Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Paladinow

[Arquivado] TS 2 Socket error # 11004

Recommended Posts

Bom eu estou com um Grande problema ao logar meu TS, sempre que tento me conectar no server 69.162.99.119.8767 aparece essa Mensagem de error # 11004 to desesperado nao sei o que fazer ...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mas suspeita mesmo ser vírus?

 

Se sim post um log conforme regra 2 deste fórum

 

http://forum.imasters.com.br/index.php?showtopic=165906

 

Senão melhor redirecionar a outro fórum mais adequado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:29:20, on 26/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe

C:\Arquivos de programas\VVSN\VVSN.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Software Informer\softinfo.exe

C:\Arquivos de programas\Electronic Arts\EADM\Core.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\PC Tools\sMonitor\StartManSvc.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Sukoku\sukoku125.exe

C:\Arquivos de programas\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Arquivos de programas\Sukoku\sukoku.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Level Up! Games\Perfect World\element\ElementClient.exe

C:\Level Up! Games\Perfect World\element\reportbugs\pwprotector.exe

C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Hijack\HiJackThis (1).exe

C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: Softonic VLC BR Toolbar - {d9e9b38c-886d-466d-b41c-afe634ac74ec} - C:\Arquivos de programas\Softonic_VLC_BR\tbSof1.dll

R3 - URLSearchHook: Softonic BR Toolbar - {e6e46d3a-3f73-471e-97a2-a2bd307da4a0} - C:\Arquivos de programas\Softonic_BR\tbSof1.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Arquivos de programas\ChameleonTom\wit4ie.dll (file missing)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: Flash Video Decoder for SWF - {D9B32E5C-78AD-4614-8C52-A7E0FB6238A2} - C:\WINDOWS\system32\flash10swf.dll

O2 - BHO: Softonic VLC BR Toolbar - {d9e9b38c-886d-466d-b41c-afe634ac74ec} - C:\Arquivos de programas\Softonic_VLC_BR\tbSof1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: Softonic BR Toolbar - {e6e46d3a-3f73-471e-97a2-a2bd307da4a0} - C:\Arquivos de programas\Softonic_BR\tbSof1.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Flash Video Decoder for FLV - {F7C79362-DDEA-4AF6-AB9F-19F9AF6B94E3} - (no file)

O3 - Toolbar: Softonic VLC BR Toolbar - {d9e9b38c-886d-466d-b41c-afe634ac74ec} - C:\Arquivos de programas\Softonic_VLC_BR\tbSof1.dll

O3 - Toolbar: Softonic BR Toolbar - {e6e46d3a-3f73-471e-97a2-a2bd307da4a0} - C:\Arquivos de programas\Softonic_BR\tbSof1.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [VVSN] C:\Arquivos de programas\VVSN\VVSN.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [userini] C:\WINDOWS\system32\userini.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Multi File Downloader] C:\Arquivos de programas\Multi File Downloader\MultiFileDownloader.exe

O4 - HKCU\..\Run: [software Informer] "C:\Arquivos de programas\Software Informer\softinfo.exe" -autorun

O4 - HKCU\..\Run: [EA Core] "C:\Arquivos de programas\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Leo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [userini] C:\WINDOWS\system32\userini.exe

O4 - HKCU\..\Run: [DriverMax] "C:\Arquivos de programas\Innovative Solutions\DriverMax\devices.exe" -agent

O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Arquivos de programas\Innovative Solutions\DriverMax\devices.exe" -RESTART

O4 - HKCU\..\Run: [RegistryMechanic] C:\Arquivos de programas\Registry Mechanic\RegMech.exe /H

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [userini] C:\WINDOWS\system32\userini.exe

O4 - HKUS\S-1-5-21-448539723-2111687655-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrador')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: IMVU.lnk = C:\Documents and Settings\Leo\Dados de aplicativos\IMVUClient\IMVUQualityAgent.exe

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Leo\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7488A13F-E3D9-4BFF-8024-5249A994AAC4}: NameServer = 201.10.120.2 201.10.1.2

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Arquivos de programas\Arquivos comuns\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: Sukoku Service - Unknown owner - C:\Documents and Settings\All Users\Dados de aplicativos\Sukoku\sukoku125.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Arquivos de programas\Yahoo!\SoftwareUpdate\YahooAUService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Paladinow

 

 

1.

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe

*Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa.

*Cole o relatório criado em C:\Ad-Report-CLEAN.log

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde wings aqui o log do malware, caso precise do log do AD-R tenho ele salvado

 

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4244

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

26/6/2010 13:42:45

mbam-log-2010-06-26 (13-42-45).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 220702

Tempo decorrido: 1 hora(s), 20 minuto(s), 43 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 3

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 81

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CLASSES_ROOT\flash10fla.Flash Video Decoder for FLV (Trojan.Agent) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Agent) -> Quarantined and deleted successfully.

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\wrsf.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP67\A0091723.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP67\A0091784.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP67\A0092815.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP67\A0092992.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP67\A0093070.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP67\A0096150.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0096300.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0096301.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0097356.exe (Adware.Ziniky) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0097358.exe (Adware.Ziniky) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0097360.exe (Adware.Ziniky) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0097362.exe (Adware.Ziniky) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0097363.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{57E71B15-9C9A-4CAE-9742-E086739F7D97}\RP68\A0097364.exe (Adware.WhenU) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Ad-Remover\Quarantine\C\Arquivos de programas\Sukoku\sukoku.exe.vir (Adware.Ziniky) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Ad-Remover\Quarantine\C\Arquivos de programas\Sukoku\uninstall.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Ad-Remover\Quarantine\C\Arquivos de programas\Sukoku\Sukoku_deleted0\sukoku.exe.vir (Adware.Ziniky) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Ad-Remover\Quarantine\C\Arquivos de programas\Sukoku\Sukoku_deleted_\sukoku.exe.vir (Adware.Ziniky) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Ad-Remover\Quarantine\C\Arquivos de programas\vvsn\VVSN.exe.vir (Adware.WhenU) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Ad-Remover\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos\Sukoku\sukoku125.exe.vir (Adware.Ziniky) -> Quarantined and deleted successfully.

C:\Arquivos de programas\DAEMON Tools\SetupDTSB.exe (Adware.WhenU) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Windows Live\Messenger\2sm66r.exe.back (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Windows Live\Messenger\olhrwef.exe.back (Trojan.GameThief) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Windows Live\Messenger\rg9g9bgq.exe.back (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Windows Live\Messenger\mbvd.exe.back (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Windows Live\Messenger\mranjm.exe.back (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\0fkk02x.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\1a1dndah.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\1di1w.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\2id9.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\3n8awsyg.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\6ruaqx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\9jyhdim8.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\anoataly.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\cs6phv6d.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\ctu8r.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\curqp.exe.vir (Worm.Taterf) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\eexyv.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\f9o8o.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\g12g.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\hjvjte.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\i9bwjpqc.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\imghyva6.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\k8jc.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\kmj.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\l61yyp.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\lphfa.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\mbdm.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\mwfubaob.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\nds0q.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\ngp8l.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\nqdymj.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\nx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\o8tf6l.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\opdux.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\pbudsara.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\q3kku.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\qv9qc9f.exe.vir (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\r2g20.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\s3ek.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\se12ydam.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\sp1jensi.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\srgo.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\ucivd6xi.bat.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\vb0hsoay.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\vk0w.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\vlvtdflx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\wcgswa.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\wfx062.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\wisf1.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\wu1n.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\ycvvj.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\yu3.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\yudald.bat.vir (Trojan.GameThief) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Arquivos de programas\Windows Live\Messenger\9b9w3.exe.back.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Arquivos de programas\Windows Live\Messenger\qbr2q.exe.back.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\nmdfgds0.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\nmdfgds1.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\userini.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\wglb9q.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Execute novamente o AD-Remover

*Clique em [uninstall]

 

2.

*Desative temporariamente seu antivírus

*Baixe o USBFix e salve-o no desktop

*Conecte o Pendrive no PC

*Duplo clique em UsbFix

*Clique em [Pesquisa] e aguarde o término

*Remova o Pendrive

*Cole o relatório criado em C:\UsbFix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

############################## | UsbFix 7.014 | [Pesquisa]

 

Usuário: Leo (Administrador) # LEO-EE16E4FFE21 [ ]

Atualizado em 24/06/10 por El Desaparecido / C_XX

Começou em 14:25:48 | 26/06/2010

Site: http://pagesperso-orange.fr/NosTools/index.html

Contato: FindyKill.Contact@gmail.com

 

CPU: Intel® Celeron® CPU 420 @ 1.60GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Deficientes /!\

Antivirus: ESET Smart Security 4.0 4.0 [(!) Disabled | Updated]

Firewall: ESET Personal firewall 4.0.314.0 [Enabled]

RAM -> 1015 Mb

C:\ (%systemdrive%) -> Disco fixo # 149 Gb (103 Mb livre - 69%) [] # NTFS

D:\ -> CD-ROM

 

################## | Ficheiros # pastas infeciosos |

 

Presente ! C:\601ugf.exe

 

################## | Registro |

 

Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

 

################## | Mountpoints2 |

 

 

################## | Vaccin |

 

(!) Este computador não é vacinada!

 

################## | E.O.F |

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Conecte novamente o Pendrive no PC

*Duplo clique em UsbFix

*Clique em [supressão] e aguarde o término

*Remova o Pendrive

*Cole o relatório criado em C:\UsbFix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

############################## | UsbFix 7.014 | [supressão]

 

Usuário: Leo (Administrador) # LEO-EE16E4FFE21 [ ]

Atualizado em 24/06/10 por El Desaparecido / C_XX

Começou em 14:36:12 | 26/06/2010

Site: http://pagesperso-orange.fr/NosTools/index.html

Contato: FindyKill.Contact@gmail.com

 

CPU: Intel® Celeron® CPU 420 @ 1.60GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Deficientes /!\

Antivirus: ESET Smart Security 4.0 4.0 [(!) Disabled | Updated]

Firewall: ESET Personal firewall 4.0.314.0 [Enabled]

RAM -> 1015 Mb

C:\ (%systemdrive%) -> Disco fixo # 149 Gb (103 Mb livre - 69%) [] # NTFS

D:\ -> CD-ROM

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\601ugf.exe

 

################## | Registro |

 

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

 

################## | Mountpoints2 |

 

 

################## | Listing |

 

[30/10/2009 - 12:22:59 | D ] C:\$AVG8.VAULT$

[22/12/2009 - 09:08:06 | D ] C:\1af65db5f0901f001de4e8

[22/12/2009 - 09:08:00 | D ] C:\1f2af16ac0867e0731755aa2a2309e83

[18/09/2009 - 23:02:52 | D ] C:\3e08474e4ac659b6ae5c3c99997d84

[18/09/2009 - 22:59:21 | D ] C:\52c25b8cf3bcbe1db607e1

[18/09/2009 - 22:59:14 | D ] C:\903fcde2a111fce71d

[26/06/2010 - 14:19:58 | RD ] C:\Arquivos de programas

[19/06/2010 - 07:50:42 | A | 0] C:\atual.txt

[05/09/2009 - 12:05:28 | A | 0] C:\AUTOEXEC.BAT

[26/06/2010 - 14:30:51 | RASHD ] C:\Autorun.inf

[22/12/2009 - 14:45:33 | D ] C:\b00110a28191198b9a

[05/09/2009 - 12:00:54 | SH | 211] C:\boot.ini

[28/10/2001 - 09:06:10 | RASH | 4952] C:\Bootfont.bin

[25/06/2010 - 19:56:58 | D ] C:\ComboFix

[22/06/2010 - 10:00:11 | D ] C:\Config.Msi

[05/09/2009 - 12:05:28 | A | 0] C:\CONFIG.SYS

[13/03/2010 - 10:24:14 | D ] C:\danicurs

[22/06/2010 - 09:26:06 | D ] C:\Dell

[28/03/2010 - 21:00:44 | D ] C:\Documents and Settings

[15/11/2009 - 15:03:30 | D ] C:\Download

[22/04/2010 - 07:31:44 | D ] C:\Downloads

[05/09/2009 - 12:13:46 | D ] C:\drivers

[22/12/2009 - 09:09:22 | D ] C:\f91affa944947ff00f1d

[09/03/2010 - 14:16:01 | D ] C:\Gamemaxx

[26/02/2010 - 16:38:16 | D ] C:\gamesX

[26/06/2010 - 01:27:59 | D ] C:\Hijack

[25/06/2010 - 20:01:30 | A | 0] C:\hpzids01.log

[05/09/2009 - 12:05:28 | RASH | 0] C:\IO.SYS

[21/03/2010 - 01:25:29 | D ] C:\Level Up! Games

[05/09/2009 - 12:05:28 | RASH | 0] C:\MSDOS.SYS

[03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM

[22/09/2009 - 14:22:35 | RASH | 251696] C:\ntldr

[26/06/2010 - 13:44:55 | ASH | 1598029824] C:\pagefile.sys

[25/02/2010 - 13:29:32 | D ] C:\Program Files

[08/02/2010 - 19:45:48 | D ] C:\ProgramData

[25/06/2010 - 19:56:15 | D ] C:\Qoobox

[26/06/2010 - 14:36:45 | SHD ] C:\RECYCLER

[05/09/2009 - 12:25:09 | AH | 268] C:\sqmdata00.sqm

[05/09/2009 - 12:37:23 | AH | 268] C:\sqmdata01.sqm

[05/09/2009 - 12:37:23 | AH | 172] C:\sqmdata02.sqm

[05/09/2009 - 13:28:04 | AH | 268] C:\sqmdata03.sqm

[05/09/2009 - 12:25:09 | AH | 244] C:\sqmnoopt00.sqm

[05/09/2009 - 12:37:23 | AH | 244] C:\sqmnoopt01.sqm

[05/09/2009 - 12:37:23 | AH | 172] C:\sqmnoopt02.sqm

[05/09/2009 - 13:28:04 | AH | 244] C:\sqmnoopt03.sqm

[17/01/2010 - 00:01:36 | SHD ] C:\System Volume Information

[26/06/2010 - 14:36:45 | D ] C:\UsbFix

[26/06/2010 - 14:36:50 | A | 1103] C:\UsbFix.txt

[23/06/2010 - 14:45:08 | D ] C:\VundoFix Backups

[23/06/2010 - 15:49:53 | A | 307] C:\VundoFix.txt

[26/06/2010 - 11:50:17 | D ] C:\WINDOWS

[12/10/2009 - 22:04:00 | A | 3] C:\WLCount.Txt

 

################## | Vaccin |

 

C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

 

################## | Upload |

 

Favor enviar o arquivo: C:\UsbFix_Upload_Me_LEO-EE16E4FFE21.zip

http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição.

 

################## | E.O.F |

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

Favor enviar o arquivo: C:\UsbFix_Upload_Me_LEO-EE16E4FFE21.zip

http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição.

 

2.

*Duplo clique em UsbFix

*Clique em [uninstall]

 

 

Vejo que possui o Combofix no PC.

 

*Execute-o

*Aguarde a conclusão de todas as etapas

 

etapas.jpg

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-06-25.04 - Leo 26/06/2010 15:01:01.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.612 [GMT -3:00]

Executando de: c:\documents and settings\Leo\Desktop\ComboFix.exe

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Execuções precedente -------

.

c:\arquivos de programas\FunWebProducts

c:\arquivos de programas\MyWebSearch

c:\arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat

C:\f9o8o.exe

c:\windows\system32\userini.exe

c:\windows\xpsp1hfm.log

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-26 to 2010-06-26 ))))))))))))))))))))))))))))

.

 

2010-06-26 17:36 . 2010-06-26 17:36 111104 ----a-w- C:\UsbFix_Upload_Me_LEO-EE16E4FFE21.zip

2010-06-26 17:25 . 2010-06-26 17:46 -------- d-----w- C:\UsbFix

2010-06-26 15:14 . 2010-06-26 15:14 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\Malwarebytes

2010-06-26 15:14 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-26 15:13 . 2010-06-26 15:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-06-26 15:13 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-26 15:13 . 2010-06-26 15:14 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-06-26 04:27 . 2010-06-26 04:27 -------- d-----w- C:\Hijack

2010-06-24 13:53 . 2010-06-24 13:53 -------- d-----w- c:\arquivos de programas\Teamspeak2_RC2

2010-06-24 13:31 . 2010-06-24 13:31 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\Registry Mechanic

2010-06-23 19:13 . 2010-06-23 19:13 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PC Tools

2010-06-23 17:45 . 2010-06-23 17:45 -------- d-----w- C:\VundoFix Backups

2010-06-22 13:26 . 2010-06-22 13:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Innovative Solutions

2010-06-22 13:26 . 2010-06-22 13:26 -------- d-----w- c:\arquivos de programas\Innovative Solutions

2010-06-22 13:04 . 2010-06-22 13:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\UAB

2010-06-22 12:56 . 2010-06-22 12:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Drivers HeadQuarters

2010-06-22 12:54 . 2010-06-22 12:54 -------- d-----w- c:\arquivos de programas\PC Drivers HeadQuarters

2010-06-22 12:50 . 2010-06-22 12:50 -------- d-----w- c:\arquivos de programas\Realtek

2010-06-22 12:26 . 2010-06-22 12:26 -------- d-----w- C:\Dell

2010-06-22 00:27 . 2010-06-22 00:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Driver Whiz

2010-06-22 00:18 . 2010-06-22 00:18 -------- d-----w- c:\arquivos de programas\Driver Whiz

2010-06-21 23:31 . 2010-06-21 23:31 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\Uniblue

2010-06-21 23:30 . 2010-06-21 23:30 -------- d-----w- c:\arquivos de programas\Uniblue

2010-06-20 10:22 . 2010-06-20 10:28 -------- d-----w- c:\arquivos de programas\TeamSpeak 3 Client

2010-06-19 11:45 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-06-19 11:45 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2010-06-19 11:45 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-06-19 11:45 . 2008-04-14 02:20 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-06-19 11:40 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2010-06-19 11:40 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2010-06-19 11:33 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2010-06-19 11:33 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-06-18 21:44 . 2010-06-18 21:44 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\teamspeak2

2010-06-09 16:55 . 2010-06-14 05:20 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\TS3Client

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-26 17:34 . 2010-03-06 15:02 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\Free Download Manager

2010-06-26 16:46 . 2009-09-11 07:11 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-06-26 16:45 . 2009-12-23 01:03 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\Software Informer

2010-06-26 16:45 . 2009-11-21 15:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\boost_interprocess

2010-06-25 12:58 . 2004-08-04 03:45 1034240 ----a-w- c:\windows\explorer.exe

2010-06-22 12:50 . 2009-09-05 15:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-06-15 11:51 . 2010-04-18 07:53 838656 ----a-w- c:\windows\system32\wmpnetwk.exe

2010-06-05 17:48 . 2009-09-16 04:03 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-05-26 14:21 . 2010-04-30 14:37 1006080 ----a-w- c:\windows\system32\flash10swf.dll

2010-05-25 00:25 . 2010-05-25 00:25 503808 ----a-w- c:\documents and settings\Leo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3918834a-n\msvcp71.dll

2010-05-25 00:25 . 2010-05-25 00:25 499712 ----a-w- c:\documents and settings\Leo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3918834a-n\jmc.dll

2010-05-25 00:25 . 2010-05-25 00:25 348160 ----a-w- c:\documents and settings\Leo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3918834a-n\msvcr71.dll

2010-05-25 00:24 . 2010-05-25 00:24 61440 ----a-w- c:\documents and settings\Leo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6cb543e4-n\decora-sse.dll

2010-05-25 00:24 . 2010-05-25 00:24 12800 ----a-w- c:\documents and settings\Leo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6cb543e4-n\decora-d3d.dll

2010-05-23 23:20 . 2009-09-05 20:14 -------- d-----w- c:\documents and settings\Leo\Dados de aplicativos\uTorrent

2010-05-09 18:27 . 2010-03-08 06:08 -------- d-----w- c:\arquivos de programas\Bounty Bay Online

2010-04-21 22:29 . 2010-04-21 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

.

 

((((((((((((((((((((((((((((( SnapShot_2010-06-25_22.54.52 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-25 23:06 . 2008-06-18 21:01 77824 c:\windows\system32\ReinstallBackups\0020\DriverFiles\SOUNDMAN.EXE

+ 2010-06-25 23:06 . 2008-04-14 01:21 23552 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\wdmaud.drv

+ 2010-06-25 23:06 . 2004-07-09 07:27 48512 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\stream.sys

+ 2010-06-25 23:06 . 2008-04-13 18:45 60160 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\drmk.sys

+ 2010-06-25 23:06 . 2008-06-19 19:20 57344 c:\windows\system32\ReinstallBackups\0020\DriverFiles\ALCMTR.EXE

+ 2010-06-25 23:06 . 2002-12-12 03:14 4096 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\ksuser.dll

+ 2010-06-25 23:06 . 2008-03-26 21:50 131072 c:\windows\system32\ReinstallBackups\0020\DriverFiles\RTLCPAPI.dll

+ 2010-06-25 23:06 . 2008-06-10 17:39 266240 c:\windows\system32\ReinstallBackups\0020\DriverFiles\RTCOMDLL.dll

+ 2010-06-25 23:06 . 2008-04-13 19:19 146048 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\portcls.sys

+ 2010-06-25 23:06 . 2007-11-20 21:15 1826816 c:\windows\system32\ReinstallBackups\0020\DriverFiles\SkyTel.exe

+ 2010-06-25 23:06 . 2008-07-15 16:47 1196032 c:\windows\system32\ReinstallBackups\0020\DriverFiles\RtlUpd.exe

+ 2010-06-25 23:06 . 2008-06-19 19:27 9715200 c:\windows\system32\ReinstallBackups\0020\DriverFiles\RTLCPL.EXE

+ 2010-06-25 23:06 . 2008-08-06 20:12 4755968 c:\windows\system32\ReinstallBackups\0020\DriverFiles\RtkHDAud.sys

+ 2010-06-25 23:06 . 2007-06-28 19:44 2165760 c:\windows\system32\ReinstallBackups\0020\DriverFiles\MicCal.exe

+ 2010-06-25 23:06 . 2008-06-19 19:42 2808832 c:\windows\system32\ReinstallBackups\0020\DriverFiles\ALCWZRD.EXE

+ 2010-06-25 23:06 . 2008-12-26 19:20 18081280 c:\windows\system32\ReinstallBackups\0020\DriverFiles\RTHDCPL.EXE

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{d9e9b38c-886d-466d-b41c-afe634ac74ec}"= "c:\arquivos de programas\Softonic_VLC_BR\tbSof1.dll" [2010-05-13 2515552]

"{e6e46d3a-3f73-471e-97a2-a2bd307da4a0}"= "c:\arquivos de programas\Softonic_BR\tbSof1.dll" [2010-05-13 2515552]

 

[HKEY_CLASSES_ROOT\clsid\{d9e9b38c-886d-466d-b41c-afe634ac74ec}]

 

[HKEY_CLASSES_ROOT\clsid\{e6e46d3a-3f73-471e-97a2-a2bd307da4a0}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9B32E5C-78AD-4614-8C52-A7E0FB6238A2}]

2010-05-26 14:21 1006080 ----a-w- c:\windows\system32\flash10swf.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d9e9b38c-886d-466d-b41c-afe634ac74ec}]

2010-05-13 11:58 2515552 ----a-w- c:\arquivos de programas\Softonic_VLC_BR\tbSof1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e6e46d3a-3f73-471e-97a2-a2bd307da4a0}]

2010-05-13 11:58 2515552 ----a-w- c:\arquivos de programas\Softonic_BR\tbSof1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{d9e9b38c-886d-466d-b41c-afe634ac74ec}"= "c:\arquivos de programas\Softonic_VLC_BR\tbSof1.dll" [2010-05-13 2515552]

"{e6e46d3a-3f73-471e-97a2-a2bd307da4a0}"= "c:\arquivos de programas\Softonic_BR\tbSof1.dll" [2010-05-13 2515552]

 

[HKEY_CLASSES_ROOT\clsid\{d9e9b38c-886d-466d-b41c-afe634ac74ec}]

 

[HKEY_CLASSES_ROOT\clsid\{e6e46d3a-3f73-471e-97a2-a2bd307da4a0}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D9E9B38C-886D-466D-B41C-AFE634AC74EC}"= "c:\arquivos de programas\Softonic_VLC_BR\tbSof1.dll" [2010-05-13 2515552]

"{E6E46D3A-3F73-471E-97A2-A2BD307DA4A0}"= "c:\arquivos de programas\Softonic_BR\tbSof1.dll" [2010-05-13 2515552]

 

[HKEY_CLASSES_ROOT\clsid\{d9e9b38c-886d-466d-b41c-afe634ac74ec}]

 

[HKEY_CLASSES_ROOT\clsid\{e6e46d3a-3f73-471e-97a2-a2bd307da4a0}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-12-06 954880]

"Multi File Downloader"="c:\arquivos de programas\Multi File Downloader\MultiFileDownloader.exe" [2009-11-19 2715648]

"Software Informer"="c:\arquivos de programas\Software Informer\softinfo.exe" [2009-11-25 2011205]

"EA Core"="c:\arquivos de programas\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]

"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2009-01-31 3399727]

"Pando Media Booster"="c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe" [2010-03-19 2937528]

"Google Update"="c:\documents and settings\Leo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-04-22 136176]

"DriverMax"="c:\arquivos de programas\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]

"DriverMax_RESTART"="c:\arquivos de programas\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]

"RegistryMechanic"="c:\arquivos de programas\Registry Mechanic\RegMech.exe" [2010-04-08 3233752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-17 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-17 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-17 94208]

"SpeedTouch USB Diagnostics"="c:\arquivos de programas\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"egui"="c:\arquivos de programas\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]

"DAEMON Tools"="c:\arquivos de programas\DAEMON Tools\daemon.exe" [2005-11-08 128920]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\DOWNLOADS\\utorrent-2.0-beta-16222.upx.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Leo\\Configurações locais\\Dados de aplicativos\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"59017:TCP"= 59017:TCP:Pando Media Booster

"59017:UDP"= 59017:UDP:Pando Media Booster

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6/2/2009 14:23 106208]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET Smart Security\ekrn.exe [6/2/2009 14:23 727720]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\arquivos de programas\Arquivos comuns\PC Tools\sMonitor\StartManSvc.exe [23/6/2010 16:13 632792]

S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]

S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys --> c:\windows\system32\XDva332.sys [?]

S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/2/2010 16:50 685816]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-06-26 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

 

2010-06-26 c:\windows\Tasks\User_Feed_Synchronization-{070EED2D-AB87-4D85-A720-12E15299A875}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Leo\Menu Iniciar\Programas\IMVU\Run IMVU.lnk

TCP: {7488A13F-E3D9-4BFF-8024-5249A994AAC4} = 201.10.128.2 201.10.120.3

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{F7C79362-DDEA-4AF6-AB9F-19F9AF6B94E3} - (no file)

HKLM-Run-VVSN - c:\arquivos de programas\VVSN\VVSN.exe

AddRemove-HijackThis - c:\hijack\HijackThis.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-26 15:04

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(188)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\flash10swf.dll

c:\arquivos de programas\Microsoft Office\OFFICE11\msohev.dll

c:\windows\system32\igfxpph.dll

c:\windows\system32\hccutils.DLL

.

Tempo para conclusão: 2010-06-26 15:08:15

ComboFix-quarantined-files.txt 2010-06-26 18:08

ComboFix2.txt 2010-01-18 10:41

 

Pré-execução: 26 pasta(s) 110.951.239.680 bytes disponíveis

Pós execução: 28 pasta(s) 110.932.365.312 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5

- - End Of File - - 87114A4F4943E484E5EA8A05FF9F3544

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...o PC está limpo....:)

 

1.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

92674490.jpg

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

2.

Caso deseje remover da inicialização do PC a opção do Microsoft Windows Recovery Console

*Clique em [iniciar] > [Executar] > digite: msconfig

*Clique OK

*Clique na aba "BOOT.INI"

*Selecione a linha C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

removercombofix1.jpg

 

*Clique em [Verificar caminhos de inicialização]

*Clique em [sIM] > [OK]

 

removercombofix2.jpg

 

*Reinicie o PC

*Ao iniciar o Windows, o utilitário de configuração informará que foi alterado.

*Clique em "Não mostrar esta mensagem ou iniciar o utilitário de configuração do sistema ao iniciar o Windows"

 

3.

Caso deseja ativar novamente o autorun, desativado pelo USBFix, use o programa MKV e clique em [supprimer la vaccination]

 

4.

*Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]

*Clique na aba [Logs], selecione o relatório e clique em [Remover]

 

 

Caso o problema persista...

 

Leia aqui:

http://forum.imasters.com.br/index.php?/topic/388896-teamspeak2-socket-error-11004/

 

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico reaberto a pedido do membro

 

Post um novo log

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.