Ir para conteúdo
Entre para seguir isso  
osbn

Site pedindo atualização obrigatória.

Mensagem Recomendada

Olá. Não estou conseguindo acessar o google nem pelo Internet Explorer e nem pelo google chrome. Quando clico no mesmo aparece uma caixa de diálogo dizendo que preciso baixar uma atualização chamada "google Defender" , porem nunca baixei a mesma por desconfiar que seja um virus ( outros sites abrem normalmente). Vi em um outro site, que conseguiram solucionar esse problea alterando o Dns, colocando o DNs do google ( 8.8.8.8 e 8.8.4.4) porem nem assim consegui me livrar desse problema. Uso o anti-vírus Microsoft Security, Mbam, CCleaner e o Nitropc, porem nenhum destes consegue achar o vírus. Já é a segunda vez que estou com esse problema. na primeira vez, pensei que formatando o PC, o problema seria solucionado mas para minha surpresa o problema continuou. Não sei se esse vírus/spyware está nos programas que eu instalo na maquina visto que meu HD é particionado ou no modem que uso ( D-link 2640b - velox - apenas meu PC usando essa net). Geralmente consigo resolver problemas com vírus, porem este me fez vir aqui pedir ajuda humildemente através desses logs. Se alguém poder ajudar obrigada.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Versão da Base de Dados: 7829

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

29/09/2011 17:08:07

mbam-log-2011-09-29 (17-08-07).txt

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 156913

Tempo decorrido: 3 minuto(s), 30 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

Logfile of HijackThis v1.99.1

Scan saved at 11:14:57, on 18/10/2011

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\vsnpstd3.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Windows\FixCamera.exe

C:\Windows\tsnp325.exe

C:\Windows\vsnp325.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\LeObOuRn\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Foxit PDF Creator Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe

O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar todos os vídeos com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)

O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{56FBF612-7EA8-4AEA-A4E4-42A40CD5B031}: NameServer = 10.0.0.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Usei tb o bankerfix_3 porem o mesmo não encontrou nada.


leo

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você terá que resetar seu modem (roteador) para as configurações de fábrica e reconfigurá-lo para o modo que ele trabalha aí, ativando o Firewall dele.

Por favor, antes de postar um Log do HijackThis para exame, o interessado deverá seguir integralmente o estabelecido neste "Tópico de procedimento padrão obrigatório do Fórum".

Logs do HijackThis ** leia antes de postar **

Após realizado todos os Procedimentos, postar o novo Log do HijackThis aqui mesmo neste Tópico, clicando no BOTÃO RESPONDER e aguarde novas instruções.

Atenção: Seu Programa HijackThis está defasado, pegue a nova Versão no Tópico acima.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz os procedimentos solicitados. Segue meu Log para exame:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:50:40, on 18/10/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\vsnpstd3.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Windows\FixCamera.exe

C:\Windows\tsnp325.exe

C:\Windows\vsnp325.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Windows\Explorer.EXE

C:\Users\LeObOuRn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\LeObOuRn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\LeObOuRn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Foxit PDF Creator Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe

O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar todos os vídeos com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)

O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{56FBF612-7EA8-4AEA-A4E4-42A40CD5B031}: NameServer = 10.0.0.1

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 6313 bytes


leo

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Faça o download do ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

segue o log do ComboFix:

ComboFix 11-10-18.04 - LeObOuRn 19/10/2011 0:19.1.4 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2046.1359 [GMT -2:00]

Executando de: c:\users\LeObOuRn\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

ADS - Windows: deleted 24 bytes in 1 streams.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-09-19 to 2011-10-19 ))))))))))))))))))))))))))))

.

.

2011-10-19 02:24 . 2011-10-19 02:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-19 02:01 . 2011-10-19 02:01 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B31733EE-88F0-4046-89B7-8D2FD407CCDE}\MpKsl5766590a.sys

2011-10-19 01:11 . 2011-10-19 01:11 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B31733EE-88F0-4046-89B7-8D2FD407CCDE}\MpKsl9935be92.sys

2011-10-19 01:11 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B31733EE-88F0-4046-89B7-8D2FD407CCDE}\mpengine.dll

2011-10-18 21:49 . 2011-10-18 21:49 388608 ----a-w- C:\HijackThis.exe

2011-10-18 21:46 . 2011-10-18 21:46 -------- d-----w- c:\program files\CCleaner

2011-10-18 12:35 . 2011-10-18 12:36 -------- d-----w- C:\LinhaDefensiva

2011-10-12 19:31 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 19:31 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 19:27 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 19:27 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-12 19:27 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 16:48 . 2011-09-29 19:08 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-10-12 16:48 . 2011-10-12 16:48 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA41D12D-976D-42E9-9C17-CD713A82A03C}\gapaengine.dll

2011-10-09 18:03 . 2007-02-12 17:50 20480 ----a-w- c:\windows\FixCamera.exe

2011-10-09 18:03 . 2006-07-03 13:31 94208 ----a-w- c:\windows\amcap.exe

2011-10-09 18:03 . 2007-05-10 16:18 835584 ----a-w- c:\windows\vsnp325.exe

2011-10-09 18:03 . 2007-04-21 12:36 270336 ----a-w- c:\windows\tsnp325.exe

2011-10-09 18:03 . 2007-05-24 21:06 10343424 ----a-w- c:\windows\system32\drivers\snp325.sys

2011-10-09 18:03 . 2011-10-09 18:03 -------- d-----w- c:\program files\Common Files\snp325

2011-10-09 18:03 . 2007-05-31 12:01 57344 ----a-w- c:\windows\system32\vsnp325.dll

2011-10-09 18:03 . 2006-04-12 15:11 147456 ----a-w- c:\windows\system32\rsnp325.dll

2011-10-09 18:03 . 2005-11-23 16:55 53248 ----a-w- c:\windows\system32\csnp325.dll

2011-10-06 19:03 . 2011-10-06 19:04 -------- d-----w- c:\program files\sXe Injected

2011-09-30 22:01 . 2011-09-30 22:01 -------- d-----w- c:\program files\Lavalys

2011-09-30 12:29 . 2011-09-12 19:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-30 03:54 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-09-30 03:54 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-09-30 03:54 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-09-30 03:54 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-09-30 03:54 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-09-30 03:54 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-09-30 03:54 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-09-30 03:53 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys

2011-09-30 03:53 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-09-30 03:53 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-09-30 03:53 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-09-30 03:53 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-09-30 03:53 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-09-30 03:53 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll

2011-09-30 03:53 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-09-30 03:53 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-09-30 03:53 . 2011-09-30 03:53 -------- d-----w- c:\program files\Super Tela

2011-09-30 03:33 . 2011-09-30 03:33 -------- d-----w- c:\program files\Pure Networks

2011-09-30 03:32 . 2009-07-07 17:48 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys

2011-09-30 03:32 . 2011-09-30 03:32 -------- dc----w- c:\windows\system32\DRVSTORE

2011-09-30 03:32 . 2009-07-07 17:48 27696 ----a-w- c:\windows\system32\drivers\purendis.sys

2011-09-30 03:32 . 2011-09-30 03:32 -------- d-----w- c:\program files\Common Files\Pure Networks Shared

2011-09-30 03:32 . 2011-09-30 03:32 -------- d-----w- c:\programdata\Pure Networks

2011-09-30 03:28 . 2011-09-30 03:28 -------- d-----w- c:\program files\Xilisoft

2011-09-30 02:51 . 2011-10-06 19:04 -------- d-----w- C:\CS

2011-09-30 02:51 . 2011-09-30 02:51 -------- d-----w- c:\program files\Common Files\Steam

2011-09-30 02:51 . 2011-10-18 12:15 -------- d-----w- c:\program files\Steam

2011-09-29 22:23 . 2011-09-29 22:23 -------- d-----w- c:\program files\SlySoft

2011-09-29 21:48 . 2011-09-29 21:48 -------- d-----w- c:\program files\VS Revo Group

2011-09-29 20:54 . 2011-09-29 20:54 -------- d-----w- c:\windows\system32\Wat

2011-09-29 20:53 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll

2011-09-29 20:53 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll

2011-09-29 20:53 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-09-29 20:43 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-09-29 20:39 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll

2011-09-29 20:39 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-09-29 20:39 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-09-29 20:39 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe

2011-09-29 20:39 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-09-29 20:36 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-09-29 20:36 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-09-29 19:53 . 2011-10-14 15:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-29 19:38 . 2011-09-29 19:45 -------- d-----w- c:\program files\NitroPC

2011-09-29 19:34 . 2011-09-29 19:34 -------- d-----w- c:\programdata\Malwarebytes

2011-09-29 19:34 . 2011-09-29 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-29 19:34 . 2011-08-31 20:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 19:32 . 2011-09-29 19:32 -------- d-----w- c:\program files\Analog Devices

2011-09-29 19:31 . 2011-09-29 19:32 -------- d-----w- c:\program files\Windows Live

2011-09-29 19:31 . 2011-10-13 19:07 -------- d-----w- c:\program files\Microsoft Silverlight

2011-09-29 19:30 . 2011-09-29 19:30 -------- d-----w- c:\program files\Common Files\Windows Live

2011-09-29 19:29 . 2011-09-29 19:29 -------- d-----w- c:\program files\Common Files\Skype

2011-09-29 19:29 . 2011-09-29 19:29 -------- d-----r- c:\program files\Skype

2011-09-29 19:29 . 2011-09-29 19:29 -------- d-----w- c:\programdata\Skype

2011-09-29 19:28 . 2007-04-09 16:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2011-09-29 19:28 . 2007-04-09 16:23 28040 ----a-w- c:\windows\system32\mdimon.dll

2011-09-29 19:27 . 2011-09-30 03:48 -------- d-----w- c:\program files\Microsoft.NET

2011-09-29 19:27 . 2011-09-29 19:27 -------- d-----w- c:\windows\PCHEALTH

2011-09-29 19:24 . 2011-09-29 19:24 -------- d-----w- c:\program files\Winamp Detect

2011-09-29 19:24 . 2011-09-29 19:25 -------- d-----w- c:\program files\Winamp

2011-09-29 19:23 . 2011-10-18 12:31 -------- d-----w- C:\Downloads

2011-09-29 19:23 . 2011-10-18 12:32 -------- d-----w- c:\program files\BitComet

2011-09-29 19:20 . 2011-09-29 19:20 -------- d-----w- c:\program files\IrfanView

2011-09-29 19:20 . 2011-09-29 19:20 -------- d-----w- c:\windows\system32\Macromed

2011-09-29 19:18 . 2011-09-29 19:18 -------- d-----w- c:\program files\Ask.com

2011-09-29 19:18 . 2011-09-29 19:18 -------- d-----w- c:\program files\Foxit Software

2011-09-29 19:17 . 2011-09-29 19:17 -------- d-----w- c:\program files\DVD Region+CSS Free

2011-09-29 19:17 . 2007-01-05 11:50 94208 ----a-w- c:\windows\system32\pskill.exe

2011-09-29 19:17 . 2007-01-05 11:50 26013 ----a-w- c:\windows\system32\sleep.exe

2011-09-29 19:16 . 2011-09-29 19:17 -------- d-----w- c:\programdata\WinZip

2011-09-29 19:15 . 2011-09-29 19:15 -------- d-----w- c:\programdata\SlySoft

2011-09-29 19:10 . 2011-09-29 19:13 -------- d-----w- c:\program files\Common Files\Ahead

2011-09-29 19:10 . 2011-09-29 19:10 -------- d-----w- c:\programdata\Nero

2011-09-29 19:10 . 2011-09-29 19:10 -------- d-----w- c:\program files\Nero

2011-09-29 19:08 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-09-29 19:02 . 2011-09-29 19:03 -------- d-----w- c:\program files\Microsoft Security Client

2011-09-29 18:42 . 2011-09-29 18:42 -------- d-----w- c:\program files\Alcohol Soft

2011-09-29 18:40 . 2011-09-29 18:40 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-09-29 18:35 . 2006-03-23 22:51 208896 ----a-w- c:\windows\system32\NVUNINST.EXE

2011-09-29 18:34 . 2011-09-29 18:34 -------- d-----w- c:\program files\Common Files\InstallShield

2011-09-29 18:32 . 2011-10-09 18:03 -------- d--h--w- c:\program files\InstallShield Installation Information

2011-09-29 18:31 . 2011-10-13 01:33 -------- d-sh--w- c:\windows\Installer

2011-09-29 18:31 . 2011-10-19 02:01 -------- d-----w- c:\programdata\NVIDIA

2011-09-29 18:29 . 2011-09-29 18:29 -------- d-----w- C:\NVIDIA

2011-09-29 18:17 . 2011-10-18 21:47 -------- d-----w- c:\windows\Panther

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-29 19:32 . 2010-06-24 14:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-08-19 15:01 . 2011-08-19 15:01 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

2011-08-03 11:50 . 2009-07-13 22:09 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll

2011-08-03 06:31 . 2011-08-03 06:31 311912 ----a-w- c:\windows\system32\nvStreaming.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-29 01:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-09-29 5328504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-06 339968]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2011-09-30 472112]

"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]

"tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336]

"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-09-29 22:31 136176 ----atw- c:\users\LeObOuRn\AppData\Local\Google\Update\GoogleUpdate.exe

.

R1 MpKsl8b5f0386;MpKsl8b5f0386;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D9E4C81-0817-4CA4-B81C-89B82F1C39ED}\MpKsl8b5f0386.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [2011-09-01 92800]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-29 1343400]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-29 691696]

S1 MpKsl5766590a;MpKsl5766590a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B31733EE-88F0-4046-89B7-8D2FD407CCDE}\MpKsl5766590a.sys [2011-10-19 28752]

S1 MpKsl9935be92;MpKsl9935be92;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B31733EE-88F0-4046-89B7-8D2FD407CCDE}\MpKsl9935be92.sys [2011-10-19 28752]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2007-05-24 10343424]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - MPKSL5766590A

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2938255197-1610587138-4076034684-1001Core.job

- c:\users\LeObOuRn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 22:31]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2938255197-1610587138-4076034684-1001UA.job

- c:\users\LeObOuRn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 22:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: &B&aixar &com o BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &B&aixar todos os vídeos com o BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &B&aixar tudo usando o BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{56FBF612-7EA8-4AEA-A4E4-42A40CD5B031}: NameServer = 10.0.0.1

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'Explorer.exe'(844)

c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll

c:\program files\Pure Networks\Network Magic\nmrsrc.dll

.

Tempo para conclusão: 2011-10-19 00:25:51

ComboFix-quarantined-files.txt 2011-10-19 02:25

.

Pré-execução: 85.486.759.936 bytes disponíveis

Pós execução: 85.761.650.688 bytes disponíveis

.

- - End Of File - - 729253D182B10825B90C3DB76B257DE2

Segue o log do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:33:39, on 19/10/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\vsnpstd3.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Windows\FixCamera.exe

C:\Windows\tsnp325.exe

C:\Windows\vsnp325.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Users\LeObOuRn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\LeObOuRn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\LeObOuRn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\LeObOuRn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\LeObOuRn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Foxit PDF Creator Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe

O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar todos os vídeos com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)

O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{56FBF612-7EA8-4AEA-A4E4-42A40CD5B031}: NameServer = 10.0.0.1

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 5818 bytes


leo

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desinstale o Ask Toolbar

Ask Toolbar Remover:

http://www.baixaki.com.br/download/ask-toolbar-remover.htm

Sugiro que imprima ou salve os procedimentos abaixo, e não use a Internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa verde) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na Área de Trabalho ( Desktop), com o nome de CFScript.txt

File::

c:\users\LeObOuRn\AppData\Local\Google\Update\GoogleUpdate.exe

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2938255197-1610587138-4076034684-1001Core.job

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2938255197-1610587138-4076034684-1001UA.job

c:\users\LeObOuRn\AppData\Local\Google\Update\GoogleUpdate.exe

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.

Faça um novo Log com o HijackThis em Modo Normal e poste + o ComboFix.txt.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom, fiz o sugerido, porem coisas diferentes aconteceram: (1) após o procedimento de arrastar o bloco de notas para o programa, o mesmo ofereceu a opção de atualização. Fiz esta atualização. Obs: o programa não reiniciou o PC. (2) o programa Hijackthis não estava iniciando na tela onde existe a opção (Do a system scan and save a logfile) mas sim uma tela onde aparece a opção scan.

fora isso, aqui estam os logs:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:39:28, on 19/10/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Windows\tsnp325.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\notepad.exe

C:\Windows\explorer.exe

C:\Users\LeObOuRn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\LeObOuRn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\LeObOuRn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Foxit PDF Creator Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe

O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar todos os vídeos com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)

O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{56FBF612-7EA8-4AEA-A4E4-42A40CD5B031}: NameServer = 10.0.0.1

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 5570 bytes

Combofix:

ComboFix 11-10-19.04 - LeObOuRn 19/10/2011 14:13:19.2.4 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2046.1400 [GMT -2:00]

Executando de: c:\users\LeObOuRn\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\LeObOuRn\Desktop\CFScript.txt.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\LeObOuRn\AppData\Local\Google\Update\GoogleUpdate.exe"

"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2938255197-1610587138-4076034684-1001Core.job"

"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2938255197-1610587138-4076034684-1001UA.job"

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\LeObOuRn\AppData\Local\Google\Update\GoogleUpdate.exe

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2938255197-1610587138-4076034684-1001Core.job

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2938255197-1610587138-4076034684-1001UA.job

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-09-19 to 2011-10-19 ))))))))))))))))))))))))))))

.

.

2011-10-19 16:18 . 2011-10-19 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-19 16:04 . 2011-10-19 16:05 -------- d-----w- C:\combofix log

2011-10-19 16:04 . 2011-10-19 16:04 -------- d-----w- C:\hijack log 2

2011-10-19 02:33 . 2011-10-19 02:33 -------- d-----w- C:\hijack log

2011-10-19 01:11 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B31733EE-88F0-4046-89B7-8D2FD407CCDE}\mpengine.dll

2011-10-18 21:49 . 2011-10-18 21:49 388608 ----a-w- C:\HijackThis.exe

2011-10-18 21:46 . 2011-10-18 21:46 -------- d-----w- c:\program files\CCleaner

2011-10-18 12:35 . 2011-10-18 12:36 -------- d-----w- C:\LinhaDefensiva

2011-10-12 19:31 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 19:31 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 19:27 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 19:27 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-12 19:27 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 16:48 . 2011-09-29 19:08 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-10-12 16:48 . 2011-10-12 16:48 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA41D12D-976D-42E9-9C17-CD713A82A03C}\gapaengine.dll

2011-10-09 18:03 . 2007-02-12 17:50 20480 ----a-w- c:\windows\FixCamera.exe

2011-10-09 18:03 . 2006-07-03 13:31 94208 ----a-w- c:\windows\amcap.exe

2011-10-09 18:03 . 2007-05-10 16:18 835584 ----a-w- c:\windows\vsnp325.exe

2011-10-09 18:03 . 2007-04-21 12:36 270336 ----a-w- c:\windows\tsnp325.exe

2011-10-09 18:03 . 2007-05-24 21:06 10343424 ----a-w- c:\windows\system32\drivers\snp325.sys

2011-10-09 18:03 . 2011-10-09 18:03 -------- d-----w- c:\program files\Common Files\snp325

2011-10-09 18:03 . 2007-05-31 12:01 57344 ----a-w- c:\windows\system32\vsnp325.dll

2011-10-09 18:03 . 2006-04-12 15:11 147456 ----a-w- c:\windows\system32\rsnp325.dll

2011-10-09 18:03 . 2005-11-23 16:55 53248 ----a-w- c:\windows\system32\csnp325.dll

2011-10-06 19:03 . 2011-10-06 19:04 -------- d-----w- c:\program files\sXe Injected

2011-09-30 22:01 . 2011-09-30 22:01 -------- d-----w- c:\program files\Lavalys

2011-09-30 12:29 . 2011-09-12 19:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-30 03:54 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-09-30 03:54 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-09-30 03:54 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-09-30 03:54 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-09-30 03:54 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-09-30 03:54 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-09-30 03:54 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-09-30 03:53 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys

2011-09-30 03:53 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-09-30 03:53 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-09-30 03:53 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-09-30 03:53 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-09-30 03:53 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-09-30 03:53 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll

2011-09-30 03:53 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-09-30 03:53 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-09-30 03:53 . 2011-09-30 03:53 -------- d-----w- c:\program files\Super Tela

2011-09-30 03:33 . 2011-09-30 03:33 -------- d-----w- c:\program files\Pure Networks

2011-09-30 03:32 . 2009-07-07 17:48 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys

2011-09-30 03:32 . 2011-09-30 03:32 -------- dc----w- c:\windows\system32\DRVSTORE

2011-09-30 03:32 . 2009-07-07 17:48 27696 ----a-w- c:\windows\system32\drivers\purendis.sys

2011-09-30 03:32 . 2011-09-30 03:32 -------- d-----w- c:\program files\Common Files\Pure Networks Shared

2011-09-30 03:32 . 2011-09-30 03:32 -------- d-----w- c:\programdata\Pure Networks

2011-09-30 03:28 . 2011-09-30 03:28 -------- d-----w- c:\program files\Xilisoft

2011-09-30 02:51 . 2011-10-06 19:04 -------- d-----w- C:\CS

2011-09-30 02:51 . 2011-09-30 02:51 -------- d-----w- c:\program files\Common Files\Steam

2011-09-30 02:51 . 2011-10-18 12:15 -------- d-----w- c:\program files\Steam

2011-09-29 22:23 . 2011-09-29 22:23 -------- d-----w- c:\program files\SlySoft

2011-09-29 21:48 . 2011-09-29 21:48 -------- d-----w- c:\program files\VS Revo Group

2011-09-29 20:54 . 2011-09-29 20:54 -------- d-----w- c:\windows\system32\Wat

2011-09-29 20:53 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll

2011-09-29 20:53 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll

2011-09-29 20:53 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-09-29 20:43 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-09-29 20:39 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll

2011-09-29 20:39 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-09-29 20:39 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-09-29 20:39 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe

2011-09-29 20:39 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-09-29 20:36 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-09-29 20:36 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-09-29 19:53 . 2011-10-14 15:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-29 19:38 . 2011-09-29 19:45 -------- d-----w- c:\program files\NitroPC

2011-09-29 19:34 . 2011-09-29 19:34 -------- d-----w- c:\programdata\Malwarebytes

2011-09-29 19:34 . 2011-09-29 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-29 19:34 . 2011-08-31 20:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 19:32 . 2011-09-29 19:32 -------- d-----w- c:\program files\Analog Devices

2011-09-29 19:31 . 2011-09-29 19:32 -------- d-----w- c:\program files\Windows Live

2011-09-29 19:31 . 2011-10-13 19:07 -------- d-----w- c:\program files\Microsoft Silverlight

2011-09-29 19:30 . 2011-09-29 19:30 -------- d-----w- c:\program files\Common Files\Windows Live

2011-09-29 19:29 . 2011-09-29 19:29 -------- d-----w- c:\program files\Common Files\Skype

2011-09-29 19:29 . 2011-09-29 19:29 -------- d-----r- c:\program files\Skype

2011-09-29 19:29 . 2011-09-29 19:29 -------- d-----w- c:\programdata\Skype

2011-09-29 19:28 . 2007-04-09 16:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2011-09-29 19:28 . 2007-04-09 16:23 28040 ----a-w- c:\windows\system32\mdimon.dll

2011-09-29 19:27 . 2011-09-30 03:48 -------- d-----w- c:\program files\Microsoft.NET

2011-09-29 19:27 . 2011-09-29 19:27 -------- d-----w- c:\windows\PCHEALTH

2011-09-29 19:24 . 2011-09-29 19:24 -------- d-----w- c:\program files\Winamp Detect

2011-09-29 19:24 . 2011-09-29 19:25 -------- d-----w- c:\program files\Winamp

2011-09-29 19:23 . 2011-10-18 12:31 -------- d-----w- C:\Downloads

2011-09-29 19:23 . 2011-10-18 12:32 -------- d-----w- c:\program files\BitComet

2011-09-29 19:20 . 2011-09-29 19:20 -------- d-----w- c:\program files\IrfanView

2011-09-29 19:20 . 2011-09-29 19:20 -------- d-----w- c:\windows\system32\Macromed

2011-09-29 19:18 . 2011-09-29 19:18 -------- d-----w- c:\program files\Ask.com

2011-09-29 19:18 . 2011-09-29 19:18 -------- d-----w- c:\program files\Foxit Software

2011-09-29 19:17 . 2011-09-29 19:17 -------- d-----w- c:\program files\DVD Region+CSS Free

2011-09-29 19:17 . 2007-01-05 11:50 94208 ----a-w- c:\windows\system32\pskill.exe

2011-09-29 19:17 . 2007-01-05 11:50 26013 ----a-w- c:\windows\system32\sleep.exe

2011-09-29 19:16 . 2011-09-29 19:17 -------- d-----w- c:\programdata\WinZip

2011-09-29 19:15 . 2011-09-29 19:15 -------- d-----w- c:\programdata\SlySoft

2011-09-29 19:10 . 2011-09-29 19:13 -------- d-----w- c:\program files\Common Files\Ahead

2011-09-29 19:10 . 2011-09-29 19:10 -------- d-----w- c:\programdata\Nero

2011-09-29 19:10 . 2011-09-29 19:10 -------- d-----w- c:\program files\Nero

2011-09-29 19:08 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-09-29 19:02 . 2011-09-29 19:03 -------- d-----w- c:\program files\Microsoft Security Client

2011-09-29 18:42 . 2011-09-29 18:42 -------- d-----w- c:\program files\Alcohol Soft

2011-09-29 18:40 . 2011-09-29 18:40 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-09-29 18:35 . 2006-03-23 22:51 208896 ----a-w- c:\windows\system32\NVUNINST.EXE

2011-09-29 18:34 . 2011-09-29 18:34 -------- d-----w- c:\program files\Common Files\InstallShield

2011-09-29 18:32 . 2011-10-09 18:03 -------- d--h--w- c:\program files\InstallShield Installation Information

2011-09-29 18:31 . 2011-10-13 01:33 -------- d-sh--w- c:\windows\Installer

2011-09-29 18:31 . 2011-10-19 15:54 -------- d-----w- c:\programdata\NVIDIA

2011-09-29 18:29 . 2011-09-29 18:29 -------- d-----w- C:\NVIDIA

2011-09-29 18:17 . 2011-10-18 21:47 -------- d-----w- c:\windows\Panther

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-29 19:32 . 2010-06-24 14:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-08-19 15:01 . 2011-08-19 15:01 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

2011-08-03 11:50 . 2009-07-13 22:09 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll

2011-08-03 06:31 . 2011-08-03 06:31 311912 ----a-w- c:\windows\system32\nvStreaming.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-29 01:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-09-29 5328504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-06 339968]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2011-09-30 472112]

"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]

"tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336]

"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 MpKsl8b5f0386;MpKsl8b5f0386;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D9E4C81-0817-4CA4-B81C-89B82F1C39ED}\MpKsl8b5f0386.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [2011-09-01 92800]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-29 1343400]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-29 691696]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2007-05-24 10343424]

.

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: &B&aixar &com o BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &B&aixar todos os vídeos com o BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &B&aixar tudo usando o BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{56FBF612-7EA8-4AEA-A4E4-42A40CD5B031}: NameServer = 10.0.0.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

MSConfigStartUp-Google Update - c:\users\LeObOuRn\AppData\Local\Google\Update\GoogleUpdate.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2011-10-19 14:19:42

ComboFix-quarantined-files.txt 2011-10-19 16:19

.

Pré-execução: 85.686.407.168 bytes disponíveis

Pós execução: 85.645.176.832 bytes disponíveis

.

- - End Of File - - 397B9745C1BE9471B1EB493DBF44C390


leo

Compartilhar este post


Link para o post
Compartilhar em outros sites

sim usei. Desde que comecei o procedimento não ocorreu mais o problema. Vale lembrar que o problema tinha vontade própria, um dia aparecia outro dia não...

Pela análise dos log tem como saber se o problema foi sanado ?

Se sim, tem como saber se foi algum programa que eu instalei ? pq se for eu poderia apagá-lo dos meu programas que instalo qnd formato o PC.

Outra coisa, sem querer ser chato, é muito difícil interpretar esses Logs ? tem algum tutorial p/ isso ?

obrigada


leo

Compartilhar este post


Link para o post
Compartilhar em outros sites

O AskToolbar ainda apareceu no Log do ComboFix..

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-29 01:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Execute-o novamente...

Fora as tarefas de Update do Google, removidas, nada ví de estranho nos Logs...

Ok, o PC está limpo (Y)

Finalizando.......

Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Outra coisa, sem querer ser chato, é muito difícil interpretar esses Logs ? tem algum tutorial p/ isso ?

É preciso estudar bastante este Tutorial da Linha Defensiva (http://www.linhadefe...kthis-completo/ ), freqüentar vários Fóruns Nacionais e Internacionais, por meses. A língua Inglesa e o Espanhol são requisitos básicos, para total compreensão e o estudo de novas Ferramentas de Remoção de Infecções, que estes Fóruns lançam diariamente.

Acompanhar atentamente os Logs postados aqui e em outros Fóruns, treinando em casa e comparando os resultados.

Pesquisar por entradas usando o Google e outros Sites que geram informações sobre cada entrada de um Log.

Fazendo isto, em alguns meses, você ficará apto para auto-ajuda.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

passei novamente o "ASK remover" depois fiz um novo Log do combofix:

ComboFix 11-10-19.04 - LeObOuRn 21/10/2011 0:09.3.4 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2046.1349 [GMT -2:00]

Executando de: c:\users\LeObOuRn\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-09-21 to 2011-10-21 ))))))))))))))))))))))))))))

.

.

2011-10-21 02:14 . 2011-10-21 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-20 02:01 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD0E5BEC-4400-413E-A7D2-125C514D0AD1}\mpengine.dll

2011-10-19 16:04 . 2011-10-19 16:05 -------- d-----w- C:\combofix log

2011-10-19 16:04 . 2011-10-19 16:04 -------- d-----w- C:\hijack log 2

2011-10-19 02:33 . 2011-10-19 02:33 -------- d-----w- C:\hijack log

2011-10-18 21:46 . 2011-10-18 21:46 -------- d-----w- c:\program files\CCleaner

2011-10-18 12:35 . 2011-10-18 12:36 -------- d-----w- C:\LinhaDefensiva

2011-10-12 19:31 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 19:31 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 19:27 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 19:27 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-12 19:27 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 16:48 . 2011-09-29 19:08 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-10-12 16:48 . 2011-10-12 16:48 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA41D12D-976D-42E9-9C17-CD713A82A03C}\gapaengine.dll

2011-10-09 18:03 . 2007-02-12 17:50 20480 ----a-w- c:\windows\FixCamera.exe

2011-10-09 18:03 . 2006-07-03 13:31 94208 ----a-w- c:\windows\amcap.exe

2011-10-09 18:03 . 2007-05-10 16:18 835584 ----a-w- c:\windows\vsnp325.exe

2011-10-09 18:03 . 2007-04-21 12:36 270336 ----a-w- c:\windows\tsnp325.exe

2011-10-09 18:03 . 2007-05-24 21:06 10343424 ----a-w- c:\windows\system32\drivers\snp325.sys

2011-10-09 18:03 . 2011-10-09 18:03 -------- d-----w- c:\program files\Common Files\snp325

2011-10-09 18:03 . 2007-05-31 12:01 57344 ----a-w- c:\windows\system32\vsnp325.dll

2011-10-09 18:03 . 2006-04-12 15:11 147456 ----a-w- c:\windows\system32\rsnp325.dll

2011-10-09 18:03 . 2005-11-23 16:55 53248 ----a-w- c:\windows\system32\csnp325.dll

2011-10-06 19:03 . 2011-10-06 19:04 -------- d-----w- c:\program files\sXe Injected

2011-09-30 22:01 . 2011-09-30 22:01 -------- d-----w- c:\program files\Lavalys

2011-09-30 12:29 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-30 03:54 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-09-30 03:54 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-09-30 03:54 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-09-30 03:54 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-09-30 03:54 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-09-30 03:54 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-09-30 03:54 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-09-30 03:53 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys

2011-09-30 03:53 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-09-30 03:53 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-09-30 03:53 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-09-30 03:53 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-09-30 03:53 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-09-30 03:53 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll

2011-09-30 03:53 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-09-30 03:53 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-09-30 03:53 . 2011-09-30 03:53 -------- d-----w- c:\program files\Super Tela

2011-09-30 03:33 . 2011-09-30 03:33 -------- d-----w- c:\program files\Pure Networks

2011-09-30 03:32 . 2009-07-07 17:48 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys

2011-09-30 03:32 . 2011-09-30 03:32 -------- dc----w- c:\windows\system32\DRVSTORE

2011-09-30 03:32 . 2009-07-07 17:48 27696 ----a-w- c:\windows\system32\drivers\purendis.sys

2011-09-30 03:32 . 2011-09-30 03:32 -------- d-----w- c:\program files\Common Files\Pure Networks Shared

2011-09-30 03:32 . 2011-09-30 03:32 -------- d-----w- c:\programdata\Pure Networks

2011-09-30 03:28 . 2011-09-30 03:28 -------- d-----w- c:\program files\Xilisoft

2011-09-30 02:51 . 2011-10-06 19:04 -------- d-----w- C:\CS

2011-09-30 02:51 . 2011-09-30 02:51 -------- d-----w- c:\program files\Common Files\Steam

2011-09-30 02:51 . 2011-10-18 12:15 -------- d-----w- c:\program files\Steam

2011-09-29 22:23 . 2011-09-29 22:23 -------- d-----w- c:\program files\SlySoft

2011-09-29 21:48 . 2011-09-29 21:48 -------- d-----w- c:\program files\VS Revo Group

2011-09-29 20:54 . 2011-09-29 20:54 -------- d-----w- c:\windows\system32\Wat

2011-09-29 20:53 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll

2011-09-29 20:53 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll

2011-09-29 20:53 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-09-29 20:43 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-09-29 20:39 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll

2011-09-29 20:39 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-09-29 20:39 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-09-29 20:39 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe

2011-09-29 20:39 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-09-29 20:36 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-09-29 20:36 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-09-29 19:53 . 2011-10-14 15:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-29 19:38 . 2011-09-29 19:45 -------- d-----w- c:\program files\NitroPC

2011-09-29 19:34 . 2011-09-29 19:34 -------- d-----w- c:\programdata\Malwarebytes

2011-09-29 19:34 . 2011-09-29 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-29 19:34 . 2011-08-31 20:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 19:32 . 2011-09-29 19:32 -------- d-----w- c:\program files\Analog Devices

2011-09-29 19:31 . 2011-09-29 19:32 -------- d-----w- c:\program files\Windows Live

2011-09-29 19:31 . 2011-10-13 19:07 -------- d-----w- c:\program files\Microsoft Silverlight

2011-09-29 19:30 . 2011-09-29 19:30 -------- d-----w- c:\program files\Common Files\Windows Live

2011-09-29 19:29 . 2011-09-29 19:29 -------- d-----w- c:\program files\Common Files\Skype

2011-09-29 19:29 . 2011-09-29 19:29 -------- d-----r- c:\program files\Skype

2011-09-29 19:29 . 2011-09-29 19:29 -------- d-----w- c:\programdata\Skype

2011-09-29 19:28 . 2007-04-09 16:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2011-09-29 19:28 . 2007-04-09 16:23 28040 ----a-w- c:\windows\system32\mdimon.dll

2011-09-29 19:27 . 2011-09-30 03:48 -------- d-----w- c:\program files\Microsoft.NET

2011-09-29 19:27 . 2011-09-29 19:27 -------- d-----w- c:\windows\PCHEALTH

2011-09-29 19:24 . 2011-09-29 19:24 -------- d-----w- c:\program files\Winamp Detect

2011-09-29 19:24 . 2011-09-29 19:25 -------- d-----w- c:\program files\Winamp

2011-09-29 19:23 . 2011-10-18 12:31 -------- d-----w- C:\Downloads

2011-09-29 19:23 . 2011-10-18 12:32 -------- d-----w- c:\program files\BitComet

2011-09-29 19:20 . 2011-09-29 19:20 -------- d-----w- c:\program files\IrfanView

2011-09-29 19:20 . 2011-09-29 19:20 -------- d-----w- c:\windows\system32\Macromed

2011-09-29 19:18 . 2011-09-29 19:18 -------- d-----w- c:\program files\Ask.com

2011-09-29 19:18 . 2011-09-29 19:18 -------- d-----w- c:\program files\Foxit Software

2011-09-29 19:17 . 2011-09-29 19:17 -------- d-----w- c:\program files\DVD Region+CSS Free

2011-09-29 19:17 . 2007-01-05 11:50 94208 ----a-w- c:\windows\system32\pskill.exe

2011-09-29 19:17 . 2007-01-05 11:50 26013 ----a-w- c:\windows\system32\sleep.exe

2011-09-29 19:16 . 2011-09-29 19:17 -------- d-----w- c:\programdata\WinZip

2011-09-29 19:15 . 2011-09-29 19:15 -------- d-----w- c:\programdata\SlySoft

2011-09-29 19:10 . 2011-09-29 19:13 -------- d-----w- c:\program files\Common Files\Ahead

2011-09-29 19:10 . 2011-09-29 19:10 -------- d-----w- c:\programdata\Nero

2011-09-29 19:10 . 2011-09-29 19:10 -------- d-----w- c:\program files\Nero

2011-09-29 19:08 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-09-29 19:02 . 2011-09-29 19:03 -------- d-----w- c:\program files\Microsoft Security Client

2011-09-29 18:42 . 2011-09-29 18:42 -------- d-----w- c:\program files\Alcohol Soft

2011-09-29 18:40 . 2011-09-29 18:40 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-09-29 18:35 . 2006-03-23 22:51 208896 ----a-w- c:\windows\system32\NVUNINST.EXE

2011-09-29 18:34 . 2011-09-29 18:34 -------- d-----w- c:\program files\Common Files\InstallShield

2011-09-29 18:32 . 2011-10-09 18:03 -------- d--h--w- c:\program files\InstallShield Installation Information

2011-09-29 18:31 . 2011-10-13 01:33 -------- d-sh--w- c:\windows\Installer

2011-09-29 18:31 . 2011-10-20 23:52 -------- d-----w- c:\programdata\NVIDIA

2011-09-29 18:29 . 2011-09-29 18:29 -------- d-----w- C:\NVIDIA

2011-09-29 18:17 . 2011-10-18 21:47 -------- d-----w- c:\windows\Panther

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-29 19:32 . 2010-06-24 14:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-08-19 15:01 . 2011-08-19 15:01 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

2011-08-03 11:50 . 2009-07-13 22:09 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll

2011-08-03 06:31 . 2011-08-03 06:31 311912 ----a-w- c:\windows\system32\nvStreaming.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-29 01:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-09-29 5328504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-06 339968]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2011-09-30 472112]

"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]

"tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336]

"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 MpKsl8b5f0386;MpKsl8b5f0386;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D9E4C81-0817-4CA4-B81C-89B82F1C39ED}\MpKsl8b5f0386.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [2011-09-01 92800]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-29 1343400]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-29 691696]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2007-05-24 10343424]

.

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: &B&aixar &com o BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &B&aixar todos os vídeos com o BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &B&aixar tudo usando o BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{56FBF612-7EA8-4AEA-A4E4-42A40CD5B031}: NameServer = 10.0.0.1

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2011-10-21 00:16:04

ComboFix-quarantined-files.txt 2011-10-21 02:16

.

Pré-execução: 84.354.048.000 bytes disponíveis

Pós execução: 84.081.278.976 bytes disponíveis

.

- - End Of File - - 3ED36B97E280CDA3B15D5CE36C997CE2

as linhas de comando do ask tool bar ainda continuam. E agora ? tem algum outro método para retirá-las ?

obs: renomiei o combofix após o último log assim desistalando-o.

obs: obrigado pelas dicas.


leo

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sugiro que imprima ou salve os procedimentos abaixo, e não use a Internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa verde) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na Área de Trabalho ( Desktop), com o nome de CFScript.txt

File::

c:\program files\Ask.com\GenericAskToolbar.dll

Registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Folder::

c:\program files\Ask.com

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.

Faça um novo Log com o HijackThis em Modo Normal e poste + o ComboFix.txt.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Entre para seguir isso  

×