exe" -autorun O4 - HKCU\..\Run: [EA Core] "C:\Arquivos de programas\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [userini] C:\WINDOWS\system32\userini.exe O4 - HKCU\..\Run: [DriverMax] "C:\Arquivos de programas\Innovative Solutions\DriverMax\devices.exe" -agent O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Arquivos de programas\Innovative Solutions\DriverMax\devices.exe" -RESTART O4 - HKCU\..\Run: [RegistryMechanic] C:\Arquivos de programas\Registry Mechanic\RegMech.exe /H O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [userini] C:\WINDOWS\system32\userini.exe O4 - HKUS\S-1-5-21-448539723-2111687655-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrador') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: IMVU.lnk = C:\Documents and Settings\Leo\Dados de aplicativos\IMVUClient\IMVUQualityAgent.exe O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Leo\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7488A13F-E3D9-4BFF-8024-5249A994AAC4}: NameServer = 201.10.120.2 201.10.1.2 O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Arquivos de programas\Arquivos comuns\PC Tools\sMonitor\StartManSvc.exe O23 - Service: Sukoku Service - Unknown owner - C:\Documents and Settings\All Users\Dados de aplicativos\Sukoku\sukoku125.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Arquivos de programas\Yahoo!\SoftwareUpdate\YahooAUService.exe Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Junho 26, 2010 Bom dia Paladinow 1. *Baixe o AD-Remover e salve-o no desktop *Duplo clique em AD-R.exe *Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa. *Cole o relatório criado em C:\Ad-Report-CLEAN.log 2. *Baixe o MalwareBytes Anti-malware e salve-o no desktop *Instale o programa *Se alguma atualização existir,o download será automático. Aguarde... *O programa será aberto automaticamente. *Na aba [Verificação], selecione a opção [Verificação completa] *Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\) *Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados] *Clique em [Remover Selecionados] *Um relatório (mbam-log-ano-mês-data.txt) será apresentado. *Cole-o na sua próxima resposta Compartilhar este post Link para o post Compartilhar em outros sites
Paladinow 0 Denunciar post Postado Junho 26, 2010 Boa Tarde wings aqui o log do malware, caso precise do log do AD-R tenho ele salvado Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4244 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 26/6/2010 13:42:45 mbam-log-2010-06-26 (13-42-45).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 220702 Tempo decorrido: 1 hora(s), 20 minuto(s), 43 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 1 Valores de Registro Infectados: 3 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 81 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: HKEY_CLASSES_ROOT\flash10fla.Flash Video Decoder for FLV (Trojan.Agent) -> Quarantined and deleted successfully. Valores de Registro Infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Agent) -> Quarantined and deleted successfully. Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: C:\wrsf.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP67\A0091723.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP67\A0091784.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP67\A0092815.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP67\A0092992.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP67\A0093070.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP67\A0096150.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0096300.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0096301.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0097356.exe (Adware.Ziniky) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0097358.exe (Adware.Ziniky) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0097360.exe (Adware.Ziniky) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0097362.exe (Adware.Ziniky) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0097363.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0097364.exe (Adware.WhenU) -> Quarantined and deleted successfully. C:\Arquivos de programas\Ad-Remover\Quarantine\C\Arquivos de programas\Sukoku\sukoku.exe.vir (Adware.Ziniky) -> Quarantined and deleted successfully. C:\Arquivos de programas\Ad-Remover\Quarantine\C\Arquivos de programas\Sukoku\uninstall.exe.vir (Adware.Agent) -> Quarantined and deleted successfully. C:\Arquivos de programas\Ad-Remover\Quarantine\C\Arquivos de programas\Sukoku\Sukoku_deleted0\sukoku.exe.vir (Adware.Ziniky) -> Quarantined and deleted successfully. C:\Arquivos de programas\Ad-Remover\Quarantine\C\Arquivos de programas\Sukoku\Sukoku_deleted_\sukoku.exe.vir (Adware.Ziniky) -> Quarantined and deleted successfully. C:\Arquivos de programas\Ad-Remover\Quarantine\C\Arquivos de programas\vvsn\VVSN.exe.vir (Adware.WhenU) -> Quarantined and deleted successfully. C:\Arquivos de programas\Ad-Remover\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos\Sukoku\sukoku125.exe.vir (Adware.Ziniky) -> Quarantined and deleted successfully. C:\Arquivos de programas\DAEMON Tools\SetupDTSB.exe (Adware.WhenU) -> Quarantined and deleted successfully. C:\Arquivos de programas\Windows Live\Messenger\2sm66r.exe.back (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Arquivos de programas\Windows Live\Messenger\olhrwef.exe.back (Trojan.GameThief) -> Quarantined and deleted successfully. C:\Arquivos de programas\Windows Live\Messenger\rg9g9bgq.exe.back (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Arquivos de programas\Windows Live\Messenger\mbvd.exe.back (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Arquivos de programas\Windows Live\Messenger\mranjm.exe.back (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\0fkk02x.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\1a1dndah.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\1di1w.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\2id9.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\3n8awsyg.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\6ruaqx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\9jyhdim8.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\anoataly.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\cs6phv6d.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\ctu8r.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\curqp.exe.vir (Worm.Taterf) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\eexyv.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\f9o8o.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\g12g.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\hjvjte.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\i9bwjpqc.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\imghyva6.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\k8jc.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\kmj.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\l61yyp.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\lphfa.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\mbdm.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\mwfubaob.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\nds0q.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\ngp8l.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\nqdymj.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\nx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\o8tf6l.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\opdux.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\pbudsara.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\q3kku.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\qv9qc9f.exe.vir (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\r2g20.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\s3ek.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\se12ydam.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\sp1jensi.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\srgo.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\ucivd6xi.bat.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\vb0hsoay.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\vk0w.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\vlvtdflx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\wcgswa.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\wfx062.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\wisf1.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\wu1n.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\ycvvj.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\yu3.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\yudald.bat.vir (Trojan.GameThief) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Arquivos de programas\Windows Live\Messenger\9b9w3.exe.back.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Arquivos de programas\Windows Live\Messenger\qbr2q.exe.back.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\nmdfgds0.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\nmdfgds1.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\userini.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. C:\wglb9q.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Junho 26, 2010 1. *Execute novamente o AD-Remover *Clique em [uninstall] 2. *Desative temporariamente seu antivírus *Baixe o USBFix e salve-o no desktop *Conecte o Pendrive no PC *Duplo clique em UsbFix *Clique em [Pesquisa] e aguarde o término *Remova o Pendrive *Cole o relatório criado em C:\UsbFix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Paladinow 0 Denunciar post Postado Junho 26, 2010 ############################## | UsbFix 7.014 | [Pesquisa] Usuário: Leo (Administrador) # LEO-EE16E4FFE21 [ ] Atualizado em 24/06/10 por El Desaparecido / C_XX Começou em 14:25:48 | 26/06/2010 Site: http://pagesperso-orange.fr/NosTools/index.html Contato: FindyKill.Contact@gmail.com CPU: Intel® Celeron® CPU 420 @ 1.60GHz Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall: Deficientes /!\ Antivirus: ESET Smart Security 4.0 4.0 [(!) Disabled | Updated] Firewall: ESET Personal firewall 4.0.314.0 [Enabled] RAM -> 1015 Mb C:\ (%systemdrive%) -> Disco fixo # 149 Gb (103 Mb livre - 69%) [] # NTFS D:\ -> CD-ROM ################## | Ficheiros # pastas infeciosos | Presente ! C:\601ugf.exe ################## | Registro | Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | ################## | Vaccin | (!) Este computador não é vacinada! ################## | E.O.F | Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Junho 26, 2010 1. *Conecte novamente o Pendrive no PC *Duplo clique em UsbFix *Clique em [supressão] e aguarde o término *Remova o Pendrive *Cole o relatório criado em C:\UsbFix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Paladinow 0 Denunciar post Postado Junho 26, 2010 ############################## | UsbFix 7.014 | [supressão] Usuário: Leo (Administrador) # LEO-EE16E4FFE21 [ ] Atualizado em 24/06/10 por El Desaparecido / C_XX Começou em 14:36:12 | 26/06/2010 Site: http://pagesperso-orange.fr/NosTools/index.html Contato: FindyKill.Contact@gmail.com CPU: Intel® Celeron® CPU 420 @ 1.60GHz Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall: Deficientes /!\ Antivirus: ESET Smart Security 4.0 4.0 [(!) Disabled | Updated] Firewall: ESET Personal firewall 4.0.314.0 [Enabled] RAM -> 1015 Mb C:\ (%systemdrive%) -> Disco fixo # 149 Gb (103 Mb livre - 69%) [] # NTFS D:\ -> CD-ROM ################## | Ficheiros # pastas infeciosos | Supprimido ! C:\601ugf.exe ################## | Registro | Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | ################## | Listing | [30/10/2009 - 12:22:59 | D ] C:\$AVG8.VAULT$ [22/12/2009 - 09:08:06 | D ] C:\1af65db5f0901f001de4e8 [22/12/2009 - 09:08:00 | D ] C:\1f2af16ac0867e0731755aa2a2309e83 [18/09/2009 - 23:02:52 | D ] C:\3e08474e4ac659b6ae5c3c99997d84 [18/09/2009 - 22:59:21 | D ] C:\52c25b8cf3bcbe1db607e1 [18/09/2009 - 22:59:14 | D ] C:\903fcde2a111fce71d [26/06/2010 - 14:19:58 | RD ] C:\Arquivos de programas [19/06/2010 - 07:50:42 | A | 0] C:\atual.txt [05/09/2009 - 12:05:28 | A | 0] C:\AUTOEXEC.BAT [26/06/2010 - 14:30:51 | RASHD ] C:\Autorun.inf [22/12/2009 - 14:45:33 | D ] C:\b00110a28191198b9a [05/09/2009 - 12:00:54 | SH | 211] C:\boot.ini [28/10/2001 - 09:06:10 | RASH | 4952] C:\Bootfont.bin [25/06/2010 - 19:56:58 | D ] C:\ComboFix [22/06/2010 - 10:00:11 | D ] C:\Config.Msi [05/09/2009 - 12:05:28 | A | 0] C:\CONFIG.SYS [13/03/2010 - 10:24:14 | D ] C:\danicurs [22/06/2010 - 09:26:06 | D ] C:\Dell [28/03/2010 - 21:00:44 | D ] C:\Documents and Settings [15/11/2009 - 15:03:30 | D ] C:\Download [22/04/2010 - 07:31:44 | D ] C:\Downloads [05/09/2009 - 12:13:46 | D ] C:\drivers [22/12/2009 - 09:09:22 | D ] C:\f91affa944947ff00f1d [09/03/2010 - 14:16:01 | D ] C:\Gamemaxx [26/02/2010 - 16:38:16 | D ] C:\gamesX [26/06/2010 - 01:27:59 | D ] C:\Hijack [25/06/2010 - 20:01:30 | A | 0] C:\hpzids01.log [05/09/2009 - 12:05:28 | RASH | 0] C:\IO.SYS [21/03/2010 - 01:25:29 | D ] C:\Level Up! Games [05/09/2009 - 12:05:28 | RASH | 0] C:\MSDOS.SYS [03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM [22/09/2009 - 14:22:35 | RASH | 251696] C:\ntldr [26/06/2010 - 13:44:55 | ASH | 1598029824] C:\pagefile.sys [25/02/2010 - 13:29:32 | D ] C:\Program Files [08/02/2010 - 19:45:48 | D ] C:\ProgramData [25/06/2010 - 19:56:15 | D ] C:\Qoobox [26/06/2010 - 14:36:45 | SHD ] C:\RECYCLER [05/09/2009 - 12:25:09 | AH | 268] C:\sqmdata00.sqm [05/09/2009 - 12:37:23 | AH | 268] C:\sqmdata01.sqm [05/09/2009 - 12:37:23 | AH | 172] C:\sqmdata02.sqm [05/09/2009 - 13:28:04 | AH | 268] C:\sqmdata03.sqm [05/09/2009 - 12:25:09 | AH | 244] C:\sqmnoopt00.sqm [05/09/2009 - 12:37:23 | AH | 244] C:\sqmnoopt01.sqm [05/09/2009 - 12:37:23 | AH | 172] C:\sqmnoopt02.sqm [05/09/2009 - 13:28:04 | AH | 244] C:\sqmnoopt03.sqm [17/01/2010 - 00:01:36 | SHD ] C:\System Volume Information [26/06/2010 - 14:36:45 | D ] C:\UsbFix [26/06/2010 - 14:36:50 | A | 1103] C:\UsbFix.txt [23/06/2010 - 14:45:08 | D ] C:\VundoFix Backups [23/06/2010 - 15:49:53 | A | 307] C:\VundoFix.txt [26/06/2010 - 11:50:17 | D ] C:\WINDOWS [12/10/2009 - 22:04:00 | A | 3] C:\WLCount.Txt ################## | Vaccin | C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) ################## | Upload | Favor enviar o arquivo: C:\UsbFix_Upload_Me_LEO-EE16E4FFE21.zip http://chiquitine.changelog.fr/Sample/Upload.php Obrigado pela sua contribuição. ################## | E.O.F | Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Junho 26, 2010 1. Favor enviar o arquivo: C:\UsbFix_Upload_Me_LEO-EE16E4FFE21.zip http://chiquitine.changelog.fr/Sample/Upload.php Obrigado pela sua contribuição. 2. *Duplo clique em UsbFix *Clique em [uninstall] Vejo que possui o Combofix no PC. *Execute-o *Aguarde a conclusão de todas as etapas *Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER. *O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Paladinow 0 Denunciar post Postado Junho 26, 2010 ComboFix 10-06-25.04 - Leo 26/06/2010 15:01:01.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.612 [GMT -3:00] Executando de: c:\documents and settings\Leo\Desktop\ComboFix.exe AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Execuções precedente ------- . c:\arquivos de programas\FunWebProducts c:\arquivos de programas\MyWebSearch c:\arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat C:\f9o8o.exe c:\windows\system32\userini.exe c:\windows\xpsp1hfm.log . (((((((((((((((( Arquivos/Ficheiros criados de 2010-05-26 to 2010-06-26 )))))))))))))))))))))))))))) . 2010-06-26 17:36 . 2010-06-26 17:36 111104 ----a-w- C:\UsbFix_Upload_Me_LEO-EE16E4FFE21.zip 2010-06-26 17:25 . 2010-06-26 17:46 -------- d-----w- C:\UsbFix 2010-06-26 15:14 . 2010-06-26 15:14 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\Malwarebytes 2010-06-26 15:14 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-26 15:13 . 2010-06-26 15:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2010-06-26 15:13 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-26 15:13 . 2010-06-26 15:14 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-06-26 04:27 . 2010-06-26 04:27 -------- d-----w- C:\Hijack 2010-06-24 13:53 . 2010-06-24 13:53 -------- d-----w- c:\arquivos de programas\Teamspeak2_RC2 2010-06-24 13:31 . 2010-06-24 13:31 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\Registry Mechanic 2010-06-23 19:13 . 2010-06-23 19:13 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PC Tools 2010-06-23 17:45 . 2010-06-23 17:45 -------- d-----w- C:\VundoFix Backups 2010-06-22 13:26 . 2010-06-22 13:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Innovative Solutions 2010-06-22 13:26 . 2010-06-22 13:26 -------- d-----w- c:\arquivos de programas\Innovative Solutions 2010-06-22 13:04 . 2010-06-22 13:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\UAB 2010-06-22 12:56 . 2010-06-22 12:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Drivers HeadQuarters 2010-06-22 12:54 . 2010-06-22 12:54 -------- d-----w- c:\arquivos de programas\PC Drivers HeadQuarters 2010-06-22 12:50 . 2010-06-22 12:50 -------- d-----w- c:\arquivos de programas\Realtek 2010-06-22 12:26 . 2010-06-22 12:26 -------- d-----w- C:\Dell 2010-06-22 00:27 . 2010-06-22 00:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Driver Whiz 2010-06-22 00:18 . 2010-06-22 00:18 -------- d-----w- c:\arquivos de programas\Driver Whiz 2010-06-21 23:31 . 2010-06-21 23:31 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\Uniblue 2010-06-21 23:30 . 2010-06-21 23:30 -------- d-----w- c:\arquivos de programas\Uniblue 2010-06-20 10:22 . 2010-06-20 10:28 -------- d-----w- c:\arquivos de programas\TeamSpeak 3 Client 2010-06-19 11:45 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-06-19 11:45 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-06-19 11:45 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-06-19 11:45 . 2008-04-14 02:20 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-06-19 11:40 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys 2010-06-19 11:40 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2010-06-19 11:33 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2010-06-19 11:33 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2010-06-18 21:44 . 2010-06-18 21:44 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\teamspeak2 2010-06-09 16:55 . 2010-06-14 05:20 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\TS3Client . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-26 17:34 . 2010-03-06 15:02 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\Free Download Manager 2010-06-26 16:46 . 2009-09-11 07:11 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-06-26 16:45 . 2009-12-23 01:03 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\Software Informer 2010-06-26 16:45 . 2009-11-21 15:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\boost_interprocess 2010-06-25 12:58 . 2004-08-04 03:45 1034240 ----a-w- c:\windows\explorer.exe 2010-06-22 12:50 . 2009-09-05 15:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-06-15 11:51 . 2010-04-18 07:53 838656 ----a-w- c:\windows\system32\wmpnetwk.exe 2010-06-05 17:48 . 2009-09-16 04:03 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight 2010-05-26 14:21 . 2010-04-30 14:37 1006080 ----a-w- c:\windows\system32\flash10swf.dll 2010-05-25 00:25 . 2010-05-25 00:25 503808 ----a-w- c:\documents and settings\Leo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3918834a-n\msvcp71.dll 2010-05-25 00:25 . 2010-05-25 00:25 499712 ----a-w- c:\documents and settings\Leo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3918834a-n\jmc.dll 2010-05-25 00:25 . 2010-05-25 00:25 348160 ----a-w- c:\documents and settings\Leo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3918834a-n\msvcr71.dll 2010-05-25 00:24 . 2010-05-25 00:24 61440 ----a-w- c:\documents and settings\Leo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6cb543e4-n\decora-sse.dll 2010-05-25 00:24 . 2010-05-25 00:24 12800 ----a-w- c:\documents and settings\Leo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6cb543e4-n\decora-d3d.dll 2010-05-23 23:20 . 2009-09-05 20:14 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\uTorrent 2010-05-09 18:27 . 2010-03-08 06:08 -------- d-----w- c:\arquivos de programas\Bounty Bay Online 2010-04-21 22:29 . 2010-04-21 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll . ((((((((((((((((((((((((((((( SnapShot_2010-06-25_22.54.52 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-25 23:06 . 2008-06-18 21:01 77824 c:\windows\system32\ReinstallBackups\0020\DriverFiles\SOUNDMAN.EXE + 2010-06-25 23:06 . 2008-04-14 01:21 23552 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\wdmaud.drv + 2010-06-25 23:06 . 2004-07-09 07:27 48512 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\stream.sys + 2010-06-25 23:06 . 2008-04-13 18:45 60160 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\drmk.sys + 2010-06-25 23:06 . 2008-06-19 19:20 57344 c:\windows\system32\ReinstallBackups\0020\DriverFiles\ALCMTR.EXE + 2010-06-25 23:06 . 2002-12-12 03:14 4096 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\ksuser.dll + 2010-06-25 23:06 . 2008-03-26 21:50 131072 c:\windows\system32\ReinstallBackups\0020\DriverFiles\RTLCPAPI.dll + 2010-06-25 23:06 . 2008-06-10 17:39 266240 c:\windows\system32\ReinstallBackups\0020\DriverFiles\RTCOMDLL.dll + 2010-06-25 23:06 . 2008-04-13 19:19 146048 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\portcls.sys + 2010-06-25 23:06 . 2007-11-20 21:15 1826816 c:\windows\system32\ReinstallBackups\0020\DriverFiles\SkyTel.exe + 2010-06-25 23:06 . 2008-07-15 16:47 1196032 c:\windows\system32\ReinstallBackups\0020\DriverFiles\RtlUpd.exe + 2010-06-25 23:06 . 2008-06-19 19:27 9715200 c:\windows\system32\ReinstallBackups\0020\DriverFiles\RTLCPL.EXE + 2010-06-25 23:06 . 2008-08-06 20:12 4755968 c:\windows\system32\ReinstallBackups\0020\DriverFiles\RtkHDAud.sys + 2010-06-25 23:06 . 2007-06-28 19:44 2165760 c:\windows\system32\ReinstallBackups\0020\DriverFiles\MicCal.exe + 2010-06-25 23:06 . 2008-06-19 19:42 2808832 c:\windows\system32\ReinstallBackups\0020\DriverFiles\ALCWZRD.EXE + 2010-06-25 23:06 . 2008-12-26 19:20 18081280 c:\windows\system32\ReinstallBackups\0020\DriverFiles\RTHDCPL.EXE . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{d9e9b38c-886d-466d-b41c-afe634ac74ec}"= "c:\arquivos de programas\Softonic_VLC_BR\tbSof1.dll" [2010-05-13 2515552] "{e6e46d3a-3f73-471e-97a2-a2bd307da4a0}"= "c:\arquivos de programas\Softonic_BR\tbSof1.dll" [2010-05-13 2515552] [HKEY_CLASSES_ROOT\clsid\{d9e9b38c-886d-466d-b41c-afe634ac74ec}] [HKEY_CLASSES_ROOT\clsid\{e6e46d3a-3f73-471e-97a2-a2bd307da4a0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9B32E5C-78AD-4614-8C52-A7E0FB6238A2}] 2010-05-26 14:21 1006080 ----a-w- c:\windows\system32\flash10swf.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d9e9b38c-886d-466d-b41c-afe634ac74ec}] 2010-05-13 11:58 2515552 ----a-w- c:\arquivos de programas\Softonic_VLC_BR\tbSof1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e6e46d3a-3f73-471e-97a2-a2bd307da4a0}] 2010-05-13 11:58 2515552 ----a-w- c:\arquivos de programas\Softonic_BR\tbSof1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{d9e9b38c-886d-466d-b41c-afe634ac74ec}"= "c:\arquivos de programas\Softonic_VLC_BR\tbSof1.dll" [2010-05-13 2515552] "{e6e46d3a-3f73-471e-97a2-a2bd307da4a0}"= "c:\arquivos de programas\Softonic_BR\tbSof1.dll" [2010-05-13 2515552] [HKEY_CLASSES_ROOT\clsid\{d9e9b38c-886d-466d-b41c-afe634ac74ec}] [HKEY_CLASSES_ROOT\clsid\{e6e46d3a-3f73-471e-97a2-a2bd307da4a0}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D9E9B38C-886D-466D-B41C-AFE634AC74EC}"= "c:\arquivos de programas\Softonic_VLC_BR\tbSof1.dll" [2010-05-13 2515552] "{E6E46D3A-3F73-471E-97A2-A2BD307DA4A0}"= "c:\arquivos de programas\Softonic_BR\tbSof1.dll" [2010-05-13 2515552] [HKEY_CLASSES_ROOT\clsid\{d9e9b38c-886d-466d-b41c-afe634ac74ec}] [HKEY_CLASSES_ROOT\clsid\{e6e46d3a-3f73-471e-97a2-a2bd307da4a0}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-12-06 954880] "Multi File Downloader"="c:\arquivos de programas\Multi File Downloader\MultiFileDownloader.exe" [2009-11-19 2715648] "Software Informer"="c:\arquivos de programas\Software Informer\softinfo.exe" [2009-11-25 2011205] "EA Core"="c:\arquivos de programas\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952] "Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2009-01-31 3399727] "Pando Media Booster"="c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe" [2010-03-19 2937528] "Google Update"="c:\documents and settings\Leo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-04-22 136176] "DriverMax"="c:\arquivos de programas\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928] "DriverMax_RESTART"="c:\arquivos de programas\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928] "RegistryMechanic"="c:\arquivos de programas\Registry Mechanic\RegMech.exe" [2010-04-08 3233752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-17 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-17 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-17 94208] "SpeedTouch USB Diagnostics"="c:\arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "egui"="c:\arquivos de programas\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400] "DAEMON Tools"="c:\arquivos de programas\DAEMON Tools\daemon.exe" [2005-11-08 128920] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040] "RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\DOWNLOADS\\utorrent-2.0-beta-16222.upx.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\Leo\\Configurações locais\\Dados de aplicativos\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "59017:TCP"= 59017:TCP:Pando Media Booster "59017:UDP"= 59017:UDP:Pando Media Booster R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6/2/2009 14:23 106208] R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET Smart Security\ekrn.exe [6/2/2009 14:23 727720] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\arquivos de programas\Arquivos comuns\PC Tools\sMonitor\StartManSvc.exe [23/6/2010 16:13 632792] S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?] S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys --> c:\windows\system32\XDva332.sys [?] S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/2/2010 16:50 685816] . Conteúdo da pasta 'Tarefas Agendadas' 2010-06-26 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07] 2010-06-26 c:\windows\Tasks\User_Feed_Synchronization-{070EED2D-AB87-4D85-A720-12E15299A875}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31] . . ------- Scan Suplementar ------- . IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Leo\Menu Iniciar\Programas\IMVU\Run IMVU.lnk TCP: {7488A13F-E3D9-4BFF-8024-5249A994AAC4} = 201.10.128.2 201.10.120.3 . - - - - ORFÃOS REMOVIDOS - - - - BHO-{F7C79362-DDEA-4AF6-AB9F-19F9AF6B94E3} - (no file) HKLM-Run-VVSN - c:\arquivos de programas\VVSN\VVSN.exe AddRemove-HijackThis - c:\hijack\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-26 15:04 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(188) c:\windows\system32\WININET.dll c:\arquiv~1\WINDOW~2\wmpband.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\flash10swf.dll c:\arquivos de programas\Microsoft Office\OFFICE11\msohev.dll c:\windows\system32\igfxpph.dll c:\windows\system32\hccutils.DLL . Tempo para conclusão: 2010-06-26 15:08:15 ComboFix-quarantined-files.txt 2010-06-26 18:08 ComboFix2.txt 2010-01-18 10:41 Pré-execução: 26 pasta(s) 110.951.239.680 bytes disponíveis Pós execução: 28 pasta(s) 110.932.365.312 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - 87114A4F4943E484E5EA8A05FF9F3544 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Junho 26, 2010 OK...o PC está limpo....:) 1. *Clique em [iniciar] > [Executar] > digite: Combofix /uninstall *Clique [OK] *Clique em [Executar] *Aguarde até surgir a mensagem: "ComboFix está desinstalado" *Clique [OK] 2. Caso deseje remover da inicialização do PC a opção do Microsoft Windows Recovery Console *Clique em [iniciar] > [Executar] > digite: msconfig *Clique OK *Clique na aba "BOOT.INI" *Selecione a linha C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons *Clique em [Verificar caminhos de inicialização] *Clique em [sIM] > [OK] *Reinicie o PC *Ao iniciar o Windows, o utilitário de configuração informará que foi alterado. *Clique em "Não mostrar esta mensagem ou iniciar o utilitário de configuração do sistema ao iniciar o Windows" 3. Caso deseja ativar novamente o autorun, desativado pelo USBFix, use o programa MKV e clique em [supprimer la vaccination] 4. *Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo] *Clique na aba [Logs], selecione o relatório e clique em [Remover] Caso o problema persista... Leia aqui: http://forum.imasters.com.br/index.php?/topic/388896-teamspeak2-socket-error-11004/ Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Paladinow 0 Denunciar post Postado Junho 26, 2010 wings valeu pela paciencia e brigadao, agora o PC ta limpo ^^ mas o erro persiste vou dar uma olhada ali vlw Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Junho 26, 2010 Dê uma lida aqui também: http://translate.google.com.br/translate?hl=pt-BR&sl=en&u=http://forum.teamspeak.com/showthread.php%3Ft%3D14420&ei=UnMmTPOoC4eQuAeB0s2qAg&sa=X&oi=translate&ct=result&resnum=1&ved=0CBsQ7gEwAA&prev=/search%3Fq%3Dhttp://forum.teamspeak.com/showthread.php%253Ft%253D14420%26hl%3Dpt-BR Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Julho 5, 2010 Tópico reaberto a pedido do membro Post um novo log Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Agosto 5, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites