Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

RafaelSonyLock

[Resolvido!] Computador Estranho

Recommended Posts

Olá !

 

A Conecxão Wirelles esta caindo bastante, quando temto reparar, o PC desliga

Queria ver se é Realmente virus, se não for, ver oque é pois a Placa Wirelles e o restante do |PC esta na garantia !

 

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:27:16, on 2/7/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exeC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\RK_Launcher_04_Beta\RKLauncher.exeC:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\TUProgSt.exeC:\WINDOWS\system32\wuauclt.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\Arquivos de programas\Orbitdownloader\orbitdm.exeC:\Arquivos de programas\Orbitdownloader\orbitnet.exeC:\Documents and Settings\Administrador\Desktop\HiJackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.aspR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Mirar - {5C8E0E3C-AD77-436D-A84D-66E559359DDE} - (no file)O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dllO4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Steam] C:\Arquivos de programas\Steam\Steam.exe -silentO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Atalho para RKLauncher.lnk = C:\Arquivos de programas\RK_Launcher_04_Beta\RKLauncher.exeO8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244652603965O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://www.netgame.com/mplugin/mglaunch_USAv1004.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: Boonty Games - BOONTY - C:\Arquivos de programas\Arquivos comuns\BOONTY Shared\Service\Boonty.exeO23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Update Service (gupdate1c9ea24425a03cc) (gupdate1c9ea24425a03cc) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exeO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exeO23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe--End of file - 6732 bytes

Obrigado e T+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa RafaelSonyLock,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Prontinho, e Obrigado pela Atenção.

Não instalei o Console de Recuperação, intalei uma vez e deu muito trabalho para remover !

 

Segue o log do ComboFix

ComboFix 09-07-02.02 - Administrador 02/07/2009 22:07.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1252.55.1046.18.2037.1616 [GMT -3:00]Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exeAV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Criado um novo ponto de restauraçãoATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!.(((((((((((((((((((((((((((((((((((((   Outras Exclusões   ))))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Administrador\Dados de aplicativos\inst.exec:\windows\Installer\1019678.msic:\windows\system32\AVSredirect.dll.(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_BOONTY_GAMES-------\Service_Boonty Games((((((((((((((((   Arquivos/Ficheiros criados de 2009-06-03 to 2009-07-03  )))))))))))))))))))))))))))).2009-07-02 23:38 . 2009-07-02 23:38	--------	d-----w-	c:\documents and settings\Administrador\DoctorWeb2009-07-02 23:36 . 2009-07-03 01:10	2607136	--sha-w-	c:\windows\system32\drivers\fidbox.dat2009-07-02 16:19 . 2009-07-03 01:11	--------	d-----w-	c:\arquivos de programas\Steam2009-07-02 00:07 . 2009-07-02 13:40	--------	d-----w-	C:\downloads2009-07-02 00:07 . 2009-07-02 00:07	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\GrabPro2009-07-02 00:07 . 2009-07-03 01:10	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\Orbit2009-07-02 00:07 . 2009-07-02 00:09	--------	d-----w-	c:\arquivos de programas\Orbitdownloader2009-07-01 23:28 . 2009-07-01 23:28	--------	d-----w-	c:\arquivos de programas\RK_Launcher_04_Beta2009-06-30 22:08 . 2009-06-30 22:08	603904	----a-w-	c:\windows\system32\TUProgSt.exe2009-06-30 22:08 . 2008-11-12 19:44	27904	----a-w-	c:\windows\system32\uxtuneup.dll2009-06-30 22:08 . 2009-06-30 22:08	362240	----a-w-	c:\windows\system32\TuneUpDefragService.exe2009-06-30 22:08 . 2009-06-30 22:08	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\TuneUp Software2009-06-30 22:08 . 2009-06-30 22:08	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\TuneUp Software2009-06-30 22:08 . 2009-06-30 22:08	--------	d-----w-	c:\arquivos de programas\TuneUp Utilities 20092009-06-30 22:08 . 2009-06-30 22:08	--------	d-sh--w-	c:\documents and settings\All Users\Dados de aplicativos\{55A29068-F2CE-456C-9148-C869879E2357}2009-06-28 00:02 . 2009-06-28 00:02	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\ESET2009-06-24 23:35 . 2006-03-01 07:53	773120	----a-w-	c:\windows\system32\bubbles.scr2009-06-24 23:35 . 2006-03-03 17:42	117248	----a-w-	c:\windows\system32\Mystify.scr2009-06-24 23:35 . 2006-03-01 08:21	1263616	----a-w-	c:\windows\system32\aurora.scr2009-06-24 01:30 . 2009-06-30 21:30	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\Any Video Converter2009-06-24 01:30 . 2009-06-27 13:51	--------	d-----w-	c:\arquivos de programas\Any Video Converter2009-06-21 22:18 . 2004-02-22 13:11	719872	----a-w-	c:\windows\system32\devil.dll2009-06-21 22:18 . 2007-05-17 20:30	318976	----a-w-	c:\windows\system32\avisynth.dll2009-06-21 22:18 . 2009-06-21 22:18	--------	d-----w-	C:\Program Files2009-06-21 22:18 . 2004-01-25 03:00	70656	----a-w-	c:\windows\system32\i420vfw.dll2009-06-18 23:47 . 2009-06-18 23:47	410984	----a-w-	c:\windows\system32\deploytk.dll2009-06-18 23:47 . 2009-06-18 23:47	--------	d-----w-	c:\arquivos de programas\Java2009-06-18 23:47 . 2009-06-18 23:47	152576	----a-w-	c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_14\lzma.dll2009-06-18 21:48 . 2008-09-16 19:23	168448	----a-w-	c:\windows\system32\unrar.dll2009-06-18 21:48 . 2004-01-25 03:00	70656	----a-w-	c:\windows\system32\yv12vfw.dll2009-06-18 21:48 . 2009-05-29 21:37	205824	----a-w-	c:\windows\system32\xvidvfw.dll2009-06-18 21:48 . 2009-05-29 21:31	881664	----a-w-	c:\windows\system32\xvidcore.dll2009-06-18 21:48 . 2009-05-01 21:02	90112	----a-w-	c:\windows\system32\dpl100.dll2009-06-18 21:48 . 2008-11-06 16:37	3596288	----a-w-	c:\windows\system32\qt-dx331.dll2009-06-18 21:48 . 2009-05-01 21:02	685056	----a-w-	c:\windows\system32\divx.dll2009-06-18 21:48 . 2009-06-02 16:11	85504	----a-w-	c:\windows\system32\ff_vfw.dll2009-06-18 21:48 . 2009-01-07 18:14	60273	----a-w-	c:\windows\system32\pthreadGC2.dll2009-06-18 21:47 . 2009-06-18 22:47	--------	d-----w-	c:\arquivos de programas\K-Lite Codec Pack2009-06-17 23:33 . 2009-06-20 21:46	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\SoundSpectrum2009-06-17 23:31 . 2009-06-20 21:46	--------	d-----w-	c:\arquivos de programas\SoundSpectrum2009-06-17 22:45 . 2009-06-17 22:45	3561743	----a-w-	c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe2009-06-16 04:09 . 2009-06-16 04:09	--------	d-sh--w-	c:\documents and settings\Administrador\IECompatCache2009-06-14 23:09 . 2009-06-14 23:09	--------	d--h--w-	c:\windows\system32\GroupPolicy2009-06-14 21:54 . 2009-06-14 21:54	--------	d-----w-	c:\arquivos de programas\Microsoft Silverlight2009-06-14 21:03 . 2008-10-16 17:06	208744	----a-w-	c:\windows\system32\muweb.dll2009-06-14 21:03 . 2008-10-16 17:06	268648	----a-w-	c:\windows\system32\mucltui.dll2009-06-14 19:58 . 2009-06-20 21:49	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\TeamViewer2009-06-14 19:58 . 2009-06-20 21:49	--------	d-----w-	c:\arquivos de programas\TeamViewer2009-06-14 19:58 . 2009-06-14 19:58	--------	d-----w-	c:\documents and settings\Administrador\temp2009-06-14 19:37 . 2009-07-02 23:45	--------	d-----w-	c:\documents and settings\Administrador\Tracing2009-06-14 19:35 . 2009-06-14 19:35	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\WLInstaller2009-06-14 18:22 . 2009-06-14 21:53	--------	d-----w-	c:\arquivos de programas\Microsoft2009-06-14 18:22 . 2009-06-14 18:22	--------	d-----w-	c:\arquivos de programas\Windows Live SkyDrive2009-06-14 18:22 . 2009-06-14 18:22	--------	d-----w-	c:\arquivos de programas\Windows Live2009-06-14 17:16 . 2009-06-14 17:16	--------	d-----w-	c:\arquivos de programas\Take22009-06-14 16:48 . 2002-11-22 18:56	118784	----a-w-	c:\windows\ShowBmp.exe2009-06-14 16:48 . 2002-08-13 21:01	53248	----a-w-	c:\windows\ap561.exe2009-06-14 16:48 . 2009-06-14 16:48	--------	d-----w-	c:\windows\Setup2K2009-06-14 16:42 . 2009-06-14 16:42	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Windows Live2009-06-14 15:22 . 2009-06-14 15:22	--------	d-----w-	c:\arquivos de programas\SystemRequirementsLab2009-06-13 22:34 . 2008-04-13 14:39	5504	----a-w-	c:\windows\system32\drivers\MSTEE.sys2009-06-13 22:34 . 2008-04-13 14:46	10880	----a-w-	c:\windows\system32\drivers\NdisIP.sys2009-06-13 22:34 . 2008-04-13 14:46	15232	----a-w-	c:\windows\system32\drivers\StreamIP.sys2009-06-13 22:34 . 2008-04-13 14:46	11136	----a-w-	c:\windows\system32\drivers\SLIP.sys2009-06-13 22:34 . 2008-04-13 14:46	19200	----a-w-	c:\windows\system32\drivers\WSTCODEC.SYS2009-06-13 22:34 . 2008-04-13 14:46	85248	----a-w-	c:\windows\system32\drivers\NABTSFEC.sys2009-06-13 22:34 . 2008-04-13 14:46	17024	----a-w-	c:\windows\system32\drivers\CCDECODE.sys2009-06-13 22:34 . 2002-10-01 17:43	119798	----a-w-	c:\windows\system32\drivers\SPCA561.SYS2009-06-13 22:33 . 2008-04-13 22:20	54784	----a-w-	c:\windows\system32\vfwwdm32.dll2009-06-13 02:26 . 2009-06-13 02:27	--------	d-----w-	C:\Netgame2009-06-13 01:15 . 2009-06-27 16:41	95744	----a-w-	c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\Updates\Condition.dll2009-06-12 22:15 . 2008-04-13 14:45	32128	----a-w-	c:\windows\system32\drivers\usbccgp.sys2009-06-12 00:01 . 2009-06-27 23:17	--------	d-----w-	c:\arquivos de programas\LevelUpGames2009-06-11 22:14 . 2009-07-02 21:49	--------	d-----w-	C:\Allls2009-06-11 21:01 . 2009-06-19 00:18	--------	d-----w-	C:\GTA San Andras2009-06-11 19:31 . 2009-06-11 19:31	--------	d-----w-	c:\arquivos de programas\Paint.NET2009-06-11 19:30 . 2009-06-11 19:30	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\FLEXnet2009-06-11 19:24 . 2009-06-11 19:24	--------	d-----w-	c:\arquivos de programas\Bonjour2009-06-11 18:33 . 2009-06-11 18:33	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Macrovision Shared2009-06-11 18:29 . 2009-06-11 19:24	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Adobe2009-06-11 16:40 . 2009-06-11 16:40	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\BOONTY2009-06-11 16:40 . 2009-06-11 16:40	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\BOONTY Shared2009-06-11 15:37 . 2009-06-13 21:36	--------	d-----w-	C:\Flatout 22009-06-11 15:17 . 2009-06-11 15:17	98304	----a-w-	c:\windows\system32\CmdLineExt.dll2009-06-11 15:17 . 2009-06-11 15:20	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\Ford Street Racing2009-06-11 15:17 . 2009-06-11 15:17	--------	d-----w-	c:\arquivos de programas\Xplosiv2009-06-11 02:31 . 2009-06-11 02:32	--------	d-----w-	c:\windows\system32\URTTEMP2009-06-11 02:31 . 2009-05-12 05:11	102912	-c----w-	c:\windows\system32\dllcache\iecompat.dll2009-06-11 02:10 . 2009-06-11 02:10	--------	d-----w-	c:\windows\ie8updates2009-06-11 02:08 . 2009-06-11 02:08	--------	d-----w-	c:\arquivos de programas\MSXML 4.02009-06-11 01:59 . 2009-04-30 21:14	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll2009-06-11 01:59 . 2009-04-30 21:14	246272	-c----w-	c:\windows\system32\dllcache\ieproxy.dll2009-06-11 01:59 . 2009-04-30 21:14	1985024	-c----w-	c:\windows\system32\dllcache\iertutil.dll2009-06-11 01:59 . 2009-04-30 21:14	11064832	-c----w-	c:\windows\system32\dllcache\ieframe.dll2009-06-11 01:52 . 2008-12-11 10:57	333952	-c----w-	c:\windows\system32\dllcache\srv.sys2009-06-11 01:50 . 2008-10-03 10:04	247326	-c----w-	c:\windows\system32\dllcache\strmdll.dll2009-06-11 01:50 . 2008-10-24 11:21	455296	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys2009-06-11 01:49 . 2008-09-04 17:16	1106944	-c----w-	c:\windows\system32\dllcache\msxml3.dll2009-06-11 01:49 . 2008-05-01 14:36	331776	-c----w-	c:\windows\system32\dllcache\msadce.dll2009-06-11 01:49 . 2008-10-15 16:36	337408	-c----w-	c:\windows\system32\dllcache\netapi32.dll2009-06-11 01:48 . 2008-04-11 19:05	691712	-c----w-	c:\windows\system32\dllcache\inetcomm.dll2009-06-11 01:47 . 2008-05-09 10:55	180224	-c----w-	c:\windows\system32\dllcache\scrobj.dll2009-06-11 01:47 . 2008-05-09 10:55	90112	-c----w-	c:\windows\system32\dllcache\wshext.dll2009-06-11 01:47 . 2008-05-09 10:55	172032	-c----w-	c:\windows\system32\dllcache\scrrun.dll2009-06-11 01:47 . 2008-05-09 08:45	135168	-c----w-	c:\windows\system32\dllcache\cscript.exe2009-06-11 01:47 . 2008-05-08 11:24	155648	-c----w-	c:\windows\system32\dllcache\wscript.exe2009-06-11 01:46 . 2008-06-14 17:34	272384	-c----w-	c:\windows\system32\dllcache\bthport.sys2009-06-11 01:46 . 2008-06-14 17:34	272384	------w-	c:\windows\system32\drivers\bthport.sys2009-06-11 01:46 . 2008-05-08 14:02	203136	-c----w-	c:\windows\system32\dllcache\rmcast.sys2009-06-11 01:41 . 2009-06-11 01:41	--------	d-sh--w-	c:\documents and settings\Administrador\PrivacIE2009-06-11 01:36 . 2009-06-11 01:36	--------	d-sh--w-	c:\documents and settings\Administrador\IETldCache2009-06-11 01:29 . 2006-06-29 16:07	14048	------w-	c:\windows\system32\spmsg2.dll2009-06-11 01:26 . 2009-06-11 01:26	--------	d-----w-	c:\windows\system32\XPSViewer2009-06-11 01:26 . 2009-06-11 01:26	--------	d-----w-	c:\arquivos de programas\Reference Assemblies2009-06-11 01:25 . 2008-07-06 12:06	89088	-c----w-	c:\windows\system32\dllcache\filterpipelineprintproc.dll2009-06-11 01:25 . 2008-07-06 12:06	575488	-c----w-	c:\windows\system32\dllcache\xpsshhdr.dll2009-06-11 01:25 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\xpsshhdr.dll2009-06-11 01:25 . 2008-07-06 12:06	1676288	-c----w-	c:\windows\system32\dllcache\xpssvcs.dll2009-06-11 01:25 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\xpssvcs.dll2009-06-11 01:25 . 2008-07-06 12:06	117760	------w-	c:\windows\system32\prntvpt.dll2009-06-11 01:25 . 2008-07-06 10:50	597504	-c----w-	c:\windows\system32\dllcache\printfilterpipelinesvc.exe2009-06-11 00:43 . 2009-06-11 00:44	--------	dc-h--w-	c:\windows\ie82009-06-11 00:40 . 2009-06-11 00:40	--------	d-----w-	c:\arquivos de programas\TVUPlayer2009-06-11 00:35 . 2008-04-13 21:20	26624	----a-w-	c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll2009-06-11 00:34 . 2009-06-11 00:34	--------	d-----w-	c:\arquivos de programas\Windows Media Connect 2.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-03 01:10 . 2009-07-02 23:36	31628	--sha-w-	c:\windows\system32\drivers\fidbox.idx2009-06-20 16:21 . 2001-10-28 15:07	84894	----a-w-	c:\windows\system32\perfc016.dat2009-06-20 16:21 . 2001-10-28 15:07	484560	----a-w-	c:\windows\system32\perfh016.dat2009-06-11 02:59 . 2009-06-10 02:08	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat2009-06-10 22:38 . 2008-04-13 21:20	219648	----a-w-	c:\windows\system32\uxtheme.dll2009-06-10 22:09 . 2009-06-10 15:43	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\InstallShield2009-06-10 15:43 . 2009-06-10 15:43	315392	----a-w-	c:\windows\HideWin.exe2009-06-10 02:09 . 2009-06-10 02:09	--------	d-----w-	c:\arquivos de programas\microsoft frontpage2009-06-10 02:07 . 2009-06-10 02:07	--------	d-----w-	c:\arquivos de programas\Serviços on-line2009-06-10 02:07 . 2009-06-10 02:07	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Serviços2009-06-10 02:05 . 2009-06-10 02:05	21844	----a-w-	c:\windows\system32\emptyregdb.dat2009-05-14 18:49 . 2009-05-14 18:49	94360	----a-w-	c:\windows\system32\drivers\epfwtdir.sys2009-05-14 18:47 . 2009-05-14 18:47	107256	----a-w-	c:\windows\system32\drivers\ehdrv.sys2009-05-14 18:41 . 2009-05-14 18:41	114472	----a-w-	c:\windows\system32\drivers\eamon.sys2009-05-13 05:03 . 2008-04-13 21:20	915456	----a-w-	c:\windows\system32\wininet.dll2009-05-07 15:33 . 2008-04-13 21:20	347136	----a-w-	c:\windows\system32\localspl.dll2009-04-19 19:50 . 2008-04-13 20:54	1847296	----a-w-	c:\windows\system32\win32k.sys2009-04-15 14:53 . 2008-04-13 21:20	585216	----a-w-	c:\windows\system32\rpcrt4.dll.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]"Steam"="c:\arquivos de programas\Steam\Steam.exe" [2003-09-11 958464][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Atalho para RKLauncher.lnk - c:\arquivos de programas\RK_Launcher_04_Beta\RKLauncher.exe [2009-7-1 368640][HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartupHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAcceleratorHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="c:\\Arquivos de programas\\Megacubo\\megacubo.exe"="c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"="c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Arquivos de programas\\DreaMule\\emule.exe"="c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"="c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/5/2009 15:47 107256]R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14/5/2009 15:49 94360]R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [14/5/2009 15:47 731840]R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [30/6/2009 19:08 603904]S2 gupdate1c9ea24425a03cc;Google Update Service (gupdate1c9ea24425a03cc);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [10/6/2009 20:36 133104]S3 FXDrv32;FXDrv32;\??\h:\fxdrv32.sys --> h:\FXDrv32.sys [?]S3 XDva272;XDva272; [x]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcsUxTuneUp[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP.Conteúdo da pasta 'Tarefas Agendadas'2009-07-03 c:\windows\Tasks\1-Click Maintenance.job- c:\arquivos de programas\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 19:28]2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-06-10 23:36]2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-06-10 23:36]2009-06-29 c:\windows\Tasks\SmartDefrag.job- c:\arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-06-10 21:15]2009-07-02 c:\windows\Tasks\User_Feed_Synchronization-{8DD4A92F-EA04-4CB1-B766-FFAE6A34BCFB}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]..------- Scan Suplementar -------.uStart Page = hxxp://www.google.com.br/uInternet Settings,ProxyOverride = *.localIE: &Clean TracesIE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201IE: &Download with &DAPIE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202IE: Download &all with DAPIE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1004.cabFF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\cx60u117.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.brFF - plugin: c:\arquivos de programas\Google\Update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dllFF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dllFF - plugin: c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\plugins\NPMFireLauncher.dllFF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}---- FIREFOX POLICIES ----FF - user.js: browser.cache.memory.capacity - 65536FF - user.js: browser.chrome.favicons - falesFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.turbo.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autofill - trueFF - user.js: content.interrupt.parsing - trueFF - user.js: content.max.tokenizing.time - 2250000FF - user.js: content.notify.backoffcount - 5FF - user.js: content.notify.interval - 750000FF - user.js: content.notify.ontimer - trueFF - user.js: content.switch.threshold - 750000FF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 4FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 2FF - user.js: network.http.pipelining - trueFF - user.js: network.http.pipelining.firstrequest - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.proxy.pipelining - trueFF - user.js: network.http.request.max-start-delay - 0FF - user.js: nglayout.initialpaint.delay - 750FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.cache_size", 51200);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.ogg.enabled", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.wave.enabled", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.storage.default_quota",	  5120);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("content.sink.event_probe_rate", 3);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("layout.css.dpi", -1);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("geo.enabled", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",	 true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",	true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",	 true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",	   true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",	true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.history",				 true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.formdata",				true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.passwords",			   false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.downloads",			   true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cookies",				 true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cache",				   true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.sessions",				true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",			 false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",			false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",	false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-07-02 22:11Windows 5.1.2600 Service Pack 3 NTFSProcurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucessoarquivos/ficheiros ocultos: 0**************************************************************************.--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------[HKEY_USERS\S-1-5-21-1085031214-764733703-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (Administrator)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,e8,ef,5e,f8,7c,6c,4b,87,76,9d,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,e8,ef,5e,f8,7c,6c,4b,87,76,9d,\"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,e8,ef,5e,f8,7c,6c,4b,87,76,9d,\.--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------- - - - - - - > 'explorer.exe'(3220)c:\windows\system32\WININET.dllc:\arquivos de programas\RK_Launcher_04_Beta\RKLauncher.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Tempo para conclusão: 2009-07-03 22:15 - Máquina reiniciouComboFix-quarantined-files.txt  2009-07-03 01:14Pré-execução: 11 pasta(s) 125.670.404.096 bytes disponíveisPós execução: 11 pasta(s) 128.017.633.280 bytes disponíveis351	--- E O F ---	2009-06-12 23:00

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa RafaelSonyLock,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

h:\FXDrv32.sys

Driver::

"FXDrv32"

"XDva272"

RegLock::

[HKEY_USERS\S-1-5-21-1085031214-764733703-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

  • 2. Salve o arquivo como CFScript.txt;
     
    3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
    cfscript.gif
     
    4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pronto!

E também estou com problemas para abrir o Office 2007, eu tento executar, mas ele simplesmente não abre!

ComboFix 09-07-02.02 - Administrador 09/07/2009  9:49.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1252.55.1046.18.2037.1545 [GMT -3:00]Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exeComandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txtAV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Criado um novo ponto de restauraçãoATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!.(((((((((((((((((((((((((((((((((((((   Outras Exclusões   ))))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\Installer\1e1cf84.msi.(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_FXDRV32-------\Legacy_XDVA272-------\Service_FXDrv32-------\Service_XDva272((((((((((((((((   Arquivos/Ficheiros criados de 2009-06-09 to 2009-07-09  )))))))))))))))))))))))))))).2009-07-07 21:49 . 2009-07-07 21:49	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Pegasus Imaging2009-07-07 21:49 . 2009-07-07 21:49	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Pinnacle Studio Plus2009-07-07 21:49 . 2009-07-07 21:49	--------	d-----w-	c:\arquivos de programas\Pinnacle2009-07-07 21:45 . 2009-07-07 21:45	--------	d-----w-	c:\documents and settings\All Users\PinnacleExtractor2009-07-07 20:44 . 2009-07-07 20:47	--------	d-----w-	c:\arquivos de programas\Counter Strike 1.6 Revolutions2009-07-07 01:00 . 2009-07-07 01:00	--------	d-----w-	c:\arquivos de programas\AVIConverter2009-07-06 21:46 . 2009-07-06 21:46	--------	d-----w-	c:\arquivos de programas\TVUPlayer2009-07-06 16:32 . 2009-07-06 16:32	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\DivX2009-07-05 23:34 . 2009-07-07 21:54	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Pinnacle Studio Ultimate2009-07-05 23:31 . 2009-07-07 21:49	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Studio 122009-07-05 23:31 . 2009-07-05 23:31	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Yahoo!2009-07-05 23:29 . 2009-07-07 21:49	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\Pinnacle2009-07-05 16:49 . 2009-07-05 16:49	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\Ashampoo2009-07-05 16:48 . 2009-07-05 16:48	103424	----a-w-	c:\windows\system32\PowerUp3_nat.dll2009-07-04 22:52 . 2009-07-04 22:53	--------	d-----w-	c:\arquivos de programas\RocketDock2009-07-04 21:41 . 2004-12-31 15:43	4682	----a-w-	c:\windows\system32\npptNT2.sys2009-07-04 21:33 . 2009-05-26 06:54	855176	----a-w-	c:\windows\GameChuDownloader.exe2009-07-02 23:36 . 2009-07-03 01:10	2607136	--sha-w-	c:\windows\system32\drivers\fidbox.dat2009-07-02 00:07 . 2009-07-02 00:07	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\GrabPro2009-07-02 00:07 . 2009-07-09 01:00	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\Orbit2009-07-02 00:07 . 2009-07-02 00:09	--------	d-----w-	c:\arquivos de programas\Orbitdownloader2009-06-30 22:08 . 2009-06-30 22:08	603904	----a-w-	c:\windows\system32\TUProgSt.exe2009-06-30 22:08 . 2008-11-12 19:44	27904	----a-w-	c:\windows\system32\uxtuneup.dll2009-06-30 22:08 . 2009-06-30 22:08	362240	----a-w-	c:\windows\system32\TuneUpDefragService.exe2009-06-30 22:08 . 2009-06-30 22:08	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\TuneUp Software2009-06-30 22:08 . 2009-06-30 22:08	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\TuneUp Software2009-06-30 22:08 . 2009-06-30 22:08	--------	d-----w-	c:\arquivos de programas\TuneUp Utilities 20092009-06-30 22:08 . 2009-06-30 22:08	--------	d-sh--w-	c:\documents and settings\All Users\Dados de aplicativos\{55A29068-F2CE-456C-9148-C869879E2357}2009-06-28 00:02 . 2009-06-28 00:02	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\ESET2009-06-24 23:35 . 2006-03-01 07:53	773120	----a-w-	c:\windows\system32\bubbles.scr2009-06-24 23:35 . 2006-03-03 17:42	117248	----a-w-	c:\windows\system32\Mystify.scr2009-06-24 23:35 . 2006-03-01 08:21	1263616	----a-w-	c:\windows\system32\aurora.scr2009-06-24 01:30 . 2009-07-07 23:31	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\Any Video Converter2009-06-24 01:30 . 2009-06-27 13:51	--------	d-----w-	c:\arquivos de programas\Any Video Converter2009-06-21 22:18 . 2004-02-22 13:11	719872	----a-w-	c:\windows\system32\devil.dll2009-06-21 22:18 . 2007-05-17 20:30	318976	----a-w-	c:\windows\system32\avisynth.dll2009-06-21 22:18 . 2009-07-04 21:39	--------	d-----w-	C:\Program Files2009-06-21 22:18 . 2004-01-25 03:00	70656	----a-w-	c:\windows\system32\i420vfw.dll2009-06-18 23:47 . 2009-06-18 23:47	410984	----a-w-	c:\windows\system32\deploytk.dll2009-06-18 23:47 . 2009-06-18 23:47	--------	d-----w-	c:\arquivos de programas\Java2009-06-18 23:47 . 2009-06-18 23:47	152576	----a-w-	c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_14\lzma.dll2009-06-18 21:48 . 2008-09-16 19:23	168448	----a-w-	c:\windows\system32\unrar.dll2009-06-18 21:48 . 2004-01-25 03:00	70656	----a-w-	c:\windows\system32\yv12vfw.dll2009-06-18 21:48 . 2009-05-29 21:37	205824	----a-w-	c:\windows\system32\xvidvfw.dll2009-06-18 21:48 . 2009-05-29 21:31	881664	----a-w-	c:\windows\system32\xvidcore.dll2009-06-18 21:48 . 2009-05-01 21:02	90112	----a-w-	c:\windows\system32\dpl100.dll2009-06-18 21:48 . 2008-11-06 16:37	3596288	----a-w-	c:\windows\system32\qt-dx331.dll2009-06-18 21:48 . 2009-05-01 21:02	685056	----a-w-	c:\windows\system32\divx.dll2009-06-18 21:48 . 2009-06-02 16:11	85504	----a-w-	c:\windows\system32\ff_vfw.dll2009-06-18 21:48 . 2009-01-07 18:14	60273	----a-w-	c:\windows\system32\pthreadGC2.dll2009-06-18 21:47 . 2009-06-18 22:47	--------	d-----w-	c:\arquivos de programas\K-Lite Codec Pack2009-06-17 23:33 . 2009-06-20 21:46	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\SoundSpectrum2009-06-17 23:31 . 2009-06-20 21:46	--------	d-----w-	c:\arquivos de programas\SoundSpectrum2009-06-17 22:45 . 2009-06-17 22:45	3561743	----a-w-	c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe2009-06-16 04:09 . 2009-06-16 04:09	--------	d-sh--w-	c:\documents and settings\Administrador\IECompatCache2009-06-14 23:09 . 2009-06-14 23:09	--------	d--h--w-	c:\windows\system32\GroupPolicy2009-06-14 21:54 . 2009-06-14 21:54	--------	d-----w-	c:\arquivos de programas\Microsoft Silverlight2009-06-14 21:03 . 2008-10-16 17:06	208744	----a-w-	c:\windows\system32\muweb.dll2009-06-14 21:03 . 2008-10-16 17:06	268648	----a-w-	c:\windows\system32\mucltui.dll2009-06-14 19:58 . 2009-06-20 21:49	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\TeamViewer2009-06-14 19:58 . 2009-06-14 19:58	--------	d-----w-	c:\documents and settings\Administrador\temp2009-06-14 19:37 . 2009-07-08 23:29	--------	d-----w-	c:\documents and settings\Administrador\Tracing2009-06-14 19:35 . 2009-06-14 19:35	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\WLInstaller2009-06-14 18:22 . 2009-06-14 21:53	--------	d-----w-	c:\arquivos de programas\Microsoft2009-06-14 18:22 . 2009-06-14 18:22	--------	d-----w-	c:\arquivos de programas\Windows Live SkyDrive2009-06-14 18:22 . 2009-06-14 18:22	--------	d-----w-	c:\arquivos de programas\Windows Live2009-06-14 16:48 . 2002-11-22 18:56	118784	----a-w-	c:\windows\ShowBmp.exe2009-06-14 16:48 . 2002-08-13 21:01	53248	----a-w-	c:\windows\ap561.exe2009-06-14 16:48 . 2009-06-14 16:48	--------	d-----w-	c:\windows\Setup2K2009-06-14 16:42 . 2009-06-14 16:42	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Windows Live2009-06-14 15:22 . 2009-06-14 15:22	--------	d-----w-	c:\arquivos de programas\SystemRequirementsLab2009-06-13 22:34 . 2008-04-13 14:39	5504	----a-w-	c:\windows\system32\drivers\MSTEE.sys2009-06-13 22:34 . 2008-04-13 14:46	10880	----a-w-	c:\windows\system32\drivers\NdisIP.sys2009-06-13 22:34 . 2008-04-13 14:46	15232	----a-w-	c:\windows\system32\drivers\StreamIP.sys2009-06-13 22:34 . 2008-04-13 14:46	11136	----a-w-	c:\windows\system32\drivers\SLIP.sys2009-06-13 22:34 . 2008-04-13 14:46	19200	----a-w-	c:\windows\system32\drivers\WSTCODEC.SYS2009-06-13 22:34 . 2008-04-13 14:46	85248	----a-w-	c:\windows\system32\drivers\NABTSFEC.sys2009-06-13 22:34 . 2008-04-13 14:46	17024	----a-w-	c:\windows\system32\drivers\CCDECODE.sys2009-06-13 22:34 . 2002-10-01 17:43	119798	----a-w-	c:\windows\system32\drivers\SPCA561.SYS2009-06-13 22:33 . 2008-04-13 22:20	54784	----a-w-	c:\windows\system32\vfwwdm32.dll2009-06-13 02:26 . 2009-06-13 02:27	--------	d-----w-	C:\Netgame2009-06-13 01:15 . 2009-06-27 16:41	95744	----a-w-	c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\Updates\Condition.dll2009-06-12 22:15 . 2008-04-13 14:45	32128	----a-w-	c:\windows\system32\drivers\usbccgp.sys2009-06-12 00:01 . 2009-06-27 23:17	--------	d-----w-	c:\arquivos de programas\LevelUpGames2009-06-11 22:14 . 2009-07-08 00:45	--------	d-----w-	C:\Allls2009-06-11 21:01 . 2009-06-19 00:18	--------	d-----w-	C:\GTA San Andras2009-06-11 19:31 . 2009-06-11 19:31	--------	d-----w-	c:\arquivos de programas\Paint.NET2009-06-11 19:30 . 2009-06-11 19:30	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\FLEXnet2009-06-11 19:24 . 2009-06-11 19:24	--------	d-----w-	c:\arquivos de programas\Bonjour2009-06-11 18:33 . 2009-06-11 18:33	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Macrovision Shared2009-06-11 18:29 . 2009-07-08 00:12	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Adobe2009-06-11 16:40 . 2009-06-11 16:40	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\BOONTY2009-06-11 16:40 . 2009-06-11 16:40	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\BOONTY Shared2009-06-11 15:37 . 2009-06-13 21:36	--------	d-----w-	C:\Flatout 22009-06-11 15:17 . 2009-06-11 15:17	98304	----a-w-	c:\windows\system32\CmdLineExt.dll2009-06-11 02:31 . 2009-06-11 02:32	--------	d-----w-	c:\windows\system32\URTTEMP2009-06-11 02:10 . 2009-06-11 02:10	--------	d-----w-	c:\windows\ie8updates2009-06-11 02:08 . 2009-06-11 02:08	--------	d-----w-	c:\arquivos de programas\MSXML 4.02009-06-11 01:46 . 2008-06-14 17:34	272384	------w-	c:\windows\system32\drivers\bthport.sys2009-06-11 01:41 . 2009-06-11 01:41	--------	d-sh--w-	c:\documents and settings\Administrador\PrivacIE2009-06-11 01:36 . 2009-06-11 01:36	--------	d-sh--w-	c:\documents and settings\Administrador\IETldCache2009-06-11 01:29 . 2006-06-29 16:07	14048	------w-	c:\windows\system32\spmsg2.dll2009-06-11 01:26 . 2009-06-11 01:26	--------	d-----w-	c:\windows\system32\XPSViewer2009-06-11 01:26 . 2009-06-11 01:26	--------	d-----w-	c:\arquivos de programas\Reference Assemblies2009-06-11 01:25 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\xpsshhdr.dll2009-06-11 01:25 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\xpssvcs.dll2009-06-11 01:25 . 2008-07-06 12:06	117760	------w-	c:\windows\system32\prntvpt.dll2009-06-11 00:43 . 2009-06-11 00:44	--------	dc-h--w-	c:\windows\ie82009-06-11 00:35 . 2008-04-13 21:20	26624	----a-w-	c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll2009-06-11 00:34 . 2009-06-11 00:34	--------	d-----w-	c:\arquivos de programas\Windows Media Connect 22009-06-11 00:34 . 2009-06-21 21:18	83456	----a-w-	c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\SDCondition.dll2009-06-11 00:33 . 2009-06-11 03:03	--------	d-----w-	c:\windows\system32\LogFiles2009-06-11 00:33 . 2009-06-11 00:33	--------	d-----w-	c:\windows\system32\drivers\UMDF2009-06-11 00:21 . 2009-06-11 00:21	--------	d-----w-	c:\arquivos de programas\SopCast2009-06-11 00:20 . 2009-07-06 21:46	--------	d-----w-	c:\arquivos de programas\Megacubo2009-06-11 00:20 . 2009-07-07 22:55	--------	d-----w-	c:\arquivos de programas\DreaMule2009-06-11 00:20 . 2009-06-24 23:37	--------	d-----w-	c:\arquivos de programas\Unlocker2009-06-11 00:19 . 2009-06-11 00:19	--------	d-----w-	c:\arquivos de programas\DsNET Corp2009-06-11 00:18 . 2006-07-11 21:43	1060864	----a-w-	c:\windows\system32\mfc71.dll2009-06-11 00:18 . 2009-06-11 00:18	--------	d-----w-	c:\arquivos de programas\Efficient WMA MP3 Converter2009-06-11 00:13 . 2009-06-11 00:13	--------	d-----w-	c:\documents and settings\All Users\Dados de aplicativos\SpeedBit2009-06-11 00:13 . 2009-06-11 00:13	50688	----a-w-	c:\windows\system32\wbhelp2.dll2009-06-11 00:01 . 2009-06-12 00:06	--------	d-----w-	c:\arquivos de programas\uTorrent2009-06-11 00:01 . 2009-07-07 20:19	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\uTorrent2009-06-11 00:00 . 2009-06-11 00:00	--------	d-----w-	c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-03 01:10 . 2009-07-02 23:36	31628	--sha-w-	c:\windows\system32\drivers\fidbox.idx2009-06-20 16:21 . 2001-10-28 15:07	84894	----a-w-	c:\windows\system32\perfc016.dat2009-06-20 16:21 . 2001-10-28 15:07	484560	----a-w-	c:\windows\system32\perfh016.dat2009-06-11 02:59 . 2009-06-10 02:08	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat2009-06-10 22:38 . 2008-04-13 21:20	219648	----a-w-	c:\windows\system32\uxtheme.dll2009-06-10 22:09 . 2009-06-10 15:43	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\InstallShield2009-06-10 15:43 . 2009-06-10 15:43	315392	----a-w-	c:\windows\HideWin.exe2009-06-10 02:09 . 2009-06-10 02:09	--------	d-----w-	c:\arquivos de programas\microsoft frontpage2009-06-10 02:07 . 2009-06-10 02:07	--------	d-----w-	c:\arquivos de programas\Serviços on-line2009-06-10 02:07 . 2009-06-10 02:07	--------	d-----w-	c:\arquivos de programas\Arquivos comuns\Serviços2009-06-10 02:05 . 2009-06-10 02:05	21844	----a-w-	c:\windows\system32\emptyregdb.dat2009-05-15 20:11 . 2009-05-15 20:11	275600	----a-w-	c:\windows\system32\sessionctrl.dll2009-05-14 18:49 . 2009-05-14 18:49	94360	----a-w-	c:\windows\system32\drivers\epfwtdir.sys2009-05-14 18:47 . 2009-05-14 18:47	107256	----a-w-	c:\windows\system32\drivers\ehdrv.sys2009-05-14 18:41 . 2009-05-14 18:41	114472	----a-w-	c:\windows\system32\drivers\eamon.sys2009-05-13 05:03 . 2008-04-13 21:20	915456	----a-w-	c:\windows\system32\wininet.dll2009-05-07 15:33 . 2008-04-13 21:20	347136	----a-w-	c:\windows\system32\localspl.dll2009-04-19 19:50 . 2008-04-13 20:54	1847296	----a-w-	c:\windows\system32\win32k.sys2009-04-15 14:53 . 2008-04-13 21:20	585216	----a-w-	c:\windows\system32\rpcrt4.dll.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]"RocketDock"="c:\arquivos de programas\RocketDock\RocketDock.exe" [2007-09-02 495616][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360][HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="c:\\Arquivos de programas\\Megacubo\\megacubo.exe"="c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"="c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Arquivos de programas\\DreaMule\\emule.exe"="c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"="c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"="c:\\Arquivos de programas\\Counter Strike 1.6 Revolutions\\hl.exe"="c:\\Arquivos de programas\\Pinnacle\\Studio 12 Plus\\Programs\\RM.exe"="c:\\Arquivos de programas\\Pinnacle\\Studio 12 Plus\\Programs\\Studio.exe"="c:\\Arquivos de programas\\Pinnacle\\Studio 12 Plus\\Programs\\umi.exe"=R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/5/2009 15:47 107256]R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14/5/2009 15:49 94360]R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [14/5/2009 15:47 731840]S2 gupdate1c9ea24425a03cc;Google Update Service (gupdate1c9ea24425a03cc);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [10/6/2009 20:36 133104]S3 npggsvc;nProtect GameGuard Service; [x]S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [30/6/2009 19:08 603904]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcsUxTuneUp[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP.Conteúdo da pasta 'Tarefas Agendadas'2009-07-09 c:\windows\Tasks\1-Click Maintenance.job- c:\arquivos de programas\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 19:28]2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-06-10 23:36]2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-06-10 23:36]2009-07-07 c:\windows\Tasks\SmartDefrag.job- c:\arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-06-10 21:15]2009-07-09 c:\windows\Tasks\User_Feed_Synchronization-{8DD4A92F-EA04-4CB1-B766-FFAE6A34BCFB}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]..------- Scan Suplementar -------.uStart Page = hxxp://www.google.com.br/uInternet Settings,ProxyOverride = *.localIE: &Clean TracesIE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201IE: &Download with &DAPIE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202IE: Download &all with DAPIE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1004.cabDPF: {9BEEA7FF-FF76-403C-B124-86D9835435F0} - hxxps://www.gamechu.jp/ssl/dl/download/sessionctrl.cabFF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\cx60u117.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.brFF - plugin: c:\arquivos de programas\Google\Update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dllFF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dllFF - plugin: c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\plugins\NPMFireLauncher.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}---- FIREFOX POLICIES ----FF - user.js: browser.cache.memory.capacity - 65536FF - user.js: browser.chrome.favicons - falesFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.turbo.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autoFill - falseFF - user.js: browser.urlbar.autofill - trueFF - user.js: content.interrupt.parsing - trueFF - user.js: content.max.tokenizing.time - 2250000FF - user.js: content.notify.backoffcount - 5FF - user.js: content.notify.interval - 750000FF - user.js: content.notify.ontimer - trueFF - user.js: content.switch.threshold - 750000FF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: network.http.pipelining - trueFF - user.js: network.http.pipelining.firstrequest - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.proxy.pipelining - trueFF - user.js: network.http.request.max-start-delay - 0FF - user.js: nglayout.initialpaint.delay - 0FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.cache_size", 51200);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.ogg.enabled", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.wave.enabled", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.storage.default_quota",	  5120);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("content.sink.event_probe_rate", 3);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("layout.css.dpi", -1);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("geo.enabled", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",	 true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",	true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",	 true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",	   true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",	true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.history",				 true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.formdata",				true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.passwords",			   false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.downloads",			   true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cookies",				 true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cache",				   true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.sessions",				true);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",			 false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",			false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",	false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);c:\arquivos de programas\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-07-09 09:54Windows 5.1.2600 Service Pack 3 NTFSProcurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucessoarquivos/ficheiros ocultos: 0**************************************************************************.--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,1a,a5,16,e6,df,   ee,3b,e9,e2,63,26,f1,3f,c8,ff,68,dc,35,4b,ba,9a,f4,69,a8,e2,63,26,f1,3f,c8,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,0f,b6,96,cc,f1,   99,61,92,6a,9c,d6,61,af,45,84,18,2e,f9,46,33,7c,24,25,9a,6a,9c,d6,61,af,45,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,c2,93,45,fa,3b,   95,94,c2,ff,7c,85,e0,43,d4,0e,fe,95,70,d3,c9,61,c7,2e,80,ff,7c,85,e0,43,d4,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,46,98,71,e1,31,   00,0c,45,86,8c,21,01,be,91,eb,e7,88,8e,9c,df,2f,3f,f9,53,86,8c,21,01,be,91,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,78,d3,91,15,78,   8d,fd,8b,f5,1d,4d,73,a8,13,5c,05,8a,8c,58,f5,23,aa,73,91,f5,1d,4d,73,a8,13,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,e1,39,25,4c,b8,   98,88,09,df,20,58,62,78,6b,cf,c8,82,a4,53,a5,76,de,9d,69,df,20,58,62,78,6b,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,ef,d9,bb,72,6e,   09,65,f2,fb,a7,78,e6,12,2f,9a,ea,7e,40,f5,3c,52,ad,86,1e,fb,a7,78,e6,12,2f,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,66,7c,9a,fd,4e,   39,5d,25,01,3a,48,fc,e8,04,4a,f1,cc,79,7a,bf,b9,f0,4e,50,01,3a,48,fc,e8,04,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,11,c9,e7,83,af,   72,3a,c7,f6,0f,4e,58,98,5b,89,c9,6e,89,90,23,a5,cf,48,20,f6,0f,4e,58,98,5b,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,15,19,66,ff,0a,   6c,56,82,3d,ce,ea,26,2d,45,aa,78,f0,c8,3c,70,c2,55,19,3f,3d,ce,ea,26,2d,45,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,1d,cc,5a,4f,8a,   53,0a,bd,2a,b7,cc,b5,b9,7f,41,e7,71,7a,b1,8a,72,57,b7,f5,2a,b7,cc,b5,b9,7f,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,f4,f0,36,8b,67,   b3,b2,95,6c,43,2d,1e,aa,22,2f,9c,37,df,f8,7a,84,a9,01,57,6c,43,2d,1e,aa,22,\.--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------- - - - - - - > 'explorer.exe'(2360)c:\windows\system32\WININET.dllc:\arquivos de programas\RocketDock\RocketDock.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Tempo para conclusão: 2009-07-09  9:58 - Máquina reiniciouComboFix-quarantined-files.txt  2009-07-09 12:58Pré-execução: 10 pasta(s) 128.287.612.928 bytes disponíveisPós execução: 10 pasta(s) 128.937.574.400 bytes disponíveis409	--- E O F ---	2009-07-07 23:24

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Eu tive que formatar o Computador, pois o tópico ficou sem respostas!

Sei claramente que é difícil o Trabalho na Área de Segurança, mas não tive outra saída.

 

Espero que me entendam!

 

Tópico fechado !

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.