Jump to content

Ganhe $$$ escrevendo tutoriais para nós!

Foto

Análise de log

Criado por Gitana, May 11 2012 12:19 AM
log




  • Faça login para responder
30 respostas neste tópico

#1 Gitana

Gitana
  • Participante
  • 99 mensagens

Publicado 11 May 2012 - 12:19 AM

PC com comportamento estranho, firewal q desativa sozinho, parte da navegação não é permitida(em alguns casos a página não pode ser exibida). Firefox não funciona, e qdo parece q vai funcionar, não passa da página de busca do google. Durante a tarde o PC reiniciou sozinho algumas vezes, em outras vezes houve travamento do SO a ponto de ser necessário entrar através do modo seguro.

Já realizei os procedimentos padrões solicitados, segue log para analise:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:43:50, on 10/05/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\No-IP\DUC30.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.localstrike.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ant.com browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\download.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\anttoolbar.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Paulo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKUS\S-1-5-21-3603635649-3494780815-2515594144-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3603635649-3494780815-2515594144-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC30.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\download.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - Unknown owner - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (file missing)
O23 - Service: Ant Toolbar updater service (AntUpdaterService) - Ant.com - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 9315 bytes



#2 joram

joram
  • Participante
  • 2947 mensagens

Publicado 11 May 2012 - 08:24 AM

Bom Dia! Gitana

|- Baixe: < AdwCleaner > ( ... par Xplode )

|- Ao acessar,clique na imagem: < Posted Image >

|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".
|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

Posted Image

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

-/-/-/-

|- Baixe: < Posted Image >

|- < Link - 2 >

|- < Link - 3 >

|- Atualize o programa!
|- Escolha o escaneamento Completo!
|- Desabilite programas de proteção,ao executar o malwarebytes.
|- Para Windows Vista ou 7,clique direito no arquivo e execute-o como administrador.
|- Ps: Para determinadas infecções,a ferramenta pedirá reboot. <- Confirme!
|- Ao concluir,clique em "Remover itens".
|- Poste,o relatório: mbam-log-2012-xx-xx (00-00-00).txt

-/-/-/-

|- Baixe: | ZHPDiag | *ºº* < Posted Image > ( ... de Nicolas Coolman )

|- Estando na página,clique em: < Posted Image >

|- Salve-o no desktop!

Posted Image

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

Posted Image

|- Confirme todos os passos,ao instalar ZHPDiag.
|- Conclua a instalação,clicando em "Termine".

Posted Image

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

|- <1> MBRCheck
|- <2> ZHPDiag2
|- <3> ZHPFix

Posted Image

|- Abra a ferramenta e clique no ícone do pergaminho. ( ZHPScript )

Posted Image

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )
|- Habilite todas as opções de diagnóstico,clicando em "Options".

Posted Image

|- Clique em All.

|- Posted Image

|- Clique em "Calendar" e escolha 30 dias!

Posted Image

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )
|- Ao concluir,clique em "Save Report".
|- Ps: Salve-o em um local conveniente!
|- Anexe na sua resposta,ZHPDiag.txt.
|- Ps: Não poste,diretamente,esse arquivo texto.
|- Recomendo compactá-lo e anexar em sua resposta!

|- Ou envie-o à Pjjoint.malekal,clicando na seta azul! < Posted Image >

|- Ou acesse: < Posted Image > ( Tire-o do zip ao enviar! )

|- Para enviar,siga o caminho: Selecionar arquivo... -> Abrir -> Upload file
|- Poste o endereço que estará em "Download link" ou "Forum link".

|- Ou acesse: < Posted Image > ( Tire-o do zip ao enviar! )

|- Maiores informações: < |Link| >

Abraços!

#3 Gitana

Gitana
  • Participante
  • 99 mensagens

Publicado 11 May 2012 - 02:32 PM

Olá, Joram!

Obrigado pelo atendimento. Vamos aos fatos...rs
Sou meio afobada e tem coisas q saio fazendo por minha conta e risco(ok, não é bem assim, são procedimentos seguros q já fiz em outras ocasiões), então ontem ainda eu atualizei o mbam e fiz o scaneamento rápido, onde nada foi encontrado. Após, rodei o combofix(q fez algumas exclusões) e em seguida fiz um novo log do hijackthis. Vou postá-los abaixo.
Hj vou realizar os procedimentos solicitados por você.
---------------------------------------------------------------------

ComboFix 12-05-11.02 - Paulo 11/05/2012 1:52.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3583.2473 [GMT -3:00]
Executando de: d:\downloads\ComboFix.exe
AV: avast! antivírus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! antivírus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\program files\lol
c:\program files\lol\LeagueOfLegends\0x0409.ini
c:\program files\lol\LeagueOfLegends\data1.cab
c:\program files\lol\LeagueOfLegends\data1.hdr
c:\program files\lol\LeagueOfLegends\data2.cab
c:\program files\lol\LeagueOfLegends\ISSetup.dll
c:\program files\lol\LeagueOfLegends\layout.bin
c:\program files\lol\LeagueOfLegends\setup.exe
c:\program files\lol\LeagueOfLegends\setup.ini
c:\program files\lol\LeagueOfLegends\setup.inx
c:\program files\lol\LeagueOfLegends\setup.isn
c:\users\Paulo\AppData\Local\temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\Paulo\AppData\Roaming\app
c:\users\Paulo\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Paulo\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-04-11 to 2012-05-11 ))))))))))))))))))))))))))))
.
.
2012-05-11 05:03 . 2012-05-11 05:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-11 05:03 . 2012-05-11 05:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-11 02:54 . 2012-05-11 02:54 -------- d-----w- c:\users\Paulo\AppData\Local\ElevatedDiagnostics
2012-05-05 03:11 . 2012-05-05 03:29 -------- d-----w- c:\users\Paulo\AppData\Local\Skyrim
2012-05-05 00:24 . 2012-05-10 00:08 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2012-05-05 00:24 . 2012-05-11 04:50 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10AD6F45-6E9A-4AF7-B6EE-31E191C5C989}\offreg.dll
2012-05-03 15:21 . 2012-05-03 15:21 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 15:21 . 2012-05-03 15:21 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 15:21 . 2012-05-03 15:21 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-01 06:07 . 2012-04-18 06:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10AD6F45-6E9A-4AF7-B6EE-31E191C5C989}\mpengine.dll
2012-04-22 21:37 . 2012-04-29 16:51 -------- d-----w- c:\users\Paulo\AppData\Roaming\.spoutcraft
2012-04-21 21:15 . 2012-04-21 21:15 -------- d-----w- c:\users\Paulo\AppData\Roaming\NVIDIA
2012-04-21 18:34 . 2012-04-28 03:30 -------- d-----w- c:\users\UpdatusUser
2012-04-21 18:32 . 2012-02-29 20:58 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-04-19 07:31 . 2012-04-19 07:31 -------- d-----w- c:\users\Paulo\AppData\Local\Babylon
2012-04-19 07:31 . 2012-04-19 07:31 -------- d-----w- c:\users\Paulo\AppData\Roaming\Babylon
2012-04-19 07:31 . 2012-04-19 07:31 -------- d-----w- c:\programdata\Babylon
2012-04-19 07:31 . 2012-05-08 07:31 -------- d-----w- c:\program files\DealPly
2012-04-18 04:57 . 2012-04-18 04:57 -------- d-----w- c:\program files\MarkAny
2012-04-16 00:22 . 2012-04-16 00:24 -------- d-----w- c:\program files\EVGA Precision
2012-04-16 00:19 . 2008-05-30 17:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2012-04-16 00:01 . 2010-06-21 22:07 232040 ----a-w- c:\windows\system32\nvcohda.dll
2012-04-16 00:01 . 2012-04-21 18:33 -------- d-----w- C:\NVIDIA
2012-04-16 00:01 . 2012-05-11 05:04 -------- d-----w- c:\programdata\NVIDIA
2012-04-15 23:58 . 2012-04-15 23:58 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-15 23:58 . 2012-04-21 18:34 -------- d-----w- c:\program files\NVIDIA Corporation
2012-04-14 19:20 . 2012-05-10 04:01 -------- d-----w- c:\users\Paulo\AppData\Roaming\Mipony
2012-04-14 19:19 . 2012-04-14 19:19 -------- d-----w- c:\program files\MiPony
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 18:56 . 2010-10-08 04:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 16:36 . 2012-03-24 16:36 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-10 19:39 . 2010-10-02 12:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-07 00:15 . 2010-09-29 18:21 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2010-09-29 18:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-06-06 23:49 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2010-09-29 18:15 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-04-05 17:11 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2010-09-29 18:15 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2010-09-29 18:15 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2010-09-29 18:15 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-29 23:59 . 2010-08-09 05:03 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59 . 2010-08-09 05:03 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2010-08-09 05:03 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 20:56 . 2010-08-09 02:08 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2010-08-09 02:08 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2010-08-09 02:08 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2010-08-09 02:08 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2010-08-09 02:08 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:53 . 2010-08-09 02:08 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 16:26 . 2012-02-29 16:26 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-23 17:24 . 2012-03-24 16:34 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-23 13:18 . 2010-09-29 18:20 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 02:15 . 2011-05-15 14:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 03:24 . 2012-02-16 03:24 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-02-16 03:24 . 2012-02-16 03:24 181432 ----a-w- c:\windows\system32\drivers\ssudobex.sys
2012-02-16 03:24 . 2012-02-16 03:24 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-05-03 15:21 . 2011-11-09 08:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-09-20 3077528]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
No-IP DUC.lnk - c:\program files\No-IP\DUC30.exe [2010-6-18 1423520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Paulo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hpqtra08.exe]
path=c:\users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
backup=c:\windows\pss\hpqtra08.exe.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Paulo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Paulo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk]
path=c:\users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk
backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 12:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 22:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clip2Net]
2009-10-08 03:44 1635328 ----a-w- c:\program files\Clip2Net\clip2net.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 13:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 05:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 20:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2012-04-04 05:05 954256 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 17:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 18:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 18:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
2011-05-26 14:29 800768 ----a-w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 21:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 11:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 17:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 17:27 762736 ----a-w- c:\windows\vVX1000.exe
.
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-17 135664]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-16 80824]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-17 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-16 181432]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [2012-02-16 181432]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2011-07-20 181432]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-24 1343400]
R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
R3 XDva392;XDva392;c:\windows\system32\XDva392.sys [x]
R3 XDva393;XDva393;c:\windows\system32\XDva393.sys [x]
R3 XDva394;XDva394;c:\windows\system32\XDva394.sys [x]
R3 XDva397;XDva397;c:\windows\system32\XDva397.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-02 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AntUpdaterService;Ant Toolbar updater service;c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [2011-06-29 520216]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-01-17 148800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-17 06:46]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-17 06:46]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3603635649-3494780815-2515594144-1000Core.job
- c:\users\Paulo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 11:04]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3603635649-3494780815-2515594144-1000UA.job
- c:\users\Paulo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 11:04]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Baixar com Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\Ant.com\IE add-on\download.dll
FF - ProfilePath - c:\users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\gnf7232s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=b8e01d2c0000000000000013a3f58202&tlver=1.4.19.19&instlRef=sst&affID=17159&q=
user_pref('extensions.dealply.partner', 'vn');
user_pref('extensions.dealply.channel', 'pcdealply');
user_pref('extensions.dealply.installId', 'v23600217784863845739772012041905311626');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '6');
.
- - - - ORFÃOS REMOVIDOS - - - -
.
WebBrowser-{742E70CF-7770-412D-86CB-230B322E807C} - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (a) (Users)
@Denied: (a) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (a) (Users)
@Denied: (a) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (a) (Users)
@Denied: (a) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (a) (Users)
@Denied: (a) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (a) (Users)
@Denied: (a) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (a) (Users)
@Denied: (a) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-05-11 02:11:12 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-05-11 05:11
.
Pré-execução: 15.172.272.128 bytes disponíveis
Pós execução: 14.939.795.456 bytes disponíveis
.
- - End Of File - - E8D3A3CDC31C0473E64C075577CC9FD1

=====================================================




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:59:12, on 11/05/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\No-IP\DUC30.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ant.com browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\download.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\anttoolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKUS\S-1-5-21-3603635649-3494780815-2515594144-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3603635649-3494780815-2515594144-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC30.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\download.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - Unknown owner - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (file missing)
O23 - Service: Ant Toolbar updater service (AntUpdaterService) - Ant.com - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 8774 bytes


-------------------------------------------------

Em tempo, editando para postar o log do AdwCleaner.


# AdwCleaner v1.606 - Logfile created 05/11/2012 at 14:45:52
# Updated 10/05/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Paulo - PAULO-PC
# Running from : C:\Users\Paulo\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Paulo\AppData\Local\Babylon
Folder Deleted : C:\Users\Paulo\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Paulo\AppData\Roaming\Babylon
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\DealPly
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DealPly
Key Deleted : HKLM\SOFTWARE\Canneverbe Limited\OpenCandy
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (pt-BR)

Profile name : default
File : C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\gnf7232s.default\prefs.js

C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\gnf7232s.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 5);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "BR");
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "55DFDF7765DDA4552453189360FD8FC2");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "5");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 5);
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=b8e01d2c0000000000000013a3f[...]

-\\ Google Chrome v18.0.1025.168

File : C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3531 octets] - [11/05/2012 14:45:52]

########## EOF - C:\AdwCleaner[S1].txt - [3659 octets] ##########

Editado por Gitana, 11 May 2012 - 02:52 PM.
''

#4 joram

joram
  • Participante
  • 2947 mensagens

Publicado 11 May 2012 - 04:24 PM

Boa Tarde! Gitana

|- Desabilite seu antivírus!
|- Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

|- < Posted Image >

|- Clique em Executar --> Aguarde!
|- Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.
|- Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!
|- Ou,vá em Iniciar --> Executar --> Digite ou cole ( Paste ):

|- Posted Image

"%userprofile%\desktop\combofix" /uninstall

|- Clique OK.
|- Aguarde a desinstalação,e clique OK na mensagem.
|- Ps: Outra opção,seria renomear o Combofix.exe para uninstall.exe e executá-lo.

-/-/-/-

|- <1> Poste,segundo instruções,o relatório do MBAM.

|- <2> Poste,segundo instruções,o relatório de ZHPDiag. ( Upe-o ou anexe-o! )

Abraços!

#5 Gitana

Gitana
  • Participante
  • 99 mensagens

Publicado 11 May 2012 - 04:35 PM

Boa tarde, Joram!

Sobre o combofix, antes de rodar o AdwCleaner, eu já havia removido.

Segue relatório do mbm:



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Versão da Base de Dados: v2012.05.11.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Paulo :: PAULO-PC [administrador]

11/05/2012 14:56:30
mbam-log-2012-05-11 (14-56-30).txt

Tipo de Verificação: Verificação Completa
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 495496
Tempo decorrido: 1 hora(s), 21 minuto(s), 8 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 5
D:\Downloads\SoftonicDownloader_para_chords-and-songs.exe (PUP.OfferBundler.ST) -> Nenhuma ação foi feita.
D:\Downloads\SoftonicDownloader_para_directx.exe (PUP.ToolbarDownloader) -> Nenhuma ação foi feita.
D:\Downloads\SoftonicDownloader_para_opera-mini.exe (PUP.ToolbarDownloader) -> Nenhuma ação foi feita.
D:\Downloads\pcmegarapido.exe (Trojan.RepackSMS) -> Enviado para a Quarentena e deletado com sucesso.
D:\Gabriel\Jogos Instalados\Left 4 Dead 2\left4dead2\addons\Name_Enabler.dll (Malware.UPX.Mod) -> Enviado para a Quarentena e deletado com sucesso.

(fim)


Editando para incluir um "Ps."...

Não sei se é indicativo de algum malware, mas tem uns 4 dias q tem aparecido essa "janelinha" toda vez q o PC é iniciado/reiniciado e é preciso clicar em "alternar para..." umas 3 ou 4x até q ela desapareça. Enquanto ela fica "reaparecendo", ocorre travamento no PC...

Posted Image


Acrescentando o relatório do ZHPDiag.


*não sei por qual razão não consigo upar/anexar o arquivo. Resulta nessa msg: "Erro Você não tem permissão para fazer upload deste tipo de arquivo ".

-----------------

Edit²:

Assim, agora está correto?

http://mydoc.tk/3/6188ZHPDiag.txt

Editado por Gitana, 11 May 2012 - 05:31 PM.
''

#6 joram

joram
  • Participante
  • 2947 mensagens

Publicado 11 May 2012 - 06:06 PM

Boa Noite! Gitana

Não sei se é indicativo de algum malware, mas tem uns 4 dias q tem aparecido essa "janelinha" toda vez q o PC é iniciado/reiniciado e é preciso clicar em "alternar para..." umas 3 ou 4x até q ela desapareça. Enquanto ela fica "reaparecendo", ocorre travamento no PC...

|- Podemos ter problemas na inicialização,onde um forte suspeito é o arquivo DUC30.exe.
|- Desinstale o No-IP e veja se resolve!

-/-/-/-

*não sei por qual razão não consigo upar/anexar o arquivo. Resulta nessa msg: "Erro Você não tem permissão para fazer upload deste tipo de arquivo ".

|- Neste caso,você teria que compactar o relatório ao anexá-lo.

-/-/-/-

Assim, agora está correto?

|- (Y) (Y)

-/-/-/-

|- Baixe: < RogueKiller > ( ... par tigzy )

|- Salve-o no desktop! Posted Image
|- Feche aplicativos que estejam abertos!

Posted Image

|- Ps: Para Windows Vista ou 7,execute RogueKiller.exe como administrador.
|- Aguarde a finalização de seu Prescan.
|- Para antigas versões,clique em "Sim" para o update.

Posted Image

|- Dê início ao diagnóstico,clicando no botão "Verificar".
|- Exemplo: Mode: Verificar -- Date: mm/dd/2012 00:52:24
|- Poste o relatório: RKreport[1].txt

-/-/-/-

|- Feche programas/pastas que estejam abertas.
|- Para Windows Vista,desabilite a UAC.

Posted Image

|- Dê um duplo clique em ZHPFix.

|- Clique no menu,H < Posted Image >

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key
[MD5.00000000000000000000000000000000] [APT] [DealPlyUpdate] (...) -- C:\Program Files\DealPly\DealPlyUpdate.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeLogonTaskS-1-5-21-3603635649-3494780815-2515594144-1000] (...) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeScheduledTaskS-1-5-21-3603635649-3494780815-2515594144-1000] (...) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{061CDCF1-1914-4BD3-A786-2C5E204D55F1}] (...) -- J:\Counter-Strike\ZBot - CS Online.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{0FA3231A-9697-4966-9BDE-B944D1F6FFD3}] (...) -- C:\Program Files\Lionhead Studios\Black & White\Setup.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{41309D1B-255E-4AC5-A019-FAB9DA3F83F4}] (...) -- K:\Counter-Strike\ZBot - CS Online.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{4649996D-DE54-4F22-8575-20DB561515AB}] (...) -- C:\Users\Paulo\Desktop\Gabriel\Ot's\Offline's\Shadow Server 8.60\Shadow Server 8.60.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{689D041B-38A3-425D-BA65-1987F162801D}] (...) -- K:\Counter-Strike\CS Bot - CS Online.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{9C650E87-3D07-4468-8261-3648020B44E9}] (...) -- C:\Program Files\Lionhead Studios Ltd\Black & White\Setup.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{9D9D212C-D387-4567-85BB-C294A70276B4}] (...) -- J:\Counter-Strike\CS Bot - CS Online.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{AE53D54B-1ADD-4757-A21E-17A6BE7C2A16}] (...) -- C:\Users\Paulo\Desktop\Gabriel\Ot's\Offline's\Psy Yorots v8 .1\Psy Yorots.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{DA9CFECB-138E-478A-90AA-01B0AF44091B}] (...) -- C:\Users\Paulo\Desktop\Gabriel\Ot's\Shadow Server 8.60\Shadow Server 8.60.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{F0EF5847-6B28-4291-AD78-3E970406DC96}] (...) -- C:\Users\Paulo\Desktop\Gabriel\Downloads\_Setti_\Counter.Strike.Source.2010.Orange.Box.NoSteam.[Setti]\Counter.Strike.Source.2010.Orange.Box.NoSteam.[Setti].exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{FFA9EA5F-21BD-4839-969B-8E6A2911B041}] (...) -- D:\Downloads\dontlinkthefile_3danalyzer-v236.exe (.not file.)
O69 - SBI: SearchScopes [HKCU] {B5FD7976-D4BB-4B5A-921B-F49D39005E97} - (Ant.com) - http://www.ant.com

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\Software\Classes\AppID\NCTAudioCDGrabber2.DLL]
[HKLM\Software\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}]
[HKLM\Software\Swearware]

proxyfix
emptytemp
emptyflash
firewallraz
sysrestore

|- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix.
|- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote.
|- Clique em GO -> Oui.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

Abraços!

#7 Gitana

Gitana
  • Participante
  • 99 mensagens

Publicado 11 May 2012 - 06:39 PM

Boa noite, Joram!

Segue relatório do RogueKiller, onde não executei nenhuma ação "deletar entradas".


RogueKiller V7.4.4 [05/08/2012] Por Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Sistema Operacional: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario: Paulo [Privilegios de Admnistrador]
Modo: Verificar -- Data: 05/11/2012 18:29:15

¤¤¤ Entradas ruins: 0 ¤¤¤

¤¤¤ Entradas do Registro: 4 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver: [Carregado] ¤¤¤

¤¤¤ Infecção : ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
127.0.0.1 localhost


¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJS-22VWA0 ATA Device +++++
--- User ---
[MBR] b3b27a3ad469e03d698193d314b34e61
[BSP] ae7cdb8ee187039ce6fc76d9d756503f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 138473 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Concluido : << RKreport[1].txt >>
RKreport[1].txt

#8 joram

joram
  • Participante
  • 2947 mensagens

Publicado 11 May 2012 - 06:56 PM

Boa Noite! Gitana

Segue relatório do RogueKiller, onde não executei nenhuma ação "deletar entradas".

|- Pode executar,ao escolher a guia Registro.
|- Poste o relatório!

-/-/-

|- Ps: Não esqueça de postar o relatório "ZHPFix[R1].txt".

Abraços!

#9 Gitana

Gitana
  • Participante
  • 99 mensagens

Publicado 11 May 2012 - 07:59 PM

Continuando...

Seguem os relatórios solicitados:

Rapport de ZHPFix 1.2.05 par Nicolas Coolman, Update du 30/04/2012
Fichier d'export Registre :
Run by Paulo at 11/05/2012 19:36:17
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Web site : http://www.premiumor...ess/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/

========== Registry Key ==========
DELETED Key*: CLSID BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}
DELETED Key*: SearchScopes :{B5FD7976-D4BB-4B5A-921B-F49D39005E97}
DELETED Key*: HKLM\Software\Classes\AppID\NCTAudioCDGrabber2.DLL
DELETED Key*: HKLM\Software\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
DELETED Key*: HKLM\Software\Swearware

========== Registry Value ==========
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :

========== Registry Data Items ==========
REPLACED Value EnableLUA : Good (1) - Bad (0)

========== Repertory ==========
DELETED Window Temporary:
DELETED Flash Cookies:

========== File ==========
NOT FOUND Folder/File: c:\users\paulo\desktop\gabriel\downloads\_setti_\counter.strike.source.2010.orange.box.nosteam.2010.orange.box.nosteam.
DELETED Window Temporary:
DELETED Flash Cookies:

========== Task ==========
DELETED Task: DealPlyUpdate
DELETED Task: RealUpgradeLogonTaskS-1-5-21-3603635649-3494780815-2515594144-1000
DELETED Task: RealUpgradeScheduledTaskS-1-5-21-3603635649-3494780815-2515594144-1000
DELETED Task: {061CDCF1-1914-4BD3-A786-2C5E204D55F1}
DELETED Task: {0FA3231A-9697-4966-9BDE-B944D1F6FFD3}
DELETED Task: {41309D1B-255E-4AC5-A019-FAB9DA3F83F4}
DELETED Task: {4649996D-DE54-4F22-8575-20DB561515AB}
DELETED Task: {689D041B-38A3-425D-BA65-1987F162801D}
DELETED Task: {9C650E87-3D07-4468-8261-3648020B44E9}
DELETED Task: {9D9D212C-D387-4567-85BB-C294A70276B4}
DELETED Task: {AE53D54B-1ADD-4757-A21E-17A6BE7C2A16}
DELETED Task: {DA9CFECB-138E-478A-90AA-01B0AF44091B}
DELETED Task: {F0EF5847-6B28-4291-AD78-3E970406DC96}
DELETED Task: {FFA9EA5F-21BD-4839-969B-8E6A2911B041}

========== Restoration ==========
Restore System Point created succefully


========== Summary ==========
5 : Registry Key
8 : Registry Value
1 : Registry Data Items
2 : Repertory
3 : File
14 : Task
1 : Restoration


End of clean in 00mn 23s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 11/05/2012 19:36:17 [2528]



_______________________________________________________


RogueKiller V7.4.4 [05/08/2012] Por Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Sistema Operacional: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario: Paulo [Privilegios de Admnistrador]
Modo: Remover -- Data: 05/11/2012 19:54:30

¤¤¤ Entradas ruins: 0 ¤¤¤

¤¤¤ Entradas do Registro: 3 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver: [Carregado] ¤¤¤

¤¤¤ Infecção : ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
127.0.0.1 localhost


¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJS-22VWA0 ATA Device +++++
--- User ---
[MBR] b3b27a3ad469e03d698193d314b34e61
[BSP] ae7cdb8ee187039ce6fc76d9d756503f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 138473 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Concluido : << RKreport[1].txt >>
RKreport[1].txt

#10 joram

joram
  • Participante
  • 2947 mensagens

Publicado 11 May 2012 - 09:26 PM

Boa Noite! Gitana

|- Como está o computador? Houve redução dos problemas que o acometia?

-/-/-/-

|- Dê um duplo clique em "ZHPFix".

Posted Image

|- Clique na guia,A.
|- Marque a(s) caixinhas que foram detectadas,e clique em "Fix". < Posted Image >

-/-/-/-

|- Baixe: |DelFix| ( ... de Xplode )

Posted Image

|- Estando na página,clique em "Télécharger",para o download.
|- Salve-a em um local conveniente!
|- Feche aplicativos que estejam abertos.

Posted Image

|- Clique em "Suppression".
|- Poste o relatório! ( C:\DelFixSuppr.txt )
|- À seguir,para remover DelFix do seu computador,clique em "Désinstallation".

-/-/-/-

|- Baixe: < Posted Image > ( ... by OldTimer Tools )

|- Clique em Salvar! < Posted Image >

|- Salve-o no desktop! < Posted Image >

|- Duplo clique em OTL.exe --> Executar: Posted Image

|- Execute o OTL,em seu rápido escaneamento. ( Verificação rápida )
|- Ps: Para Windows 7,clique direito e execute-o como "Administrador".
|- Copie e poste o relatório. ( C:\_OTM\MovedFiles\xxxx2012_xxxxxx.log )
|- Pode dispensar o relatório "Extras".

Abraços!
Voltar para Malwares




Tópicos Relacionados Collapse

  Tópico Fórum Criado por Estatísticas Última atualização

Tópicos com palavra-chave: log

  1. Forum do BABOO
  2. Segurança e Redes
  3. Malwares
  4. Política de Privacidade
  5. Termos, Condições Gerais e Regras ·




Ganhe $$$ escrevendo tutoriais para nós!