Ir para conteúdo
Entre para seguir isso  
Blackrat

Solicitação de análise de Log HijackThis

Mensagem Recomendada

O windows update está configurado para confimar com você antes de baixar e instalar atulizações. Essas configuraçoes são gerenciadas pelo administrador do sistema.

O problema é o seguinte: Eu não posso mudar essas configurações, o botão não está habilidado. Peço que analisem meu Log do HijackThis para saber se tem algo errado:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:16:14, on 30/11/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16438)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Hp\HP Software Update\hpwuschd2.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe

C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Users\Rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Users\Rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\notepad.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.claro-search.com/?affID=110824&tt=261112_clro_4812_3&babsrc=HP_ss&mntrId=84a88314000000000000c417fe726048

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NokiaInternetModem_AppStart.exe] "C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem.exe"

O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FE071B02-4746-4D6E-852B-50BE64B7A17C}: NameServer = 187.100.246.253 200.220.227.57

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe

--

End of file - 11590 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo, baixe o Malwarebytes' Anti-Malware (MBAM) neste link ou neste aqui.

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu já tinha feito uma análise completa com o Malwarebytes antes de postar o log aqui, aqui está:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Versão da Base de Dados: v2012.11.30.06

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.10.9200.16438

Rodrigo :: RODRIGO-PC [administrador]

30/11/2012 20:49:01

mbam-log-2012-11-30 (18-56-07).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 336119

Tempo decorrido: 1 hora(s), 4 minuto(s), 20 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe 2mfgk11.png e salve no desktop.

Baixe também o MbrScan.exe by Eric_71 > salve no desktop.

Dê um duplo-clique para executar a ferramenta. Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

Dê um duplo clique para executar o SecurityCheck by screen317.

Na janela que abrirá pressione qualquer tecla para continuar. Aguarde enquanto a ferramenta faz o exame.

Ao final, abrirá um log, o checkup.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta + o conteúdo do MbrScan.log.


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

MbrScan:


MBRScan v1.1.1

OS : Windows 7 Service Pack 1 (32 bit)
PROCESSOR : x86 Family 6 Model 23 Stepping 10, GenuineIntel
BOOT : Normal Boot
DATE : 2012/11/30 (ISO 8601) at 23:57:36
________________________________________________________________________________

DISK : Device\Harddisk0\DR0 __SAMSUNG HM320II (2AC101C4)
BUS_TYPE : (0x0B) S-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0 298.1 Go [Fixed] ==> 7 MBR Code

MBR_MD5 : A0BD8BD7131084DDA41097474687164F
MBR_SHA1 : 2620F21A0E511527566B51F1348E3FE785887DC9

Device\Harddisk0\Partition1 100.0 Mo 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 298.0 Go 0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x9598B000
SIZE : 44.0 Ko

DRIVER : C:\Windows\System32\Drivers\dump_msahci.sys => Invisible on the disk
ADDRESS : 0x95996000
SIZE : 40.0 Ko

DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x959A0000
SIZE : 68.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions : NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR \Device\Harddisk0\DR0

0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿.
0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹..
0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å.
0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 ânãoÍ..V.UÆF..ÆF..
0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu.
0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t
0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h.
0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ.
0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..ë.¸..».|.V.
0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ
0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².ë.
0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2ä.V.Í.]ë..>þ}U
0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°Ñæd
0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßæ`è|.°.ædèu
0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT
0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.».
0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf
0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f
0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í
0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.ë..¶.ë..µ.2ä
0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....ð¬<.t.»..´.Í
0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø
0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti
0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error
0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati
0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin
0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x000001B0 65 6D 00 00 00 63 7B 9A 01 51 1C F1 00 00 80 20 em...c{..Q.não...
0x000001C0 21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF !..ß....... ...ß
0x000001D0 14 0C 07 FE FF FF 00 28 03 00 00 B8 3F 25 00 00 ...þ...(...¸?%..
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

Security Check:

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````antivírus/Firewall Check:``````````````

Kaspersky Internet Security

antivírus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware versão 1.65.1.1000

CCleaner

Java 6 Update 37

Java version out of Date!

Adobe Flash Player 11.4.402.287

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox 16.0.1 Firefox out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

````````Process Check: objlist.exe by Laurent````````

Kaspersky Lab Kaspersky Internet Security 2013 avp.exe

Kaspersky Lab Kaspersky Internet Security 2013 klwtblfs.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe RogueKiller e salve no desktop.

Dê um duplo-clique sobre o RogueKiller.exe.

Clique no botâo Verificar. Aguarde o exame finalizar.

Clique no botão Report. Abrirá um bloco de notas com informações.

Este log é salvo no desktop com o nome de RKreport[1].txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

OBS: não use o botão Deletar pois precisamos avaliar os ítens antes de fazer isso.


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui:

RogueKiller V8.3.1 [Nov 29 2012] Por Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Site : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Iniciado em : Modo Normal

Usuario : Rodrigo [Privilegios de Admnistrador]

Modo : Verificar -- Data : 12/01/2012 17:14:24

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{64F9FBE2-81C3-4758-AF7B-002C56957792} : NameServer (187.100.246.253 200.220.227.56) -> ENCONTRADO

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM320II ATA Device +++++

--- User ---

[MBR] a0bd8bd7131084dda41097474687164f

[bSP] 180f797421d3d4c5bcaec444faff3093 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Concluido : << RKreport[1]_S_12012012_02d1714.txt >>

RKreport[1]_S_12012012_02d1714.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, rode novamente o RogueKiller.

Na guia Registro só deixe marcada esta entrada abaixo (desmarque as outras).

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO

Ao final do scan, clique no botão Deletar. Aguarde o processo finalizar.

Clique no botão Report. Abrirá um bloco de notas com informações.

Este log é salvo no desktop com o nome de RKreport[2].txt.

Depois, baixe Farbar Service Scanner e salve no desktop. Execute a ferramenta.

Além da checkbox Internet Services que já vem marcada por padrão, marque as seguintes checkboxes:

  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Clique em Scan e aguarde o exame acabar, Ao final será gerado um log chamado FSS.txt que é salvo no mesmo diretório que está o FSS, ou seja, no desktop.

Selecione, copie e cole o seu conteúdo na próxima resposta + o conteúdo do RKreport[2].txt.


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Roguekiller:

RogueKiller V8.3.1 [Nov 29 2012] Por Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Site : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Iniciado em : Modo Normal

Usuario : Rodrigo [Privilegios de Admnistrador]

Modo : Remover -- Data : 12/01/2012 18:40:33

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{2A1A2012-3F5F-4CD1-86C6-2A33B2B5443D} : NameServer (187.100.246.253 200.220.227.56) -> NÃO REMOVIDO, USE A OPÇÃO REPARAR DNS

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NÃO SELECIONADO

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÃO SELECIONADO

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM320II ATA Device +++++

--- User ---

[MBR] a0bd8bd7131084dda41097474687164f

[bSP] 180f797421d3d4c5bcaec444faff3093 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Concluido : << RKreport[3]_D_12012012_02d1840.txt >>

RKreport[1]_S_12012012_02d1714.txt ; RKreport[2]_S_12012012_02d1836.txt ; RKreport[3]_D_12012012_02d1840.txt

Farbar:

Farbar Service Scanner Version: 01-12-2012 02

Ran by Rodrigo (administrator) on 01-12-2012 at 18:46:55

Running from "C:\Users\Rodrigo\Desktop"

Windows 7 Home Premium Service Pack 1 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

WAN connected

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2012-11-13 19:38] - [2012-10-03 14:58] - 1293680 ____A (Microsoft Corporation) E23A56F843E2AEBBB209D0ACCA73C640

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\ipnathlp.dll => MD5 is legit

C:\Windows\system32\iphlpsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Compartilhar este post


Link para o post
Compartilhar em outros sites

Deixou marcada a chave errada no RogueKiller. Observe que no log a chave sai abreviada mas no programa ela aparece completa. Veja as características da chave

116ujd5.png

É semelhante as que estão circundadas.

Na guia Registro só deixe marcada esta entrada abaixo (desmarque as outras).

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Entre para seguir isso  

×