Gioow 0 Denunciar post Postado Abril 30, 2011 Bom dia Gente, meu pc ta me deixando maluco, Tudo comecou quando eu Rodei um Patch (kill server) para ativar o Advanced SystemCare 4 logo em seguida percebi que a central de segurança esta desativada, no entanto qnd eu procuro o servico para ativar simplesmente nao tem... http://cid-db4582c0d2809a7d.photos.live.com/self.aspx/Lixo/Sem%20t%c3%adtulo.png eu nao tenho como ativar manualmente a central sendo assim nao podendo usar o defender ou o firewall(na tenho mt certeza) e toda vez que eu to na na internet que eu faco pesquisas no google abre umas paginas nada ah ver! por exemplo eu coloco na pesquisa: malwares. ai digamos que aparece o link do forum, por exemplo: http://forum.imasters.com.br/topic/431703-malwares/ ai quando eu abro, aparece uma pagina nada ah ver. segue o link de algumas paginas que fica abrindo. liutilities.com/affcb/?id=RBmyadwiseB1&aff=11251&xat=0001424250211150937 liutilities.com/affcb/?id=RBmyadwiseB1&aff=11251&xat=0001424250210830669 search.bpath.com/toolbar/search.dbm?q=taskhost%20exe%20%25c3%25a9%20virus%253f&trg=oh%3Df%26f%3Diz%26z%3Dhg%26i%3Dgz%267042%5F144028%3Dwrg%26U3%25hfire%2B9Z%253X%25%2Bvcv%2Bghlsphzg%3Dnivg%2617391216%3Dwrwz%3FpxroXwz%2FveivHwz%2Fnlx%2Ehwzpox%2F%2F%3Akggs (retirei o inicio para evitar que alguem clik acidentalmente) isso é extremamente irritante, pois eu tenho que clicar umas 3 a 4 vezes no msm link para abrir a pagina correta! =/ Pois bem, é isso ae, agradeco a todos que possam me ajudar! e estarei aguardando! Vlwww pois bem, segue o meu log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:14:11, on 30/04/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\taskhost.exe D:\Instaladores\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - Global Startup: Atualizador de licenças ESET.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D2255A7D-8ACA-424C-B054-C21803038377}: NameServer = 200.165.132.155 200.165.132.148 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe -- End of file - 5505 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 30, 2011 Olá Gioow 1. *Baixe o GMER e salve-o no desktop *Crie uma pasta chamada GMER em C:\ e extraia para lá *Desative temporariamente o antivírus *Feche todos os programas ativos, inclusive o seu navegador *Execute-o *Caso receba a mensagem de atividade de rootkit e se deseja fazer um scan, clique [NÃO] Na coluna da direita, desmarque: [] IAT/EAT [] Show All *Clique [scan] e aguarde o término *Clique [save...] e salve no desktop *Cole o relatório *Caso não consiga executar o GMER, tente em Modo de Segurança 2. Compartilhar este post Link para o post Compartilhar em outros sites
Gioow 0 Denunciar post Postado Abril 30, 2011 Opa, obrigado pela ajuda irmao, ta ai o log. GMER 1.0.15.15572 - http://www.gmer.net Rootkit scan 2011-04-30 10:52:08 Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_SP0812C rev.SU100-34 Running: gmer.exe; Driver: C:\Users\Gioow\AppData\Local\Temp\uwloqpob.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82A5A339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A93D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90E17000, 0x388539, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1588] kernel32.dll!SetUnhandledExceptionFilter 76A63D01 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 30, 2011 *Baixe o MalwareBytes e salve-o no desktop *Instale o programa e aguarde a atualização *O programa será aberto automaticamente *Na aba [Verificação], selecione [Verificação completa] *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Caso já tenhas o Malwarebytes instalado.... *Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações] *Na aba [Verificação], selecione [x] Verificação completa *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
Gioow 0 Denunciar post Postado Abril 30, 2011 Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Versão da Base de Dados: 6478 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 30/04/2011 12:29:16 mbam-log-2011-04-30 (12-29-16).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 207013 Tempo decorrido: 30 minuto(s), 8 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 1 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 2 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MiNODLogin (Riskware.KG) -> Quarantined and deleted successfully. Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\program files\ESET\minodlogin\minodlogin.exe (Riskware.KG) -> Quarantined and deleted successfully. c:\program files\ESET\minodlogin\minodloginuninst.exe (Riskware.KG) -> Quarantined and deleted successfully. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 30, 2011 *Desative temporariamente seu antivírus *Baixe o ComboFix e salve-o no desktop *Execute-o e aceite o contrato *Aguarde a conclusão das etapas *Não use o mouse nem o teclado durante as etapas, pois implicará na desconfiguração do seu desktop! *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
Gioow 0 Denunciar post Postado Abril 30, 2011 ComboFix 11-04-29.04 - Gioow 30/04/2011 13:27:45.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2045.1112 [GMT -3:00] Executando de: c:\users\Gioow\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} * Criado um novo ponto de restauração . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\ESET\MiNODLogin c:\program files\ESET\MiNODLogin\MiNODLogin.jar c:\program files\ESET\MiNODLogin\MiNODLoginLib.dll c:\program files\ESET\MiNODLogin\servidores.xml . . (((((((((((((((( Arquivos/Ficheiros criados de 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))) . . 2011-04-30 16:32 . 2011-04-30 16:32 -------- d-----w- c:\users\Gioow\AppData\Local\temp 2011-04-30 16:32 . 2011-04-30 16:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-04-30 14:46 . 2010-12-20 21:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-30 14:46 . 2011-04-30 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-30 14:46 . 2010-12-20 21:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-30 14:23 . 2011-04-30 14:24 -------- d-----w- c:\users\Gioow\AppData\Local\{2B81827E-DE81-4078-AEE5-33C2E1FFCCCF} 2011-04-30 11:21 . 2011-04-30 14:54 -------- d-----w- c:\programdata\Kaspersky Lab 2011-04-30 02:40 . 2011-04-30 15:32 -------- d-----w- c:\windows\system32\wbem\repository 2011-04-30 01:15 . 2011-04-30 02:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-04-30 01:15 . 2011-04-30 02:12 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-04-29 20:59 . 2011-04-29 20:59 -------- d-----w- c:\users\Gioow\AppData\Roaming\Malwarebytes 2011-04-29 20:58 . 2011-04-29 20:58 -------- d-----w- c:\programdata\Malwarebytes 2011-04-29 00:59 . 2011-04-29 00:59 -------- d-----w- c:\users\Gioow\AppData\Local\{CC439F1C-7263-4249-8EEC-FC4F83743791} 2011-04-28 21:03 . 2011-04-28 21:03 76800 --sha-r- c:\windows\system32\gpapix.dll 2011-04-27 02:41 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB1C6D7D-C2FB-44A9-B7C0-847AF5D59A1A}\mpengine.dll 2011-04-26 21:02 . 2011-04-26 21:02 -------- d-----w- c:\users\Gioow\AppData\Local\{E34CB830-5604-4381-83DF-4D19EC701BC4} 2011-04-25 16:10 . 2011-04-25 16:11 -------- d-----w- c:\users\Gioow\AppData\Local\{F1804E83-3B24-4DA2-8F3B-96CB06873454} 2011-04-25 01:19 . 2011-04-25 01:20 -------- d-----w- c:\users\Gioow\AppData\Local\{6FF2F925-EC9F-420B-BB0A-C3AE7389964E} 2011-04-19 17:36 . 2011-04-19 17:37 -------- d-----w- c:\users\Gioow\AppData\Local\{F8E9B8D4-DFB1-4DF0-98D8-30F93045B15E} 2011-04-18 15:36 . 2011-04-18 15:37 -------- d-----w- c:\users\Gioow\AppData\Local\{A91105EB-5A19-4195-9FA9-8720D188A25A} 2011-04-17 19:03 . 2011-04-17 19:03 -------- d-----w- c:\users\Gioow\AppData\Local\{2AF649C2-05D6-45D5-A186-63B03493D42F} 2011-04-16 12:06 . 2011-04-16 12:06 -------- d-----w- c:\users\Gioow\AppData\Local\{A6ED6832-0F8B-4F88-8C17-A5C6632590F1} 2011-04-15 17:55 . 2011-04-15 17:55 -------- d-----w- c:\program files\Efficient Networks 2011-04-15 17:55 . 2002-08-23 13:31 26381 ------w- c:\windows\system32\drivers\enethusb.sys 2011-04-14 19:02 . 2011-04-14 19:02 -------- d-----w- c:\programdata\EA Core 2011-04-14 19:02 . 2011-04-14 19:02 -------- d-----w- c:\programdata\Electronic Arts 2011-04-14 18:12 . 2011-04-14 18:12 -------- d-----w- c:\users\Gioow\AppData\Local\Windows Live Writer 2011-04-14 18:12 . 2011-04-14 18:12 -------- d-----w- c:\users\Gioow\AppData\Roaming\Windows Live Writer 2011-04-14 17:38 . 2011-04-14 17:38 -------- d-----w- c:\users\Gioow\AppData\Local\{0788F63D-97E0-4962-A8D5-80759A99C46A} 2011-04-13 18:29 . 2011-04-13 18:30 -------- d-----w- c:\users\Gioow\AppData\Local\{CEAA9DE5-8CBE-431A-AC23-8A82B425ED44} 2011-04-13 01:29 . 2011-02-24 05:38 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-04-13 00:56 . 2011-02-23 04:48 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-04-13 00:56 . 2011-02-23 04:48 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-13 00:56 . 2011-02-23 04:47 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-13 00:53 . 2011-04-13 00:54 -------- d-----w- c:\users\Gioow\AppData\Local\{B29B2017-1693-4287-A5D3-394483E4FA2F} 2011-04-12 02:32 . 2011-04-12 02:33 -------- d-----w- c:\users\Gioow\AppData\Local\{6EB731F1-0B64-45CA-B79E-6A3E8F67483E} 2011-04-09 16:24 . 2011-04-09 16:24 -------- d-----w- c:\users\Gioow\AppData\Local\Apps 2011-04-09 01:01 . 2011-04-09 01:02 -------- d-----w- c:\users\Gioow\AppData\Local\{013DAA98-7266-4A5D-AE28-AA986B3679CD} 2011-04-07 14:34 . 2011-04-07 14:34 -------- d-----w- c:\users\Gioow\AppData\Local\{6680EB46-03D2-4E87-97CE-C36B5AA6387E} 2011-04-06 19:37 . 2011-04-06 19:37 -------- d-----w- c:\users\Gioow\AppData\Local\{0410AD3E-3901-4FA0-9D38-DA4BD98D3D78} 2011-04-05 17:49 . 2011-04-05 17:53 -------- d-----w- c:\users\Gioow\AppData\Local\Microsoft Games 2011-04-04 18:13 . 2011-04-04 18:13 -------- d-----w- c:\program files\Dragon Age 2 2011-04-04 17:57 . 2011-04-04 17:57 -------- d-----w- c:\users\Gioow\AppData\Local\{F9E49FDD-7026-48DD-819F-DA32B9CA47C0} 2011-04-02 14:03 . 2011-04-02 14:03 -------- d-----w- c:\users\Gioow\AppData\Local\{0169AF68-5216-4404-B84A-FE86BF0D0B3E} 2011-03-31 18:56 . 2011-03-31 18:56 -------- d-----w- c:\programdata\ATI 2011-03-31 18:56 . 2011-03-31 18:56 -------- d-----w- c:\program files\AMD APP 2011-03-31 18:52 . 2011-03-31 18:52 -------- d-----w- C:\ATI 2011-03-31 18:28 . 2011-03-31 18:36 -------- d-----w- c:\program files\Common Files\BioWare 2011-03-31 17:47 . 2011-03-31 17:48 -------- d-----w- c:\users\Gioow\AppData\Local\{3AA88258-5161-4093-A4C0-8375C6569644} . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-23 20:07 . 2010-06-24 14:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-21 22:56 . 2011-03-21 22:56 59904 ----a-w- c:\windows\system32\OVDecode.dll 2011-03-21 22:56 . 2011-03-21 22:56 51712 ----a-w- c:\windows\system32\OpenCL.dll 2011-03-21 22:55 . 2011-03-21 22:55 12385792 ----a-w- c:\windows\system32\amdocl.dll 2011-03-20 18:34 . 2011-03-20 18:34 113543 ----a-w- c:\windows\system32\slmgr.vbs 2011-03-20 18:10 . 2011-03-20 12:57 410624 ----a-w- c:\windows\system32\systemcpl.dll 2011-03-20 18:10 . 2011-03-20 12:57 13824 ----a-w- c:\windows\system32\slwga.dll 2011-03-20 18:10 . 2011-03-20 12:58 811520 ----a-w- c:\windows\system32\user32.dll 2011-03-20 15:49 . 2011-03-20 15:49 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-03-20 13:08 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-03-20 11:42 . 2011-03-20 11:42 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-03-09 09:21 . 2011-03-09 09:21 7723008 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-03-09 05:19 . 2011-03-09 05:19 17397248 ----a-w- c:\windows\system32\atioglxx.dll 2011-03-09 04:57 . 2011-03-09 04:57 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2011-03-09 04:56 . 2010-05-05 02:19 679424 ----a-w- c:\windows\system32\aticfx32.dll 2011-03-09 04:53 . 2011-03-09 04:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-03-09 04:53 . 2011-03-09 04:53 393216 ----a-w- c:\windows\system32\atieclxx.exe 2011-03-09 04:52 . 2011-03-09 04:52 176128 ----a-w- c:\windows\system32\atiesrxx.exe 2011-03-09 04:51 . 2011-03-09 04:51 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2011-03-09 04:51 . 2011-03-09 04:51 356352 ----a-w- c:\windows\system32\atipdlxx.dll 2011-03-09 04:51 . 2011-03-09 04:51 278528 ----a-w- c:\windows\system32\Oemdspif.dll 2011-03-09 04:51 . 2011-03-09 04:51 15872 ----a-w- c:\windows\system32\atimuixx.dll 2011-03-09 04:51 . 2011-03-09 04:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2011-03-09 04:48 . 2010-05-05 02:08 4277760 ----a-w- c:\windows\system32\atidxx32.dll 2011-03-09 04:34 . 2011-03-09 04:34 46080 ----a-w- c:\windows\system32\aticalrt.dll 2011-03-09 04:34 . 2011-03-09 04:34 44032 ----a-w- c:\windows\system32\aticalcl.dll 2011-03-09 04:32 . 2011-03-09 04:32 5618688 ----a-w- c:\windows\system32\aticaldd.dll 2011-03-09 04:30 . 2011-03-09 04:30 4294656 ----a-w- c:\windows\system32\atiumdag.dll 2011-03-09 04:18 . 2011-03-09 04:18 258048 ----a-w- c:\windows\system32\atiadlxx.dll 2011-03-09 04:17 . 2011-03-09 04:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll 2011-03-09 04:17 . 2011-03-09 04:17 32768 ----a-w- c:\windows\system32\atigktxx.dll 2011-03-09 04:17 . 2011-03-09 04:17 239616 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2011-03-09 04:17 . 2010-05-05 01:22 31232 ----a-w- c:\windows\system32\atiuxpag.dll 2011-03-09 04:16 . 2010-05-05 01:22 28672 ----a-w- c:\windows\system32\atiu9pag.dll 2011-03-09 04:16 . 2011-03-09 04:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-03-09 04:11 . 2010-05-05 01:34 52736 ----a-w- c:\windows\system32\coinst.dll 2011-03-09 03:42 . 2011-03-09 03:42 1912832 ----a-w- c:\windows\system32\atiumdmv.dll 2011-03-09 03:34 . 2011-03-09 03:34 3471872 ----a-w- c:\windows\system32\atiumdva.dll 2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\system32\atimpc32.dll 2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\system32\amdpcom32.dll 2011-02-28 08:00 . 2011-03-20 14:19 80896 ----a-w- c:\windows\system32\ff_vfw.dll 2011-02-19 06:30 . 2011-03-20 12:33 805376 ----a-w- c:\windows\system32\FntCache.dll 2011-02-19 06:30 . 2011-03-20 12:33 1076736 ----a-w- c:\windows\system32\DWrite.dll 2011-02-19 06:30 . 2011-03-20 12:33 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-02-03 05:54 . 2011-03-20 12:08 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-02-02 21:11 . 2011-03-20 11:42 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-04-29 02:28 . 2011-03-27 10:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- . [-] 2011-03-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-08 2145000] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Atualizador de licen‡as ESET.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 cpuz129;cpuz129;c:\users\Gioow\AppData\Local\Temp\cpuz_x32.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-20 1343400] R4 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-20 218688] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-08 114984] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-08 134024] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-08 810120] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-08 96896] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392] . . Conteúdo da pasta 'Tarefas Agendadas' . . ------- Scan Suplementar ------- . IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 TCP: {D2255A7D-8ACA-424C-B054-C21803038377} = 200.165.132.155 200.165.132.148 FF - ProfilePath - c:\users\Gioow\AppData\Roaming\Mozilla\Firefox\Profiles\kayrk1ey.default\ # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs */ FF - user.js: accessibility.typeaheadfind.flashBar - 0 FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1304024615 FF - user.js: app.update.lastUpdateTime.background-update-timer - 1304024735 FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1304024375 FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1303839355 FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1301178499 FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1304024495 FF - user.js: browser.cache.disk.capacity - 1048576 FF - user.js: browser.cache.disk.smart_size.first_run - false FF - user.js: browser.cache.disk.smart_size_cached_value - 640000 FF - user.js: browser.download.dir - c:\\Users\\Gioow\\Desktop FF - user.js: browser.download.folderList - 0 FF - user.js: browser.migration.version - 5 FF - user.js: browser.places.importBookmarksHTML - false FF - user.js: browser.places.smartBookmarksVersion - 2 FF - user.js: browser.rights.3.shown - true FF - user.js: browser.startup.homepage_override.buildID - 20110318052756 FF - user.js: browser.startup.homepage_override.mstone - rv:2.0 FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.4.0 FF - user.js: extensions.blocklist.pingCountTotal - 22 FF - user.js: extensions.blocklist.pingCountVersion - 22 FF - user.js: extensions.bootstrappedAddons - {} FF - user.js: extensions.databaseSchema - 3 FF - user.js: extensions.enabledAddons - {972ce4c6-7e08-4474-a285-3208198ce6fd}:4.0 FF - user.js: extensions.enabledItems - {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16 FF - user.js: extensions.installCache - [{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1301223052505}}}] FF - user.js: extensions.lastAppVersion - 4.0 FF - user.js: extensions.pendingOperations - false FF - user.js: extensions.update.notifyUser - false FF - user.js: idle.lastDailyNotification - 1304025093 FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-9, UTF-8, UTF-16, ISO-8859-15 FF - user.js: network.cookie.prefsMigrated - true FF - user.js: places.database.lastMaintenance - 1304025094 FF - user.js: places.history.expiration.transient_current_max_pages - 64330 FF - user.js: places.last_vacuum - 1300630336 FF - user.js: privacy.sanitize.migrateFx3Prefs - true FF - user.js: security.warn_viewing_mixed - false FF - user.js: storage.vacuum.last.index - 0 FF - user.js: storage.vacuum.last.places.sqlite - 1304025094 FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1305826438 FF - user.js: xpinstall.whitelist.add - FF - user.js: xpinstall.whitelist.add.36 - . . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_USERS\S-1-5-21-2898540181-4265490594-336787397-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tempo para conclusão: 2011-04-30 13:34:43 ComboFix-quarantined-files.txt 2011-04-30 16:34 . Pré-execução: 7.600.590.848 bytes disponíveis Pós execução: 7.499.239.424 bytes disponíveis . - - End Of File - - 4250743395C3FBEF2FE985813AF4650A Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 30, 2011 O log está limpo... Como está o PC? Caso não tenha corrigido... Vá até a janela da screen que você postou. Observe que lá embaixo, na coluna da esquerda, tem [Padrão]. *Clique [Padrão] *Localize o serviço "Central de Segurança" *Altere o Tipo de Inicialização para "Automático" *Clique [iniciar] > [Aplicar] > [OK] Compartilhar este post Link para o post Compartilhar em outros sites
Gioow 0 Denunciar post Postado Abril 30, 2011 Humm... Em relacao as paginas esta tudo Ok! a mensagem da central desativada desapareceram, no entanto ainda nao vejo o servico da central de seguranca, e quando eu tento ativar o Defender ele ainda esta desativado. creio que agora é apenas questao de config =x alguma dica a respeito? Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 30, 2011 1. *Renomei o Combofix para Uninstall e execute-o. *Aguarde a mensagem de que o combofix foi desinstalado e clique OK Você leu no meu post acima o que eu coloquei? Compartilhar este post Link para o post Compartilhar em outros sites
Gioow 0 Denunciar post Postado Abril 30, 2011 Opaaaaa, eu li sim, só que nao tinha o servico. o que fiz foi abrir o Advanced SystemCare 4 coloquei pra fazer a verificacao completa! e dps reiniciei, o pc ta ok! com tudu funcionando, so que msm funcionando ainda nao ta exibindo o servico "Central de Segurança" creio que como ta funcionando perfeitamente, o fato dele nao estar aparecendo nao vem comprometer nada. creio que o problema esta resolvido! certo? Ups, moh bolada dei, o servico ta sim aparecendo agora, so que esta como "Security center" nao sei pq ele esta em ingles, mas esta funcionando corretamente! Muito obrigado pela ajuda! você me poupou de formatar o meu pc! Vlw msm! Problema Resolvido! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 30, 2011 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
