Jump to content

Foto

Log para análise - internet travando

internet travando



Existem 10 respostas neste tópico

#1 juvenil    

juvenil
  • Participante
  • 120 mensagens

Publicado 04 February 2013 - 06:19 PM

Prezados, segue log para análise.

 

A internet está travando e o antivírus dispara mensagem de vírus toda hora.

 

Já fiz todos os procedimentos de limpeza.

 

Log:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:13:03, on 4/2/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Launch Manager\LManager.exe
C:\Arquivos de programas\Apoint2K\Apoint.exe
C:\WINDOWS\WebCam\S6000\S6000Mnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Apoint2K\ApMsgFwd.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Apoint2K\Apntex.exe
C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\cisvc.exe
C:\Arquivos de programas\Launch Manager\dsiwmis.exe
C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [S6000Mnt] Rundll32.exe S6000Rmv.dll ,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [LManager] C:\Arquivos de programas\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [Del1495156] cmd.exe /Q /D /c del "C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\0.del"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex
O4 - HKCU\..\RunOnce: [Del1495140] cmd.exe /Q /D /c del "C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\0.del"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Arquivos de programas\Launch Manager\dsiwmis.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7341 bytes




#2 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65126 mensagens

Publicado 04 February 2013 - 06:20 PM


Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
Se houver atualizações a serem feitas, serão baixadas e instaladas.
Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
Começará então o exame. Aguarde, pois pode demorar.
Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .
MillionMPV.gif

#3 juvenil    

juvenil
  • Participante
  • 120 mensagens

Publicado 04 February 2013 - 07:50 PM

Mr. Million,

 

Seguem os logs do MBAM e Hijackthis:

 

MBAM

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Versão da Base de Dados:  v2013.02.04.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrador :: CLIENTE [administrador]

Proteção: Não permitir

4/2/2013 20:20:06
mbam-log-2013-02-04 (20-20-06).txt

Tipo de Verificação:  Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  228457
Tempo decorrido: 15 minuto(s), 3 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 6
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 3
C:\Arquivos de programas\Funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\Funmoods\1.8.4.0 (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\Funmoods\1.8.4.0\bh (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 5
C:\Documents and Settings\Administrador\Configurações locais\temp\Aceleradorb_Setup.exe (Adware.Bundler) -> Enviado para a Quarentena e deletado com sucesso.
C:\Documents and Settings\Administrador\Dados de aplicativos\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\Funmoods\1.8.4.0\Sqlite3.dll (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\Funmoods\1.8.4.0\uninst.dat (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\Funmoods\1.8.4.0\uninstall.exe (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

 

 

 

================================

 

HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:43:39, on 4/2/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Arquivos de programas\Launch Manager\dsiwmis.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\WebCam\S6000\S6000Mnt.exe
C:\Arquivos de programas\Launch Manager\LManager.exe
C:\Arquivos de programas\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Apoint2K\ApMsgFwd.exe
C:\Arquivos de programas\Apoint2K\Apntex.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [S6000Mnt] Rundll32.exe S6000Rmv.dll ,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [LManager] C:\Arquivos de programas\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Arquivos de programas\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Arquivos de programas\Launch Manager\dsiwmis.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 7250 bytes

 

 



#4 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65126 mensagens

Publicado 04 February 2013 - 08:13 PM

Ok, continuando...

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)
Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.
Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.
Mais informações sobre o Console:
http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.

MillionMPV.gif

#5 juvenil    

juvenil
  • Participante
  • 120 mensagens

Publicado 04 February 2013 - 08:48 PM

Mr. Million, seguem novos logs.

 

COMBOFIX

 

ComboFix 13-02-03.03 - Administrador 04/02/2013  21:27:57.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.55.1046.18.2037.1472 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\DealPly
c:\arquivos de programas\DealPly\DealPly.crx
c:\arquivos de programas\DealPly\DealPlyUpdate.exe
c:\arquivos de programas\DealPly\DealPlyUpdateRun.exe
c:\arquivos de programas\DealPly\icon.ico
c:\arquivos de programas\DealPly\sqlite3.dll
c:\arquivos de programas\DealPly\uninst.exe
D:\AUTORUN.INF
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-01-04 to 2013-02-04  ))))))))))))))))))))))))))))
.
.
2013-02-04 23:21 . 2013-02-04 23:21 29904 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{A7EB9479-CB7B-47F7-8DDE-72ADDA5147F5}\MpKslc8b8d8ad.sys
2013-02-04 22:17 . 2012-12-14 18:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-04 22:14 . 2013-02-04 22:17 -------- d-----w- c:\arquivos de programas\Malwarebyte
2013-02-04 21:42 . 2013-01-07 22:57 6991832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{A7EB9479-CB7B-47F7-8DDE-72ADDA5147F5}\mpengine.dll
2013-02-04 21:42 . 2013-01-30 10:53 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-02-04 21:40 . 2013-02-04 21:40 -------- d-----w- c:\arquivos de programas\Microsoft Security Client
2013-02-04 21:35 . 2013-02-04 21:42 -------- d-----w- C:\Microsoft Essentials
2013-02-04 20:59 . 2013-02-04 20:59 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\0B1T1L2V1T1J1L
2013-02-04 20:59 . 2013-02-04 20:59 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Funmoods
2013-02-04 20:57 . 2013-02-04 20:57 -------- d-----w- c:\arquivos de programas\Ccleaner2
2013-01-16 19:43 . 2013-01-16 21:40 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Adobe
2013-01-10 00:38 . 2013-01-10 00:38 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Identities
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-04 21:11 . 2011-10-09 20:36 388608 ----a-w- C:\HijackThis.exe
2012-12-16 12:23 . 2008-04-14 11:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2008-04-14 11:00 1866496 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-20 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S6000Mnt"="S6000Rmv.dll " [X]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-06 18702336]
"AzMixerSel"="c:\arquivos de programas\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"LManager"="c:\arquivos de programas\Launch Manager\LManager.exe" [2009-10-07 1157640]
"Apoint"="c:\arquivos de programas\Apoint2K\Apoint.exe" [2009-10-15 233472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-28 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-28 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-28 141336]
"MSC"="c:\arquivos de programas\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
BTTray.lnk - c:\arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-26 607584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\DreaMule\\emule.exe"=
.
R1 MpKslc8b8d8ad;MpKslc8b8d8ad;c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{A7EB9479-CB7B-47F7-8DDE-72ADDA5147F5}\MpKslc8b8d8ad.sys [4/2/2013 21:21 29904]
R2 DsiWMIService;Dritek WMI Service;c:\arquivos de programas\Launch Manager\dsiwmis.exe [24/8/2009 00:30 107016]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/2/2013 20:17 398184]
R2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamservice.exe [4/2/2013 20:17 682344]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [17/9/2012 23:32 73216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/2/2013 20:17 21104]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [13/7/2010 19:10 153856]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/7/2010 19:05 1684736]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [10/12/2011 16:27 103296]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [17/9/2012 23:32 102784]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [17/9/2012 23:32 90368]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [13/7/2010 19:11 45056]
S3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [14/7/2010 17:39 51872]
S3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\drivers\ZTEusbdvbh.sys [14/7/2010 17:39 105216]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - MBAMSCHEDULER
*NewlyCreated* - MPKSLC8B8D8AD
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-04 20:52 1607120 ----a-w- c:\arquivos de programas\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-05-14 02:35]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-05-14 02:35]
.
2013-02-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\arquivos de programas\Microsoft Security Client\MpCmdRun.exe [2012-09-12 19:25]
.
2013-02-04 c:\windows\Tasks\MpIdleTask.job
- c:\arquivos de programas\Microsoft Security Client\MpCmdRun.exe [2012-09-12 19:25]
.
2013-02-04 c:\windows\Tasks\User_Feed_Synchronization-{322EE226-59C0-411B-A8AC-7A84B871D14D}.job
- c:\windows\system32\msfeedssync.exe [2009-02-20 07:31]
.
2013-02-04 c:\windows\Tasks\User_Feed_Synchronization-{E5ED27E7-13A2-4645-A8B0-0EB86A041911}.job
- c:\windows\system32\msfeedssync.exe [2009-02-20 07:31]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-04 21:34
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-492894223-527237240-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,93,96,65,19,85,cb,4f,a0,cf,2b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,93,96,65,19,85,cb,4f,a0,cf,2b,\
.
Tempo para conclusão: 2013-02-04  21:37:07
ComboFix-quarantined-files.txt  2013-02-04 23:37
ComboFix2.txt  2011-10-09 22:36
.
Pré-execução: 13 pasta(s) 137.698.926.592 bytes disponíveis
Pós execução: 14 pasta(s) 138.259.759.104 bytes disponíveis
.
- - End Of File - - FC0549A14B6A8E8B2A6026B4FEE33F80
 

 

 

==========================================

 

HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:42:59, on 4/2/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Launch Manager\LManager.exe
C:\Arquivos de programas\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\WebCam\S6000\S6000Mnt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Arquivos de programas\Apoint2K\ApMsgFwd.exe
C:\Arquivos de programas\Apoint2K\Apntex.exe
C:\Arquivos de programas\Launch Manager\dsiwmis.exe
C:\Arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [S6000Mnt] Rundll32.exe S6000Rmv.dll ,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [LManager] C:\Arquivos de programas\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Arquivos de programas\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Arquivos de programas\Launch Manager\dsiwmis.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 6920 bytes



#6 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65126 mensagens

Publicado 04 February 2013 - 08:53 PM

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:
Clique com o botão direito do mousesobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de
JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.
MillionMPV.gif

#7 juvenil    

juvenil
  • Participante
  • 120 mensagens

Publicado 04 February 2013 - 09:30 PM

Mr. Million,

 

seguem os três logs.

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Microsoft Windows XP x86
Ran by Administrador on seg 04/02/2013 at 22:09:48,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\Internet Explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\Internet Explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on seg 04/02/2013 at 22:25:31,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

==========================

 

ADWCLEANER

 

# AdwCleaner v2.110 - Logfile created 02/04/2013 at 22:04:10
# Updated 03/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrador - CLIENTE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Deleted on reboot : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
File Deleted : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
Folder Deleted : C:\Arquivos de programas\Claro
Folder Deleted : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Babylon
Folder Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon
Folder Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\Funmoods
Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Claro

***** [Registry] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\claro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

Deleted [l.9] : homepage = "hxxp://searchfunmoods.com/?f=1&a=ironpub12&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtAtC0Ey[...]
Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=ironpub12&cd=2XzuyEtN2Y1L[...]
Deleted [l.36] : search_url = "hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&cd=2XzuyE[...]
Deleted [l.1579] : homepage = "hxxp://searchfunmoods.com/?f=1&a=ironpub12&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtAtC0EyC0A[...]
Deleted [l.1936] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=ironpub12&cd=2XzuyEtN2Y1L1Qz[...]

*************************

AdwCleaner[S1].txt - [3011 octets] - [04/02/2013 22:04:10]

########## EOF - C:\AdwCleaner[S1].txt - [3071 octets] ##########

 

 

================================

 

HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:27:50, on 4/2/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Launch Manager\LManager.exe
C:\Arquivos de programas\Apoint2K\Apoint.exe
C:\WINDOWS\WebCam\S6000\S6000Mnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Apoint2K\ApMsgFwd.exe
C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Arquivos de programas\Apoint2K\Apntex.exe
C:\Arquivos de programas\Launch Manager\dsiwmis.exe
C:\Arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [S6000Mnt] Rundll32.exe S6000Rmv.dll ,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [LManager] C:\Arquivos de programas\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Arquivos de programas\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Arquivos de programas\Launch Manager\dsiwmis.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebyte\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 6970 bytes



#8 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65126 mensagens

Publicado 04 February 2013 - 09:36 PM

Ok, o PC está limpo (Y)
Finalizando.......
Clique em Iniciar > Executar > digite (ou copie e cole): ComboFix /Uninstall > dê Ok.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do Sistema limpo.

 

Clique com o botão direito do mouse em cima do MEU COMPUTADOR/ Propiedades/ Restauração do Sistema/ marque Desativar Restauração do Sistema/ Aplicar > OK.
Depois desmarque novamente. Aplicar > OK.


MillionMPV.gif

#9 juvenil    

juvenil
  • Participante
  • 120 mensagens

Publicado 04 February 2013 - 09:55 PM

Valeu Mr. Million,

 

Como sempre, muito dedicado e eficiente.

 

Baboo é baboo.

 

(Y)  (Y)  (Y)  (Y)  (Y)  :)



como removo o JRT e o adwcleaner?



#10 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65126 mensagens

Publicado 04 February 2013 - 10:00 PM

AdwCleaner é só clicar no Uninstal, veja a figura acima...

 

JRT, delete o executável no Desktop.


MillionMPV.gif