Ir para conteúdo
Entre para seguir isso  
dhms21

sou redirecionado quando tento entrar no terra uol etc

Mensagem Recomendada

sempre que tento entrar no site www.terra.com.br sou redirecionado para outro site que não tem nada haver. ja passei antivírus e usei o programa Malwarebytes' Anti-Malware e nada deu certo ainda. o que posso fazer se puderem passar o passo a passo agradeco. o site q sou redirecionado é www.goodleads.g. mais um monte de coisas que na da pra entender.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ola pesquisando encontrei essa resposta abaixo.

tentei entrar usando meu celular como modem, e deu certo nao sou redirecionado para site nenhum. sera que o problema esta no modem mesmo?

Não é vírus...

Você terá que resetar seu modem (roteador) para as configurações de fábrica e reconfigurá-lo para o modo que ele trabalha aí, ativando o Firewall dele.

Se não souber fazer isso, recomendo procurar na internet manuais de como fazer tal coisa. Se achar difícil, procure um técnico para fazê-lo.

Fonte(s):

http://twitter.com/Eric_hc

segue meu log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:54:24, on 20/8/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Video Web Camera\traybar.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\WebCam\M3000\M3000Mnt.exe

C:\ARQUIV~1\LAUNCH~1\LManager.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Lexmark Pro700 Series\lxeemon.exe

C:\Arquivos de programas\Lexmark Pro700 Series\ezprint.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxeecoms.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer.exe

C:\Arquivos de programas\Microsoft Security Client\msseces.exe

C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\igfxext.exe

C:\Arquivos de programas\Video Web Camera\CEC_MAIN.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

c:\Arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Daniel\Meus documentos\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\ARQUIV~1\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\Audio\Drivers\AzMixerSel.exe

O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Arquivos de programas\Video Web Camera\traybar.exe"

O4 - HKLM\..\Run: [LManager] C:\ARQUIV~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [lxeemon.exe] "C:\Arquivos de programas\Lexmark Pro700 Series\lxeemon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Arquivos de programas\Lexmark Pro700 Series\ezprint.exe"

O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [MSC] "c:\Arquivos de programas\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1308870582796

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1308883343140

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{DCC80E6F-CA2E-4C62-8183-EE71816A6CCC}: NameServer = 189.40.226.80 189.40.224.5

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe

O23 - Service: lxeeCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe

O23 - Service: lxee_device - - C:\WINDOWS\system32\lxeecoms.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 9663 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Na grande maioria das vezes redirecionamentos são provocados por adwares ou vírus. Siga estas instruções para verificarmos a existência de algum deles:

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix (by sUBs)

Salve-o na sua área de trabalho.

  • Feche todas as janelas e programas. Rode o ComboFix.
  • Dê um duplo-clique no combofix.exe e tecle "Sim" para prosseguir.
  • Quando perguntado se deseja instalar o Console de Recuperação, clique em Sim e agüarde.
  • Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.

Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Selecione, copie e cole o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.

Importante:

  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Baixe e SALVE o ComboFix. Na janela de download, onde aparecem as opções Executar / Salvar, clique em Salvar. Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
  • Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

segue em anexo o log.

ComboFix 11-08-21.01 - Daniel 21/08/2011 13:56:06.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1518 [GMT -3:00]

Executando de: c:\documents and settings\Daniel\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\arquivos de programas\POL

c:\arquivos de programas\POL\menu.gif

c:\arquivos de programas\POL\POL.chm

c:\arquivos de programas\POL\qs.html

c:\arquivos de programas\POL\tray.gif

c:\arquivos de programas\POL\Uninstall.exe

c:\documents and settings\All Users\Dados de aplicativos\MPK

c:\documents and settings\All Users\Dados de aplicativos\MPK\mpk.db

c:\documents and settings\All Users\SPL3.tmp

c:\windows\system32\wdir

c:\windows\XSxS

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-07-21 to 2011-08-21 ))))))))))))))))))))))))))))

.

.

2011-08-21 16:17 . 2011-08-21 16:17 28752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{4C2B178F-56E4-424B-9000-ECB8E0709A51}\MpKsl90873878.sys

2011-08-20 17:09 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{4C2B178F-56E4-424B-9000-ECB8E0709A51}\mpengine.dll

2011-08-13 21:35 . 2011-08-13 21:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\3DVIA

2011-08-13 21:35 . 2011-08-13 21:35 -------- d-----w- c:\documents and settings\Daniel\Configurações locais\Dados de aplicativos\3DVIA

2011-08-13 21:34 . 2007-07-19 21:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2011-08-13 21:34 . 2006-09-28 19:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll

2011-08-13 21:34 . 2011-08-13 21:34 -------- d-----w- c:\windows\Logs

2011-08-13 21:34 . 2011-08-13 21:34 -------- d-----w- c:\arquivos de programas\Virtools

2011-08-07 17:14 . 2011-08-07 17:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2011-08-07 17:13 . 2011-08-07 17:15 -------- d-----w- c:\arquivos de programas\Real

2011-08-06 23:21 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-05 18:37 . 2011-07-12 23:39 6881616 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-08-05 11:32 . 2011-08-05 11:32 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\PCHealth

2011-08-05 11:31 . 2011-08-05 11:31 -------- d-----w- c:\documents and settings\Daniel\Configurações locais\Dados de aplicativos\PCHealth

2011-08-05 03:11 . 2011-08-05 03:11 -------- d-----w- c:\windows\Temp3EEFB77F-2776-09DD-0B7A-C2A339BE3369-Signatures

2011-08-05 03:11 . 2011-08-05 03:11 -------- d-----w- C:\296fcfc784b134b44d7e

2011-08-03 12:08 . 2011-08-03 12:08 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\Google

2011-08-03 06:03 . 2011-08-03 06:03 -------- d-----w- c:\arquivos de programas\CCleaner

2011-08-03 06:03 . 2011-08-03 06:03 -------- d-----w- c:\documents and settings\LocalService\Configurações locais\Dados de aplicativos\Google

2011-08-03 06:02 . 2011-08-03 06:03 -------- d-----w- c:\arquivos de programas\Google

2011-08-01 16:20 . 2003-11-12 00:59 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx

2011-08-01 16:20 . 2003-04-01 12:36 94208 ----a-w- c:\windows\system32\vbalIml6.ocx

2011-08-01 16:20 . 2003-01-26 18:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll

2011-08-01 16:20 . 1998-06-24 06:00 203576 ----a-w- c:\windows\system32\RICHTX32.OCX

2011-08-01 16:20 . 2008-02-09 17:48 86016 ----a-w- c:\windows\system32\CS.ocx

2011-08-01 16:20 . 2007-08-02 14:50 65536 ----a-w- c:\windows\system32\IEMonitor.ocx

2011-08-01 16:20 . 2007-03-01 20:41 86016 ----a-w- c:\windows\system32\SuperPicture.ocx

2011-08-01 11:43 . 2011-08-01 11:43 -------- d-----w- c:\documents and settings\Daniel\Configurações locais\Dados de aplicativos\NokiaAccount

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-07 17:13 . 2010-10-22 11:43 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-08-07 17:13 . 2010-10-22 11:43 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-07-15 13:29 . 2011-06-23 17:09 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2011-06-23 17:25 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2011-06-23 22:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 23:36 . 2011-06-23 23:38 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL

2011-06-23 23:36 . 2011-06-23 23:38 207368 ----a-w- c:\windows\UNINST32.EXE

2011-06-23 23:36 . 2011-06-23 23:38 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS

2011-06-23 23:23 . 2011-06-23 23:30 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2011-06-23 23:22 . 2011-06-23 23:30 120104 ----a-w- c:\windows\system32\SynTPCo4.dll

2011-06-23 23:22 . 2011-06-23 23:30 205232 ----a-w- c:\windows\system32\drivers\SynTP.sys

2011-06-23 23:22 . 2011-06-23 23:30 161064 ----a-w- c:\windows\system32\SynTPAPI.dll

2011-06-23 23:22 . 2011-06-23 23:30 206120 ----a-w- c:\windows\system32\SynCtrl.dll

2011-06-23 23:22 . 2011-06-23 23:30 169256 ----a-w- c:\windows\system32\SynCOM.dll

2011-06-23 23:17 . 2011-06-23 23:27 53248 ----a-w- c:\windows\system32\CSVer.dll

2011-06-23 23:16 . 2009-03-02 16:03 38912 ----a-w- c:\windows\system32\drivers\l1c51x86.sys

2011-06-23 23:16 . 2011-06-23 23:24 77824 ----a-w- c:\windows\SOUNDMAN.EXE

2011-06-23 23:16 . 2011-06-23 23:24 405504 ----a-w- c:\windows\vncutil.exe

2011-06-23 23:16 . 2011-06-23 23:24 1826816 ----a-w- c:\windows\SkyTel.exe

2011-06-23 23:16 . 2011-06-23 23:24 880640 ----a-w- c:\windows\system32\RTSndMgr.CPL

2011-06-23 23:16 . 2011-06-23 23:24 1482752 ----a-w- c:\windows\RtlUpd.exe

2011-06-23 23:16 . 2011-06-23 23:24 9715200 ----a-w- c:\windows\RTLCPL.EXE

2011-06-23 23:16 . 2011-06-23 23:24 5891584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2011-06-23 23:15 . 2011-06-23 23:24 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll

2011-06-23 23:15 . 2011-06-23 23:24 122880 ----a-w- c:\windows\RtkAudioService.exe

2011-06-23 23:15 . 2011-06-23 23:24 18702336 ----a-w- c:\windows\RTHDCPL.EXE

2011-06-23 23:15 . 2011-06-23 23:24 2170880 ----a-w- c:\windows\MicCal.exe

2011-06-23 23:15 . 2011-06-23 23:24 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys

2011-06-23 23:14 . 2011-06-23 23:24 278528 ----a-w- c:\windows\system32\ALSNDMGR.CPL

2011-06-23 23:14 . 2011-06-23 23:24 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys

2011-06-23 23:14 . 2011-06-23 23:24 2808832 ----a-w- c:\windows\ALCWZRD.EXE

2011-06-23 23:14 . 2011-06-23 23:24 57344 ----a-w- c:\windows\ALCMTR.EXE

2011-06-23 23:12 . 2011-06-23 23:27 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll

2011-06-23 23:09 . 2011-06-23 23:23 831488 ----a-w- c:\windows\RtlExUpd.dll

2011-06-23 23:04 . 2011-06-23 23:05 920088 ----a-w- c:\windows\system32\igxpun.exe

2011-06-23 23:03 . 2011-06-23 23:05 57344 ----a-w- c:\windows\system32\igxprd32.dll

2011-06-23 23:03 . 2011-06-23 23:05 5854752 ----a-w- c:\windows\system32\drivers\igxpmp32.sys

2011-06-23 23:03 . 2011-06-23 23:05 2643968 ----a-w- c:\windows\system32\igxpdx32.dll

2011-06-23 23:03 . 2011-06-23 23:05 151040 ----a-w- c:\windows\system32\igxpgd32.dll

2011-06-23 23:03 . 2011-06-23 23:05 1670144 ----a-w- c:\windows\system32\igxpdv32.dll

2011-06-23 23:03 . 2011-06-23 23:05 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll

2011-06-23 23:03 . 2011-06-23 23:05 2334720 ----a-w- c:\windows\system32\iglicd32.dll

2011-06-23 23:03 . 2011-06-23 23:05 294912 ----a-w- c:\windows\system32\igldev32.dll

2011-06-23 23:03 . 2011-06-23 23:05 141848 ----a-w- c:\windows\system32\igfxtray.exe

2011-06-23 23:03 . 2011-06-23 23:05 256536 ----a-w- c:\windows\system32\igfxsrvc.exe

2011-06-23 23:03 . 2011-06-23 23:05 170520 ----a-w- c:\windows\system32\igfxzoom.exe

2011-06-23 23:03 . 2011-06-23 23:05 172032 ----a-w- c:\windows\system32\igfxrtrk.lrc

2011-06-23 23:03 . 2011-06-23 23:05 172032 ----a-w- c:\windows\system32\igfxrsve.lrc

2011-06-23 23:03 . 2011-06-23 23:05 48128 ----a-w- c:\windows\system32\igfxsrvc.dll

2011-06-23 23:03 . 2011-06-23 23:05 172032 ----a-w- c:\windows\system32\igfxrslv.lrc

2011-06-23 23:03 . 2011-06-23 23:05 163840 ----a-w- c:\windows\system32\igfxrtha.lrc

2011-06-23 23:03 . 2011-06-23 23:08 180224 ----a-w- c:\windows\system32\igfxres.dll

2011-06-23 23:03 . 2011-06-23 23:05 180224 ----a-w- c:\windows\system32\igfxrrus.lrc

2011-06-23 23:03 . 2011-06-23 23:05 180224 ----a-w- c:\windows\system32\igfxrptg.lrc

2011-06-23 23:03 . 2011-06-23 23:05 180224 ----a-w- c:\windows\system32\igfxrptb.lrc

2011-06-23 23:03 . 2011-06-23 23:05 180224 ----a-w- c:\windows\system32\igfxrplk.lrc

2011-06-23 23:03 . 2011-06-23 23:05 176128 ----a-w- c:\windows\system32\igfxrsky.lrc

2011-06-23 23:03 . 2011-06-23 23:05 176128 ----a-w- c:\windows\system32\igfxrnor.lrc

2011-06-23 23:03 . 2011-06-23 23:05 188416 ----a-w- c:\windows\system32\igfxrita.lrc

2011-06-23 23:03 . 2011-06-23 23:05 184320 ----a-w- c:\windows\system32\igfxrfra.lrc

2011-06-23 23:03 . 2011-06-23 23:05 172032 ----a-w- c:\windows\system32\igfxrdan.lrc

2011-06-23 23:03 . 2011-06-23 23:05 155648 ----a-w- c:\windows\system32\igfxrheb.lrc

2011-06-23 23:03 . 2011-06-23 23:05 131072 ----a-w- c:\windows\system32\igfxrjpn.lrc

2011-06-23 23:03 . 2011-06-23 23:05 126976 ----a-w- c:\windows\system32\igfxrkor.lrc

2011-06-23 23:03 . 2011-06-23 23:05 192512 ----a-w- c:\windows\system32\igfxrell.lrc

2011-06-23 23:03 . 2011-06-23 23:05 192512 ----a-w- c:\windows\system32\igfxrdeu.lrc

2011-06-23 23:03 . 2011-06-23 23:05 188416 ----a-w- c:\windows\system32\igfxrnld.lrc

2011-06-23 23:03 . 2011-06-23 23:05 188416 ----a-w- c:\windows\system32\igfxresp.lrc

2011-06-23 23:03 . 2011-06-23 23:05 180224 ----a-w- c:\windows\system32\igfxrhun.lrc

2011-06-23 23:03 . 2011-06-23 23:05 176128 ----a-w- c:\windows\system32\igfxrfin.lrc

2011-06-23 23:03 . 2011-06-23 23:05 176128 ----a-w- c:\windows\system32\igfxrcsy.lrc

2011-06-23 23:03 . 2011-06-23 23:05 172032 ----a-w- c:\windows\system32\igfxrenu.lrc

2011-06-23 23:03 . 2011-06-23 23:05 110592 ----a-w- c:\windows\system32\igfxrcht.lrc

2011-06-23 23:03 . 2011-06-23 23:05 3293184 ----a-w- c:\windows\system32\igfxress.dll

2011-06-23 23:03 . 2011-06-23 23:05 110592 ----a-w- c:\windows\system32\igfxrchs.lrc

2011-06-23 23:03 . 2011-06-23 23:05 137752 ----a-w- c:\windows\system32\igfxpers.exe

2011-06-23 23:03 . 2011-06-23 23:05 204800 ----a-w- c:\windows\system32\igfxpph.dll

2011-06-23 23:03 . 2011-06-23 23:05 159744 ----a-w- c:\windows\system32\igfxrara.lrc

2011-06-23 23:03 . 2011-06-23 23:05 24576 ----a-w- c:\windows\system32\igfxexps.dll

2011-06-23 23:03 . 2011-06-23 23:05 208896 ----a-w- c:\windows\system32\igfxdev.dll

2011-06-23 23:03 . 2011-06-23 23:05 170520 ----a-w- c:\windows\system32\igfxext.exe

2011-06-23 23:03 . 2011-06-23 23:05 135168 ----a-w- c:\windows\system32\igfxdo.dll

2011-06-23 23:03 . 2011-06-23 23:05 122880 ----a-w- c:\windows\system32\igfxcpl.cpl

2011-06-23 23:03 . 2011-06-23 23:05 530968 ----a-w- c:\windows\system32\igfxcfg.exe

2011-06-23 23:02 . 2011-06-23 23:05 166424 ----a-w- c:\windows\system32\hkcmd.exe

2011-06-23 23:02 . 2011-06-23 23:05 102400 ----a-w- c:\windows\system32\hccutils.dll

2011-06-23 23:02 . 2011-06-23 23:05 319456 ----a-w- c:\windows\system32\difxapi.dll

2011-06-23 18:30 . 2011-06-23 17:20 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:30 . 2011-06-23 17:15 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 18:30 . 2011-06-23 17:15 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 17:29 . 2011-06-23 17:28 648 ----a-w- c:\windows\system32\presetup.cmd

2011-06-23 12:05 . 2011-06-23 17:05 385024 ------w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2011-06-23 17:08 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-06-06 11:35 . 2011-06-23 17:08 1859072 ----a-w- c:\windows\system32\win32k.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaOviSuite2"="c:\arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-08-04 966712]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-03 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"M3000Mnt"="M3000Rmv.dll " [X]

"NokiaMServer"="c:\arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-23 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-23 137752]

"RTHDCPL"="RTHDCPL.EXE" [2011-06-23 18702336]

"AzMixerSel"="c:\arquivos de programas\Realtek\Audio\Drivers\AzMixerSel.exe" [2011-06-23 53248]

"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2011-06-23 1430824]

"Camera Assistant Software"="c:\arquivos de programas\Video Web Camera\traybar.exe" [2009-06-24 630784]

"LManager"="c:\arquiv~1\LAUNCH~1\LManager.exe" [2011-06-23 875016]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2011-04-08 254696]

"lxeemon.exe"="c:\arquivos de programas\Lexmark Pro700 Series\lxeemon.exe" [2010-05-17 770728]

"EzPrint"="c:\arquivos de programas\Lexmark Pro700 Series\ezprint.exe" [2010-05-17 148280]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"MSC"="c:\arquivos de programas\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2011-08-07 273544]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Windows Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\lxeecoms.exe"=

.

R1 MpKsl90873878;MpKsl90873878;c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{4C2B178F-56E4-424B-9000-ECB8E0709A51}\MpKsl90873878.sys [21/8/2011 13:17 28752]

R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2/3/2009 13:03 38912]

R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [23/6/2011 20:26 145408]

S1 jarlrqxp;jarlrqxp;\??\c:\windows\system32\drivers\jarlrqxp.sys --> c:\windows\system32\drivers\jarlrqxp.sys [?]

S1 MpKsl3f1d288c;MpKsl3f1d288c;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{5E29B871-5513-457F-A0BF-836031434874}\MpKsl3f1d288c.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{5E29B871-5513-457F-A0BF-836031434874}\MpKsl3f1d288c.sys [?]

S1 MpKsl8c2d8a34;MpKsl8c2d8a34;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{191BB2AA-CFE3-4E1F-823E-EABB9F3F6858}\MpKsl8c2d8a34.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{191BB2AA-CFE3-4E1F-823E-EABB9F3F6858}\MpKsl8c2d8a34.sys [?]

S1 MpKslfa73f845;MpKslfa73f845;\??\c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{F5BACEB3-BFD0-4332-92A4-3920FB4BFB50}\MpKslfa73f845.sys --> c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{F5BACEB3-BFD0-4332-92A4-3920FB4BFB50}\MpKslfa73f845.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/3/2010 13:16 130384]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [3/8/2011 03:03 135664]

S2 KMService;KMService;c:\windows\system32\srvany.exe [23/6/2011 22:05 8192]

S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [24/6/2011 15:20 193192]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23/6/2011 20:24 1684736]

S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [3/8/2011 03:03 135664]

S3 osppsvc;Office Software Protection Platform;c:\arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/1/2010 21:37 4640000]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/3/2010 13:16 753504]

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - MPKSL90873878

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc51a3caeae4d4.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-03 06:03]

.

2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-03 06:03]

.

2011-08-21 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 18:39]

.

2011-08-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-776561741-515967899-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-03-29 13:47]

.

2011-08-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-776561741-515967899-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-03-29 13:47]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: Interfaces\{DCC80E6F-CA2E-4C62-8183-EE71816A6CCC}: NameServer = 189.40.226.80 189.40.224.5

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-21 14:02

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

Tempo para conclusão: 2011-08-21 14:04:34

ComboFix-quarantined-files.txt 2011-08-21 17:04

.

Pré-execução: 9 pasta(s) 122.005.061.632 bytes disponíveis

Pós execução: 12 pasta(s) 122.068.709.376 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot Loader]

timeout=2

Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[Operating Systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 67D015D6A0A77345CD8A113A39187F77

outra pergunta, porque quando entro usando o celular como modem funciona tudo normal, so tenho alteração quando uso a internet wi-fi da minha casa.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

Dir Look::

c:\windows\Temp3EEFB77F-2776-09DD-0B7A-C2A339BE3369-Signatures

C:\296fcfc784b134b44d7e

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

CFScript.gif

O ComboFix irá rodar, aguarde o exame terminar.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Siga as instruções deste tópico, Logs do HijackThis ** leia antes de postar **, abra um tópico próprio e poste o log.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

Acesse o VirusTotal.com ou o Jotti.com

Clique em Procurar. Na janela para escolher o arquivo, na caixa Nome do Arquivo cole esta linha abaixo:

c:\windows\system32\drivers\jarlrqxp.sys

Clique no botão Abrir e na página do site, clique em sendfile.png

Agüarde a análise, depois copie e salve o resultado.

Obs: Se você usar o VirusTotal, caso o arquivo já tenha sido analisado anteriormente pelo site, você verá uma imagem semelhante a esta:

virustotalrt7.jpg

Se isso acontecer, então apenas copie o link indicado na imagem e cole na sua resposta. Poste o novo log do ComboFix.


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Entre para seguir isso  

×