[Resolvido!] Analise de log

[wings 22]

1.

*Execute o AD-Remover

*Clique [uninstall]

 

2.

*Abra o bloco de notas e cole nele o código abaixo:

 

File::

c:\docume~1\XP\CONFIG~1\Temp\extrem.sys

Driver::

extrem.sys

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2.

*Cole o relatório C:\combofix.txt

[vasp 0]

Ei wings, eu tenho aula amanha cedo... n tem como você me auxiliar amanha num horario melhora para mim ?

[wings 22]

Faça este procedimento...em seguida solicitarei dois rápidos e amanhã continuaremos.

[vasp 0]

ok ;x

[vasp 0]

ComboFix 10-09-01.02 - XP 02/09/2010 0:47.3.4 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2047.1453 [GMT -3:00]

Executando de: c:\documents and settings\XP\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\XP\Desktop\CFScript.txt.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

FILE ::

"c:\docume~1\XP\CONFIG~1\Temp\extrem.sys"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_EXTREM.SYS

-------\Service_extrem.sys

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-02 to 2010-09-02 ))))))))))))))))))))))))))))

.

 

2010-09-01 22:50 . 2010-09-01 22:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles

2010-09-01 21:55 . 2010-09-01 21:55 -------- d-----w- c:\documents and settings\XP\Dados de aplicativos\Malwarebytes

2010-09-01 21:55 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-01 21:55 . 2010-09-01 21:55 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-09-01 21:55 . 2010-09-01 21:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-09-01 21:55 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-01 20:26 . 2010-09-02 03:32 -------- d-----w- C:\FyK

2010-09-01 19:08 . 2010-09-01 20:21 -------- d-----w- C:\UsbFix

2010-09-01 18:09 . 2010-09-01 18:09 65024 ----a-w- c:\documents and settings\XP\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\9\e375149-59bc6b39-n\jinput-dx8_64.dll

2010-09-01 18:09 . 2010-09-01 18:09 62464 ----a-w- c:\documents and settings\XP\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\9\e375149-59bc6b39-n\jinput-raw_64.dll

2010-09-01 18:09 . 2010-09-01 18:09 61952 ----a-w- c:\documents and settings\XP\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\9\e375149-59bc6b39-n\jinput-dx8.dll

2010-09-01 18:09 . 2010-09-01 18:09 59392 ----a-w- c:\documents and settings\XP\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\9\e375149-59bc6b39-n\jinput-raw.dll

2010-09-01 18:09 . 2010-09-01 18:09 56832 ----a-w- c:\documents and settings\XP\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\9\e375149-59bc6b39-n\jinput-wintab.dll

2010-08-28 15:51 . 2010-08-28 16:56 -------- d-----w- C:\RagnaSony

2010-08-22 21:54 . 2010-08-22 21:54 -------- d-----w- C:\PopGameBox

2010-08-08 15:11 . 2010-08-08 15:11 503808 ----a-w- c:\documents and settings\XP\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-10cffe1e-n\msvcp71.dll

2010-08-08 15:11 . 2010-08-08 15:11 499712 ----a-w- c:\documents and settings\XP\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-10cffe1e-n\jmc.dll

2010-08-08 15:11 . 2010-08-08 15:11 348160 ----a-w- c:\documents and settings\XP\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-10cffe1e-n\msvcr71.dll

2010-08-08 15:11 . 2010-08-08 15:11 61440 ----a-w- c:\documents and settings\XP\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7bc5e408-n\decora-sse.dll

2010-08-08 15:11 . 2010-08-08 15:11 12800 ----a-w- c:\documents and settings\XP\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7bc5e408-n\decora-d3d.dll

2010-08-07 06:47 . 2010-08-07 06:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Blizzard Entertainment

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-02 03:53 . 2010-02-12 20:16 -------- d-----w- c:\documents and settings\XP\Dados de aplicativos\Skype

2010-09-02 03:52 . 2010-03-02 19:50 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Akamai

2010-09-02 03:02 . 2010-02-12 20:19 -------- d-----w- c:\documents and settings\XP\Dados de aplicativos\skypePM

2010-09-02 02:45 . 2010-04-03 00:04 -------- d-----w- c:\arquivos de programas\Free Offers from Freeze.com

2010-09-02 02:24 . 2009-12-02 22:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-09-02 01:32 . 2009-12-02 21:07 -------- d-----w- c:\arquivos de programas\uTorrent

2010-09-02 01:32 . 2009-12-06 00:39 -------- d-----w- c:\arquivos de programas\San Andreas Mod Installer

2010-09-01 23:49 . 2010-04-30 22:07 -------- d-----w- c:\arquivos de programas\Lineage II

2010-09-01 23:27 . 2009-12-03 20:05 -------- d-----w- c:\arquivos de programas\Heroes of Newerth

2010-09-01 23:05 . 2010-06-27 01:17 -------- d-----w- c:\arquivos de programas\APT

2010-09-01 19:31 . 2009-12-19 06:38 -------- d-----w- c:\arquivos de programas\PhotoFiltre

2010-08-31 22:33 . 2010-02-16 03:14 -------- d-----w- c:\documents and settings\XP\Dados de aplicativos\Free Download Manager

2010-08-24 22:24 . 2009-12-07 17:36 -------- d-----w- c:\documents and settings\XP\Dados de aplicativos\teamspeak2

2010-08-23 18:22 . 2010-08-23 18:18 332612446 ----a-w- c:\arquivos de programas\Valve.rar

2010-08-23 16:33 . 2010-07-21 03:00 -------- d-----w- c:\arquivos de programas\Diablo II

2010-08-23 16:04 . 2009-12-17 00:10 -------- d-----w- c:\arquivos de programas\Warcraft III

2010-08-23 16:04 . 2009-12-17 18:16 -------- d-----w- c:\arquivos de programas\Garena

2010-08-14 20:09 . 2010-07-27 19:59 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2010-08-14 02:20 . 2010-04-04 18:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton

2010-08-12 22:53 . 2010-02-08 21:54 -------- d-----w- c:\documents and settings\XP\Dados de aplicativos\LimeWire

2010-08-12 22:18 . 2009-12-02 20:59 -------- d-----w- c:\documents and settings\XP\Dados de aplicativos\uTorrent

2010-08-11 14:32 . 2009-12-04 22:37 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-07-25 22:17 . 2009-12-01 20:45 -------- d-----w- c:\documents and settings\XP\Dados de aplicativos\sqlitestudio

2010-07-21 03:10 . 2010-07-21 03:04 40051 ----a-w- c:\windows\DIIUnin.dat

2010-07-21 03:09 . 2009-12-01 15:04 21840 ----atw- c:\windows\system32\SIntfNT.dll

2010-07-21 03:09 . 2009-12-01 15:04 17212 ----atw- c:\windows\system32\SIntf32.dll

2010-07-21 03:09 . 2009-12-01 15:04 12067 ----atw- c:\windows\system32\SIntf16.dll

2010-07-21 03:04 . 2010-07-21 03:04 94208 ----a-w- c:\windows\DIIUnin.exe

2010-07-21 03:04 . 2010-07-21 03:04 2829 ----a-w- c:\windows\DIIUnin.pif

2010-07-21 02:59 . 2010-07-21 02:48 -------- d-----w- c:\arquivos de programas\dddd

2010-07-21 02:47 . 2010-02-04 01:52 -------- d-----w- c:\arquivos de programas\Sierra On-Line

2010-07-20 20:37 . 2010-07-20 20:37 3352628 ----a-w- c:\arquivos de programas\Remere's Map Editor.rar

2010-07-20 02:34 . 2010-05-02 00:38 -------- d-----w- c:\documents and settings\XP\Dados de aplicativos\TortoiseSVN

2010-07-19 20:31 . 2010-06-27 21:16 -------- d-----w- c:\arquivos de programas\Tibia8.57

2010-07-18 23:29 . 2009-12-05 04:41 -------- d-----w- c:\documents and settings\XP\Dados de aplicativos\Tibia

2010-07-18 21:25 . 2010-07-18 21:25 -------- d-----w- c:\documents and settings\XP\Dados de aplicativos\Remere's Map Editor

2010-07-18 21:25 . 2010-07-18 21:25 -------- d-----w- c:\arquivos de programas\Remere's Map Editor

2010-07-18 07:16 . 2010-05-15 11:14 -------- d-----w- c:\arquivos de programas\Rockstar Games

2010-07-18 07:07 . 2009-11-30 13:47 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-07-18 05:51 . 2010-07-18 05:47 -------- d-----w- c:\arquivos de programas\EasyPHP1-7

2010-07-18 04:31 . 2010-04-02 13:21 41 ----a-w- c:\documents and settings\XP\jagex__preferences3.dat

2010-07-18 04:31 . 2010-03-06 21:55 46 ----a-w- c:\documents and settings\XP\jagex_runescape_preferences.dat

2010-07-18 04:29 . 2010-03-06 21:57 99 ----a-w- c:\documents and settings\XP\jagex_runescape_preferences2.dat

2010-07-18 00:43 . 2010-05-13 21:03 -------- d-----w- c:\arquivos de programas\Heroes of Newerth - Extreme

2010-07-13 00:22 . 2009-12-08 20:56 -------- d-----w- c:\arquivos de programas\Valve

2010-07-13 00:22 . 2010-02-03 19:36 -------- d-----w- c:\arquivos de programas\sXe Injected

2010-07-05 04:09 . 2010-07-05 04:09 -------- d-----w- c:\arquivos de programas\Fake Webcam

2010-07-05 04:09 . 2010-07-05 04:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\fwc

2010-06-27 21:46 . 2010-06-27 21:46 3577605 ----a-w- c:\arquivos de programas\TibiaBot NG4.rar

2010-06-23 17:26 . 2010-06-27 18:45 11449688 ----a-w- c:\documents and settings\XP\Dados de aplicativos\Sony Online Entertainment\Installed Games\Free Realms\FreeRealms.exe

2010-06-23 17:20 . 2010-06-27 18:43 94208 ----a-w- c:\documents and settings\XP\Dados de aplicativos\Sony Online Entertainment\Installed Games\Free Realms\GraphicsDriver.dll

2010-06-23 17:19 . 2010-06-27 18:45 2854912 ----a-w- c:\documents and settings\XP\Dados de aplicativos\Sony Online Entertainment\Installed Games\Free Realms\GFxWrap.dll

2010-06-20 14:21 . 2001-10-28 17:07 71938 ----a-w- c:\windows\system32\perfc016.dat

2010-06-20 14:21 . 2001-10-28 17:07 436754 ----a-w- c:\windows\system32\perfh016.dat

.

 

------- Sigcheck -------

 

[-] 2009-06-10 . C332E43B1C3AFDEF239C32CD1E5D0A4E . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-09-02_02.56.57 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-02 03:51 . 2010-09-02 03:51 16384 c:\windows\Temp\Perflib_Perfdata_c4.dat

+ 2010-09-02 03:52 . 2010-09-02 03:52 16384 c:\windows\Temp\Perflib_Perfdata_c30.dat

+ 2010-09-02 03:51 . 2010-09-02 03:51 16384 c:\windows\Temp\Perflib_Perfdata_3f8.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 87304 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 87304 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 87304 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 87304 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 87304 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 87304 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 87304 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 87304 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 11:55 87304 ----a-w- c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-05-13 26192168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-21 13680640]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2004-08-04 101376]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^XP^Menu Iniciar^Programas^Inicializar^Aeon - Lineage II.lnk]

path=c:\documents and settings\XP\Menu Iniciar\Programas\Inicializar\Aeon - Lineage II.lnk

backup=c:\windows\pss\Aeon - Lineage II.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^XP^Menu Iniciar^Programas^Inicializar^Warcraft Config.lnk]

path=c:\documents and settings\XP\Menu Iniciar\Programas\Inicializar\Warcraft Config.lnk

backup=c:\windows\pss\Warcraft Config.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 06:08 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2009-03-02 15:08 209153 ----a-w- c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-27 21:03 152872 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2004-08-04 02:45 15360 ----a-w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57 369200 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]

2010-02-23 23:45 982528 ----a-w- c:\arquivos de programas\W3i\InstallIQUpdater\InstallIQUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]

2010-03-30 14:16 1820040 ----a-w- c:\arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 18:44 3883840 ------w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 17:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-01-21 16:08 13680640 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2009-01-21 16:08 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2009-01-21 16:08 1657376 ----a-w- c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2010-05-18 21:13 2938552 ----a-w- c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2003-12-08 19:35 32768 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-11-17 08:08 17676288 ----a-w- c:\windows\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 18:07 2260480 --sha-r- c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 14:43 248040 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Garena\\Garena.exe"=

"c:\\Arquivos de programas\\Heroes of Newerth\\hon.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Valve\\hlds.exe"=

"c:\\Arquivos de programas\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aomx.exe"=

"c:\\Arquivos de programas\\Heroes of Newerth - Extreme\\hon.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=

"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=

"c:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aom.exe"=

"c:\\Arquivos de programas\\BYOND\\bin\\byond.exe"=

"c:\\Arquivos de programas\\Turbine\\DDO Unlimited\\dndclient.exe"=

"c:\\AppServ\\Apache2.2\\bin\\httpd.exe"=

"c:\\Documents and Settings\\XP\\Desktop\\OTSERVS\\PortaSafe.AntiNuker.xh0t\\Portsafe_Anti-Nuker_.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58472:TCP"= 58472:TCP:Pando Media Booster

"58472:UDP"= 58472:UDP:Pando Media Booster

"5910:TCP"= 5910:TCP:vnc5910

"56227:TCP"= 56227:TCP:Pando Media Booster

"56227:UDP"= 56227:UDP:Pando Media Booster

"8377:TCP"= 8377:TCP:League of Legends Launcher

"8377:UDP"= 8377:UDP:League of Legends Launcher

"8378:TCP"= 8378:TCP:League of Legends Launcher

"8378:UDP"= 8378:UDP:League of Legends Launcher

"6944:TCP"= 6944:TCP:League of Legends Launcher

"6944:UDP"= 6944:UDP:League of Legends Launcher

"6974:TCP"= 6974:TCP:League of Legends Launcher

"6974:UDP"= 6974:UDP:League of Legends Launcher

"6905:TCP"= 6905:TCP:League of Legends Launcher

"6905:UDP"= 6905:UDP:League of Legends Launcher

"8379:TCP"= 8379:TCP:League of Legends Launcher

"8379:UDP"= 8379:UDP:League of Legends Launcher

"8090:TCP"= 8090:TCP:AppServ

"1034:TCP"= 1034:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

 

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [3/8/2004 23:45 14336]

R2 AntiVirSchedulerService;Avira AntiVir Programador;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [15/3/2010 20:44 108289]

R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [17/1/2008 14:37 24635]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\arquivos de programas\LogMeIn Hamachi\hamachi-2.exe [30/3/2010 11:16 1107336]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [30/5/2010 16:27 136176]

S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [28/5/2010 03:04 91776]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\XP\CONFIG~1\Temp\SPJ30.tmp --> c:\docume~1\XP\CONFIG~1\Temp\SPJ30.tmp [?]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 XDva297;XDva297;\??\c:\windows\system32\XDva297.sys --> c:\windows\system32\XDva297.sys [?]

S3 XDva315;XDva315;\??\c:\windows\system32\XDva315.sys --> c:\windows\system32\XDva315.sys [?]

S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/12/2009 11:40 691696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-05-30 19:27]

 

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-05-30 19:27]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = hxxp://free.avg.com/br-pt.virbase-appf9?IDN=MGJmNjcyN2JlNjY1YzAwMA

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {67E1F43E-C21B-442E-818F-BF9CE65083BC} = 8.8.8.8,8.8.4.4

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-02 00:52

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\XP\CONFIG~1\Temp\SPJ30.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(3708)

c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

c:\arquivos de programas\TortoiseSVN\bin\TortoiseStub.dll

c:\arquivos de programas\TortoiseSVN\bin\TortoiseSVN.dll

c:\arquivos de programas\TortoiseSVN\bin\intl3_tsvn.dll

c:\windows\system32\msi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-09-02 00:55:23 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-09-02 03:55

ComboFix2.txt 2010-09-02 03:00

 

Pré-execução: 22 pasta(s) 177.450.840.064 bytes disponíveis

Pós execução: 23 pasta(s) 177.364.492.288 bytes disponíveis

 

- - End Of File - - 9E318DA250AAA83F7F8F44A0CBA110FE

[wings 22]

1.

*Execute o hijack, clique em [Do a system scan only], selecione as entradas abaixo e clique em [Fix checked]

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll (file missing)

*Feche o hijack

 

2.

*Baixe o SystemLook e salve-o no desktop

*Execute o SystemLook

*Cole o código no espaço em branco:

:filefind

*msconfig*

*Clique [Look]

*Cole o relatório SystemLook.txt localizado no desktop

 

Amanhã continuaremos...

[vasp 0]

SystemLook v1.0 by jpshortstuff (11.01.10)

Log created at 01:05 on 02/09/2010 by XP (Administrator - Elevation successful)

 

========== filefind ==========

 

Searching for "*msconfig*"

C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Software Informer.reg.dat --a--- 662 bytes [02:59 02/09/2010] [02:59 02/09/2010] 942030D551D212E5B131417D9DAFAC94

C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-sysinfo.reg.dat --a--- 686 bytes [02:59 02/09/2010] [02:59 02/09/2010] AC0C709CD3D9D3A755AA4A3B2D13729A

 

-=End Of File=-

[vasp 0]

Estou indo... amanha continuaremos =D boa noite

[wings 22]

1.

*Delete o SystemLook e seu relatório systemlook.txt

 

2.

*Clique em [iniciar] > [Executar] > copie e cole: Combofix /uninstall

 

 

*Clique [OK] > [Executar]

*Aguarde surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

3.

*Clique em [iniciar] > [Executar] > digite: sfc /scannow

 

*Clique OK

*Será solicitado o cd do Windows

*Coloque-o no CD-Rom e aguarde o término....

*Retire o CD e reinicie o PC

 

Informe como está o PC.

[vasp 0]

Ei, eu n tenho o cd dow windows, e agora como faço ?

 

Eu to baixando aki o porf.sp2 aki vo usa deamon tools... ve se da certo .. qlker coisa te aviso

obs: o erro do programa da placa de video ainda continua e o msconfig n ta funfando ainda ... vlw.. daki a pouco volto

 

Ei quando fui tentar usar o deamon tools, falou algo sobre "precisa de windows 2000 com spdt 1.60, O depurador de nucleo deve estar desativado

;/

[wings 22]

Quanto ao programa da sua placa de vídeo é preciso você baixar e instalar.

 

Verifique se o msconfig está presente em:

C:\Windows\pchealth\helpctr\binaries\

[vasp 0]

O msconfig não esta em C:\Windows\pchealth\helpctr\binaries\ ...

estou fazendo o processo do cd do windows.. consegui com um amigo. ;D

 

a parada n deu certo.. a versão do windows do meu amigo era outra =/

[wings 22]

Realmente fica difícil.....

 

Se desejar....

 

*Baixe o msconfig e salve-o em C:\Windows\pchealth\helpctr\binaries

 

 

É o máximo que posso te ajudar.

 

Um abraço.

[vasp 0]

Tá, mais o virus ja foi pro lixo ?

[wings 22]

Sim...

 

Log do NOD32:

 

# found=0

# cleaned=0

 

Nada mais a fazer.....

[vasp 0]

OK, vlw... quando eu precisar.. sei com quem contar =D.. vlw Wings.. qlker coisa eu posto aki ;D

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.