Javascript Disabled Detected

Você está atualmente com o javascript desabilitado. Diversas funções não funcionarão. Habilite o javascript para ter acesso à todas as funcionalidades.

Analise de Log Hijack

Criado por v0n, Jun 19 2012 12:24 AM

virus psp

Faça login para responder

29 respostas neste tópico

#1 v0n

Participante
34 mensagens

Publicado 19 June 2012 - 12:24 AM

Boa noite,
desde hoje à tarde que mal inicio o windows aparece uma imagem em todo o ecran que bloqueia o computador, com mensagem da psp para pagar uma multa.

Segui as instruçoes do topico oficial, mas tive de fazer em safe mode with networking, uma vez que não conseguia fazer nada em modo normal.

Segue o meu log do Hijack. Espero que me possam ajudar. Obrigado

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:52:14, on 19-06-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
R3 - URLSearchHook: uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files\uTorrentBar_PT\prxtbuTor.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: uTorrentBar_PT - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files\uTorrentBar_PT\prxtbuTor.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O3 - Toolbar: uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files\uTorrentBar_PT\prxtbuTor.dll
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rita Teles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-21-3910497778-2424154723-2536953432-500\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ctfmon.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Rita Teles\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

--
End of file - 8265 bytes

Ir para o topo

#2 Mr.Million

Consumer Security MVP

Especialista
59672 mensagens

Publicado 19 June 2012 - 09:54 AM

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
Se houver atualizações a serem feitas, serão baixadas e instaladas.
Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
Começará então o exame. Aguarde, pois pode demorar.
Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .

Ir para o topo

#3 v0n

Participante
34 mensagens

Publicado 19 June 2012 - 11:32 AM

seguem os dois logs

Malwarebytes Anti-Malware (Período de Avaliação) 1.61.0.1400
www.malwarebytes.org

Versão da base de dados: v2012.06.19.05

Windows XP Service Pack 3 x86 NTFS (Modo de Segurança com Rede)
Internet Explorer 8.0.6001.18702
Rita Teles :: YOUR-4786FD1C6B [administrador]

Protecção: Desactivada

19-06-2012 15:13:26
mbam-log-2012-06-19 (15-13-26).txt

Tipo de pesquisa: Rápida
Opções de pesquisa activadas: memória | Arranque | Registo | Sistema de Ficheiros | Heurísticos/Extra | Heurísticos/Shuriken | PPI | MPI
Opções de pesquisa desactivadas: P2P
Objectos verificados: 216953
Tempo decorrido: 6 minuto(s), 52 segundo(s)

Processos de memória Detectados: 0
(Nenhum item malicioso detectado)

Módulos de Memória Detectados: 0
(Nenhum item malicioso detectado)

Chaves do Registo Detectadas: 2
HKCU\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Movido para a quarentena e eliminado com sucesso.
HKCU\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Movido para a quarentena e eliminado com sucesso.

Valores do Registo Detectados: 0
(Nenhum item malicioso detectado)

Itens de dados do Registo Detectados: 0
(Nenhum item malicioso detectado)

Pastas Detectadas: 0
(Nenhum item malicioso detectado)

Ficheiros Detectados: 3
C:\Documents and Settings\Rita Teles\Local Settings\temp\wpbt0.dll (Spyware.Zbot.DG) -> Movido para a quarentena e eliminado com sucesso.
C:\Program Files\Mozilla Firefox\0.7325305711114302.exe (Exploit.Dropper) -> Movido para a quarentena e eliminado com sucesso.
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe (Adware.Clicker) -> Movido para a quarentena e eliminado com sucesso.

(fim)

_____________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:28:57, on 19-06-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
R3 - URLSearchHook: uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files\uTorrentBar_PT\prxtbuTor.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: uTorrentBar_PT - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files\uTorrentBar_PT\prxtbuTor.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O3 - Toolbar: uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files\uTorrentBar_PT\prxtbuTor.dll
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rita Teles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ctfmon.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Rita Teles\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

--
End of file - 8644 bytes

Ir para o topo

#4 Mr.Million

Consumer Security MVP

Especialista
59672 mensagens

Publicado 19 June 2012 - 11:37 AM

Baixe RogueKiller e salve no Desktop.

Dê um duplo-clique sobre o RogueKiller.exe.

* No Windows Vista e Windows 7:

Clique com o direito sobre o RogueKiller.exe e selecione Posted Image

Ao abrir a janela verá as opções de rodar a ferramenta. Digite 2 (Delete) no teclado e depois dê o Enter.

Posted Image

A Ferramenta irá fazer um exame no seu sistema e ao terminar, abrirá o log RKreport[2].txt, que é salvo no Desktop.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta.

Para sair do programa tecle 0 e dê Enter.

Ir para o topo

#5 v0n

Participante
34 mensagens

Publicado 19 June 2012 - 12:07 PM

segue o log do RogueKiller

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Rita Teles [Admin rights]
Mode: Scan -- Date: 06/19/2012 16:03:02

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[BLACKLIST DLL] HKLM\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript) -> FOUND
[Rans.Gendarm] ctfmon.lnk @Rita Teles : C:\WINDOWS\system32\rundll32.exe|C:\DOCUME~1\RITATE~1\LOCALS~1\Temp\wpbt0.dll -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1234GSX +++++
--- User ---
[MBR] ecaaaf089c15ac9ceaadbc213359bdfb
[BSP] f396006ec690a652b8ec7f48013cfb7f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114470 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Ir para o topo

#6 Mr.Million

Consumer Security MVP

Especialista
59672 mensagens

Publicado 19 June 2012 - 12:34 PM

Como está o PC ?

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)
Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.
Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.
Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE:Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.

Ir para o topo

#7 v0n

Participante
34 mensagens

Publicado 19 June 2012 - 01:35 PM

Ja não aparece a imagem que aparecia inicialmente e que bloqueava o computador, no entanto apareceu uma mensagem de erro:
RUNDLL
Erro ao carregar C:\DOCUME~1\RITATE~1\LOCALS~1\TEMP\wbpt0.dll

Vou correr agora o combofix

segue o o log do combofix e hijackthis

ComboFix 12-06-19.01 - Rita Teles 19-06-2012 17:11:39.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.1014.412 [GMT 1:00]
Executando de: c:\documents and settings\Rita Teles\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rita Teles\Application Data\PriceGong
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\7031.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Rita Teles\Local Settings\Application Data\assembly\tmp
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-05-19 to 2012-06-19 ))))))))))))))))))))))))))))
.
._____________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:30:45, on 19-06-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Documents and Settings\Rita Teles\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SupportAppPT\ztemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
R3 - URLSearchHook: uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files\uTorrentBar_PT\prxtbuTor.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: uTorrentBar_PT - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files\uTorrentBar_PT\prxtbuTor.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O3 - Toolbar: uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files\uTorrentBar_PT\prxtbuTor.dll
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ctfmon.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Rita Teles\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

--
End of file - 9306 bytes

A mensagem de erro anteriormente descrita voltou a aparecer quando reiniciei depois do de ter corrido o combofix

Ir para o topo

#8 Mr.Million

Consumer Security MVP

Especialista
59672 mensagens

Publicado 19 June 2012 - 01:42 PM

O Log do ComboFix está incompleto........

Ir para o topo

#9 v0n

Participante
34 mensagens

Publicado 19 June 2012 - 01:43 PM

ComboFix 12-06-19.01 - Rita Teles 19-06-2012 17:11:39.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.1014.412 [GMT 1:00]
Executando de: c:\documents and settings\Rita Teles\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rita Teles\Application Data\PriceGong
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\7031.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Rita Teles\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Rita Teles\Local Settings\Application Data\assembly\tmp
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-05-19 to 2012-06-19 ))))))))))))))))))))))))))))
.
.
2012-06-19 16:00 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D924C1D4-C247-45B6-874A-F602B72AEFD2}\mpengine.dll
2012-06-19 14:11 . 2012-06-19 14:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-19 14:11 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-18 15:45 . 2012-06-18 15:45 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-06-18 10:35 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-13 15:22 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-07 02:08 . 2012-06-07 02:08 -------- d-----w- c:\program files\Dropbox
2012-05-29 04:32 . 2012-06-10 18:20 -------- d-----w- c:\documents and settings\Rita Teles\Application Data\EndNote
2012-05-29 04:31 . 2012-05-29 04:31 -------- d-----w- c:\program files\Common Files\Risxtd
2012-05-29 04:30 . 2012-05-29 04:30 -------- d-----w- c:\program files\Common Files\ResearchSoft
2012-05-29 04:28 . 2012-05-29 04:32 -------- d-----w- c:\program files\EndNote X5
2012-05-29 04:27 . 2012-05-29 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Thomson.ResearchSoft.Installers
2012-05-29 04:25 . 2012-05-29 04:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 02:31 . 2011-05-20 14:46 388608 ----a-w- C:\HijackThis.exe
2012-05-31 13:22 . 2006-09-21 07:03 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-09-21 07:04 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2007-05-30 02:02 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2006-09-21 07:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-09-21 07:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-09-21 07:03 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2006-09-21 07:03 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2006-09-21 08:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-27 20:36 . 2012-04-27 20:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-30 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2011-07-30 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-06-18_16.11.03 )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
"{e0301295-ab3e-4af3-979f-3d453c5f9f48}"= "c:\program files\uTorrentBar_PT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentBar_PT\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
"{e0301295-ab3e-4af3-979f-3d453c5f9f48}"= "c:\program files\uTorrentBar_PT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]
"{E0301295-AB3E-4AF3-979F-3D453C5F9F48}"= "c:\program files\uTorrentBar_PT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 2.6"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2003-07-16 913408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-17 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 53248]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-09-24 286720]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-21 273544]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Rita Teles\Start Menu\Programs\Startup\
ctfmon.lnk - c:\windows\system32\rundll32.exe [2006-9-21 33280]
Dropbox.lnk - c:\documents and settings\Rita Teles\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rita Teles^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Rita Teles\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2006-03-18 15:22 89541 ----a-w- c:\windows\agrsmmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-03-24 05:40 196608 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
2006-04-12 15:31 638976 ----a-w- c:\program files\TOSHIBA\E-KEY\CeEKey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon]
2006-04-28 10:50 262144 ----a-w- c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 12:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2009-11-15 20:59 158752 ----a-w- c:\program files\Freecorder\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 2.6]
2003-07-16 09:29 913408 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-01 18:49 136176 ----atw- c:\documents and settings\Rita Teles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-03-09 04:30 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-02-07 15:36 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-02-07 15:40 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-02-07 15:39 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2005-11-28 10:41 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-05 11:37 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 03:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2011-12-16 11:04 1162296 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
2006-02-09 14:25 1077334 ----a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2011-12-16 11:04 1508408 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-17 22:34 16143872 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2005-05-13 09:57 118784 ----a-w- c:\program files\TOSHIBA\Utilitário de Zooming da TOSHIBA\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]
2006-01-03 15:11 28672 ----a-w- c:\windows\system32\TCtrlIOHook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2005-04-12 12:10 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
2006-04-04 13:57 53248 ----a-w- c:\program files\TOSHIBA\TouchPad\TPTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-08-12 12:11 266240 ----a-w- c:\windows\system32\TPSMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2006-02-02 12:11 73728 ----a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
2005-06-06 08:58 24576 ----a-w- c:\windows\system32\ZoomingHook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TODDSrv"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"ServiceLayer"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NBService"=3 (0x3)
"LBTServ"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"EvtEng"=2 (0x2)
"CFSvcs"=2 (0x2)
"AVP"=2 (0x2)
"ACDaemon"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Rita Teles\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Documents and Settings\\Rita Teles\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16570:TCP"= 16570:TCP:BitComet 16570 TCP
"16570:UDP"= 16570:UDP:BitComet 16570 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-08-2010 21:51 717296]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19-06-2012 15:11 654408]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [18-04-2006 15:12 98816]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19-06-2012 15:11 22344]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [30-05-2007 19:48 47360]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [02-10-2006 13:42 7040]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?]
S2 gupdate;Serviço Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26-11-2011 3:29 136176]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29-02-2012 8:50 158856]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 gupdatem;Serviço Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26-11-2011 3:29 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27-04-2012 21:36 129976]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27-02-2012 23:14 137600]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [05-09-2011 23:32 27064]
S3 SNPP106;PC CAMERA DATA SOURCE(6029)1.0(32-32);c:\windows\system32\drivers\snpp106.sys [11-08-2007 22:31 236544]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-26 02:29]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-26 02:29]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3910497778-2424154723-2536953432-1005Core.job
- c:\documents and settings\Rita Teles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 18:49]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3910497778-2424154723-2536953432-1005UA.job
- c:\documents and settings\Rita Teles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 18:49]
.
2012-06-19 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
2012-06-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3910497778-2424154723-2536953432-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2012-06-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3910497778-2424154723-2536953432-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\documents and settings\Rita Teles\Application Data\Mozilla\Firefox\Profiles\v6ml5fg8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sapo.pt/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-19 17:21
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\drivers\netbt.kav"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-3910497778-2424154723-2536953432-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Tempo para conclusão: 2012-06-19 17:25:29
ComboFix-quarantined-files.txt 2012-06-19 16:25
ComboFix2.txt 2012-06-18 16:14
.
Pré-execução: 27.250.098.176 bytes free
Pós execução: 27.241.725.952 bytes livres
.
- - End Of File - - 6BB561DEA6F6F9FDB735B3F1A3484A34

Ir para o topo

#10 v0n

Participante
34 mensagens

Publicado 19 June 2012 - 06:22 PM

o que necessito de fazer agora?

Ir para o topo

Voltar para Malwares

Tópicos Relacionados

Tópico	Fórum	Criado por	Estatísticas	Última atualização
Permissoes para novos usuários (máquina em um domínio de rede) Windows xp, segurança, permissoes	Windows XP	LFCSSP	0 respostas 7 visualizações	há 20 min. LFCSSP
como do ficheiro automático, como fazer? no excel excel, nome automatico	Microsoft Office	zzzzzz2013	0 respostas 5 visualizações	há 23 min. zzzzzz2013
problemas com o modem zte mf 190 zte, mf190, modem	Banda Larga	demondras	2 respostas 75 visualizações	Hoje, 03:14 AM demondras
Entrada Não Suportada entrada, nao, suportada, windows	Hardware e Tecnologia	capstgamerq	0 respostas 39 visualizações	Hoje, 02:01 AM capstgamerq
Lentidao e erro ao abrir alguns programas - Analise de Log lentidao	Malwares	juaumds	4 respostas 51 visualizações	Hoje, 01:36 AM juaumds

Tópicos com palavra-chave: virus, psp

Segurança e Redes → Malwares → Analise de Log! rodrigol criou em ontem, 09:15 AM analise, log, virus, malwere	8 respostas 94 visualizações	rodrigol ontem, 04:18 PM
Segurança e Redes → Malwares → Instalei um vírus em meu PC, como tirá-lo? antivírus não detecta Duanees criou em 21/May/2013 vírus, malware, retirar vírus 1 2	Quente 13 respostas 280 visualizações	Mr.Million 22/May/2013
Segurança e Redes → Malwares → Análise de log - Combofix mateuspos criou em 20/May/2013 virus, analise, combofix	5 respostas 62 visualizações	Mr.Million 20/May/2013
Segurança e Redes → Malwares → Win travando e desligando sozinho, virus? CJBRUNHARA criou em 11/May/2013 Virus, Malware, worm 1 2	Quente 10 respostas 202 visualizações	CJBRUNHARA 12/May/2013
Segurança e Redes → Malwares → "O Arquivo continha um vírus e foi excluído", como posso resolver isso? Guy Santos criou em 28/Apr/2013 Internet, vírus, download, System	1 reply 453 visualizações	Mr.Million 28/Apr/2013

Analise de Log Hijack

Tópicos Relacionados

Tópicos com palavra-chave: virus, psp

Fazer login