Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

juniorzin

[Resolvido] &nbspProblema com Anti-Virus

Recommended Posts

o pen drive que tava no relatorio ja foi embora era de uma amiga minha que veio fazer trabalho , mais vo passa o usb no meu cartão pra ve

 

############################## | UsbFix 7.057 | [supressão]

 

Usuário: Administrador (Administrador) # DAS-86CB343315C [ ]

Atualizado em 17/08/2011 por El Desaparecido

Começou em 21:08:02 | 17/08/2011

Site: http://www.teamxscript.org

Submit your sample: http://www.teamxscript.org/Upload.php

Contato: TeamXscript.ElDesaparecido@gmail.com

 

CPU: Pentium® Dual-Core CPU E5400 @ 2.70GHz

CPU 2: Pentium® Dual-Core CPU E5400 @ 2.70GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 7.0.5730.13

 

Windows Firewall: Habilitado

Antivirus: Microsoft Security Essentials 3.0.8402.0 [(!) Disabled | Updated]

RAM -> 2047 Mb

C:\ (%systemdrive%) -> Disco fixo # 298 Gb (142 Mb livre - 48%) [] # NTFS

D:\ -> CD-ROM

E:\ -> Disco fixo # 75 Gb (15 Mb livre - 21%) [] # NTFS

F:\ -> CD-ROM

G:\ -> Disco removível # 2 Gb (196 Mb livre - 10%) [Musicas] # FAT32

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\Documents and Settings\Administrador\Dados de aplicativos\inst.exe

Supprimido ! C:\Recycler\S-1-5-21-1547161642-1177238915-839522115-500

Supprimido ! E:\Recycler\S-1-5-21-1547161642-1177238915-839522115-500

Supprimido ! G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

Supprimido ! G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

Supprimido ! G:\autorun.inf

 

################## | Registro |

 

 

################## | Mountpoints2 |

 

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{0b8cd3b7-886a-11df-b4a9-002511bdcb0a}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{230dc2b8-03dd-11e0-b653-002511bdcb0a}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{2b2c11a0-9e68-11df-b4ef-002511bdcb0a}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{80015971-498b-11e0-b74a-002511bdcb0a}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{9b7faded-6768-11df-b42a-002511bdcb0a}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{a4fd0943-5ea7-11df-b3f9-806d6172696f}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{af53aff0-4fe4-11e0-b75b-002511bdcb0a}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{e4195b2c-7fe6-11e0-b368-002511bdcb0a}

 

################## | Listing |

 

[27/07/2010 - 19:16:45 | D ] C:\50330b822e96dbe00a

[17/08/2011 - 20:57:28 | N | 12391] C:\Ad-Report-CLEAN[1].txt

[17/08/2011 - 21:01:55 | N | 4608] C:\Ad-Report-CLEAN[2].txt

[16/12/2010 - 16:15:10 | D ] C:\AI

[17/08/2011 - 20:56:33 | D ] C:\Arquivos de programas

[13/05/2010 - 16:03:42 | N | 0] C:\AUTOEXEC.BAT

[16/12/2010 - 16:15:11 | D ] C:\BGM

[13/06/2011 - 17:56:56 | N | 321] C:\boot.ini

[28/10/2001 - 14:06:10 | N | 4952] C:\Bootfont.bin

[16/07/2011 - 10:19:04 | D ] C:\CFLog

[17/08/2011 - 17:08:18 | D ] C:\Config.Msi

[13/05/2010 - 16:03:42 | N | 0] C:\CONFIG.SYS

[16/12/2010 - 16:15:11 | D ] C:\data

[07/11/2010 - 20:32:10 | D ] C:\Documents and Settings

[07/11/2007 - 08:00:40 | N | 17734] C:\eula.1028.txt

[07/11/2007 - 08:00:40 | N | 17734] C:\eula.1031.txt

[07/11/2007 - 08:00:40 | N | 10134] C:\eula.1033.txt

[07/11/2007 - 08:00:40 | N | 17734] C:\eula.1036.txt

[07/11/2007 - 08:00:40 | N | 17734] C:\eula.1040.txt

[07/11/2007 - 08:00:40 | N | 118] C:\eula.1041.txt

[07/11/2007 - 08:00:40 | N | 17734] C:\eula.1042.txt

[07/11/2007 - 08:00:40 | N | 17734] C:\eula.2052.txt

[07/11/2007 - 08:00:40 | N | 17734] C:\eula.3082.txt

[26/07/2011 - 17:50:22 | D ] C:\Filmes

[07/11/2007 - 08:00:40 | N | 1110] C:\globdata.ini

[07/11/2007 - 08:03:18 | N | 562688] C:\install.exe

[07/11/2007 - 08:00:40 | N | 843] C:\install.ini

[07/11/2007 - 08:03:18 | N | 76304] C:\install.res.1028.dll

[07/11/2007 - 08:03:18 | N | 96272] C:\install.res.1031.dll

[07/11/2007 - 08:03:18 | N | 91152] C:\install.res.1033.dll

[07/11/2007 - 08:03:18 | N | 97296] C:\install.res.1036.dll

[07/11/2007 - 08:03:18 | N | 95248] C:\install.res.1040.dll

[07/11/2007 - 08:03:18 | N | 81424] C:\install.res.1041.dll

[07/11/2007 - 08:03:18 | N | 79888] C:\install.res.1042.dll

[07/11/2007 - 08:03:18 | N | 75792] C:\install.res.2052.dll

[07/11/2007 - 08:03:18 | N | 96272] C:\install.res.3082.dll

[13/05/2010 - 17:45:40 | D ] C:\Intel

[13/05/2010 - 16:03:42 | N | 0] C:\IO.SYS

[09/08/2011 - 20:32:50 | D ] C:\Jogos

[09/08/2011 - 20:27:44 | D ] C:\Meus vídeos

[13/05/2010 - 16:03:42 | N | 0] C:\MSDOS.SYS

[28/05/2010 - 13:35:15 | RHD ] C:\MSOCache

[18/05/2010 - 16:41:17 | D ] C:\MyWorks

[03/08/2004 - 22:38:34 | N | 47564] C:\NTDETECT.COM

[20/08/2010 - 19:08:17 | N | 251696] C:\ntldr

[16/01/2011 - 13:56:33 | D ] C:\Ntreev USA

[17/08/2011 - 20:58:22 | ASH | 2145386496] C:\pagefile.sys

[27/01/2011 - 08:11:56 | D ] C:\PenClean

[16/01/2011 - 14:02:01 | D ] C:\Program Files

[03/07/2011 - 09:49:27 | D ] C:\Ragnarok Online

[17/08/2011 - 21:09:57 | SHD ] C:\RECYCLER

[24/09/2010 - 17:28:11 | D ] C:\Riot Games

[04/05/2011 - 14:16:02 | D ] C:\SWSetup1

[21/07/2011 - 22:21:13 | SHD ] C:\System Volume Information

[17/08/2011 - 21:09:57 | D ] C:\UsbFix

[17/08/2011 - 21:09:58 | A | 1409] C:\UsbFix.txt

[07/11/2007 - 08:00:40 | N | 5686] C:\vcredist.bmp

[07/11/2007 - 08:09:22 | N | 1442522] C:\VC_RED.cab

[07/11/2007 - 08:12:28 | N | 232960] C:\VC_RED.MSI

[17/08/2011 - 20:46:47 | D ] C:\WINDOWS

[17/08/2011 - 20:45:28 | D ] C:\_OTS

[24/07/2011 - 14:44:23 | D ] E:\Arquivos de programas

[26/05/2011 - 14:49:07 | D ] E:\Bruno

[13/08/2011 - 16:07:55 | D ] E:\Ieda

[17/08/2011 - 21:09:57 | SHD ] E:\RECYCLER

[26/05/2011 - 16:10:11 | SHD ] E:\System Volume Information

[10/12/2010 - 09:25:40 | D ] G:\Private

[27/01/2010 - 10:10:00 | N | 67334] G:\DevIcon.fil

[27/01/2010 - 10:10:00 | N | 1579] G:\DevLogo.fil

[10/12/2010 - 07:34:30 | RSHD ] G:\RECYCLER

[10/12/2010 - 16:32:20 | D ] G:\cities

[14/08/2011 - 16:17:32 | N | 239] G:\qf

[10/12/2010 - 16:36:42 | D ] G:\Images

[11/12/2010 - 17:29:06 | D ] G:\Videos

[11/12/2010 - 17:29:06 | D ] G:\system

[13/12/2010 - 00:23:20 | D ] G:\data

[13/12/2010 - 00:23:20 | D ] G:\My Videos

[17/03/2011 - 14:22:40 | D ] G:\Nokia

[03/01/2010 - 04:34:04 | D ] G:\Ebook

[11/04/2011 - 13:59:34 | D ] G:\Attachments

[05/07/2011 - 17:16:00 | D ] G:\Sounds

[05/07/2011 - 17:16:04 | D ] G:\Others

[05/07/2011 - 17:16:04 | D ] G:\Documents

[19/11/2010 - 12:05:28 | D ] G:\Musicas

[07/07/2011 - 22:13:30 | N | 629132] G:\Guitar Hero 6.jar

[02/08/2011 - 20:13:34 | D ] G:\download

 

################## | Vaccin |

 

C:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

E:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

G:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

 

################## | Upload |

 

Favor enviar o arquivo: C:\UsbFix_Upload_Me_DAS-86CB343315C.zip

http://www.teamxscript.org/Upload.php

Obrigado pela sua contribuição.

 

################## | E.O.F |

Compartilhar este post


Link para o post
Compartilhar em outros sites

Espero estar encerrando. :)

 

1.

Favor enviar o arquivo: C:\UsbFix_Upload_Me_DAS-86CB343315C.zip para o link abaixo:

http://www.teamxscript.org/Upload.php

Obrigado pela sua contribuição.

 

2.

*Remova o cartão

*Baixe o MKV e salve-o no desktop

*Execute-o e clique [supprimer la vaccination]

*Reinicie o PC

 

3.

*Novo log do hijack e informe se o problema foi resolvido.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sera que acabo? *-*

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:24:39, on 17/8/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17080)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

C:\Arquivos de programas\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Meus documentos\Downloads\SoftonicDownloader_para_hijackthis.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ww4.freeurlset.com:8083/connect.dat

O1 - Hosts: ÿþ127.0.0.1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {D1763781-8374-40BD-836A-F2E1F2600B2F}836A-F2E1F2600B2F} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [MSC] "c:\Arquivos de programas\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{43116D85-F7AE-4142-A8E1-38C709F5A91C}: NameServer = 200.204.0.10 200.204.0.138

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

 

--

End of file - 8783 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ainda não...

 

Há um proxy.

 

*Baixe o OTL e salve-o no desktop

*Execute-o e selecione as opções:

[X] Verificar All Users

Exame Extra do Registro: [X] Usar SafeList

[X] Ignorar Arquivos Microsoft

[X] Usar WhiteList para Nomes de Companhias

[X] Verificar Purity

*Clique no espaço abaixo de "Exames Personalizados/Correções" e cole o código:

%SYSTEMDRIVE%\Users\*\*.*

*Clique [Verificar]

*Cole o relatório OTL.txt localizado no desktop

 

Caso o relatório fique demasiadamente grande...

 

*Acesse este link

*Clique [Enviar arquivo]

*Localize o arquivo OTL.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Selecione e copie (Ctrl+c) o código abaixo:

:OTL

SRV - File not found [Auto | Stopped] -- -- (roieq)

SRV - File not found [Auto | Stopped] -- -- (cftsblu)

IE - HKU\S-1-5-21-1547161642-1177238915-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://ww4.freeurlset.com:8083/connect.dat

*Execute o OTL

*Clique no espaço abaixo de "Exames Personalizados/Correções" e cole (Ctrl+v) o código

*Clique [Consertar]

*Cole o relatório apresentado

 

2.

*Novo log do hijack

Compartilhar este post


Link para o post
Compartilhar em outros sites

========== OTL ==========

Service roieq stopped successfully!

Service roieq deleted successfully!

Service cftsblu stopped successfully!

Service cftsblu deleted successfully!

Registry value HKEY_USERS\S-1-5-21-1547161642-1177238915-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.

 

OTL by OldTimer - Version 3.2.26.5 log created on 08172011_220312

 

 

ja coloco o log do hijack

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:04:58, on 17/8/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17080)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

C:\Arquivos de programas\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis[1].exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ww4.freeurlset.com:8083/connect.dat

O1 - Hosts: ÿþ127.0.0.1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {D1763781-8374-40BD-836A-F2E1F2600B2F}836A-F2E1F2600B2F} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [MSC] "c:\Arquivos de programas\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{43116D85-F7AE-4142-A8E1-38C709F5A91C}: NameServer = 200.204.0.10 200.204.0.138

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

 

--

End of file - 8774 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ainda não removemos o proxy...

 

 

1.

*Baixe o DelFix e salve-o no desktop

*Execute-o e clique [suppression]

*Um relatório será apresentado. Feche-o.

*Execute o DelFix e clique [Désinstallation]

 

2.

*Baixe o Norman Malware Cleaner e salve-o no desktop

*Execute-o e instale o programa

*Clique [Add] e selecione as partições do seu HD (C:\, D:\...)

*Clique [start Scan]

*Ao finalizar, clique [Quit]

*Caso seja questionado se deseja reiniciar o computador (Do you want restart now?) clique [Não]

*Cole o relatório criado no desktop (NFix_data.txt)

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...depois de colar o log do Norman.

 

1.

*Baixe novamente o OTL e salve-o no desktop

*Selecione e copie (Ctrl+c) o código abaixo:

 

:OTL

IE - HKU\S-1-5-21-1547161642-1177238915-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1177238915-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://ww4.freeurlset.com:8083/connect.dat

O4 - HKU\S-1-5-21-1547161642-1177238915-839522115-500..\Run: [AdobeBridge] File not found

O4 - HKU\S-1-5-21-1547161642-1177238915-839522115-500..\Run: [Pando Media Booster] File not found

:Commands

[emptytemp]

[reboot]

*Execute o OTL

*Clique no espaço abaixo de "Exames Personalizados/Correções" e cole (Ctrl+v) o código

*Clique [Consertar]

*O PC será reiniciado

*Cole o relatório apresentado

 

2.

*Baixe o HijackThis e salve-o no desktop

*Execute-o, clique [Do a system scan and save a logfile] e cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Esta ai o Log , fiquei com 2 log por causa que tive que para ontem a noite e comecei dnv hoje,

 

 

Norman Malware Cleaner v2.02.01

Copyright © 1990 - 2011, Norman ASA.

 

Norman Scanner Engine Version: 6.07.10

nvcbin.def: Version: 6.07.00, Date: 2011/08/17 04:54:47, Variants: 10619680

nvcmacro.def: Version: 6.07.00, Date: 2011/02/01 12:21:31, Variants: 20465

 

Operating System: Windows XP Service Pack 3

 

Switches: /iagree

 

Scan started: 2011/08/17 22:31:19

 

Running pre-scan cleanup routine...

Potentially unwanted registry value: 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon --> SFCDisable = 0xffffff9d'

Modified registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon --> SFCDisable from '0xffffff9d' to '0'

Potentially unwanted settings in service: '(null)'

Modified service start type for service: Atualizações Automáticas

Potentially unwanted settings in service: '(null)'

Modified service start type for service: Serviço de transferência inteligente de plano de fundo

 

Number of malicious objects found: 3

Number of malicious objects cleaned: 3

Scanning time: 1s

 

Scanning system for FakeAV...

 

Number of malicious objects found: 0

Number of malicious objects cleaned: 0

Number of malicious files found: 0

Number of malicious files cleaned: 0

Scanning time: 1s

 

Scanning system for active rootkit activity...

 

Number of malicious objects found: 0

Number of malicious objects cleaned: 0

Number of malicious files found: 0

Number of malicious files cleaned: 0

Scanning time: 0s

 

Scanning running processes and process memory...

 

Number of objects found: 1667

Number of objects scanned: 1667

Number of objects not scanned: 0

Number of malicious memory objects found: 0

Number of malicious objects cleaned: 0

Number of malicious files found: 0

Number of malicious files cleaned: 0

Scanning time: 1m 16s

 

Running custom scan...

C:\Arquivos de programas\F.E.A.R. 2\FEAR2.exe: File infected with W32/Suspicious_Gen2.HVKTK

Deleted registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List --> C:\Arquivos de programas\F.E.A.R. 2\FEAR2.exe = C:\Arquivos de programas\F.E.A.R. 2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin

Deleted registry value: HKLM\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List --> C:\Arquivos de programas\F.E.A.R. 2\FEAR2.exe = C:\Arquivos de programas\F.E.A.R. 2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin

Deleted file: C:\Arquivos de programas\F.E.A.R. 2\FEAR2.exe

 

Number of files found: 22294

Number of archives unpacked: 668

Number of objects found: 119924

Number of objects scanned: 119924

Number of objects not scanned: 0

Number of malicious objects found: 3

Number of malicious objects cleaned: 3

Number of malicious files found: 1

Number of malicious files cleaned: 1

Scanning time: 25m 25s

Scan aborted by user

 

Results:

Total number of files found: 22294

Total number of archives unpacked: 668

Total number of objects found: 121591

Total number of objects scanned: 121591

Total number of objects not scanned: 0

Total number of malicious objects found: 6

Total number of malicious objects cleaned: 6

Total number of malicious files found: 1

Total number of malicious files cleaned: 1

Total number of objects quarantined: 4

Total scanning time: 26m 43s

 

Norman Malware Cleaner v2.02.01

Copyright © 1990 - 2011, Norman ASA.

 

Norman Scanner Engine Version: 6.07.10

nvcbin.def: Version: 6.07.00, Date: 2011/08/17 04:54:47, Variants: 10619680

nvcmacro.def: Version: 6.07.00, Date: 2011/02/01 12:21:31, Variants: 20465

 

Operating System: Windows XP Service Pack 3

 

Switches: /iagree

 

Scan started: 2011/08/18 12:40:41

 

Running pre-scan cleanup routine...

 

Number of malicious objects found: 0

Number of malicious objects cleaned: 0

Scanning time: 0s

 

Scanning system for FakeAV...

 

Number of malicious objects found: 0

Number of malicious objects cleaned: 0

Number of malicious files found: 0

Number of malicious files cleaned: 0

Scanning time: 0s

 

Scanning system for active rootkit activity...

 

Number of malicious objects found: 0

Number of malicious objects cleaned: 0

Number of malicious files found: 0

Number of malicious files cleaned: 0

Scanning time: 0s

 

Scanning running processes and process memory...

 

Number of objects found: 1510

Number of objects scanned: 1510

Number of objects not scanned: 0

Number of malicious memory objects found: 0

Number of malicious objects cleaned: 0

Number of malicious files found: 0

Number of malicious files cleaned: 0

Scanning time: 38s

 

Running custom scan...

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\data_0: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\data_1: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\data_2: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\data_3: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\f_000071/noname.nsis/file1: Damaged file

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\f_000071/noname.nsis/file1: Damaged file

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\f_000071/noname.nsis/file1: Damaged file

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\f_000071/noname.nsis/file1: Damaged file

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\f_000071/noname.nsis/file1: Damaged file

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\f_000071/noname.nsis/file1: Damaged file

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\f_000071/noname.nsis/file1: Damaged file

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\f_000071/noname.nsis/file1: Damaged file

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\f_000071/noname.nsis/file1: Damaged file

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\f_000071/noname.nsis/file1: Damaged file

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\f_000071/noname.nsis/file1: Damaged file

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache\index: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Current Session: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Current Tabs: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{6b314120-58c6-4c14-853e-8439dcabbc9c}\DBStore\contacts.edb: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{6b314120-58c6-4c14-853e-8439dcabbc9c}\DBStore\LogFiles\edb.log: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{6b314120-58c6-4c14-853e-8439dcabbc9c}\DBStore\tempedb.edb: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{8f3bd0f0-b539-4747-adf7-c6eb429ed3e5}\DBStore\contacts.edb: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{8f3bd0f0-b539-4747-adf7-c6eb429ed3e5}\DBStore\LogFiles\edb.log: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{8f3bd0f0-b539-4747-adf7-c6eb429ed3e5}\DBStore\tempedb.edb: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{8f3bd0f0-b539-4747-adf7-c6eb429ed3e5}\DBStore\LogFiles\edbtmp.log: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{cc18b2b5-bb9e-42d1-92d8-b9e757678de5}\DBStore\contacts.edb: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{cc18b2b5-bb9e-42d1-92d8-b9e757678de5}\DBStore\LogFiles\edb.log: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{cc18b2b5-bb9e-42d1-92d8-b9e757678de5}\DBStore\tempedb.edb: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{e73d6594-fb0d-4498-84e1-136ae5d8dc34}\DBStore\contacts.edb: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{e73d6594-fb0d-4498-84e1-136ae5d8dc34}\DBStore\LogFiles\edb.log: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\{e73d6594-fb0d-4498-84e1-136ae5d8dc34}\DBStore\tempedb.edb: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Temp\etilqs_66uLZ1ijegvDarg: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Temp\etilqs_ds1ewDUyruBz0C6: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Temp\etilqs_eXSRZv3lGdQ4Mc9: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Temp\etilqs_HQ5JKIvBzoYF66q: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Configurações locais\Temp\etilqs_ikOqsTvtGCqmjsV: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\Meus documentos\Downloads\key_-_www.ondebaixar.net.rar: Archive infected

C:\Documents and Settings\Administrador\Meus documentos\Downloads\key_-_www.ondebaixar.net.rar/keygen PS CS5.exe: File infected with W32/Suspicious_Gen2.BUGHS

Deleted archive object: C:\Documents and Settings\Administrador\Meus documentos\Downloads\key_-_www.ondebaixar.net.rar/keygen PS CS5.exe

Deleted file: C:\Documents and Settings\Administrador\Meus documentos\Downloads\key_-_www.ondebaixar.net.rar

C:\Documents and Settings\Administrador\Meus documentos\Downloads\OTL.Txt: File infected with Text/Autorun.CTK

Deleted file: C:\Documents and Settings\Administrador\Meus documentos\Downloads\OTL.Txt

C:\Documents and Settings\Administrador\Meus documentos\JDownloader\JDownloader.exe: File infected with W32/DLoader.AOJJU

Deleted file: C:\Documents and Settings\Administrador\Meus documentos\JDownloader\JDownloader.exe

C:\Documents and Settings\Administrador\NTUSER.DAT: Error opening file for read: 0x00000020

C:\Documents and Settings\Administrador\ntuser.dat.LOG: Error opening file for read: 0x00000020

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\IMpServiceEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.lock: Error opening file for read: 0x00000020

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-1.bin: Error opening file for read: 0x00000020

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin: Error opening file for read: 0x00000020

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020

C:\Documents and Settings\LocalService\NTUSER.DAT: Error opening file for read: 0x00000020

C:\Documents and Settings\LocalService\ntuser.dat.LOG: Error opening file for read: 0x00000020

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020

C:\Documents and Settings\NetworkService\NTUSER.DAT: Error opening file for read: 0x00000020

C:\Documents and Settings\NetworkService\ntuser.dat.LOG: Error opening file for read: 0x00000020

C:\Ragnarok Online\directx10.dll: File infected with W32/Obfuscated.T

Deleted file: C:\Ragnarok Online\directx10.dll

C:\Ragnarok Online\GameGuard\GameMon.des: File infected with Packed_TheMida.B

Deleted file: C:\Ragnarok Online\GameGuard\GameMon.des

C:\System Volume Information\_restore{3815FC3A-DF5D-4246-B9C0-971C8C686042}\RP16\A0008022.exe: File infected with W32/Suspicious_Gen2.HVKTK

Deleted file: C:\System Volume Information\_restore{3815FC3A-DF5D-4246-B9C0-971C8C686042}\RP16\A0008022.exe

C:\System Volume Information\_restore{3815FC3A-DF5D-4246-B9C0-971C8C686042}\RP17\A0008048.dll: File infected with W32/Obfuscated.T

C:\System Volume Information\_restore{3815FC3A-DF5D-4246-B9C0-971C8C686042}\RP17\A0008049.des: File infected with Packed_TheMida.B

Deleted file: C:\System Volume Information\_restore{3815FC3A-DF5D-4246-B9C0-971C8C686042}\RP17\A0008048.dll

Deleted file: C:\System Volume Information\_restore{3815FC3A-DF5D-4246-B9C0-971C8C686042}\RP17\A0008049.des

C:\WINDOWS\system32\CatRoot2\edb.log: Error opening file for read: 0x00000020

C:\WINDOWS\system32\CatRoot2\tmp.edb: Error opening file for read: 0x00000020

C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Error opening file for read: 0x00000020

C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\default: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\default.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\SAM: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\SECURITY: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\SAM.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\SECURITY.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\software: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\software.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\system: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\system.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\system32\drivers\sptd.sys: Error opening file for read: 0x00000020

C:\WINDOWS\Temp\Perflib_Perfdata_5fc.dat: Error opening file for read: 0x00000020

C:\WINDOWS\Temp\TMP000016C01BE4B0B54D813178: Error opening file for read: 0x00000020

 

Number of files found: 71867

Number of archives unpacked: 1998

Number of objects found: 266689

Number of objects scanned: 266631

Number of objects not scanned: 58

Number of malicious objects found: 8

Number of malicious objects cleaned: 8

Number of malicious files found: 8

Number of malicious files cleaned: 8

Scanning time: 2h 5m 27s

 

Running post-scan cleanup routine...

 

Number of malicious objects found: 0

Number of malicious objects cleaned: 0

Scanning time: 0s

 

Results:

Total number of files found: 71867

Total number of archives unpacked: 1998

Total number of objects found: 268199

Total number of objects scanned: 268141

Total number of objects not scanned: 58

Total number of malicious objects found: 8

Total number of malicious objects cleaned: 8

Total number of malicious files found: 8

Total number of malicious files cleaned: 8

Total number of objects quarantined: 8

Total scanning time: 2h 6m 5s

 

segue o log OTl

 

 

All processes killed

========== OTL ==========

HKU\S-1-5-21-1547161642-1177238915-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-1547161642-1177238915-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1547161642-1177238915-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1547161642-1177238915-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 2408092 bytes

->Temporary Internet Files folder emptied: 4903872 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 41019375 bytes

->Flash cache emptied: 893 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 8502 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 144271 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 46,00 mb

 

 

OTL by OldTimer - Version 3.2.26.5 log created on 08182011_145114

 

Files\Folders moved on Reboot...

C:\Documents and Settings\Administrador\Configurações locais\Temp\MessengerCache\AS6CEVGUGOi1yXvIs9Z4SfW5jBc= moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\MessengerCache\Bz0JZpJ7DBLYziOfoh02f52BUPU= moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\MessengerCache\HMIJx6bmeU58f2FmT00vuEv3Ki4c= moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\MessengerCache\lb2LpajsxqWH0g54KmVpXpjuOgI= moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\MessengerCache\QqwkiyP+lE2WJwQ8dePsfeSD+bo= moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\MessengerCache\RlUY05xa03oQ+JL3py4WGljZLHs= moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\MessengerCache\UqaDSqeECpBMI0RCX+gmamShsd0= moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\MessengerCache\VDNtcmNCoUh5VoAy5nHloNnJ2QA= moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\MessengerCache\x20gO5dt6Y2FCezFbafC4KubsDI= moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\MessengerCache\XR2Fepjt9GGEX9oVaxe9q1yQWedw= moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temp\MessengerCache\YwBxho7KqCFsFk+kPMJDhjVk22A= moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\5VEIFFJD\ADSAdClient31[3].htm moved successfully.

 

Registry entries deleted on Reboot...

 

Log do HiJack

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:55:44, on 18/8/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17080)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

C:\Arquivos de programas\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Desktop\SoftonicDownloader_para_hijackthis.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ww4.freeurlset.com:8083/connect.dat

O1 - Hosts: ÿþ127.0.0.1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {D1763781-8374-40BD-836A-F2E1F2600B2F}836A-F2E1F2600B2F} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [MSC] "c:\Arquivos de programas\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{43116D85-F7AE-4142-A8E1-38C709F5A91C}: NameServer = 200.204.0.10 200.204.0.138

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

 

--

End of file - 8832 bytes

 

Saindo aqui volto umas 8:30 da noite curso hoje ^^

 

Esperando Resposta ...

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Desative temporariamente seu antivírus

 

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação

*Após a instalação do Console, clique [sim] e aguarde a conclusão das etapas

*Não use o mouse nem o teclado durante as etapas!!

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 11-09-07.02 - Administrador 07/09/2011 9:24.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1170 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Meus documentos\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\arquivos de programas\messenge

c:\arquivos de programas\messenge\400a

c:\arquivos de programas\messenge\400b

c:\arquivos de programas\messenge\400c

c:\arquivos de programas\messenge\600a

c:\arquivos de programas\messenge\600b

c:\arquivos de programas\messenge\600c

c:\arquivos de programas\messenge\700a

c:\arquivos de programas\messenge\700b

c:\arquivos de programas\messenge\700c

c:\arquivos de programas\Windows Media Player\Silkscrenn400.ini

c:\arquivos de programas\Windows Media Player\Silkscrenn600.ini

c:\arquivos de programas\Windows Media Player\Silkscrenn700.ini

C:\CFLog

c:\cflog\CrashLog_20110706.txt

c:\cflog\CrashLog_20110716.txt

c:\documents and settings\Administrador\Dados de aplicativos\Google Talk

c:\documents and settings\Administrador\temp1.tmp

C:\Install.exe

c:\ragnarok online\skin\default\_desktop.ini

c:\ragnarok online\skin\default\basic_interface\_desktop.ini

c:\ragnarok online\skin\Scribbling Kid\_desktop.ini

c:\ragnarok online\skin\Scribbling Kid\basic_interface\_desktop.ini

C:\SWSetup1

c:\windows\ehome\medctrro.exe

c:\windows\system32\mfc100deu.dll

e:\bruno\Musicas\Cradle Of Filth\Cradle Of Filth - Harder Darker Faster Thornography Deluxe\_desktop.ini

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-08-07 to 2011-09-07 ))))))))))))))))))))))))))))

.

.

2073-04-13 20:17 . 2006-11-21 23:48 203576 ------w- c:\arquivos de programas\Microsoft Games\Age of Empires III\autopatcher2.exe

2011-09-07 12:15 . 2011-09-07 12:15 28752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{C1DE78F5-D601-47C4-9DD8-453D2BEB2453}\MpKsle5010d16.sys

2011-09-07 12:15 . 2011-08-11 22:44 7152464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{C1DE78F5-D601-47C4-9DD8-453D2BEB2453}\mpengine.dll

2011-09-06 23:14 . 2011-09-06 23:14 -------- d-----w- c:\arquivos de programas\BitTorrent

2011-09-06 23:14 . 2011-09-06 23:28 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent

2011-09-05 00:57 . 2011-09-05 00:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-03 21:22 . 2011-09-03 21:53 -------- d-----w- c:\arquivos de programas\JDownloader

2011-08-23 00:10 . 2011-09-03 21:14 -------- d--h--w- c:\windows\msdownld.tmp

2011-08-20 21:48 . 2011-08-20 21:48 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\PCHealth

2011-08-20 21:37 . 2008-04-14 01:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2011-08-19 16:15 . 2011-08-11 22:44 7152464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-18 17:51 . 2011-08-18 17:51 -------- d-----w- C:\_OTL

2011-08-18 01:30 . 2011-08-18 01:30 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Norman Malware Cleaner

2011-08-17 20:24 . 2011-08-17 20:24 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2011-08-17 20:24 . 2011-08-17 20:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2011-08-17 20:24 . 2011-08-21 10:49 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2011-08-17 16:38 . 2011-08-17 20:08 -------- d-----w- c:\windows\SxsCaPendDel

2011-08-09 15:47 . 2011-08-09 15:48 -------- d-----w- c:\arquivos de programas\Microsoft Security Client

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-19 08:05 . 2011-04-17 22:58 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-19 05:40 . 2010-06-03 13:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

2004-10-01 18:00 . 2010-05-18 19:41 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ed07fd240e0baddf2202623455243ff8\sp3qfe\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ed07fd240e0baddf2202623455243ff8\sp3gdr\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\DllCache\tcpip.sys

[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2005-09-19 . DBC20C4332FE84B826530C49AE09721E . 359936 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-05-18 202256]

"PlusService"="c:\arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"MSC"="c:\arquivos de programas\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Assistente Tecnico Speedy.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Assistente Tecnico Speedy.lnk

backup=c:\windows\pss\Assistente Tecnico Speedy.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^spoolsv.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\spoolsv.exe

backup=c:\windows\pss\spoolsv.exeCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 15:55 937920 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-06 15:55 35736 ----a-w- c:\arquivos de programas\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-06-04 03:03 136176 ----atw- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-01-13 14:46 166912 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-01-13 14:46 134656 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2011-06-15 18:16 997920 ----a-w- c:\arquivos de programas\Microsoft Security Client\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 00:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 13:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-01-13 14:46 135680 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 16:06 254696 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-05-18 20:54 202256 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\World of Warcraft\\Launcher.exe"=

"c:\\Arquivos de programas\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Activision\\Modern Warfare 2\\iw4mp.exe"=

"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"=

"c:\\Arquivos de programas\\World of Warcraft\\Launcher.patch.exe"=

"c:\\Arquivos de programas\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Arquivos de programas\\BitTorrent\\BitTorrent.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8082:TCP"= 8082:TCP:vodshnha

"8380:TCP"= 8380:TCP:League of Legends Launcher

"8380:UDP"= 8380:UDP:League of Legends Launcher

"1331:TCP"= 1331:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

"8381:TCP"= 8381:TCP:League of Legends Launcher

"8381:UDP"= 8381:UDP:League of Legends Launcher

"6953:TCP"= 6953:TCP:League of Legends Launcher

"6953:UDP"= 6953:UDP:League of Legends Launcher

"57458:TCP"= 57458:TCP:Pando Media Booster

"57458:UDP"= 57458:UDP:Pando Media Booster

"6890:TCP"= 6890:TCP:League of Legends Launcher

"6890:UDP"= 6890:UDP:League of Legends Launcher

"6960:TCP"= 6960:TCP:League of Legends Launcher

"6960:UDP"= 6960:UDP:League of Legends Launcher

"6888:TCP"= 6888:TCP:League of Legends Launcher

"6888:UDP"= 6888:UDP:League of Legends Launcher

"6941:TCP"= 6941:TCP:League of Legends Launcher

"6941:UDP"= 6941:UDP:League of Legends Launcher

"6920:TCP"= 6920:TCP:League of Legends Launcher

"6920:UDP"= 6920:UDP:League of Legends Launcher

"6965:TCP"= 6965:TCP:League of Legends Launcher

"6965:UDP"= 6965:UDP:League of Legends Launcher

"8382:TCP"= 8382:TCP:League of Legends Launcher

"8382:UDP"= 8382:UDP:League of Legends Launcher

"6913:TCP"= 6913:TCP:League of Legends Launcher

"6913:UDP"= 6913:UDP:League of Legends Launcher

"6911:TCP"= 6911:TCP:League of Legends Launcher

"6911:UDP"= 6911:UDP:League of Legends Launcher

"6887:TCP"= 6887:TCP:League of Legends Launcher

"6887:UDP"= 6887:UDP:League of Legends Launcher

"8383:TCP"= 8383:TCP:League of Legends Launcher

"8383:UDP"= 8383:UDP:League of Legends Launcher

"8393:TCP"= 8393:TCP:League of Legends Lobby

"8393:UDP"= 8393:UDP:League of Legends Lobby

"8390:TCP"= 8390:TCP:League of Legends Game Client

"8390:UDP"= 8390:UDP:League of Legends Game Client

"6927:TCP"= 6927:TCP:League of Legends Launcher

"6927:UDP"= 6927:UDP:League of Legends Launcher

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/6/2010 06:12 691696]

R1 MpKsl67dbe589;MpKsl67dbe589;c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{C1DE78F5-D601-47C4-9DD8-453D2BEB2453}\MpKsl67dbe589.sys [7/9/2011 09:19 28752]

R1 MpKsle5010d16;MpKsle5010d16;c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{C1DE78F5-D601-47C4-9DD8-453D2BEB2453}\MpKsle5010d16.sys [7/9/2011 09:15 28752]

R1 MpKsle5d9fde6;MpKsle5d9fde6;c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{C1DE78F5-D601-47C4-9DD8-453D2BEB2453}\MpKsle5d9fde6.sys [7/9/2011 09:20 28752]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [9/4/2011 18:26 101904]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [13/5/2010 17:52 874880]

S1 MpKsl39aa1adb;MpKsl39aa1adb;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{B9D266C3-A83A-450C-A2D5-8813FD76B4C9}\MpKsl39aa1adb.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{B9D266C3-A83A-450C-A2D5-8813FD76B4C9}\MpKsl39aa1adb.sys [?]

S1 MpKsld8ad6ac4;MpKsld8ad6ac4;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{B9D266C3-A83A-450C-A2D5-8813FD76B4C9}\MpKsld8ad6ac4.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{B9D266C3-A83A-450C-A2D5-8813FD76B4C9}\MpKsld8ad6ac4.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2/12/2010 20:51 136176]

S3 cpudrv;cpudrv;c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [12/9/2010 13:43 23456]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\arquivos de programas\Garena\safedrv.sys --> c:\arquivos de programas\Garena\safedrv.sys [?]

S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2/12/2010 20:51 136176]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]

S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]

S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?]

S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]

S3 XDva388;XDva388;\??\c:\windows\system32\XDva388.sys --> c:\windows\system32\XDva388.sys [?]

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - MPKSL67DBE589

*NewlyCreated* - MPKSLE5010D16

*NewlyCreated* - MPKSLE5D9FDE6

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

roieq

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-02 11:05]

.

2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-02 11:05]

.

2011-09-07 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 18:39]

.

2011-09-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1177238915-839522115-500.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

.

2011-08-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1177238915-839522115-500.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 201.6.2.163 201.6.2.43

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\06ihivk5.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar

FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

FF - Ext: Messenger Plus BR Community Toolbar: {1d80d668-2160-46a2-b3a7-e166795b0b28} - %profile%\extensions\{1d80d668-2160-46a2-b3a7-e166795b0b28}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{D1763781-8374-40BD-836A-F2E1F2600B2F}836A-F2E1F2600B2F} - (no file)

HKU-Default-Run-MsnMsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe

MSConfigStartUp-AdobeCS5ServiceManager - c:\arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe

MSConfigStartUp-googletalk - c:\documents and settings\Administrador\Dados de aplicativos\Google Talk\googletalk.exe

MSConfigStartUp-InCD - c:\arquivos de programas\Ahead\InCD\InCD.exe

MSConfigStartUp-ManyCam - c:\arquivos de programas\ManyCam 2.4\ManyCam.exe

MSConfigStartUp-Modulo_administrativo - c:\arquivos de programas\messenge\Asdiph.exe

MSConfigStartUp-Modulo_Ad_Autorizador - c:\arquivos de programas\messenge\Nvsvc32.exe

MSConfigStartUp-Modulo_Ad_bne - c:\arquivos de programas\messenge\Aswebsrv.exe

MSConfigStartUp-Network - c:\documents and settings\Administrador\connect32.dll

MSConfigStartUp-PC Suite Tray - c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

MSConfigStartUp-SwitchBoard - c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-07 09:35

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-1547161642-1177238915-839522115-500\Software\SecuROM\License information*]

"datasecu"=hex:11,13,7a,b0,d1,84,b2,da,78,95,7d,f1,49,21,88,4f,b0,50,f2,b2,d4,

4d,56,19,15,4e,e5,80,bb,51,f9,a4,39,bd,dd,54,07,bd,31,05,76,ed,04,03,08,17,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(460)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

Tempo para conclusão: 2011-09-07 09:37:29

ComboFix-quarantined-files.txt 2011-09-07 12:37

.

Pré-execução: 20 pasta(s) 134.854.639.616 bytes disponíveis

Pós execução: 20 pasta(s) 134.908.915.712 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 75AD98A0A92991CC63446F1B856D9366

 

Aqui Esta, desculpa a demora mais uma vez .

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Abra o bloco de notas e cole nele o código abaixo:

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8082:TCP"=-

Driver::

roieq

NetSvc::

roieq

*Salve o arquivo no desktop como CFScript.txt

*Arraste-o para o Combofix conforme ilustração abaixo:

 

b2ea2c6367.gif

 

*Enquanto o combofix estiver em execução, não use o mouse nem o teclado!!

 

*Cole o relatório apresentado e novo log do hijack

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue os Logs

 

 

ComboFix 11-09-12.02 - Administrador 12/09/2011 14:57:52.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1263 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt.txt

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-08-12 to 2011-09-12 ))))))))))))))))))))))))))))

.

.

2073-04-13 20:17 . 2006-11-21 23:48 203576 ------w- c:\arquivos de programas\Microsoft Games\Age of Empires III\autopatcher2.exe

2011-09-06 23:14 . 2011-09-06 23:14 -------- d-----w- c:\arquivos de programas\BitTorrent

2011-09-06 23:14 . 2011-09-08 01:55 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent

2011-09-05 00:57 . 2011-09-05 00:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-03 21:22 . 2011-09-03 21:53 -------- d-----w- c:\arquivos de programas\JDownloader

2011-08-23 00:10 . 2011-09-03 21:14 -------- d--h--w- c:\windows\msdownld.tmp

2011-08-20 21:48 . 2011-08-20 21:48 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\PCHealth

2011-08-20 21:37 . 2008-04-14 01:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2011-08-19 16:15 . 2011-08-11 22:44 7152464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-18 17:51 . 2011-08-18 17:51 -------- d-----w- C:\_OTL

2011-08-18 01:30 . 2011-08-18 01:30 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Norman Malware Cleaner

2011-08-17 20:24 . 2011-08-17 20:24 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2011-08-17 20:24 . 2011-08-17 20:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2011-08-17 20:24 . 2011-08-21 10:49 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2011-08-17 16:38 . 2011-08-17 20:08 -------- d-----w- c:\windows\SxsCaPendDel

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-19 08:05 . 2011-04-17 22:58 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-19 05:40 . 2010-06-03 13:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

2004-10-01 18:00 . 2010-05-18 19:41 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ed07fd240e0baddf2202623455243ff8\sp3qfe\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ed07fd240e0baddf2202623455243ff8\sp3gdr\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\DllCache\tcpip.sys

[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2005-09-19 . DBC20C4332FE84B826530C49AE09721E . 359936 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys

.

((((((((((((((((((((((((((((( SnapShot@2011-09-07_12.35.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-09-12 15:52 . 2011-09-12 15:52 16384 c:\windows\Temp\Perflib_Perfdata_8bc.dat

- 2001-10-28 17:07 . 2011-09-02 17:26 69058 c:\windows\system32\perfc016.dat

+ 2001-10-28 17:07 . 2011-09-09 12:12 69058 c:\windows\system32\perfc016.dat

+ 2001-10-28 17:07 . 2011-09-09 12:12 57436 c:\windows\system32\perfc009.dat

- 2001-10-28 17:07 . 2011-09-02 17:26 57436 c:\windows\system32\perfc009.dat

+ 2011-09-10 23:28 . 2011-09-10 23:28 22016 c:\windows\Installer\2046c8c.msi

- 2001-10-28 17:07 . 2011-09-02 17:26 427026 c:\windows\system32\perfh016.dat

+ 2001-10-28 17:07 . 2011-09-09 12:12 427026 c:\windows\system32\perfh016.dat

+ 2001-10-28 17:07 . 2011-09-09 12:12 390910 c:\windows\system32\perfh009.dat

- 2001-10-28 17:07 . 2011-09-02 17:26 390910 c:\windows\system32\perfh009.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-05-18 202256]

"PlusService"="c:\arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"MSC"="c:\arquivos de programas\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Assistente Tecnico Speedy.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Assistente Tecnico Speedy.lnk

backup=c:\windows\pss\Assistente Tecnico Speedy.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^spoolsv.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\spoolsv.exe

backup=c:\windows\pss\spoolsv.exeCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 15:55 937920 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-06 15:55 35736 ----a-w- c:\arquivos de programas\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-06-04 03:03 136176 ----atw- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-01-13 14:46 166912 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-01-13 14:46 134656 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2011-06-15 18:16 997920 ----a-w- c:\arquivos de programas\Microsoft Security Client\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 00:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 13:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-01-13 14:46 135680 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 16:06 254696 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-05-18 20:54 202256 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\World of Warcraft\\Launcher.exe"=

"c:\\Arquivos de programas\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Activision\\Modern Warfare 2\\iw4mp.exe"=

"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"=

"c:\\Arquivos de programas\\World of Warcraft\\Launcher.patch.exe"=

"c:\\Arquivos de programas\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Arquivos de programas\\BitTorrent\\BitTorrent.exe"=

"c:\\Arquivos de programas\\WB Games\\F.E.A.R. 3\\F.E.A.R. 3.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8380:TCP"= 8380:TCP:League of Legends Launcher

"8380:UDP"= 8380:UDP:League of Legends Launcher

"1331:TCP"= 1331:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

"8381:TCP"= 8381:TCP:League of Legends Launcher

"8381:UDP"= 8381:UDP:League of Legends Launcher

"6953:TCP"= 6953:TCP:League of Legends Launcher

"6953:UDP"= 6953:UDP:League of Legends Launcher

"57458:TCP"= 57458:TCP:Pando Media Booster

"57458:UDP"= 57458:UDP:Pando Media Booster

"6890:TCP"= 6890:TCP:League of Legends Launcher

"6890:UDP"= 6890:UDP:League of Legends Launcher

"6960:TCP"= 6960:TCP:League of Legends Launcher

"6960:UDP"= 6960:UDP:League of Legends Launcher

"6888:TCP"= 6888:TCP:League of Legends Launcher

"6888:UDP"= 6888:UDP:League of Legends Launcher

"6941:TCP"= 6941:TCP:League of Legends Launcher

"6941:UDP"= 6941:UDP:League of Legends Launcher

"6920:TCP"= 6920:TCP:League of Legends Launcher

"6920:UDP"= 6920:UDP:League of Legends Launcher

"6965:TCP"= 6965:TCP:League of Legends Launcher

"6965:UDP"= 6965:UDP:League of Legends Launcher

"8382:TCP"= 8382:TCP:League of Legends Launcher

"8382:UDP"= 8382:UDP:League of Legends Launcher

"6913:TCP"= 6913:TCP:League of Legends Launcher

"6913:UDP"= 6913:UDP:League of Legends Launcher

"6911:TCP"= 6911:TCP:League of Legends Launcher

"6911:UDP"= 6911:UDP:League of Legends Launcher

"6887:TCP"= 6887:TCP:League of Legends Launcher

"6887:UDP"= 6887:UDP:League of Legends Launcher

"8383:TCP"= 8383:TCP:League of Legends Launcher

"8383:UDP"= 8383:UDP:League of Legends Launcher

"8393:TCP"= 8393:TCP:League of Legends Lobby

"8393:UDP"= 8393:UDP:League of Legends Lobby

"8390:TCP"= 8390:TCP:League of Legends Game Client

"8390:UDP"= 8390:UDP:League of Legends Game Client

"6927:TCP"= 6927:TCP:League of Legends Launcher

"6927:UDP"= 6927:UDP:League of Legends Launcher

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/6/2010 06:12 691696]

R1 MpKsl9ec2fd80;MpKsl9ec2fd80;c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{09DF780D-1E79-455E-B50E-A780D9171A22}\MpKsl9ec2fd80.sys [12/9/2011 13:03 28752]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [9/4/2011 18:26 101904]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [13/5/2010 17:52 874880]

S1 MpKsl39aa1adb;MpKsl39aa1adb;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{B9D266C3-A83A-450C-A2D5-8813FD76B4C9}\MpKsl39aa1adb.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{B9D266C3-A83A-450C-A2D5-8813FD76B4C9}\MpKsl39aa1adb.sys [?]

S1 MpKsld8ad6ac4;MpKsld8ad6ac4;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{B9D266C3-A83A-450C-A2D5-8813FD76B4C9}\MpKsld8ad6ac4.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{B9D266C3-A83A-450C-A2D5-8813FD76B4C9}\MpKsld8ad6ac4.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2/12/2010 20:51 136176]

S3 cpudrv;cpudrv;c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [12/9/2010 13:43 23456]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\arquivos de programas\Garena\safedrv.sys --> c:\arquivos de programas\Garena\safedrv.sys [?]

S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2/12/2010 20:51 136176]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]

S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]

S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?]

S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]

S3 XDva388;XDva388;\??\c:\windows\system32\XDva388.sys --> c:\windows\system32\XDva388.sys [?]

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - MPKSL9EC2FD80

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-02 11:05]

.

2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-02 11:05]

.

2011-09-12 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 18:39]

.

2011-09-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1177238915-839522115-500.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

.

2011-09-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1177238915-839522115-500.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 201.6.2.163 201.6.2.43

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\06ihivk5.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar

FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

FF - Ext: Messenger Plus BR Community Toolbar: {1d80d668-2160-46a2-b3a7-e166795b0b28} - %profile%\extensions\{1d80d668-2160-46a2-b3a7-e166795b0b28}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-12 15:03

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-1547161642-1177238915-839522115-500\Software\SecuROM\License information*]

"datasecu"=hex:11,13,7a,b0,d1,84,b2,da,78,95,7d,f1,49,21,88,4f,b0,50,f2,b2,d4,

4d,56,19,15,4e,e5,80,bb,51,f9,a4,39,bd,dd,54,07,bd,31,05,76,ed,04,03,08,17,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(460)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(3516)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\wmp.dll

c:\windows\system32\wmploc.dll

c:\windows\system32\wmpps.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2011-09-12 15:04:28

ComboFix-quarantined-files.txt 2011-09-12 18:04

ComboFix2.txt 2011-09-07 12:37

.

Pré-execução: 19 pasta(s) 126.987.235.328 bytes disponíveis

Pós execução: 20 pasta(s) 126.985.097.216 bytes disponíveis

.

- - End Of File - - EF64AA47A8AB97BCA05D3451FA4E8B93

 

Log Hijack

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:11:59, on 12/9/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17080)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

C:\Arquivos de programas\Microsoft Security Client\msseces.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [MSC] "c:\Arquivos de programas\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

 

--

End of file - 7722 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...o PC está limpo.

 

 

*Clique [iniciar] > [Executar] > copie e cole:

 

c:\documents and settings\Administrador\Meus documentos\Downloads\ComboFix.exe /uninstall

 

*Clique [OK] e aguarde a mensagem: "ComboFix está desinstalado"

 

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.