Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

zezelto

Meu PC está com vírus karagany e rootkit o que fazer?

12 posts neste tópico

Caros amigos fiz todos os procedimentos inicias e segue abaixo o log para analise ok

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:27:02, on 11/12/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Normal

Running processes:

C:\Windows\PixArt\PAC7302\Monitor.exe

C:\Users\Zezelto\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Users\Zezelto\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Ares\Ares.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\Zezelto\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/?o...=EIE9HP&PC=UP14

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...mt_hp_hao123_br

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Zezelto\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10663 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo, abra o MBAM, vá na aba Atualização e clique em Verificar atualizações.

Será feita uma verificação e começará a baixar se houver. Quando terminar de atualizar, será informado de que, a base de dados foi atualizada com sucesso. Dê o OK.

  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

0

 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue abaixo o log do mbam e hijackthis

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Versão da Base de Dados: v2012.12.11.11

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Zezelto :: ZEZELTO-PC [administrador]

Proteção: Permitir

11/12/2012 18:02:19

mbam-log-2012-12-11 (18-02-19).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 205356

Tempo decorrido: 2 minuto(s),

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:09:39, on 11/12/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\PixArt\PAC7302\Monitor.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Zezelto\AppData\Local\Akamai\netsession_win.exe

C:\Users\Zezelto\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\Ares\Ares.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Users\Zezelto\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/?ocid=EIE9HP&PC=UP14

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=smt_hp_hao123_br

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Zezelto\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10593 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, rode os programas abaixo pela ordem:

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

1 - Baixe o 2lsf8k9.png e salve no desktop.

Dê um duplo-clique sobre o adwcleaner.exe.

Clique no botão t8aneq.png. Dê o Ok na mensagem de que os programas abertos serão fechados.

Aguarde o exame terminar a ao final, será pedido para reiniciar o computador para completar a remoção. Dê o Ok.

Após reiniciar, será aberto o log AdwCleaner[s1].txt (fica salvo em C:\).

Mantenha desativados seus programas de proteção para não causar conflitos.

2 - Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta, juntamente com o conteúdo do AdwCleaner[s1].txt e um novo log do HijackThis.

0

 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.0.7 (12.11.2012:3)

OS: Windows 7 Ultimate x64

Ran by Zezelto on 11/12/2012 at 20:31:53,39

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\Internet Explorer\main\\Start Page

~~~ Registry Keys

~~~ Files

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\browser manager"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 11/12/2012 at 20:43:03,35

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.100 - Logfile created 12/11/2012 at 20:13:13

# Updated 09/12/2012 by Xplode

# Operating system : Windows 7 Ultimate (64 bits)

# User : Zezelto - ZEZELTO-PC

# Boot Mode : Normal

# Running from : C:\Users\Zezelto\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Babylon

Deleted on reboot : C:\ProgramData\Browser Manager

Deleted on reboot : C:\Users\Zezelto\AppData\LocalLow\BabylonToolbar

Deleted on reboot : C:\Users\Zezelto\AppData\Roaming\Babylon

Deleted on reboot : C:\Users\Zezelto\AppData\Roaming\yourfiledownloader

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\user.js

File Deleted : C:\Users\Zezelto\AppData\Local\funmoods-speeddial_sf.crx

File Deleted : C:\Users\Zezelto\AppData\Roaming\Mozilla\Firefox\Profiles\2t7vd3nj.default-1354908366812\bprotector_extensions.sqlite

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\BrowserMngr

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BabylonToolbar

Key Deleted : HKLM\Software\BrowserMngr

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Software

Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKU\S-1-5-21-659561988-1454047286-3924272670-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [browserMngr Start Page]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [browserMngrDefaultScope]

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=44444&tt=270912_7a_3912_7&babsrc=NT_ss&mntrId=68b76f5f000000000000002421d672f9 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (pt-BR)

Profile name : default-1354908366812 [Profil par défaut]

File : C:\Users\Zezelto\AppData\Roaming\Mozilla\Firefox\Profiles\2t7vd3nj.default-1354908366812\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4044 octets] - [11/12/2012 20:10:35]

AdwCleaner[s1].txt - [4001 octets] - [11/12/2012 20:13:13]

########## EOF - C:\AdwCleaner[s1].txt - [4061 octets] ##########

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:45:52, on 11/12/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\PixArt\PAC7302\Monitor.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Zezelto\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\Zezelto\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\Ares\Ares.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe

C:\Users\Zezelto\Downloads\JRT.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\AeriaGames\Wolfteam\WolfTeam.bin

C:\Windows\SysWOW64\notepad.exe

C:\Users\Zezelto\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/?ocid=EIE9HP&PC=UP14

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Zezelto\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10805 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe MbrScan.exe by Eric_71 > salve no desktop.

Dê um duplo-clique para executar a ferramenta. Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

Baixe RogueKiller e salve no desktop.

Dê um duplo-clique sobre o RogueKiller.exe.

Clique no botâo Verificar. Aguarde o exame finalizar.

Clique no botão Report. Abrirá um bloco de notas com informações.

Este log é salvo no desktop com o nome de RKreport[1].txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta, juntamente con o conteúdo do MbrScan.log.

OBS: não use o botão Deletar pois precisamos avaliar os ítens antes de fazer isso.

0

 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites


MBRScan v1.1.1
OS : Windows 7 (64 bit)
PROCESSOR : Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
BOOT : Normal Boot
DATE : 2012/12/12 (ISO 8601) at 08:18:20
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __SAMSUNG HD753LJ (1AA01113)
BUS_TYPE : (0x03) P-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 698.6 Go [Fixed] ==> 7 MBR Code
MBR_MD5 : C2E50244A4E39FBA60A0131F247405F5
MBR_SHA1 : CC0DD4616837B3227E351CA8026090CC092A96B5
Device\Harddisk0\Partition1 698.6 Go 0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x031E7000
SIZE : 292.0 Ko
DRIVER : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BAC000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00CC0000
SIZE : 272.0 Ko
DRIVER : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00D18000
SIZE : 376.0 Ko
DRIVER : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00C00000
SIZE : 768.0 Ko
DRIVER : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E4C000
SIZE : 656.0 Ko
DRIVER : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00EF0000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ACPI.sys => Invisible on the disk
ADDRESS : 0x00EFF000
SIZE : 348.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00F56000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00F5F000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\pci.sys => Invisible on the disk
ADDRESS : 0x00F69000
SIZE : 204.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00F9C000
SIZE : 52.0 Ko
DRIVER : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00FA9000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\volmgr.sys => Invisible on the disk
ADDRESS : 0x00FBE000
SIZE : 84.0 Ko
DRIVER : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00D76000
SIZE : 368.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\intelide.sys => Invisible on the disk
ADDRESS : 0x00FD3000
SIZE : 32.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x00FDB000
SIZE : 64.0 Ko
DRIVER : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE : 104.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\atapi.sys => Invisible on the disk
ADDRESS : 0x00E1A000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ataport.SYS => Invisible on the disk
ADDRESS : 0x00DD2000
SIZE : 168.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\amdxata.sys => Invisible on the disk
ADDRESS : 0x00E23000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x01083000
SIZE : 304.0 Ko
DRIVER : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x010CF000
SIZE : 80.0 Ko
DRIVER : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x0125C000
SIZE : 1.64 Mo
DRIVER : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x010E3000
SIZE : 376.0 Ko
DRIVER : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE : 104.0 Ko
DRIVER : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x01141000
SIZE : 460.0 Ko
DRIVER : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x0121A000
SIZE : 68.0 Ko
DRIVER : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x0122B000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x0145A000
SIZE : 968.0 Ko
DRIVER : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x0154C000
SIZE : 384.0 Ko
DRIVER : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x015AC000
SIZE : 172.0 Ko
DRIVER : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01602000
SIZE : 1.99 Mo
DRIVER : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE : 296.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x0144A000
SIZE : 64.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\volsnap.sys => Invisible on the disk
ADDRESS : 0x011B4000
SIZE : 304.0 Ko
DRIVER : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x015D7000
SIZE : 32.0 Ko
DRIVER : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE : 232.0 Ko
DRIVER : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x015DF000
SIZE : 72.0 Ko
DRIVER : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x015F1000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x0103A000
SIZE : 232.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x01235000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01846000
SIZE : 192.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x018AC000
SIZE : 168.0 Ko
DRIVER : C:\Windows\System32\Drivers\aswSnx.SYS => Invisible on the disk
ADDRESS : 0x018D6000
SIZE : 976.0 Ko
DRIVER : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x019CA000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x019D3000
SIZE : 28.0 Ko
DRIVER : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x019DA000
SIZE : 56.0 Ko
DRIVER : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x01800000
SIZE : 148.0 Ko
DRIVER : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x01825000
SIZE : 64.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x01835000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x019E8000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x019F1000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x0124B000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x00E2E000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x02CE7000
SIZE : 120.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x02D05000
SIZE : 52.0 Ko
DRIVER : C:\Windows\System32\Drivers\aswTdi.SYS => Invisible on the disk
ADDRESS : 0x02D12000
SIZE : 72.0 Ko
DRIVER : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x02D24000
SIZE : 552.0 Ko
DRIVER : C:\Windows\System32\Drivers\aswrdr2.sys => Invisible on the disk
ADDRESS : 0x02DAE000
SIZE : 64.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x02C00000
SIZE : 276.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x02C45000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x02C4E000
SIZE : 152.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x02C74000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk
ADDRESS : 0x02C83000
SIZE : 116.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x02CA0000
SIZE : 108.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk
ADDRESS : 0x02CBB000
SIZE : 80.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x03A45000
SIZE : 324.0 Ko
DRIVER : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x03A96000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
ADDRESS : 0x03AA2000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x03AAD000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x03ABC000
SIZE : 524.0 Ko
DRIVER : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x03B3F000
SIZE : 120.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x03B5D000
SIZE : 68.0 Ko
DRIVER : C:\Windows\System32\Drivers\aswSP.SYS => Invisible on the disk
ADDRESS : 0x03B6E000
SIZE : 388.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x03BCF000
SIZE : 152.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x03A00000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x03C24000
SIZE : 5.83 Mo
DRIVER : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x0429C000
SIZE : 976.0 Ko
DRIVER : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x04390000
SIZE : 280.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x043D6000
SIZE : 144.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk
ADDRESS : 0x0441C000
SIZE : 668.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbuhci.sys => Invisible on the disk
ADDRESS : 0x044C3000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x044D0000
SIZE : 344.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x04526000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\3xHybr64.sys => Invisible on the disk
ADDRESS : 0x04537000
SIZE : 724.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x04200000
SIZE : 268.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\BdaSup.SYS => Invisible on the disk
ADDRESS : 0x045EC000
SIZE : 16.0 Ko
DRIVER : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x045F0000
SIZE : 24.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the disk
ADDRESS : 0x04400000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\fdc.sys => Invisible on the disk
ADDRESS : 0x0440C000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x04243000
SIZE : 120.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x04261000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x04270000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\parport.sys => Invisible on the disk
ADDRESS : 0x0427F000
SIZE : 116.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x03C00000
SIZE : 64.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x03A16000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x02DBE000
SIZE : 144.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x03C10000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x04864000
SIZE : 188.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x04893000
SIZE : 108.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x048AE000
SIZE : 132.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x048CF000
SIZE : 104.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk
ADDRESS : 0x048E9000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\swenum.sys => Invisible on the disk
ADDRESS : 0x048F4000
SIZE : 8.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x048F6000
SIZE : 72.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x04908000
SIZE : 360.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\flpydisk.sys => Invisible on the disk
ADDRESS : 0x04962000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x0496D000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x05811000
SIZE : 3.87 Mo
DRIVER : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x04982000
SIZE : 244.0 Ko
DRIVER : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x049BF000
SIZE : 136.0 Ko
DRIVER : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00060000
SIZE : 3.06 Mo
DRIVER : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x05BEF000
SIZE : 48.0 Ko
DRIVER : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x05800000
SIZE : 56.0 Ko
DRIVER : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x049E1000
SIZE : 48.0 Ko
DRIVER : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0x049ED000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x04800000
SIZE : 76.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x04813000
SIZE : 56.0 Ko
DRIVER : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x004F0000
SIZE : 40.0 Ko
DRIVER : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00660000
SIZE : 156.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk
ADDRESS : 0x04821000
SIZE : 108.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x0580E000
SIZE : 8.0 Ko
DRIVER : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x0483C000
SIZE : 140.0 Ko
DRIVER : C:\Windows\system32\drivers\aswMonFlt.sys => Invisible on the disk
ADDRESS : 0x01876000
SIZE : 136.0 Ko
DRIVER : C:\Windows\system32\drivers\mbam.sys => Invisible on the disk
ADDRESS : 0x049F6000
SIZE : 40.0 Ko
DRIVER : C:\Windows\System32\Drivers\aswFsBlk.SYS => Invisible on the disk
ADDRESS : 0x045F6000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x0203F000
SIZE : 132.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x02060000
SIZE : 116.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\PAC7302.SYS => Invisible on the disk
ADDRESS : 0x0207D000
SIZE : 536.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\STREAM.SYS => Invisible on the disk
ADDRESS : 0x02103000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\drivers\usbaudio.sys => Invisible on the disk
ADDRESS : 0x02114000
SIZE : 108.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x0212F000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x02144000
SIZE : 96.0 Ko
DRIVER : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x0269C000
SIZE : 800.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x02764000
SIZE : 120.0 Ko
DRIVER : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x02782000
SIZE : 96.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x0279A000
SIZE : 176.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x02600000
SIZE : 308.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x0264D000
SIZE : 140.0 Ko
DRIVER : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x05E03000
SIZE : 664.0 Ko
DRIVER : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x05EA9000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x05EB4000
SIZE : 180.0 Ko
DRIVER : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x05EE1000
SIZE : 72.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x05EF3000
SIZE : 420.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x05F5C000
SIZE : 608.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x027C6000
SIZE : 196.0 Ko
DRIVER : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47C80000
SIZE : 128.0 Ko
BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
SystemStartOptions : NOEXECUTE=OPTIN
________________________________________________________________________________
_______MBR \Device\Harddisk0\DR0
0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿.
0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹..
0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å.
0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 ânãoÍ..V.UÆF..ÆF..
0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu.
0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t
0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h.
0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ.
0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..ë.¸..».|.V.
0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ
0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².ë.
0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2ä.V.Í.]ë..>þ}U
0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°Ñæd
0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßæ`è|.°.ædèu
0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT
0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.».
0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf
0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f
0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í
0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.ë..¶.ë..µ.2ä
0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....ð¬<.t.»..´.Í
0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø
0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti
0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error
0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati
0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin
0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x000001B0 65 6D 00 00 00 63 7B 9A FA 4C 0D 00 00 00 80 01 em...c{.úL......
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 01 14 54 57 00 00 ...þ..?.....TW..
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

RogueKiller V8.4.0 [Dec 12 2012] Por Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Site : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7600 ) 64 bits version

Iniciado em : Modo Normal

Usuario : Zezelto [Privilegios de Admnistrador]

Modo : Verificar -- Data : 12/12/2012 08:20:13

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 4 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> ENCONTRADO

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> ENCONTRADO

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Não Carregado] ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD753LJ ATA Device +++++

--- User ---

[MBR] c2e50244a4e39fba60a0131f247405f5

[bSP] ac9967f26300507cd461136522adaa5e : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715394 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Concluido : << RKreport[1]_S_12122012_02d0820.txt >>

RKreport[1]_S_12122012_02d0820.txt

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, rode novamente o RogueKiller. Depois do scan, na guia Registro deixe marcadas as seguintes entradas:

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> ENCONTRADO

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> ENCONTRADO

Clique nas checkboxes das outras para desmarcar.

Clique no botão Deletar. Aguarde o processo finalizar.

Clique no botão Report. Abrirá um bloco de notas com informações.

Este log é salvo no desktop com o nome de RKreport[2].txt.

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix (by sUBs) e salve na área de trabalho.

  • Feche todas as janelas e programas.
  • Dê um duplo-clique no ComboFix.exe e tecle "Sim" para prosseguir.

Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Selecione, copie e cole o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta, juntamente com o novo log do RogueKiller.

Importante:

  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete o Combofix.exe e baixe-o novamente. Veja bem: é somente para deletar o arquivo. NÃO É para desinstalá-lo.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de segurança.

0

 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 12-12-10.01 - Zezelto 12/12/2012 15:19:47.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4086.2401 [GMT -2:00]

Executando de: c:\users\Zezelto\Downloads\ComboFix.exe

AV: avast! antivírus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! antivírus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-12 to 2012-12-12 ))))))))))))))))))))))))))))

.

.

2012-12-12 17:24 . 2012-12-12 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-12 17:18 . 2012-12-12 17:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4365DEB5-777A-42BE-92CE-EE5EF2A07C3D}\offreg.dll

2012-12-11 22:20 . 2012-12-11 22:20 -------- d-----w- c:\windows\ERUNT

2012-12-11 22:20 . 2012-12-11 22:30 -------- d-----w- C:\JRT

2012-12-11 18:55 . 2012-12-11 18:55 -------- d-----w- c:\users\Zezelto\AppData\Roaming\Malwarebytes

2012-12-11 18:55 . 2012-12-11 18:55 -------- d-----w- c:\programdata\Malwarebytes

2012-12-11 18:55 . 2012-12-11 18:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-11 18:55 . 2012-09-29 21:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-11 17:03 . 2012-12-11 17:03 -------- d-----w- c:\program files (x86)\Aeria Games

2012-12-10 16:50 . 2012-12-10 16:50 -------- d-----w- C:\Game

2012-11-27 12:36 . 2012-11-27 12:36 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 16:48 . 2012-09-26 19:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 16:48 . 2012-09-26 19:07 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-30 22:51 . 2012-09-26 19:07 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2012-09-26 19:07 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2012-09-26 19:06 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2012-09-26 19:06 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 22:51 . 2012-09-26 19:07 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2012-09-26 19:06 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2012-09-26 19:06 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-10-30 22:50 . 2012-09-26 19:06 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-15 14:59 . 2012-09-26 19:07 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-10-12 07:19 . 2012-10-23 17:58 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4365DEB5-777A-42BE-92CE-EE5EF2A07C3D}\mpengine.dll

2012-09-28 02:18 . 2012-10-23 19:01 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-09-26 20:11 . 2012-09-26 20:11 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-09-26 20:11 . 2012-09-26 20:11 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-09-26 20:11 . 2012-09-26 20:11 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-09-26 20:11 . 2012-09-26 20:11 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-09-26 20:11 . 2012-09-26 20:11 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-09-26 20:11 . 2012-09-26 20:11 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-09-26 20:11 . 2012-09-26 20:11 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-09-26 20:11 . 2012-09-26 20:11 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-09-26 20:11 . 2012-09-26 20:11 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-09-26 20:11 . 2012-09-26 20:11 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-09-26 20:11 . 2012-09-26 20:11 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-09-26 20:11 . 2012-09-26 20:11 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-09-26 20:11 . 2012-09-26 20:11 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-09-26 20:11 . 2012-09-26 20:11 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-09-26 20:11 . 2012-09-26 20:11 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-09-26 20:11 . 2012-09-26 20:11 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-09-26 20:11 . 2012-09-26 20:11 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-09-26 20:11 . 2012-09-26 20:11 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-09-26 20:11 . 2012-09-26 20:11 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-09-26 20:11 . 2012-09-26 20:11 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-09-26 20:11 . 2012-09-26 20:11 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-09-26 20:11 . 2012-09-26 20:11 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-09-26 20:11 . 2012-09-26 20:11 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-09-26 20:11 . 2012-09-26 20:11 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-09-26 20:11 . 2012-09-26 20:11 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-09-26 20:11 . 2012-09-26 20:11 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-09-26 20:11 . 2012-09-26 20:11 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-09-26 20:11 . 2012-09-26 20:11 82432 ----a-w- c:\windows\system32\icardie.dll

2012-09-26 20:11 . 2012-09-26 20:11 816640 ----a-w- c:\windows\system32\jscript.dll

2012-09-26 20:11 . 2012-09-26 20:11 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-09-26 20:11 . 2012-09-26 20:11 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-09-26 20:11 . 2012-09-26 20:11 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-09-26 20:11 . 2012-09-26 20:11 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-09-26 20:11 . 2012-09-26 20:11 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-09-26 20:11 . 2012-09-26 20:11 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-09-26 20:11 . 2012-09-26 20:11 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-09-26 20:11 . 2012-09-26 20:11 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-09-26 20:11 . 2012-09-26 20:11 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-09-26 20:11 . 2012-09-26 20:11 448512 ----a-w- c:\windows\system32\html.iec

2012-09-26 20:11 . 2012-09-26 20:11 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-09-26 20:11 . 2012-09-26 20:11 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-09-26 20:11 . 2012-09-26 20:11 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-09-26 20:11 . 2012-09-26 20:11 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-09-26 20:11 . 2012-09-26 20:11 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-09-26 20:11 . 2012-09-26 20:11 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-09-26 20:11 . 2012-09-26 20:11 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-09-26 20:11 . 2012-09-26 20:11 248320 ----a-w- c:\windows\system32\ieui.dll

2012-09-26 20:11 . 2012-09-26 20:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-09-26 20:11 . 2012-09-26 20:11 237056 ----a-w- c:\windows\system32\url.dll

2012-09-26 20:11 . 2012-09-26 20:11 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-09-26 20:11 . 2012-09-26 20:11 222208 ----a-w- c:\windows\system32\msls31.dll

2012-09-26 20:11 . 2012-09-26 20:11 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-09-26 20:11 . 2012-09-26 20:11 197120 ----a-w- c:\windows\system32\msrating.dll

2012-09-26 20:11 . 2012-09-26 20:11 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-09-26 20:11 . 2012-09-26 20:11 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-09-26 20:11 . 2012-09-26 20:11 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-09-26 20:11 . 2012-09-26 20:11 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-09-26 20:11 . 2012-09-26 20:11 160256 ----a-w- c:\windows\system32\wextract.exe

2012-09-26 20:11 . 2012-09-26 20:11 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-09-26 20:11 . 2012-09-26 20:11 149504 ----a-w- c:\windows\system32\occache.dll

2012-09-26 20:11 . 2012-09-26 20:11 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-09-26 20:11 . 2012-09-26 20:11 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-09-26 20:11 . 2012-09-26 20:11 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-09-26 20:11 . 2012-09-26 20:11 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-09-26 20:11 . 2012-09-26 20:11 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-09-26 20:11 . 2012-09-26 20:11 12288 ----a-w- c:\windows\system32\mshta.exe

2012-09-26 20:11 . 2012-09-26 20:11 114176 ----a-w- c:\windows\system32\admparse.dll

2012-09-26 20:11 . 2012-09-26 20:11 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-09-26 20:11 . 2012-09-26 20:11 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-09-26 20:11 . 2012-09-26 20:11 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-09-26 20:11 . 2012-09-26 20:11 103936 ----a-w- c:\windows\system32\inseng.dll

2012-09-26 19:07 . 2012-09-26 19:07 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2012-09-26 19:07 . 2012-09-26 19:07 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-09-26 19:07 . 2012-09-26 19:07 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-09-26 19:07 . 2012-09-26 19:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll

2012-09-26 19:07 . 2012-09-26 19:07 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2012-09-26 19:07 . 2012-09-26 19:07 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2012-09-26 19:07 . 2012-09-26 19:07 4068864 ----a-w- c:\windows\system32\mf.dll

2012-09-26 19:07 . 2012-09-26 19:07 320512 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-09-26 19:07 . 2012-09-26 19:07 3181568 ----a-w- c:\windows\SysWow64\mf.dll

2012-09-26 19:07 . 2012-09-26 19:07 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2012-09-26 19:07 . 2012-09-26 19:07 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2012-09-26 19:07 . 2012-09-26 19:07 257024 ----a-w- c:\windows\system32\mfreadwrite.dll

2012-09-26 19:07 . 2012-09-26 19:07 229888 ----a-w- c:\windows\system32\XpsRasterService.dll

2012-09-26 19:07 . 2012-09-26 19:07 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2012-09-26 19:07 . 2012-09-26 19:07 206848 ----a-w- c:\windows\system32\mfps.dll

2012-09-26 19:07 . 2012-09-26 19:07 197120 ----a-w- c:\windows\system32\d3d10_1.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Zezelto\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-27 39408]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]

"ares"="c:\program files (x86)\Ares\Ares.exe" [2012-02-02 3209216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]

"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2012-09-10 1411224]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 wolf;wolf;c:\game\SoftnyxGame\WolfTeamPS\avital\wolf64.sys [2012-11-12 89560]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

S3 3xHybr64;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybr64.sys [2007-06-15 740352]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 16:48]

.

2012-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-27 23:45]

.

2012-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-27 23:45]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-23 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-23 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-23 363544]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com.br/

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Zezelto\AppData\Roaming\Mozilla\Firefox\Profiles\2t7vd3nj.default-1354908366812\

FF - ExtSQL: 2012-10-31 20:19; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - ExtSQL: 2012-11-08 08:03; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2012-12-12 15:26:15

ComboFix-quarantined-files.txt 2012-12-12 17:26

ComboFix2.txt 2011-02-25 21:19

.

Pré-execução: 690.209.370.112 bytes disponíveis

Pós execução: 690.079.457.280 bytes disponíveis

.

- - End Of File - - B7DE0B7CF3DD6564033DCEE2460BB596

RogueKiller V8.4.0 [Dec 12 2012] Por Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Site : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7600 ) 64 bits version

Iniciado em : Modo Normal

Usuario : Zezelto [Privilegios de Admnistrador]

Modo : Remover -- Data : 12/12/2012 15:13:12

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 4 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETADO

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETADO

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÃO SELECIONADO

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÃO SELECIONADO

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Não Carregado] ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD753LJ ATA Device +++++

--- User ---

[MBR] c2e50244a4e39fba60a0131f247405f5

[bSP] ac9967f26300507cd461136522adaa5e : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715394 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Concluido : << RKreport[3]_D_12122012_02d1513.txt >>

RKreport[1]_S_12122012_02d0820.txt ; RKreport[2]_S_12122012_02d1512.txt ; RKreport[3]_D_12122012_02d1513.txt

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ele ficou limpo,muito obrigado amigo pelas dicas de como remover esses virus ok.

vlw mesmo fique com "DEUS".

Ele ficou limpo,muito obrigado amigo pelas dicas de como remover esses virus ok.

vlw mesmo fique com "DEUS".

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, para finalizar, vá em Iniciar > Executar > digite (ou copie e cole): ComboFix /Uninstall

2egd02b.png

Dê o OK. Aguarde, pois isso irá desinstalar o ComboFix.

Para evitar que a infecção se reinstale se for usado algum ponto de restauração infectado, clique no botão Iniciar > Painel de controle > Sistema e Manutenção ( ou Sistema e Segurança) > Sistema.

No painel esquerdo, clique em Proteção do sistema.

Na proxima janela, clique em Configurar e em seguida, clique no botão Excluir > Ok.

De volta à janela "Proteção do sistema", clique no botão Criar. Na caixa que aparecer, digite um nome qualquer para o ponto de restauração e clique no botão Criar.

Aguarde até o sistema finalizar o processo, depois clique no botão "Fechar" e depois em OK.

AdobeReader.png Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

Clique aqui e instale a mais nova versão.

flash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.

worm.pngWorms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.

Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

Para criar um arquivo autorun.inf protegido no Windows XP:

Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.

  • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
  • Execute o Flash_Disinfector.exe.
  • Vá seguindo os prompts que poderão aparecer.
  • Espere até que o programa conclua a busca e depois saia do programa.

Para Windows Vista e 7: Panda USB Vaccine

TFC_icon.png Para manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC.exe, by OldTimer.

Feche todos os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

Caso não lhe seja solicitado, reinicie manualmente.

MANTENHA O SO ATUALIZADO:

WU_icon2.pngVisite o Windows Update regularmente e verifique por atualizações.

Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.

Por isso é fundamental manter o seu sistema atualizado.

(Y)

0

 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites


O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.