denisx 0 Denunciar post Postado Dezembro 19, 2010 Ola galera meu pc esta dando uns erros ultimamente, tem ora que o system 32 para de funcionar!!! e toda vez que eu entro no PC da o seguinte erro pelo analise de erros do windows do aplicativo chrome: appcrash. Ai fehco a janela de erro e abro o chrome e pega numa boa, mas toda vez que entro no windows da esse erro!!! Log do meu PC ======================================= Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:23:53, on 19/12/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.7930.16406) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\NitroPC\NitroPC.exe C:\Program Files\Tensons\Download Accelerator Manager\daman.exe C:\Users\Denis\AppData\Roaming\cacaoweb\cacaoweb.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Windows\Explorer.exe C:\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Tensons.Application.DownloadAcceleratorManager.BHO - {00000003-1118-11da-8cd6-0800200c9888} - mscoree.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HKLM] C:\Windows\System32\Microsoft\microsoft.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Google Update] "C:\Users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [cacaoweb] "C:\Users\Denis\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer O4 - HKCU\..\Run: [NitroPC] "C:\Program Files\NitroPC\NitroPC.exe" -minimized O4 - HKCU\..\Run: [Download Accelerator Manager] C:\Program Files\Tensons\Download Accelerator Manager\daman.exe /s O4 - HKCU\..\Run: [HKCU] C:\Windows\System32\Microsoft\microsoft.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\Microsoft\microsoft.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\Microsoft\microsoft.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - Startup: IMVU.lnk = Denis\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe O8 - Extra context menu item: &Download with DAM - C:\Program Files\Tensons\Download Accelerator Manager\\addUrl.htm O8 - Extra context menu item: Download &All with DAM - C:\Program Files\Tensons\Download Accelerator Manager\\addAllUrls.htm O8 - Extra context menu item: Download FLV &Video with DAM - C:\Program Files\Tensons\Download Accelerator Manager\\addDocUrl.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Run DAM Media&Grabber - C:\Program Files\Tensons\Download Accelerator Manager\\runMg.htm O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} - http://201.6.104.129/ActiveViewGUI.cab O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://www.netgame.com/mplugin/mglaunch_USAv1005.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Users\Denis\Desktop\xampp-win32-1.7.4-beta2-VC6\xampp\FileZillaFTP\FileZillaServer.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe -- End of file - 8533 bytes =============================== Desde ja Agradeço a Todos!!! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 19, 2010 Olá denisx *Baixe o MalwareBytes Anti-malware e salve-o no desktop *Clique com o botão direito do mouse no ícone e selecione "Executar como administrador" *Instale o programa e aguarde a atualização *O programa será aberto automaticamente *Selecione [Verificação completa] e clique [Verificar] > [Verificar] *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] *Clique [Remover Selecionados] *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
denisx 0 Denunciar post Postado Dezembro 20, 2010 Segue o LOG: ==================================== Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Versão da Base de Dados: 5360 Windows 6.1.7600 Internet Explorer 9.0.7930.16406 20/12/2010 11:52:51 mbam-log-2010-12-20 (11-52-51).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 364530 Tempo decorrido: 1 hora(s), 42 minuto(s), 55 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 5 Valores de Registro Infectados: 4 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 9 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: HKEY_CLASSES_ROOT\CLSID\{10E0OBO6-5UX8-70E2-LT0B-TB0NQ1340IX4} (Trojan.VB) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{10E0OBO6-5UX8-70E2-LT0B-TB0NQ1340IX4} (Trojan.VB) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41070-b2b1-21d1-b5c1-0305f4055515} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y} (Backdoor.ProRat) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Turkojan (Backdoor.Turkojan) -> Quarantined and deleted successfully. Valores de Registro Infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Trojan.VB) -> Value: HKLM -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.VB) -> Value: Policies -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Trojan.VB) -> Value: HKCU -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.VB) -> Value: Policies -> Quarantined and deleted successfully. Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\Windows\System32\microsoft\microsoft.exe (Trojan.VB) -> Quarantined and deleted successfully. c:\Windows\Media\msappupd.wav (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\Denis\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully. c:\Users\Denis\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\Denis\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\Denis\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot. c:\Users\Denis\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully. c:\Windows\inf\asynceql.inf (Malware.Trace) -> Quarantined and deleted successfully. c:\Windows\system\mkp.dll (Malware.Trace) -> Quarantined and deleted successfully. ========================== O erro ao iniciar o windwos parou! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 20, 2010 1. *Baixe o SCRP e salve-o no desktop *Extraia para o desktop *Execute o SCRP, aguarde e clique [OK] 2. *Desative temporariamente seu antivírus *Baixe o ComboFix e salve-o no desktop *Clique com o botão direito do mouse no Combofix e selecione "Executar como administrador" e aceite o contrato *Aguarde a conclusão de todas as etapas *Não use o mouse nem o teclado durante a execução das etapas!! *Para interromper o procedimento tecle [N] > [ENTER] *Cole o relatório C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
denisx 0 Denunciar post Postado Dezembro 22, 2010 ola desculpe-me pela demora!!! segue o relatorio do combofix: ==================================== ComboFix 10-12-19.03 - Denis 22/12/2010 10:11:34.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2040.1234 [GMT -2:00] Executando de: c:\users\Denis\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66} SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\nsn3575.tmp C:\nsn3576.tmp C:\nsn3577.tmp C:\nsn3578.tmp C:\nsn3579.tmp C:\nsn357A.tmp C:\nsn357B.tmp C:\nsn357C.tmp C:\nsn357D.tmp C:\nsx355A.tmp C:\nsx355B.tmp C:\nsx355C.tmp C:\nsx355D.tmp C:\nsx355E.tmp C:\nsx355F.tmp C:\nsx3560.tmp C:\nsx3561.tmp C:\nsx3562.tmp C:\nsx3563.tmp C:\nsx3564.tmp c:\program files\Turkojan c:\program files\Turkojan\readme.rtf c:\users\Denis\AppData\Roaming\cacaoweb c:\users\Denis\AppData\Roaming\cacaoweb\adstorage.db c:\users\Denis\AppData\Roaming\cacaoweb\cacaoweb.exe c:\users\Denis\AppData\Roaming\cacaoweb\storage.db c:\users\Denis\AppData\Roaming\twmsico.dll c:\windows\Media\_tmp c:\windows\system32\drwtsn32.dll c:\windows\system32\help.html c:\windows\system32\images c:\windows\system32\images\3da.jpg c:\windows\system32\images\ts_back2.gif c:\windows\XSxS . (((((((((((((((( Arquivos/Ficheiros criados de 2010-11-22 to 2010-12-22 )))))))))))))))))))))))))))) . 2010-12-22 12:18 . 2010-12-22 12:19 -------- d-----w- c:\users\Denis\AppData\Local\temp 2010-12-22 12:18 . 2010-12-22 12:18 -------- d-----w- c:\users\Jaqueline\AppData\Local\temp 2010-12-22 12:18 . 2010-12-22 12:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-21 17:21 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A534C592-66BF-488F-856B-3ADDEECBC976}\mpengine.dll 2010-12-21 00:48 . 2010-12-21 00:48 -------- d-----w- c:\users\Denis\AppData\Roaming\Unity 2010-12-20 12:02 . 2010-12-20 12:02 -------- d-----w- c:\users\Denis\AppData\Roaming\Malwarebytes 2010-12-20 12:02 . 2010-11-29 19:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 12:02 . 2010-12-20 12:02 -------- d-----w- c:\programdata\Malwarebytes 2010-12-20 12:02 . 2010-12-20 12:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-20 12:02 . 2010-11-29 19:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-19 15:11 . 2000-01-24 07:01 453632 ----a-w- c:\windows\system32\stdvcl40.dll 2010-12-19 15:11 . 2010-12-19 15:11 -------- d-----w- c:\users\Denis\AppData\Local\Web CEO 2010-12-19 15:00 . 2010-12-19 15:07 -------- d-----w- c:\program files\SEO PowerSuite 2010-12-15 19:25 . 2010-12-15 19:25 -------- d-----w- c:\programdata\MessengerDiscovery 2 2010-12-15 11:23 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe 2010-12-15 11:23 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-12-15 11:23 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll 2010-12-15 11:23 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll 2010-12-15 11:23 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll 2010-12-15 11:23 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe 2010-12-15 11:23 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe 2010-12-15 11:23 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-12-15 11:23 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll 2010-12-15 11:22 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll 2010-12-15 11:22 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll 2010-12-15 11:22 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe 2010-12-15 11:21 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-12-14 18:52 . 2010-12-14 18:52 -------- d-----w- c:\program files\CCleaner 2010-12-08 01:40 . 2010-12-08 01:40 -------- d-----w- c:\program files\A-Z Typing Test 2010-12-08 01:36 . 2010-12-08 21:13 -------- d-----w- c:\users\Denis\AppData\Roaming\klavaro 2010-12-07 17:46 . 2010-12-07 17:46 -------- d-----w- c:\program files\Klavaro-1.7.1 2010-12-07 14:25 . 2010-12-07 14:25 -------- d-----w- c:\program files\Thumbnail Generator 2010-12-05 18:11 . 2010-12-05 18:16 -------- d-----w- C:\Netgame 2010-12-05 16:04 . 2010-12-05 16:04 -------- d-----w- c:\users\Denis\Office Genuine Advantage 2010-12-05 15:30 . 2010-12-05 19:17 -------- d-----w- c:\users\Denis\AppData\Local\PMB Files 2010-12-05 15:30 . 2010-12-05 16:34 -------- d-----w- c:\programdata\PMB Files 2010-12-05 15:28 . 2010-12-05 15:28 -------- d-----w- c:\program files\Pando Networks 2010-12-05 01:30 . 2010-12-05 01:30 -------- d-----w- c:\programdata\InstallShield 2010-12-05 01:30 . 2008-08-19 18:31 98304 ------w- c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll 2010-12-05 01:30 . 2007-04-27 13:12 78784 ----a-w- c:\windows\system32\ISUSPM.cpl 2010-12-05 01:30 . 2006-09-11 00:56 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe 2010-12-05 01:29 . 2007-04-27 13:12 394184 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll 2010-12-05 01:29 . 2007-04-27 13:12 29640 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_ispmres.dll 2010-12-05 01:29 . 2006-09-11 00:56 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe 2010-12-05 01:29 . 2006-09-11 00:56 283568 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe 2010-12-05 01:29 . 2006-09-11 00:56 992176 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe 2010-12-04 14:31 . 2010-12-05 12:51 -------- d-----w- c:\program files\Valve 2010-12-03 21:16 . 2010-12-19 16:21 -------- d-----w- C:\HijackThis 2010-12-03 14:12 . 2010-12-03 14:12 -------- d-----w- c:\programdata\Office Genuine Advantage 2010-12-02 12:01 . 2010-12-02 12:01 -------- d-----w- c:\program files\Counter-Strike 2D 2010-12-02 10:44 . 2010-12-05 12:34 -------- d-----w- c:\program files\sXe Injected 2010-12-02 00:19 . 2010-12-04 14:30 -------- d-----w- c:\program files\Counter-Strike 2010-12-01 20:21 . 2010-06-14 16:26 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-12-01 20:16 . 2010-05-12 11:42 1467200 ----a-w- c:\windows\system32\msvcr100d.dll 2010-11-30 18:01 . 2010-11-30 18:06 -------- d-----w- c:\program files\Google 2010-11-29 23:27 . 2010-11-29 23:27 -------- d-----w- c:\program files\DivX 2010-11-29 23:25 . 2010-11-29 23:27 -------- d-----w- c:\programdata\DivX 2010-11-27 23:18 . 2010-11-27 23:18 -------- d-----w- c:\users\Denis\AppData\Local\DFH 2010-11-27 23:09 . 2010-11-27 23:09 -------- d-----w- c:\program files\Midway Home Entertainment 2010-11-26 21:13 . 2010-11-26 21:13 -------- d-----w- c:\programdata\Trymedia 2010-11-24 16:29 . 2010-12-01 20:41 235248 ----a-w- c:\windows\system32\PnkBstrB.xtr 2010-11-24 16:29 . 2010-11-24 16:29 -------- d-----w- c:\users\Denis\AppData\Local\PunkBuster 2010-11-24 16:03 . 2010-11-24 16:03 2373712 ----a-w- c:\windows\system32\pbsvc.exe 2010-11-24 16:03 . 2010-11-24 16:03 -------- d-----w- c:\programdata\id Software . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-08 12:25 . 2010-09-28 19:51 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2010-12-07 11:09 . 2010-10-28 14:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2010-12-07 11:09 . 2010-11-07 11:31 578880 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2010-12-01 20:42 . 2010-10-10 15:11 137960 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-12-01 20:41 . 2010-10-10 15:11 235248 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-11-17 20:00 . 2010-09-28 19:51 578880 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-11-10 22:02 . 2010-11-15 12:30 4134480 ----a-w- c:\windows\system32\GameMon.des 2010-11-10 04:33 . 2010-10-29 15:04 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2010-11-07 15:16 . 2010-11-07 15:16 796672 ----a-w- c:\windows\GPInstall.exe 2010-10-22 20:35 . 2010-10-22 20:35 212992 ----a-w- c:\windows\system32\IscDbc.dll 2010-10-22 20:35 . 2010-10-22 20:35 188416 ----a-w- c:\windows\system32\OdbcJdbc.dll 2010-10-22 20:35 . 2010-10-22 20:35 73728 ----a-w- c:\windows\system32\OdbcJdbcSetup.dll 2010-10-19 13:41 . 2010-08-23 01:08 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-10-10 15:11 . 2010-10-10 15:11 138056 ----a-w- c:\users\Denis\AppData\Roaming\PnkBstrK.sys 2010-10-10 15:11 . 2010-10-10 15:11 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-10-07 23:21 . 2010-10-22 14:55 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF22F231-C146-4F4C-B85D-B66E4287C504}\mpengine.dll . ------- Sigcheck ------- [-] 2010-08-30 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "Google Update"="c:\users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-23 136176] "NitroPC"="c:\program files\NitroPC\NitroPC.exe" [2008-08-19 3477504] "Download Accelerator Manager"="c:\program files\Tensons\Download Accelerator Manager\daman.exe" [2010-05-14 585728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-22 202256] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] c:\users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ IMVU.lnk - c:\users\Denis\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 136176] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680] R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368] R3 NP_MON;NP Monitor Driver;c:\windows\system32\Drivers\np_mon.sys [2004-06-09 24514] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-11-10 4134480] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-23 1343400] R3 XDva356;XDva356;c:\windows\system32\XDva356.sys [x] R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-31 691696] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . Conteúdo da pasta 'Tarefas Agendadas' 2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 18:01] 2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 18:01] 2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1524498336-1301069092-1829546032-1000Core.job - c:\users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-23 14:07] 2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1524498336-1301069092-1829546032-1000UA.job - c:\users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-23 14:07] . . ------- Scan Suplementar ------- . uStart Page = hxxp://google.com.br/ uInternet Settings,ProxyOverride = local;*.local IE: &Download with DAM - c:\program files\Tensons\Download Accelerator Manager\\addUrl.htm IE: Download &All with DAM - c:\program files\Tensons\Download Accelerator Manager\\addAllUrls.htm IE: Download FLV &Video with DAM - c:\program files\Tensons\Download Accelerator Manager\\addDocUrl.htm IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Run DAM Media&Grabber - c:\program files\Tensons\Download Accelerator Manager\\runMg.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} - hxxp://201.6.104.129/ActiveViewGUI.cab FF - ProfilePath - c:\users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\0221gue5.default\ FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com FF - Ext: DetecVideo: delatv@detectvideo.com - %profile%\extensions\delatv@detectvideo.com FF - Ext: Streamo.tv: streamo.tv@lukow.pl - %profile%\extensions\streamo.tv@lukow.pl FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} . - - - - ORFÃOS REMOVIDOS - - - - HKCU-Run-cacaoweb - c:\users\Denis\AppData\Roaming\cacaoweb\cacaoweb.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tempo para conclusão: 2010-12-22 10:21:11 ComboFix-quarantined-files.txt 2010-12-22 12:21 Pré-execução: 98.183.147.520 bytes disponíveis Pós execução: 99.243.577.344 bytes disponíveis - - End Of File - - ADBB2AA838330BB69476657701AE2409 ======================================= Acho que ainda não ta resolvido não sei, mas desde ja vlw muito wings Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Dezembro 29, 2010 :) Olá denisx! O Wings teve que fazer uma viagem, então vamos continuar a desinfecção de seu PC. _______________________ :seta: Siga, por gentileza, estas dicas: Tutorial do Norman Malware Cleaner Tutorial do antivirus Nod32 Online ________________________ :seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis e o log do Norman Malware Cleaner e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Janeiro 27, 2011 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
