[Arquivado] Virus

sylvyojr · Agosto 28, 2009

Ola Bom dia,

Meu PC vem apresentando uma série de problemas, só q eu vou empurrando com a barriga, só que agora o problema pegou no meu ponto fraco...INTERNET

Alguns dos problemas abaixo pode não ser por causa do virus:

1- No gerenciador de dispositivos, apareceu do nada um dispositivo desconhecido chamado "net" nos adaptadores de rede, só que da pra achar o drive na internet, minha placa de rede está instalada normalmente, não entendo o q pode ser...

2- Qnd eu procuro alguma coisa no google, ex:forum.imasters, ele me da o resultado, aparece escrito a pagina da forum.imasters, só q qnd eu deixo o mouse encima do link aparece outra pagina, e se eu clicar ele manda pra uma pagina esquisita...eu tenho que entra pelo abrir em cache. Isso acontece tanto no firefox e no IE

3- o meu antivirus, avast parou de funcionar ....

4- O pior de todos...

Entro na internet td beleza, fico um tempo tipo 1h no máximo, conectado só que de repente o status da conexão (o s 2 computadorzinho do lado do relógio) trava, a internet para de funcionar, o explore volta para o modo clássico por alguns segundos e depois volta ao normal, e depois disso se eu tento abrir qualquer coisa o PC trava totalmente, o mouse se mexe mais nem o ctrl+alt+del funciona, só resetando..

Desde já agradeço a ajuda

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:49:44, on 28/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20733)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\nHancer\nHancerService.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\sfdhost.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\tsnp325.exe

C:\WINDOWS\vsnp325.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Comodo\Firewall\CPF.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1720F829-EA10-435D-AE75-D916E664E000} - C:\WINDOWS\system32\clbcate.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [XboxStat] "C:\Arquivos de programas\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [Fan App] sfdhost.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\RunServices: [Fan App] sfdhost.exe

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: msupd85855.exe

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{43FAC7DE-62E7-42EC-8F80-F23945F3C933}: NameServer = 200.149.55.142 200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs:

O20 - Winlogon Notify: vodhuq - C:\WINDOWS\SYSTEM32\vodhuq.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Arquivos de programas\nHancer\nHancerService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

--

End of file - 8622 bytes

DigRam · Agosto 28, 2009

Boa Tarde! sylvyojr

<@> Baixe: < > ( ...by sUBs )

<!> Link-2 --> < ForoSpyware >

<!> Link-3 --> < GeeksToGo >

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Para finalizar remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

sylvyojr · Agosto 28, 2009

Obrigado

Segue o log do combofix

ComboFix 09-08-27.A3 - Junior 28/08/2009 17:38.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2046.1622 [GMT -3:00]

Executando de: c:\documents and settings\Junior\Desktop\ComboFix.exe

FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

ADS - svchost.exe: deleted 32768 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\ActivationManager

c:\arquivos de programas\ActivationManager\ActivationManager.dll

c:\arquivos de programas\ActivationManager\Uninstall.exe

c:\arquivos de programas\ADSTechnology

c:\arquivos de programas\ADSTechnology\ADSTechnology.dll

c:\arquivos de programas\ADSTechnology\Uninstall.exe

c:\arquivos de programas\AntiVirusPro

c:\arquivos de programas\RelevantKnowledge

c:\arquivos de programas\RelevantKnowledge\rlservice.exe

c:\arquivos de programas\RelevantKnowledge\rlvknlg.exe

c:\documents and settings\All Users\Menu Iniciar\Programas\ USB Web Camera

c:\documents and settings\All Users\Menu Iniciar\Programas\ USB Web Camera \AMCap.lnk

c:\documents and settings\All Users\Menu Iniciar\Programas\ USB Web Camera \Uninstall.lnk

c:\documents and settings\All Users\Menu Iniciar\Programas\ADSTechnology

c:\documents and settings\All Users\Menu Iniciar\Programas\ADSTechnology\ADSTechnology.lnk

c:\documents and settings\All Users\Menu Iniciar\Programas\ADSTechnology\Uninstall.lnk

c:\windows\system32\drivers\npf.sys

c:\windows\system32\drivers\thx00.sys

c:\windows\system32\drivers\Uxf44.sys

c:\windows\system32\msconfig.exe

c:\windows\system32\Packet.dll

c:\windows\system32\vodhuq.dll

c:\windows\system32\vodhuq32.dll

c:\windows\system32\WinData.cab

c:\windows\system32\WinNt32.dll

c:\windows\system32\wpcap.dll

I:\install.exe

c:\windows\system32\alrsv.dll . . . . falha na exclusão

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_HHLMKEN

-------\Legacy_ICF

-------\Legacy_TCPSR

-------\Legacy_THX00

-------\Legacy_YEJYANI

-------\Service_ICF

-------\Service_NPF

-------\Service_restore

-------\Service_thx00

-------\Service_YeJyani

-------\Legacy_Uxf44

-------\Service_Uxf44

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-28 to 2009-08-28 ))))))))))))))))))))))))))))

.

2009-08-27 23:08 . 2009-08-28 01:23 51328 ----a-w- c:\windows\system32\drivers\inspect.sys

2009-08-27 23:08 . 2009-08-28 01:23 75520 ----a-w- c:\windows\system32\drivers\cmdmon.sys

2009-08-27 16:43 . 2009-08-28 17:20 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing

2009-08-26 23:58 . 2009-08-26 23:58 151830 ----a-w- C:\cc_20090826_2058.reg

2009-08-26 17:28 . 2009-06-25 19:36 1291640 ----a-w- c:\documents and settings\Junior\Dados de aplicativos\Mozilla\Firefox\Profiles\j4nkybsc.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe

2009-08-26 17:28 . 2009-06-25 19:36 729088 ----a-w- c:\documents and settings\Junior\Dados de aplicativos\Mozilla\Firefox\Profiles\j4nkybsc.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

2009-08-25 20:06 . 2009-08-28 02:06 -------- d-----w- c:\arquivos de programas\Realtek

2009-08-25 19:44 . 2009-03-12 14:34 39424 ----a-w- c:\windows\system32\RtkCoInstXP.dll

2009-08-20 21:30 . 2009-08-25 20:19 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\skypePM

2009-08-20 21:30 . 2009-08-20 21:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-08-20 21:27 . 2009-08-25 21:10 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\Skype

2009-08-20 21:26 . 2009-08-20 21:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2009-08-20 21:25 . 2009-08-25 20:24 -------- d-----r- c:\arquivos de programas\Skype

2009-08-20 21:25 . 2009-08-20 21:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-08-16 18:14 . 2009-08-16 18:16 736806 ----a-w- C:\cc_20090816_1514.reg

2009-08-15 23:35 . 2009-08-15 23:35 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\LucasArts

2009-08-13 19:53 . 2009-08-13 19:53 41872 ----a-w- c:\windows\system32\xfcodec.dll

2009-08-12 23:43 . 2009-08-12 23:43 -------- d-----w- c:\arquivos de programas\IObit

2009-08-11 22:42 . 2009-08-11 22:42 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\2K Sports

2009-08-10 02:46 . 2009-08-10 02:48 -------- d-----w- c:\windows\Icons

2009-08-10 00:44 . 2009-08-10 00:52 -------- d-----w- c:\windows\SxsCaPendDel

2009-08-08 18:24 . 2009-06-13 22:54 1663488 ----a-w- c:\windows\system32\BootMan.exe

2009-08-08 18:24 . 2009-04-22 17:28 8704 ----a-w- c:\windows\system32\epmntdrv.sys

2009-08-08 18:24 . 2009-04-22 17:28 86408 ----a-w- c:\windows\system32\setupempdrv03.exe

2009-08-08 18:24 . 2009-04-22 17:28 3072 ----a-w- c:\windows\system32\EuGdiDrv.sys

2009-08-08 18:24 . 2009-04-22 17:27 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll

2009-08-08 18:24 . 2009-08-08 18:24 -------- d-----w- c:\arquivos de programas\EASEUS

2009-08-04 00:25 . 2009-02-25 15:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\KONAMI

2009-08-04 00:17 . 2009-08-04 00:17 -------- d-----w- c:\arquivos de programas\KONAMI

2009-08-03 20:45 . 2009-08-03 20:45 -------- d-----w- C:\videooutput

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-28 20:45 . 2009-08-28 20:45 88704 ----a-w- c:\windows\system32\packet.dll

2009-08-28 20:45 . 2009-08-28 20:45 42512 ----a-w- c:\windows\system32\drivers\npf.sys

2009-08-28 20:45 . 2009-08-28 20:45 240240 ----a-w- c:\windows\system32\wpcap.dll

2009-08-28 20:45 . 2008-03-17 03:22 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-08-28 20:41 . 2008-03-20 04:46 110592 ----a-w- c:\windows\system32\alrsv.dll

2009-08-28 17:29 . 2008-03-20 03:45 169936 ----a-w- c:\documents and settings\Junior\Dados de aplicativos\Mozilla\Firefox\Profiles\j4nkybsc.default\FlashGot.exe

2009-08-28 17:00 . 2008-03-19 00:26 -------- d-----w- c:\arquivos de programas\FlashGet

2009-08-28 15:44 . 2008-04-05 01:32 -------- d-----w- c:\arquivos de programas\Hamachi

2009-08-28 02:06 . 2008-03-15 23:14 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\InstallShield

2009-08-27 23:08 . 2008-03-22 21:24 -------- d-----w- c:\arquivos de programas\COMODO

2009-08-27 17:50 . 2009-04-06 21:50 -------- d-----w- c:\arquivos de programas\Garena

2009-08-26 19:02 . 2008-03-17 03:22 -------- d-----w- c:\arquivos de programas\Fraps

2009-08-25 23:21 . 2008-03-15 23:13 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-08-25 23:20 . 2008-03-15 23:08 15600 ----a-w- c:\windows\gdrv.sys

2009-08-25 20:14 . 2009-08-25 20:14 315392 ----a-w- c:\windows\HideWin.exe

2009-08-24 21:35 . 2008-03-16 00:45 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-08-24 21:35 . 2008-03-16 00:45 189104 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-08-24 20:12 . 2008-03-19 00:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\nHancer

2009-08-24 13:56 . 2008-03-16 00:45 139152 ----a-w- c:\documents and settings\Junior\Dados de aplicativos\PnkBstrK.sys

2009-08-24 13:55 . 2008-03-16 00:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-08-24 13:55 . 2008-03-16 00:45 794408 ----a-w- c:\windows\system32\pbsvc.exe

2009-08-21 20:57 . 2008-06-26 22:03 -------- d-----w- c:\arquivos de programas\Xfire

2009-08-21 00:53 . 2008-06-26 22:03 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\Xfire

2009-08-20 21:53 . 2008-03-16 02:06 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2009-08-20 21:53 . 2008-03-16 02:06 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2009-08-15 17:34 . 2008-06-09 03:04 -------- d-----w- c:\arquivos de programas\Steam

2009-08-15 13:38 . 2008-03-21 03:16 -------- d-----w- c:\arquivos de programas\GameVicio

2009-08-13 21:03 . 2008-05-10 05:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Codemasters

2009-08-12 21:15 . 2008-06-26 02:28 -------- d-----w- c:\arquivos de programas\DAEMON Tools Pro

2009-08-10 03:15 . 2008-12-16 01:16 -------- d-----w- c:\arquivos de programas\Trillian

2009-08-10 01:54 . 2002-12-31 11:00 83946 ----a-w- c:\windows\system32\perfc016.dat

2009-08-10 01:54 . 2002-12-31 11:00 480144 ----a-w- c:\windows\system32\perfh016.dat

2009-08-09 23:36 . 2002-12-31 11:00 182912 ----a-w- c:\windows\system32\drivers\ndis.sys

2009-07-27 01:10 . 2009-07-27 01:09 142 ----a-w- c:\windows\system32\nvUnsupRes.dat

2009-07-25 23:03 . 2009-07-25 23:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\XBlades

2009-07-25 16:02 . 2009-07-25 16:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-07-24 01:27 . 2009-07-24 01:27 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\Stereoscopic Player

2009-07-24 01:27 . 2009-07-24 01:27 -------- d-----w- c:\arquivos de programas\Stereoscopic Player

2009-07-23 22:31 . 2009-06-11 21:16 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\Activision

2009-07-23 22:31 . 2009-06-11 21:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Activision

2009-07-23 22:30 . 2009-07-23 22:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles

2009-07-23 21:22 . 2008-05-31 03:25 -------- d-----w- c:\arquivos de programas\AGEIA Technologies

2009-07-23 21:22 . 2008-05-31 03:25 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-07-23 21:22 . 2009-07-23 21:22 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2009-07-23 21:22 . 2009-07-23 21:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation

2009-07-22 02:22 . 2009-07-22 02:22 -------- d-----w- c:\arquivos de programas\Activision

2009-07-15 22:34 . 2008-06-17 23:49 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\Ubisoft

2009-07-15 22:30 . 2009-07-15 22:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Tages

2009-07-15 22:26 . 2009-07-15 22:26 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys

2009-07-15 22:26 . 2009-07-15 22:26 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2009-07-14 20:17 . 2009-07-14 20:17 15308440 ----a-w- c:\windows\system32\xlive.dll

2009-07-14 20:17 . 2009-07-14 20:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll

2009-07-14 18:54 . 2009-07-23 21:21 485920 ----a-w- c:\windows\system32\nvudisp.exe

2009-07-14 18:54 . 2009-07-23 21:21 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-07-14 18:54 . 2009-07-23 21:21 2189856 ----a-w- c:\windows\system32\nvcuvid.dll

2009-07-14 18:54 . 2009-07-23 21:21 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-07-14 18:54 . 2009-07-23 21:21 10457088 ----a-w- c:\windows\system32\nvoglnt.dll

2009-07-14 18:54 . 2009-07-23 21:21 868352 ----a-w- c:\windows\system32\nvapi.dll

2009-07-14 18:54 . 2009-07-23 21:21 5842816 ----a-w- c:\windows\system32\nv4_disp.dll

2009-07-14 18:54 . 2009-07-23 21:21 2002944 ----a-w- c:\windows\system32\nvcuda.dll

2009-07-14 18:54 . 2009-07-23 21:21 151552 ----a-w- c:\windows\system32\nvcodins.dll

2009-07-14 18:54 . 2009-07-23 21:21 151552 ----a-w- c:\windows\system32\nvcod.dll

2009-07-14 18:54 . 2009-05-01 01:02 1597690 ----a-w- c:\windows\system32\nvdata.bin

2009-07-14 16:35 . 2009-07-14 16:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe

2009-07-14 16:35 . 2009-07-14 16:35 81920 ----a-w- c:\windows\system32\nvwddi.dll

2009-07-14 16:35 . 2009-07-14 16:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll

2009-07-14 16:35 . 2009-07-14 16:35 3170304 ----a-w- c:\windows\system32\nvwss.dll

2009-07-14 16:34 . 2009-07-14 16:34 86016 ----a-w- c:\windows\system32\nvmctray.dll

2009-07-14 16:34 . 2009-07-14 16:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll

2009-07-14 16:34 . 2009-07-14 16:34 3547136 ----a-w- c:\windows\system32\nvgames.dll

2009-07-14 16:34 . 2009-07-14 16:34 188416 ----a-w- c:\windows\system32\nvmccss.dll

2009-07-14 16:34 . 2009-07-14 16:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe

2009-07-14 16:34 . 2009-07-14 16:34 143360 ----a-w- c:\windows\system32\nvcolor.exe

2009-07-14 16:34 . 2009-07-14 16:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll

2009-07-14 16:34 . 2009-07-14 16:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll

2009-07-14 16:34 . 2009-07-14 16:34 229376 ----a-w- c:\windows\system32\nvmccs.dll

2009-07-10 10:01 . 2009-07-23 21:21 485920 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-07-08 17:42 . 2009-07-08 17:42 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\nHancer

2009-07-08 17:41 . 2009-07-08 17:41 -------- d-----w- c:\arquivos de programas\nHancer

2009-07-05 04:41 . 2009-04-10 21:15 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\Broken Rules

2009-07-03 20:52 . 2009-07-03 20:52 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\FUEL

2009-07-02 17:23 . 2009-07-02 17:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\snp325

2009-07-01 21:54 . 2009-07-01 21:53 -------- d-----w- c:\arquivos de programas\Microsoft Games for Windows - LIVE

2009-07-01 21:51 . 2008-03-16 02:07 -------- d-----w- c:\arquivos de programas\D-Tools

2009-06-26 01:17 . 2009-06-07 03:37 122368 ----a-w- c:\windows\system32\clbcate.dll

2009-06-21 04:56 . 2009-06-20 22:38 33792 ----a-w- C:\cbkirhme.dll

2009-06-21 04:56 . 2008-06-21 14:26 32768 ----a-w- c:\windows\system32\drivers\Dxh00.sys

2009-06-21 01:11 . 2009-06-21 01:11 6393344 ----a-w- c:\documents and settings\Junior\Dados de aplicativos\Damdai\2DF\FreePlay\freeplay_emu.exe

2009-06-21 01:04 . 2009-06-21 01:11 110592 ----a-w- c:\documents and settings\Junior\Dados de aplicativos\Damdai\2DF\FreePlay\kailleraclient.dll

2009-06-21 01:02 . 2009-06-21 01:11 75264 ----a-w- c:\documents and settings\Junior\Dados de aplicativos\Damdai\2DF\FreePlay\zlib1.dll

2009-06-21 01:02 . 2009-06-21 01:11 81920 ----a-w- c:\documents and settings\Junior\Dados de aplicativos\Damdai\2DF\FreePlay\okai_recorder.dll

2009-06-03 23:49 . 2008-04-04 21:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2008-03-13 10:17 . 2008-03-13 10:17 171376 --sha-r- c:\windows\system32\dlyytmuw.dll

2008-03-13 10:17 . 2008-03-13 10:17 1220608 --sh--r- c:\windows\system32\sfdhost.exe

.

------- Sigcheck -------

[-] 2009-08-09 23:36 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys

[-] 2009-08-09 23:36 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2008-03-13 10:24 1548288 F878166961C0DAFA618A20F0F48A0D14 c:\windows\system32\sfcfiles.dll

c:\windows\system32\drivers\beep.sys ... está faltando !!

c:\windows\system32\msgsvc.dll ... está faltando !!

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1720F829-EA10-435D-AE75-D916E664E000}]

2009-06-26 01:17 122368 ----a-w- c:\windows\system32\clbcate.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{236D5CE2-AC57-4C70-A782-69CFE4E01B67}]

2009-06-26 01:17 122368 ----a-w- c:\windows\system32\clbcate.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"XboxStat"="c:\arquivos de programas\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]

"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]

"tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336]

"snp325"="c:\windows\vsnp325.exe" [2007-05-09 835584]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]

"COMODO Firewall Pro"="c:\arquivos de programas\Comodo\Firewall\CPF.exe" [2009-08-28 1115728]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2002-12-31 110592]

"Fan App"="sfdhost.exe" - c:\windows\system32\sfdhost.exe [2008-03-13 1220608]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2002-12-31 137216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Fan App"="sfdhost.exe" - c:\windows\system32\sfdhost.exe [2008-03-13 1220608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-03-13 124928]

c:\documents and settings\Junior\Menu Iniciar\Programas\Inicializar\

Stardock ObjectDock.lnk - c:\arquivos de programas\Stardock\ObjectDock\ObjectDock.exe [2008-3-22 3450608]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

msupd85855.exe [2009-1-30 28160]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dxh00.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"InCDsrv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"e:\\jogos\\Test Drive Unlimited\\TestDriveUnlimited.exe"=

"f:\\Downloads\\Windows Live Messenger 8.1 Portátil\\App\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"e:\\jogos\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"e:\\jogos\\FEAR\\FEAR.exe"=

"e:\\jogos\\FEAR\\FEARMP.exe"=

"e:\\jogos\\FEAR\\FEARXP\\FEARXP.exe"=

"c:\\Downloads\\Project64KVE\\Project64KVE.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"e:\\jogos\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=

"e:\\jogos\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=

"e:\\jogos\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"e:\\jogos\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"e:\\jogos\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"e:\\jogos\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"e:\\jogos\\AITD\\Alone.exe"=

"d:\\jogos II\\PES 2009\\pes2009.exe"=

"e:\\jogos\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=

"e:\\jogos\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"=

"e:\\jogos\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"=

"e:\\jogos\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"=

"e:\\jogos\\Bionic Commando Rearmed\\bcr.exe"=

"e:\\jogos\\Quantum of Solace\\JB_LiveEngine_s.exe"=

"e:\\jogos\\Call of Duty - World at War\\CoDWaW.exe"=

"e:\\jogos\\Call of Duty - World at War\\CoDWaWmp.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\common\\trine demo\\trine_launcher.exe"=

"e:\\jogos\\STREETFIGHTERIV\\StreetFighterIV.exe"=

"e:\\jogos\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=

"e:\\jogos\\FUEL\\FUEL.exe"=

"e:\\jogos\\ANNO 1404\\Anno4.exe"=

"e:\\jogos\\ANNO 1404\\tools\\Anno4Web.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\jogos II\\GRID\\GRID.exe"=

"k:\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=

"k:\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8080:TCP"= 8080:TCP:hamachi

"8080:UDP"= 8080:UDP:hamachi

"4245:TCP"= 4245:TCP:anagwt

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [15/3/2008 23:07 137216]

R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [15/3/2008 23:07 5248]

R0 Dxh00;Dxh00;c:\windows\system32\drivers\Dxh00.sys [21/6/2008 11:26 32768]

R0 sdfdsejc;sdfdsejc;c:\windows\system32\drivers\cmaygfom.dat --> c:\windows\system32\drivers\cmaygfom.dat [?]

R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [21/7/2008 11:50 106496]

R2 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [14/7/2007 22:37 27992]

R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [28/8/2009 17:43 3584]

R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2/7/2009 14:23 10343168]

R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21/4/2007 11:15 9344]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

S2 vaefdb;Time Server;c:\windows\system32\svchost.exe -k netsvcs [31/12/2002 08:00 14336]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/8/2009 15:24 8704]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/8/2009 15:24 3072]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Junior\CONFIG~1\Temp\GXX56.tmp --> c:\docume~1\Junior\CONFIG~1\Temp\GXX56.tmp [?]

S3 GPU-Z;GPU-Z;\??\c:\docume~1\Junior\CONFIG~1\Temp\GPU-Z.sys --> c:\docume~1\Junior\CONFIG~1\Temp\GPU-Z.sys [?]

S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [28/8/2009 17:45 42512]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - NTPROCDRV

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

vaefdb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\arquivos de programas\Arquivos comuns\LightScribe\LSRunOnce.exe"

.

- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-avast! - c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe

SafeBoot-Thx00.sys

SafeBoot-Uxf44.sys

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

IE: Descarregar tudo com o FlashGet - c:\arquivos de programas\FlashGet\jc_all.htm

IE: Descarregar utilizando o FlashGet - c:\arquivos de programas\FlashGet\jc_link.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab

FF - ProfilePath - c:\documents and settings\Junior\Dados de aplicativos\Mozilla\Firefox\Profiles\j4nkybsc.default\

FF - prefs.js: browser.startup.homepage - hxxp://therebels.biz/portal.php

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\documents and settings\Junior\Dados de aplicativos\Mozilla\Firefox\Profiles\j4nkybsc.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-28 17:44

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

c:\windows\system32\packet.dll 88704 bytes executable

c:\windows\system32\wpcap.dll 240240 bytes executable

Varredura completada com sucesso

arquivos/ficheiros ocultos: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\Junior\CONFIG~1\Temp\GXX56.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]

"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdfdsejc]

"ImagePath"="system32\drivers\cmaygfom.dat"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vaefdb]

"ServiceDll"="c:\windows\system32\dlyytmuw.dll"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(2180)

c:\arquivos de programas\Stardock\ObjectDock\DockShellHook.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

c:\arquivos de programas\COMODO\Firewall\cmdagent.exe

c:\arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

c:\arquivos de programas\nHancer\nHancerService.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\msupd85855.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-08-28 17:47 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-28 20:47

Pré-execução: 13 pasta(s) 12.883.349.504 bytes disponíveis

Pós execução: 13 pasta(s) 12.776.460.288 bytes disponíveis

384

Segue o log do HijackThis atual

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:56:21, on 28/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20733)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\Arquivos de programas\nHancer\nHancerService.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\WINDOWS\system32\sfdhost.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp325.exe

C:\WINDOWS\vsnp325.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Comodo\Firewall\CPF.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\msupd85855.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1720F829-EA10-435D-AE75-D916E664E000} - C:\WINDOWS\system32\clbcate.dll

O2 - BHO: (no name) - {236D5CE2-AC57-4C70-A782-69CFE4E01B67} - C:\WINDOWS\system32\clbcate.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARQUIV~1\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9D981417-25FC-4DA3-8782-2FD385603D0E} - C:\WINDOWS\system32\clbcate.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [XboxStat] "C:\Arquivos de programas\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [Fan App] sfdhost.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\RunServices: [Fan App] sfdhost.exe

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')