[Resolvido] &nbspPeguei o virus Live Security Platinum

[Bond2006 0]

Olá amigos peguei esse maldito virus e desde entao nao consigo abrir nenhum programa ou arquivo,sempre que dou dois cliques em qualquer Programa ou Arquivo,surge a mensagem que meu computador esta infectado e que nao posso abrir o Arquivo/Programa,entao tentei executar o REGEDIT mais tambem nao consegui,entrei no modo de segurança e executei o msconfig e desmarquei todas as opçoes do Menu Iniciar na esperança que meu problema fosse resolvido mais assim que reiniciei o computador o maldito virus começou a executar novamente e eu nao sei o que fazer,até criei uma nova conta de usuario no XP e eh atraves dela que estou escrevendo a voces,espero que alguem possa me ajudar pois todos os meus arquivos importantes estao lá,abaixo segue o Log do Hijackthis que peguei no modo de segurança,desde ja agradeço a todos.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:44:38, on 09/09/12

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0EzyyBzztB0F0Azz0AzytN0D0Tzu0CtBtDzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1258229672

R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: IERetObj Class - {4F01A5CD-45EC-4395-BD4F-A9AA6556A19E} - C:\Arquivos de programas\HalogenWare\Retriever\plugins\IECapture\IERetriever.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\RunOnce: [6F63A5D2000BCB89879698487B07D287] C:\Documents and Settings\All Users\Dados de aplicativos\6F63A5D2000BCB89879698487B07D287\6F63A5D2000BCB89879698487B07D287.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213471087570

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

 

--

End of file - 5490 bytes

[wings 22]

Olá Bond2006

 

 

:seta: Baixe o OTL e salve-o no Desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Selecione as opções:

Verificar All Users

Verificar Lop

Verificar Purity

 

*Cole as linhas, em marrom, no espaço abaixo de Exames Personalizados/Correções

/md5start

services.exe

/md5stop

netsvcs

%USERPROFILE%\Application Data\* /s

HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s

HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s

HKEY_CURRENT_USER\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s

 

 

*Clique [Verificar]

 

 

*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)

 

 

:seta: Acesse este link

 

*Clique [selecionar arquivo]

 

*Localize o arquivo OTL.txt no Desktop (Área de Trabalho) e clique [Abrir]

 

*Clique [Envoyer le fichier]

 

*Cole o link criado abaixo de Fichier envoyé avec succés! Copiez votre lien :

 

*Repita o procedimento para o relatório Extras.txt e cole o link

[Bond2006 0]

Bom dia amigo,segue abaixo os 2 links :

 

http://mydoc.tk/3/8399OTL.Txt

 

http://mydoc.tk/3/8183Extras.Txt

 

 

 

E tambem o novo log apos eu ter feito os procedimentos que voce me passou:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:21:21, on 10/9/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\LUIS\Dados de aplicativos\VIVO INTERNET\ouc.exe

C:\Arquivos de programas\VIVO INTERNET\VIVO INTERNET.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\LUIS\Desktop\OTL.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0EzyyBzztB0F0Azz0AzytN0D0Tzu0CtBtDzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1258229672

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: IERetObj Class - {4F01A5CD-45EC-4395-BD4F-A9AA6556A19E} - C:\Arquivos de programas\HalogenWare\Retriever\plugins\IECapture\IERetriever.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Arquivos de programas\VIVO INTERNET\UpdateDog\ouc.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213471087570

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E325F22B-DE66-460A-9689-034B6AFD963F}: NameServer = 200.142.132.32 200.220.227.57

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

 

--

End of file - 6171 bytes

 

 

 

 

 

 

 

 

Olá Bond2006

 

 

:seta: Baixe o OTL e salve-o no Desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Selecione as opções:

Verificar All Users

Verificar Lop

Verificar Purity

 

*Cole as linhas, em marrom, no espaço abaixo de Exames Personalizados/Correções

/md5start

services.exe

/md5stop

netsvcs

%USERPROFILE%\Application Data\* /s

HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s

HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s

HKEY_CURRENT_USER\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s

 

 

*Clique [Verificar]

 

 

*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)

 

 

:seta: Acesse este link

 

*Clique [selecionar arquivo]

 

*Localize o arquivo OTL.txt no Desktop (Área de Trabalho) e clique [Abrir]

 

*Clique [Envoyer le fichier]

 

*Cole o link criado abaixo de Fichier envoyé avec succés! Copiez votre lien :

 

*Repita o procedimento para o relatório Extras.txt e cole o link

[wings 22]

:seta: Baixe o RogueKiller (...de tigzy) e salve-o no desktop (Área de Trabalho)

 

*Obs. O programa está renomeado...OK?

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Aguarde o término do scan inicial e o carregamento dos drivers

 

*Quando o quadrado abaixo de Opções estiver verde o programa estará pronto para ser executado

 

 

*Clique [Verificar]

 

*Clique [Report] e cole o relatório apresentado

[Bond2006 0]

Boa noite amigo,segue abaixo o relatorio gerado e tambem o novo log do Hijackthis:

 

 

 

 

RogueKiller V8.0.2 [08/31/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Iniciado em : Modo Normal

Usuario : LUIS [Privilegios restritos]

Modo : Verificar -- Data : 09/10/2012 19:51:03

 

¤¤¤ Entradas ruins : 5 ¤¤¤

[sUSP PATH] ouc.exe -- C:\Documents and Settings\LUIS\Dados de aplicativos\VIVO INTERNET\ouc.exe -> FINALIZADO [TermProc]

[sUSP PATH] OTL.exe -- C:\Documents and Settings\LUIS\Desktop\OTL.exe -> FINALIZADO [TermProc]

 

¤¤¤ Entradas do Registro : 1 ¤¤¤

[HOSTS] HKLM\[...]\Parameters : DataBasePath () -> ENCONTRADO

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver : [Não Carregado] ¤¤¤

 

¤¤¤ Infecção : ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

Concluido : << RKreport[1].txt >>

RKreport[1].txt

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:53:19, on 10/9/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\VIVO INTERNET\VIVO INTERNET.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0EzyyBzztB0F0Azz0AzytN0D0Tzu0CtBtDzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1258229672

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: IERetObj Class - {4F01A5CD-45EC-4395-BD4F-A9AA6556A19E} - C:\Arquivos de programas\HalogenWare\Retriever\plugins\IECapture\IERetriever.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Arquivos de programas\VIVO INTERNET\UpdateDog\ouc.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213471087570

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E325F22B-DE66-460A-9689-034B6AFD963F}: NameServer = 200.142.132.32 200.220.227.57

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

 

--

End of file - 6033 bytes

 

 

 

 

 

:seta: Baixe o RogueKiller (...de tigzy) e salve-o no desktop (Área de Trabalho)

 

*Obs. O programa está renomeado...OK?

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Aguarde o término do scan inicial e o carregamento dos drivers

 

*Quando o quadrado abaixo de Opções estiver verde o programa estará pronto para ser executado

 

 

*Clique [Verificar]

 

*Clique [Report] e cole o relatório apresentado

[wings 22]

:seta: Baixe o SystemLook (...de jpshortstuff) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Cole as linhas em azul no espaço em branco:

:dir

C:\Documents and Settings\All Users\Dados de aplicativos\6F63A5D2000BCB89879698487B07D287

*Clique [Look] e cole o relatório apresentado

[Bond2006 0]

Ola amigo,segue o novo relatorio e tambem o novo log :

 

 

 

SystemLook 30.07.11 by jpshortstuff

Log created at 20:34 on 10/09/2012 by LUIS

(Limited User)

 

========== dir ==========

 

C:\Documents and Settings\All Users\Dados de aplicativos\6F63A5D2000BCB89879698487B07D287 - Parameters: "(none)"

 

---Files---

6F63A5D2000BCB89879698487B07D287 --a---- 1872 bytes [19:57 09/09/2012] [02:15 10/09/2012]

6F63A5D2000BCB89879698487B07D287.exe --a---- 375808 bytes [19:56 09/09/2012] [19:56 09/09/2012]

6F63A5D2000BCB89879698487B07D287.ico --a---- 4286 bytes [19:56 09/09/2012] [19:56 09/09/2012]

 

---Folders---

None found.

 

-= EOF =-

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:37:06, on 10/9/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\VIVO INTERNET\VIVO INTERNET.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\notepad.exe

C:\Documents and Settings\LUIS\Desktop\SystemLook.exe

C:\WINDOWS\notepad.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0EzyyBzztB0F0Azz0AzytN0D0Tzu0CtBtDzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1258229672

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: IERetObj Class - {4F01A5CD-45EC-4395-BD4F-A9AA6556A19E} - C:\Arquivos de programas\HalogenWare\Retriever\plugins\IECapture\IERetriever.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Arquivos de programas\VIVO INTERNET\UpdateDog\ouc.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213471087570

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E325F22B-DE66-460A-9689-034B6AFD963F}: NameServer = 200.142.132.32 200.220.227.57

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

 

--

End of file - 6136 bytes

 

 

 

:seta: Baixe o SystemLook (...de jpshortstuff) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Cole as linhas em azul no espaço em branco:

:dir

C:\Documents and Settings\All Users\Dados de aplicativos\6F63A5D2000BCB89879698487B07D287

*Clique [Look] e cole o relatório apresentado

[wings 22]

:seta: Delete o SystemLook e seu relatório

 

 

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Cole as linhas em azul no espaço abaixo de Exames Personalizados/Correções

 

 

 

:OTL

SRV - File not found [Disabled | Unknown] -- C:\WINDOWS\System32\SCardSvr.exe -- (SCardSvr)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\home\CONFIG~1\Temp\catchme.sys -- (catchme)

IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0EzyyBzztB0F0Azz0AzytN0D0Tzu0CtBtDzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1258229672

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0EzyyBzztB0F0Azz0AzytN0D0Tzu0CtBtDzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1258229672

IE - HKU\S-1-5-21-1078081533-1060284298-839522115-1004\..\SearchScopes,DefaultScope = {7DCA59AE-295C-460F-F85E-4E8139C448F7}

IE - HKU\S-1-5-21-1078081533-1060284298-839522115-1004\..\SearchScopes\{7DCA59AE-295C-460F-F85E-4E8139C448F7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SHCN_pt-BRBR408

[2012/09/09 21:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LUIS\Configurações locais\Dados de aplicativos\Conduit

[2012/09/09 16:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\6F63A5D2000BCB89879698487B07D287

[2010/12/13 10:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\avg9

 

:Files

ipconfig /flushdns /c

 

:Commands

[emptytemp]

 

 

*Clique [Consertar]

 

 

*Clique [OK] para reiniciar o PC

 

 

*Cole o relatório criado em C:\_OTL\MovedFiles\data_hora.txt

[Bond2006 0]

Olá amigo,encontrei apenas um arquivo denominado 09102012_205937.log segue abaixo o relatorio e tambem novo log :

 

 

All processes killed

========== OTL ==========

Error: No service named SCardSvr was found to stop!

No service named SCardSvr was found to delete!

File C:\WINDOWS\System32\SCardSvr.exe not found.

Error: No service named catchme was found to stop!

No service named catchme was found to delete!

File C:\DOCUME~1\home\CONFIG~1\Temp\catchme.sys not found.

Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!

Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!

Unable to set value : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!

Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ scheduled to be deleted on reboot.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

HKEY_USERS\S-1-5-21-1078081533-1060284298-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1078081533-1060284298-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{7DCA59AE-295C-460F-F85E-4E8139C448F7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DCA59AE-295C-460F-F85E-4E8139C448F7}\ not found.

C:\Documents and Settings\LUIS\Configurações locais\Dados de aplicativos\Conduit\Community Alerts\LanguagePacks folder moved successfully.

C:\Documents and Settings\LUIS\Configurações locais\Dados de aplicativos\Conduit\Community Alerts\Feeds folder moved successfully.

C:\Documents and Settings\LUIS\Configurações locais\Dados de aplicativos\Conduit\Community Alerts folder moved successfully.

C:\Documents and Settings\LUIS\Configurações locais\Dados de aplicativos\Conduit folder moved successfully.

Folder C:\Documents and Settings\All Users\Dados de aplicativos\6F63A5D2000BCB89879698487B07D287\ not found.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

C:\Documents and Settings\All Users\Dados de aplicativos\avg9\update\prepare\temp folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\avg9\update\prepare folder moved successfully.

Folder move failed. C:\Documents and Settings\All Users\Dados de aplicativos\avg9\update scheduled to be moved on reboot.

Folder move failed. C:\Documents and Settings\All Users\Dados de aplicativos\avg9\Chjw\ea78b0dc78b0a8a9 scheduled to be moved on reboot.

Folder move failed. C:\Documents and Settings\All Users\Dados de aplicativos\avg9\Chjw scheduled to be moved on reboot.

Folder move failed. C:\Documents and Settings\All Users\Dados de aplicativos\avg9 scheduled to be moved on reboot.

========== FILES ==========

< ipconfig /flushdns /c >

Configuração de IP do Windows

Liberação do cache do DNS Resolver bem-sucedida.

C:\Documents and Settings\LUIS\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\LUIS\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrador

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

Unable to create HKLM\Software\OldTimer Tools\OTL key.

->Temporary Internet Files folder emptied: 67 bytes

 

User: home

 

User: LocalService

 

User: LUIS

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

->Temp folder emptied: 369350 bytes

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

->Temporary Internet Files folder emptied: 26347761 bytes

->Flash cache emptied: 626 bytes

 

User: NetworkService

 

%systemdrive% .tmp files removed: 0 bytes

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Unable to create HKLM\Software\OldTimer Tools\OTL key.

%systemroot% .tmp files removed: 2134162 bytes

Unable to create HKLM\Software\OldTimer Tools\OTL key.

%systemroot%\System32 .tmp files removed: 2969 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Unable to create HKLM\Software\OldTimer Tools\OTL key.

Windows Temp folder emptied: 2250 bytes

RecycleBin emptied: 139264 bytes

 

Total Files Cleaned = 28,00 mb

 

 

OTL by OldTimer - Version 3.2.61.3 log created on 09102012_205937

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:17:28, on 10/9/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\LUIS\Dados de aplicativos\VIVO INTERNET\ouc.exe

C:\Arquivos de programas\VIVO INTERNET\VIVO INTERNET.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0EzyyBzztB0F0Azz0AzytN0D0Tzu0CtBtDzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1258229672

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: IERetObj Class - {4F01A5CD-45EC-4395-BD4F-A9AA6556A19E} - C:\Arquivos de programas\HalogenWare\Retriever\plugins\IECapture\IERetriever.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Arquivos de programas\VIVO INTERNET\UpdateDog\ouc.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213471087570

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E325F22B-DE66-460A-9689-034B6AFD963F}: NameServer = 200.142.132.32 200.220.227.57

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

 

--

End of file - 5995 bytes

 

 

 

 

:seta: Delete o SystemLook e seu relatório

 

 

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Cole as linhas em azul no espaço abaixo de Exames Personalizados/Correções

 

 

 

:OTL

SRV - File not found [Disabled | Unknown] -- C:\WINDOWS\System32\SCardSvr.exe -- (SCardSvr)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\home\CONFIG~1\Temp\catchme.sys -- (catchme)

IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0EzyyBzztB0F0Azz0AzytN0D0Tzu0CtBtDzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1258229672

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0EzyyBzztB0F0Azz0AzytN0D0Tzu0CtBtDzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1258229672

IE - HKU\S-1-5-21-1078081533-1060284298-839522115-1004\..\SearchScopes,DefaultScope = {7DCA59AE-295C-460F-F85E-4E8139C448F7}

IE - HKU\S-1-5-21-1078081533-1060284298-839522115-1004\..\SearchScopes\{7DCA59AE-295C-460F-F85E-4E8139C448F7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SHCN_pt-BRBR408

[2012/09/09 21:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LUIS\Configurações locais\Dados de aplicativos\Conduit

[2012/09/09 16:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\6F63A5D2000BCB89879698487B07D287

[2010/12/13 10:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\avg9

 

:Files

ipconfig /flushdns /c

 

:Commands

[emptytemp]

 

 

*Clique [Consertar]

 

 

*Clique [OK] para reiniciar o PC

 

 

*Cole o relatório criado em C:\_OTL\MovedFiles\data_hora.txt

[wings 22]

:seta: Baixe o Farbar Service Scanner (...de Farbar) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Selecione todas as opções

 

*Clique [scan]

 

*Cole o relatório FSS.txt localizado no desktop

 

 

:seta: Baixe o TDSSKiller da Kaspersky e salve-o no desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Clique Change parameters

 

*Selecione Detect TDLFS file system e clique [OK]

 

 

*Clique [start scan]

 

*Caso encontre algo, selecione Skip

 

 

*Ao término, clique Report

 

 

 

:seta: Acesse este link

 

*Clique [selecionar arquivo...]

 

*Localize o relatório C:\TDSSKiller.txt e clique [Abrir]

 

*Clique [upload file]

 

*Cole o link gerado ao lado de Download link:

[Bond2006 0]

Segue abaixo o relatorio do FSS e do RKreport e tambem o novo log,quanto ao arquivo txt eu nao o encontrei no disco C e por isso nao fiz a ultima parte,mais vi aqui que o resultado do exame pelo TDSSKiller deu No threats found

 

 

Farbar Service Scanner Version: 06-08-2012

Ran by LUIS (ATTENTION: The logged in user is not administrator) on 11-09-2012 at 01:04:24

Running from "C:\Documents and Settings\LUIS\Desktop"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

 

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

 

afd Service is not running. Checking service configuration:

The start type of afd service is OK.

The ImagePath of afd service is OK.

 

NetBt Service is not running. Checking service configuration:

The start type of NetBt service is OK.

The ImagePath of NetBt service is OK.

 

Tcpip Service is not running. Checking service configuration:

The start type of Tcpip service is OK.

The ImagePath of Tcpip service is OK.

 

IpSec Service is not running. Checking service configuration:

The start type of IpSec service is OK.

The ImagePath of IpSec service is OK.

 

 

Connection Status:

==============

Localhost is accessible.

WAN connected

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is OK.

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

 

netman Service is not running. Checking service configuration:

The start type of netman service is OK.

The ImagePath of netman service is OK.

The ServiceDll of netman service is OK.

 

winmgmt Service is not running. Checking service configuration:

The start type of winmgmt service is OK.

The ImagePath of winmgmt service is OK.

The ServiceDll of winmgmt service is OK.

 

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

Srservice Service is not running. Checking service configuration:

The start type of Srservice service is OK.

The ImagePath of Srservice service is OK.

The ServiceDll of Srservice service is OK.

 

sr Service is not running. Checking service configuration:

The start type of sr service is OK.

The ImagePath of sr service is OK.

 

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

 

winmgmt Service is not running. Checking service configuration:

The start type of winmgmt service is OK.

The ImagePath of winmgmt service is OK.

The ServiceDll of winmgmt service is OK.

 

 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

 

BITS Service is not running. Checking service configuration:

The start type of BITS service is set to Demand. The default start type is Auto.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

 

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is OK.

The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".

The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".

 

cryptsvc Service is not running. Checking service configuration:

The start type of cryptsvc service is OK.

The ImagePath of cryptsvc service is OK.

The ServiceDll of cryptsvc service is OK.

 

 

Windows Autoupdate Disabled Policy:

============================

 

PlugPlay Service is not running. Checking service configuration:

The start type of PlugPlay service is OK.

The ImagePath of PlugPlay service is OK.

 

 

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0126976 ____A (Microsoft Corporation) E587EEB3DA2390AE30053EC7EF2AFD92

 

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll

[2004-08-04 00:45] - [2009-04-20 14:19] - 0045568 ____A (Microsoft Corporation) 2B3EC2EFEFD222EA15A06ED01E722060

 

C:\WINDOWS\system32\ipnathlp.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0331264 ____A (Microsoft Corporation) 0F70B1A8839BD83DB28210B6F11F9058

 

C:\WINDOWS\system32\netman.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0198144 ____A (Microsoft Corporation) B199C4F441DDAB10253ABC0AC4858BFF

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2007-06-07 17:26] - [2008-04-13 23:20] - 0145408 ____A (Microsoft Corporation) 4176F07A724AEC7E4722A2D539EDC0B7

 

C:\WINDOWS\system32\srsvc.dll

[2007-06-07 17:28] - [2008-04-13 23:20] - 0171520 ____A (Microsoft Corporation) 4423787F4261EE43B7341429AF0CBB77

 

C:\WINDOWS\system32\Drivers\sr.sys

[2007-06-07 17:28] - [2008-04-13 23:02] - 0073472 ____A (Microsoft Corporation) D6C5A1A97FE0C533E712652AD9DC00D4

 

C:\WINDOWS\system32\wscsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0080896 ____A (Microsoft Corporation) B57E408B8E0758AF6EA4BF37B3ADC91D

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2007-06-07 17:26] - [2008-04-13 23:20] - 0145408 ____A (Microsoft Corporation) 4176F07A724AEC7E4722A2D539EDC0B7

 

C:\WINDOWS\system32\wuauserv.dll

[2007-06-07 17:28] - [2008-04-13 23:20] - 0006656 ____A (Microsoft Corporation) EB4EA477B7B4959D41B153C6D3CD869B

 

C:\WINDOWS\system32\qmgr.dll

[2007-06-07 17:28] - [2008-04-13 23:20] - 0409088 ____N (Microsoft Corporation) F0F5EEF8C4B0444E6E4D8E09F7A8F0A8

 

C:\WINDOWS\system32\es.dll

[2004-08-04 00:45] - [2008-07-07 17:28] - 0253952 ____A (Microsoft Corporation) B024AB8B7692D47C8176BE92AB36D316

 

C:\WINDOWS\system32\cryptsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0062464 ____A (Microsoft Corporation) 554798AAD881736DFC4D08C572DECD7A

 

C:\WINDOWS\system32\svchost.exe

[2004-08-04 00:45] - [2008-04-13 23:21] - 0014336 ____A (Microsoft Corporation) ED2D69CD4B0EBE37EFE11D4DC4ABC68F

 

C:\WINDOWS\system32\rpcss.dll

[2004-08-04 00:45] - [2009-02-09 07:53] - 0401408 ____A (Microsoft Corporation) F3763E01E7536F7A6D0C6E392C603EC2

 

C:\WINDOWS\system32\services.exe

[2004-08-04 00:45] - [2009-02-09 08:25] - 0111104 ____N (Microsoft Corporation) C52DEB6D8CD4B096BF1A9EC001F36507

 

 

Extra List:

=======

Gpc(3) IPSec(5) irda(8) NetBT(6) PSched(7) Tcpip(4)

0x09000000050000000100000002000000030000000400000056000000060000000700000008000000

IpSec Tag value is correct.

 

**** End of log ****

 

 

 

 

 

 

RogueKiller V8.0.2 [08/31/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Iniciado em : Modo Normal

Usuario : LUIS [Privilegios restritos]

Modo : Verificar -- Data : 09/10/2012 19:51:03

 

¤¤¤ Entradas ruins : 5 ¤¤¤

[sUSP PATH] ouc.exe -- C:\Documents and Settings\LUIS\Dados de aplicativos\VIVO INTERNET\ouc.exe -> FINALIZADO [TermProc]

[sUSP PATH] OTL.exe -- C:\Documents and Settings\LUIS\Desktop\OTL.exe -> FINALIZADO [TermProc]

 

¤¤¤ Entradas do Registro : 1 ¤¤¤

[HOSTS] HKLM\[...]\Parameters : DataBasePath () -> ENCONTRADO

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver : [Não Carregado] ¤¤¤

 

¤¤¤ Infecção : ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

Concluido : << RKreport[1].txt >>

RKreport[1].txt

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:24:49, on 11/9/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\LUIS\Dados de aplicativos\VIVO INTERNET\ouc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\notepad.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\VIVO INTERNET\VIVO INTERNET.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\LUIS\Desktop\FSS.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\LUIS\Desktop\tdsskiller.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0EzyyBzztB0F0Azz0AzytN0D0Tzu0CtBtDzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1258229672

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: IERetObj Class - {4F01A5CD-45EC-4395-BD4F-A9AA6556A19E} - C:\Arquivos de programas\HalogenWare\Retriever\plugins\IECapture\IERetriever.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Arquivos de programas\VIVO INTERNET\UpdateDog\ouc.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213471087570

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E325F22B-DE66-460A-9689-034B6AFD963F}: NameServer = 200.142.132.32 200.220.227.57

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

 

--

End of file - 6221 bytes

 

 

:seta: Baixe o Farbar Service Scanner (...de Farbar) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Selecione todas as opções

 

*Clique [scan]

 

*Cole o relatório FSS.txt localizado no desktop

 

 

:seta: Baixe o TDSSKiller da Kaspersky e salve-o no desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Clique Change parameters

 

*Selecione Detect TDLFS file system e clique [OK]

 

 

*Clique [start scan]

 

*Caso encontre algo, selecione Skip

 

 

*Ao término, clique Report

 

 

 

:seta: Acesse este link

 

*Clique [selecionar arquivo...]

 

*Localize o relatório C:\TDSSKiller.txt e clique [Abrir]

 

*Clique [upload file]

 

*Cole o link gerado ao lado de Download link:

[wings 22]

:seta: Execute novamente o RogueKiller, aguarde o carregamento

 

*Clique [Verificar]

 

*Ao término, clique na aba Registro

 

*Clique [Deletar]

 

*Cole o relatório RKreport[2].txt localizado no desktop

 

 

:seta: Baixe este arquivo e salve-o no Desktop

 

*Execute-o e clique [sim]

 

*Ao término clique [sim] para reiniciar o PC

 

*Cole o relatório criado em CC Suport\Logs\SvcRepair.txt localizado no Desktop

 

 

:seta: Execute o Farbar Service Scanner (FSS) novamente, selecione todas as opções

 

*Clique [scan]

 

*Cole o relatório FSS.txt localizado no desktop

[Bond2006 0]

Bom dia amigo,fui tentar baixar novamente o RogueKiller e tive essa tela como resposta:

 

The file you requested (id 47d2edb4) does not exist. It might have been deleted due to inactivity (no downloads) or due to not complying with our terms.

 

Ha algum programa similar ?

[wings 22]

:seta: Delete o TDSSKiller e seu relatório

 

 

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Clique [Limpeza] > [OK]

 

*O PC será reiniciado

 

 

:seta: Baixe o RogueKiller aqui:

http://tigzy.geekstogo.com/Tools/RogueKiller.exe

[Bond2006 0]

Boa tarde amigo baixei o RogueKiller executei e foi gerado o relatorio que postarei logo abaixo,tambem baixei o ServicesRepair.exe e tentei executar pelo usuario atual mais apareceu uma janela escrita : Autolt Error e na parte de baixo Unable to open the script file.

Entao tentei executar como Administrador mais eu teria que digitar uma senha e como meu computador ja tem quase 9 anos,eu nao me lembro da senha,ha algum outro programa que substitui esse ?

 

 

 

RKreport[2].txt:

 

RogueKiller V8.0.2 [08/31/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Iniciado em : Modo Normal

Usuario : LUIS [Privilegios restritos]

Modo : Remover -- Data : 09/11/2012 17:20:06

 

¤¤¤ Entradas ruins : 1 ¤¤¤

[sUSP PATH] ouc.exe -- C:\Documents and Settings\LUIS\Dados de aplicativos\VIVO INTERNET\ouc.exe -> FINALIZADO [TermProc]

 

¤¤¤ Entradas do Registro : 1 ¤¤¤

[HOSTS] HKLM\[...]\Parameters : DataBasePath () -> NÃO REMOVIDO, USE A OPÇÃO REPARAR HOSTS

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver : [Não Carregado] ¤¤¤

 

¤¤¤ Infecção : ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

Concluido : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:57:24, on 11/9/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\LUIS\Dados de aplicativos\VIVO INTERNET\ouc.exe

C:\Arquivos de programas\VIVO INTERNET\VIVO INTERNET.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0EzyyBzztB0F0Azz0AzytN0D0Tzu0CtBtDzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1258229672

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: IERetObj Class - {4F01A5CD-45EC-4395-BD4F-A9AA6556A19E} - C:\Arquivos de programas\HalogenWare\Retriever\plugins\IECapture\IERetriever.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Arquivos de programas\VIVO INTERNET\UpdateDog\ouc.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213471087570

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E325F22B-DE66-460A-9689-034B6AFD963F}: NameServer = 200.220.227.56 200.142.130.202

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

 

--

End of file - 5996 bytes

 

 

 

 

 

:seta: Delete o TDSSKiller e seu relatório

 

 

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Clique [Limpeza] > [OK]

 

*O PC será reiniciado

 

 

:seta: Baixe o RogueKiller aqui:

http://tigzy.geekstogo.com/Tools/RogueKiller.exe

[wings 22]

Olá Bond2006

 

 

O RogueKiller já deu a direção correta:

 

[HOSTS] HKLM\[...]\Parameters : DataBasePath () -> NÃO REMOVIDO, USE A OPÇÃO REPARAR HOSTS

 

Portanto, faça um novo scan com ele e ao término clique [Consertar Hosts]

 

Não esqueça dos outros procedimentos que solicitei.

[Bond2006 0]

Ola ai estao os novos relatorios e tambem o novo log :

 

 

RKreport[3].txt :

RogueKiller V8.0.2 [08/31/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Iniciado em : Modo Normal

Usuario : LUIS [Privilegios restritos]

Modo : Verificar -- Data : 09/11/2012 18:15:22

 

¤¤¤ Entradas ruins : 1 ¤¤¤

[sUSP PATH] ouc.exe -- C:\Documents and Settings\LUIS\Dados de aplicativos\VIVO INTERNET\ouc.exe -> FINALIZADO [TermProc]

 

¤¤¤ Entradas do Registro : 1 ¤¤¤

[HOSTS] HKLM\[...]\Parameters : DataBasePath () -> ENCONTRADO

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver : [Não Carregado] ¤¤¤

 

¤¤¤ Infecção : ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

Concluido : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

 

 

 

 

 

 

RKreport[4].txt :

 

 

RogueKiller V8.0.2 [08/31/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Iniciado em : Modo Normal

Usuario : LUIS [Privilegios restritos]

Modo : HOSTSFix -- Data : 09/11/2012 18:15:28

 

¤¤¤ Entradas ruins : 1 ¤¤¤

[sUSP PATH] ouc.exe -- C:\Documents and Settings\LUIS\Dados de aplicativos\VIVO INTERNET\ouc.exe -> FINALIZADO [TermProc]

 

¤¤¤ Entradas do Registro : 1 ¤¤¤

[HOSTS] HKLM\[...]\Parameters : DataBasePath () -> ERROR [0x3f2]

 

¤¤¤ Driver : [Não Carregado] ¤¤¤

 

¤¤¤ Infecção : ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ HOSTS resetado: ¤¤¤

 

 

Concluido : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:18:49, on 11/9/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\VIVO INTERNET\VIVO INTERNET.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtC0B0Bzy0EzyyBzztB0F0Azz0AzytN0D0Tzu0CtBtDzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1258229672

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: IERetObj Class - {4F01A5CD-45EC-4395-BD4F-A9AA6556A19E} - C:\Arquivos de programas\HalogenWare\Retriever\plugins\IECapture\IERetriever.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Arquivos de programas\VIVO INTERNET\UpdateDog\ouc.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.4.11.9.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213471087570

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E325F22B-DE66-460A-9689-034B6AFD963F}: NameServer = 200.220.227.56 200.142.130.202

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

 

--

End of file - 5921 bytes

 

 

Olá Bond2006

 

 

O RogueKiller já deu a direção correta:

 

[HOSTS] HKLM\[...]\Parameters : DataBasePath () -> NÃO REMOVIDO, USE A OPÇÃO REPARAR HOSTS

 

Portanto, faça um novo scan com ele e ao término clique [Consertar Hosts]

 

Não esqueça dos outros procedimentos que solicitei.

[wings 22]

Faltou estes procedimentos

 

 

:seta: Baixe este arquivo e salve-o no Desktop

 

*Execute-o e clique [sim]

 

*Ao término clique [sim] para reiniciar o PC

 

*Cole o relatório criado em CC Suport\Logs\SvcRepair.txt localizado no Desktop

 

 

:seta: Execute o Farbar Service Scanner (FSS) novamente, selecione todas as opções

 

*Clique [scan]

 

*Cole o relatório FSS.txt localizado no desktop

[Bond2006 0]

Amigo baixei o ServicesRepair.exe e tentei executar pelo usuario atual mais apareceu uma janela escrita : Autolt Error e na parte de baixo Unable to open the script file.

Entao tentei executar como Administrador mais eu teria que digitar uma senha e como meu computador ja tem quase 9 anos,eu nao me lembro da senha,o que devo fazer?

Pulei esse passo e passei para o FSS ,cujo relatorio esta abaixo :

 

 

Farbar Service Scanner Version: 06-08-2012

Ran by LUIS (ATTENTION: The logged in user is not administrator) on 11-09-2012 at 18:36:34

Running from "C:\Documents and Settings\LUIS\Desktop"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

 

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

 

afd Service is not running. Checking service configuration:

The start type of afd service is OK.

The ImagePath of afd service is OK.

 

NetBt Service is not running. Checking service configuration:

The start type of NetBt service is OK.

The ImagePath of NetBt service is OK.

 

Tcpip Service is not running. Checking service configuration:

The start type of Tcpip service is OK.

The ImagePath of Tcpip service is OK.

 

IpSec Service is not running. Checking service configuration:

The start type of IpSec service is OK.

The ImagePath of IpSec service is OK.

 

 

Connection Status:

==============

Localhost is accessible.

WAN connected

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is OK.

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

 

netman Service is not running. Checking service configuration:

The start type of netman service is OK.

The ImagePath of netman service is OK.

The ServiceDll of netman service is OK.

 

winmgmt Service is not running. Checking service configuration:

The start type of winmgmt service is OK.

The ImagePath of winmgmt service is OK.

The ServiceDll of winmgmt service is OK.

 

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

Srservice Service is not running. Checking service configuration:

The start type of Srservice service is OK.

The ImagePath of Srservice service is OK.

The ServiceDll of Srservice service is OK.

 

sr Service is not running. Checking service configuration:

The start type of sr service is OK.

The ImagePath of sr service is OK.

 

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

 

winmgmt Service is not running. Checking service configuration:

The start type of winmgmt service is OK.

The ImagePath of winmgmt service is OK.

The ServiceDll of winmgmt service is OK.

 

 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

 

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

 

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is OK.

The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".

The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".

 

cryptsvc Service is not running. Checking service configuration:

The start type of cryptsvc service is OK.

The ImagePath of cryptsvc service is OK.

The ServiceDll of cryptsvc service is OK.

 

 

Windows Autoupdate Disabled Policy:

============================

 

PlugPlay Service is not running. Checking service configuration:

The start type of PlugPlay service is OK.

The ImagePath of PlugPlay service is OK.

 

 

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0126976 ____A (Microsoft Corporation) E587EEB3DA2390AE30053EC7EF2AFD92

 

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll

[2004-08-04 00:45] - [2009-04-20 14:19] - 0045568 ____A (Microsoft Corporation) 2B3EC2EFEFD222EA15A06ED01E722060

 

C:\WINDOWS\system32\ipnathlp.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0331264 ____A (Microsoft Corporation) 0F70B1A8839BD83DB28210B6F11F9058

 

C:\WINDOWS\system32\netman.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0198144 ____A (Microsoft Corporation) B199C4F441DDAB10253ABC0AC4858BFF

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2007-06-07 17:26] - [2008-04-13 23:20] - 0145408 ____A (Microsoft Corporation) 4176F07A724AEC7E4722A2D539EDC0B7

 

C:\WINDOWS\system32\srsvc.dll

[2007-06-07 17:28] - [2008-04-13 23:20] - 0171520 ____A (Microsoft Corporation) 4423787F4261EE43B7341429AF0CBB77

 

C:\WINDOWS\system32\Drivers\sr.sys

[2007-06-07 17:28] - [2008-04-13 23:02] - 0073472 ____A (Microsoft Corporation) D6C5A1A97FE0C533E712652AD9DC00D4

 

C:\WINDOWS\system32\wscsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0080896 ____A (Microsoft Corporation) B57E408B8E0758AF6EA4BF37B3ADC91D

 

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2007-06-07 17:26] - [2008-04-13 23:20] - 0145408 ____A (Microsoft Corporation) 4176F07A724AEC7E4722A2D539EDC0B7

 

C:\WINDOWS\system32\wuauserv.dll

[2007-06-07 17:28] - [2008-04-13 23:20] - 0006656 ____A (Microsoft Corporation) EB4EA477B7B4959D41B153C6D3CD869B

 

C:\WINDOWS\system32\qmgr.dll

[2007-06-07 17:28] - [2008-04-13 23:20] - 0409088 ____N (Microsoft Corporation) F0F5EEF8C4B0444E6E4D8E09F7A8F0A8

 

C:\WINDOWS\system32\es.dll

[2004-08-04 00:45] - [2008-07-07 17:28] - 0253952 ____A (Microsoft Corporation) B024AB8B7692D47C8176BE92AB36D316

 

C:\WINDOWS\system32\cryptsvc.dll

[2004-08-04 00:45] - [2008-04-13 23:20] - 0062464 ____A (Microsoft Corporation) 554798AAD881736DFC4D08C572DECD7A

 

C:\WINDOWS\system32\svchost.exe

[2004-08-04 00:45] - [2008-04-13 23:21] - 0014336 ____A (Microsoft Corporation) ED2D69CD4B0EBE37EFE11D4DC4ABC68F

 

C:\WINDOWS\system32\rpcss.dll

[2004-08-04 00:45] - [2009-02-09 07:53] - 0401408 ____A (Microsoft Corporation) F3763E01E7536F7A6D0C6E392C603EC2

 

C:\WINDOWS\system32\services.exe

[2004-08-04 00:45] - [2009-02-09 08:25] - 0111104 ____N (Microsoft Corporation) C52DEB6D8CD4B096BF1A9EC001F36507

 

 

Extra List:

=======

Gpc(3) IPSec(5) irda(8) NetBT(6) PSched(7) Tcpip(4)

0x09000000050000000100000002000000030000000400000056000000060000000700000008000000

IpSec Tag value is correct.

 

**** End of log ****

 

Faltou estes procedimentos

 

 

:seta: Baixe este arquivo e salve-o no Desktop

 

*Execute-o e clique [sim]

 

*Ao término clique [sim] para reiniciar o PC

 

*Cole o relatório criado em CC Suport\Logs\SvcRepair.txt localizado no Desktop

 

 

:seta: Execute o Farbar Service Scanner (FSS) novamente, selecione todas as opções

 

*Clique [scan]

 

*Cole o relatório FSS.txt localizado no desktop

[wings 22]

Acho que sua conta de usuário deva ser muito restrita.