Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Vvander

[Arquivado] Sites de antivirus inacessíveis, Reboot inusitados

Recommended Posts

Boa tarde,

Desculpe minha introdução, mas gostaria de expor minha admiração pelo trabalho de vocês.

Enfim, não instalei um antivírus na minha máquina desde que a comprei ( 2 meses atrás),tal fato pode ter sido causador de possíveis infecções por malwares...

 

- Sites relacionados com antivírus e remoção dos mesmo são inacessíveis;

- A máquina da Reboot esporadicamente e;

- Utilizo o windows vista, a opção de "Dormir" que antes funcionava, não funciona mais, agora aparece rapidamente uma tela azul e o computador Reboota.

 

Segue o log do Hijack.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:01:59, on 19/09/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18294)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\sdra64.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SOUNDMAN.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Last.fm\LastFM.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\conime.exe

C:\Hijack\HiJackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {00001858-D0A7-4B2D-AFB0-CAF6EAFC3380} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00002F47-9184-49F4-B115-75983639F742} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000032F1-4C66-4F19-BB65-7D687CEB2AAa} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000039A6-2259-41BB-8970-6FEC81A5AD2d} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00006298-3BAE-4917-BFD3-5280694AB2A9} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000073AA-D9E3-4BF9-A157-1DCC471A1566} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0000DA4E-0C10-4E7C-9149-0740599EE215} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00019531-C372-4030-BD27-9D6DA8B6AADf} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00029843-B4F6-4081-8702-5C5B5CB255Fb} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0002AD98-CCBD-429F-8CC9-7941D7100F6b} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0002CF77-C8DD-44A5-BFA9-FB88C8134294} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0002E813-05D9-4A63-A812-3CD20FE0D746} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00039CDC-C8E4-4616-9433-B8B941D01A43} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0006EFB0-C2A5-4982-A31B-72DAF61EA16b} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0007A652-F7B3-4349-BDD1-14E242FA5FD5} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000CBC75-4C66-4F19-BB65-7D687CEB2AAa} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0018236F-9779-48E0-BA2D-F935DBBF7D5c} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {002D9C5F-56A1-4BBE-9D9D-1FBA51D92D54} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00484730-60F3-4FD4-BF05-183A6CBD4607} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {006D7981-F029-4559-AFC9-225D3A5D66Cd} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00B86E18-DEE9-4FF4-998F-4DEDBAB06A82} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {074FA833-947C-43DE-952D-F90EE99C69F0} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0B4D1E6A-42F9-4DF9-A808-B7EC0054C134} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {83C84A26-7070-4C3D-BD67-846321CD7869} - c:\windows\system32\fqvjvud.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WinDLL (service.exe)] service.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: islzoyjc - C:\Windows\SYSTEM32\fqvjvud.dll

O20 - Winlogon Notify: rgadtm - C:\Windows\SYSTEM32\rgadtm.dll

O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\Windows\system32\svshost.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 8038 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Olá Vvander! Seja bem-vindo ao Fórum Imasters.

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Clique em “SIM” para continuar.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console antes de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADO COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log dele estará em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO ou caso os virus ou malwares bloqueiem a execução do Combofix, baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Neste caso, nomeie-o como Kombofix durante o salvamento e não após salvá-lo!

 

Em último caso, se não for possível executar o Combofix no Modo Normal do Windows, tente utilizar o ComboFix em MODO SEGURO (reiniciando o computador e pressionando a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento;

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

* Se por algum motivo você precisar parar ou sair do ComboFix, tecle "N".

* Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite, Antonio Vieira !

Obrigado pela sua disposição.

 

Obs.: Os sites de antivírus continuam inacessíveis.

 

Seguem os Logs;

 

ComboFix:

 

ComboFix 09-09-18.02 - Vvander 19/09/2009 21:48.1.2 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.55.1046.18.2046.1262 [GMT -3:00]

Executando de: c:\users\Vvander\Downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

Overlay abortado ... Por favor execute novamente o ComboFix

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500

c:\windows\service.exe

c:\windows\system32\drivers\ipinip.sys

c:\windows\system32\drivers\kbiwkmekmtxkws.sys

c:\windows\system32\drivers\nwlnkflt.sys

c:\windows\system32\Drivers\nwlnkfwd.sys

c:\windows\system32\fqvjvud.dll

c:\windows\system32\GCC0D.tmp.exe

c:\windows\system32\lowsec

c:\windows\system32\lowsec\local.ds

c:\windows\system32\lowsec\user.ds

c:\windows\system32\lowsec\user.ds.lll

c:\windows\system32\mssrv32.exe

c:\windows\system32\rgadta.sys

c:\windows\system32\sdra64.exe

c:\windows\system32\svSHost.dll

c:\windows\system32\uvopxuqx.dll

c:\windows\system32\wininet.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_msupdate

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-20 to 2009-09-20 ))))))))))))))))))))))))))))

.

 

2009-09-20 00:55 . 2009-09-20 00:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2009-09-20 00:55 . 2009-09-20 00:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-09-19 16:42 . 2009-09-19 17:01 -------- d-----w- C:\Hijack

2009-09-19 14:31 . 2009-09-19 14:31 -------- d-----w- c:\programdata\FLEXnet

2009-09-19 14:13 . 2009-09-19 14:13 -------- d-----w- c:\program files\Adobe Media Player

2009-09-19 14:10 . 2009-09-19 14:10 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-09-19 14:06 . 2009-09-19 14:06 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2009-09-19 00:33 . 2009-09-19 00:45 -------- d-----w- c:\program files\CAPCOM

2009-09-19 00:33 . 2009-03-09 18:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll

2009-09-19 00:33 . 2009-03-09 18:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll

2009-09-19 00:33 . 2009-03-09 18:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll

2009-09-19 00:33 . 2009-03-16 17:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2009-09-19 00:33 . 2009-03-16 17:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll

2009-09-19 00:33 . 2009-03-16 17:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll

2009-09-19 00:32 . 2008-03-05 18:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll

2009-09-19 00:32 . 2008-03-05 18:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll

2009-09-19 00:32 . 2008-02-06 02:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll

2009-09-19 00:32 . 2007-04-04 21:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2009-09-19 00:32 . 2009-09-19 00:32 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

2009-09-19 00:32 . 2009-09-19 00:32 -------- d-----w- c:\windows\system32\xlive

2009-09-15 01:33 . 2009-09-15 01:33 1966080 ----a-w- c:\windows\system32\default3.bin

2009-09-15 01:24 . 2009-07-17 19:53 80384 ----a-w- c:\windows\system32\drivers\ser2pl.sys

2009-09-15 01:24 . 2005-08-03 19:05 35892 ----a-w- c:\windows\system32\SER9PL.sys

2009-09-15 01:24 . 2009-09-15 01:24 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-15 01:19 . 2009-09-19 14:10 -------- d-----w- c:\users\Vvander\AppData\Local\Adobe

2009-09-03 03:55 . 2009-09-03 03:55 -------- d-----w- c:\users\Vvander\AppData\Roaming\Media Player Classic

2009-09-01 02:00 . 2009-09-01 02:25 -------- d-----w- c:\program files\Street Fighter IV

2009-08-31 00:20 . 2009-09-19 14:14 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-30 14:26 . 2009-08-30 14:26 -------- d-----w- c:\programdata\Last.fm

2009-08-30 14:25 . 2009-09-19 16:30 -------- d-----w- c:\users\Vvander\AppData\Local\Last.fm

2009-08-30 14:25 . 2009-08-30 14:25 -------- d-----w- c:\program files\Last.fm

2009-08-24 14:40 . 2009-08-24 14:40 16 ----a-w- c:\windows\pxydb.dat

2009-08-24 14:40 . 2009-08-24 14:40 23150 ----a-w- c:\windows\system32\rgadtm.dll

2009-08-23 04:53 . 2009-08-23 04:53 -------- d-----w- c:\program files\Guitar Pro 5

2009-08-21 19:25 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-08-21 19:25 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll

2009-08-21 19:25 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll

2009-08-21 19:25 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll

2009-08-21 19:25 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll

2009-08-21 19:25 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll

2009-08-21 19:25 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll

2009-08-21 19:25 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-20 00:57 . 2009-08-09 02:30 109109 ----a-w- c:\programdata\nvModes.dat

2009-09-20 00:57 . 2009-09-20 00:57 4096 ----a-w- c:\windows\system32\08387.tmp

2009-09-20 00:57 . 2009-08-09 02:27 -------- d-----w- c:\programdata\NVIDIA

2009-09-20 00:52 . 2008-04-12 01:38 79666 ----a-w- c:\windows\system32\prfc0416.dat

2009-09-20 00:52 . 2008-04-12 01:38 481882 ----a-w- c:\windows\system32\prfh0416.dat

2009-09-20 00:46 . 2009-09-20 00:46 4096 ----a-w- c:\windows\system32\0B64F.tmp

2009-09-20 00:45 . 2009-08-15 14:56 -------- d-----w- c:\users\Vvander\AppData\Roaming\uTorrent

2009-09-19 14:31 . 2009-08-09 00:17 49000 ----a-w- c:\users\Vvander\AppData\Local\GDIPFONTCACHEV1.DAT

2009-09-19 11:35 . 2009-09-19 11:35 4096 ----a-w- c:\windows\system32\0BEEB.tmp

2009-09-19 00:44 . 2009-09-19 00:44 4096 ----a-w- c:\windows\system32\0758D.tmp

2009-09-17 11:56 . 2009-09-17 11:56 4096 ----a-w- c:\windows\system32\075BC.tmp

2009-09-17 02:33 . 2009-09-17 02:33 4096 ----a-w- c:\windows\system32\08C42.tmp

2009-09-15 00:54 . 2009-09-15 00:54 4096 ----a-w- c:\windows\system32\07A12.tmp

2009-09-12 22:47 . 2009-09-12 22:47 4096 ----a-w- c:\windows\system32\07A41.tmp

2009-09-12 14:08 . 2009-09-12 14:08 4096 ----a-w- c:\windows\system32\07EB5.tmp

2009-09-09 21:45 . 2009-09-09 21:45 4096 ----a-w- c:\windows\system32\07530.tmp

2009-09-09 20:44 . 2009-09-09 20:44 4096 ----a-w- c:\windows\system32\05861.tmp

2009-09-09 19:07 . 2009-09-09 19:07 4096 ----a-w- c:\windows\system32\07966.tmp

2009-09-09 01:29 . 2009-09-09 01:29 4096 ----a-w- c:\windows\system32\078C9.tmp

2009-09-07 23:34 . 2009-09-07 23:34 4096 ----a-w- c:\windows\system32\07773.tmp

2009-09-07 22:32 . 2009-09-07 22:32 4096 ----a-w- c:\windows\system32\07A8F.tmp

2009-09-07 18:27 . 2009-09-07 18:27 4096 ----a-w- c:\windows\system32\0780E.tmp

2009-09-06 20:25 . 2009-09-06 20:25 4096 ----a-w- c:\windows\system32\06E4A.tmp

2009-09-05 03:36 . 2009-09-05 03:36 4096 ----a-w- c:\windows\system32\07752.tmp

2009-09-05 03:27 . 2009-09-05 03:27 4096 ----a-w- c:\windows\system32\05505.tmp

2009-09-04 00:56 . 2009-09-04 00:56 4096 ----a-w- c:\windows\system32\058FD.tmp

2009-09-03 03:43 . 2009-09-03 03:42 -------- d-----w- c:\program files\K-Lite Codec Pack

2009-09-01 21:17 . 2009-09-01 21:17 4096 ----a-w- c:\windows\system32\07CA2.tmp

2009-09-01 11:52 . 2009-09-01 11:52 4096 ----a-w- c:\windows\system32\07F61.tmp

2009-09-01 00:16 . 2009-09-01 00:16 4096 ----a-w- c:\windows\system32\073E8.tmp

2009-08-31 23:15 . 2009-08-31 23:15 4096 ----a-w- c:\windows\system32\06FD1.tmp

2009-08-31 22:13 . 2009-08-31 22:13 4096 ----a-w- c:\windows\system32\07B79.tmp

2009-08-31 21:12 . 2009-08-31 21:12 4096 ----a-w- c:\windows\system32\07A40.tmp

2009-08-31 20:10 . 2009-08-31 20:10 4096 ----a-w- c:\windows\system32\075FB.tmp

2009-08-31 19:09 . 2009-08-31 19:09 4096 ----a-w- c:\windows\system32\086F2.tmp

2009-08-30 14:57 . 2009-08-30 14:57 4096 ----a-w- c:\windows\system32\082DC.tmp

2009-08-30 14:43 . 2009-08-15 18:32 -------- d-----w- c:\users\Vvander\AppData\Roaming\Apple Computer

2009-08-30 14:35 . 2009-08-15 18:29 -------- d-----w- c:\programdata\Apple

2009-08-30 14:26 . 2009-08-15 18:31 -------- d-----w- c:\program files\iTunes

2009-08-30 13:27 . 2009-08-30 13:27 4096 ----a-w- c:\windows\system32\073E7.tmp

2009-08-30 00:50 . 2009-08-30 00:50 4096 ----a-w- c:\windows\system32\066E7.tmp

2009-08-29 04:21 . 2009-08-29 04:21 4096 ----a-w- c:\windows\system32\05841.tmp

2009-08-29 03:19 . 2009-08-29 03:19 4096 ----a-w- c:\windows\system32\05B8D.tmp

2009-08-29 02:18 . 2009-08-29 02:18 4096 ----a-w- c:\windows\system32\053AD.tmp

2009-08-29 01:16 . 2009-08-29 01:16 4096 ----a-w- c:\windows\system32\05A74.tmp

2009-08-28 23:19 . 2009-08-28 23:19 4096 ----a-w- c:\windows\system32\0566D.tmp

2009-08-28 22:00 . 2009-08-28 22:00 4096 ----a-w- c:\windows\system32\057B5.tmp

2009-08-28 20:58 . 2009-08-28 20:58 4096 ----a-w- c:\windows\system32\059E7.tmp

2009-08-28 19:57 . 2009-08-28 19:57 4096 ----a-w- c:\windows\system32\05582.tmp

2009-08-28 18:55 . 2009-08-28 18:55 4096 ----a-w- c:\windows\system32\055B1.tmp

2009-08-28 17:54 . 2009-08-28 17:54 4096 ----a-w- c:\windows\system32\05786.tmp

2009-08-28 16:52 . 2009-08-28 16:52 4096 ----a-w- c:\windows\system32\05C1A.tmp

2009-08-28 15:40 . 2009-08-28 15:40 4096 ----a-w- c:\windows\system32\05C0A.tmp

2009-08-28 10:59 . 2009-08-28 10:59 4096 ----a-w- c:\windows\system32\07762.tmp

2009-08-28 02:15 . 2009-08-28 02:15 4096 ----a-w- c:\windows\system32\08339.tmp

2009-08-27 01:44 . 2009-08-27 01:44 4096 ----a-w- c:\windows\system32\0121B.tmp

2009-08-26 11:28 . 2009-08-26 11:28 4096 ----a-w- c:\windows\system32\0730D.tmp

2009-08-26 02:24 . 2009-08-26 02:24 4096 ----a-w- c:\windows\system32\0A19F.tmp

2009-08-24 21:10 . 2009-08-24 21:10 4096 ----a-w- c:\windows\system32\07ABD.tmp

2009-08-24 20:09 . 2009-08-24 20:09 4096 ----a-w- c:\windows\system32\08A8C.tmp

2009-08-24 14:40 . 2009-08-23 21:36 8432 ----a-w- c:\windows\system32\07F90.tmp

2009-08-24 10:25 . 2009-08-24 10:25 4096 ----a-w- c:\windows\system32\071D4.tmp

2009-08-24 08:50 . 2009-08-24 08:50 4096 ----a-w- c:\windows\system32\07A6F.tmp

2009-08-24 07:48 . 2009-08-24 07:48 4096 ----a-w- c:\windows\system32\07772.tmp

2009-08-24 06:47 . 2009-08-24 06:47 4096 ----a-w- c:\windows\system32\07698.tmp

2009-08-24 05:45 . 2009-08-24 05:45 4096 ----a-w- c:\windows\system32\074A3.tmp

2009-08-24 04:44 . 2009-08-24 04:44 4096 ----a-w- c:\windows\system32\07697.tmp

2009-08-24 03:43 . 2009-08-24 03:43 4096 ----a-w- c:\windows\system32\07975.tmp

2009-08-24 02:41 . 2009-08-24 02:41 4096 ----a-w- c:\windows\system32\07261.tmp

2009-08-24 01:40 . 2009-08-24 01:40 4096 ----a-w- c:\windows\system32\08230.tmp

2009-08-24 00:46 . 2009-08-24 00:46 4096 ----a-w- c:\windows\system32\07D2E.tmp

2009-08-23 21:29 . 2009-08-23 21:29 4096 ----a-w- c:\windows\system32\0854D.tmp

2009-08-23 14:13 . 2009-08-23 14:13 4096 ----a-w- c:\windows\system32\084D0.tmp

2009-08-23 05:55 . 2009-08-23 05:55 4096 ----a-w- c:\windows\system32\0BB3.tmp

2009-08-22 13:14 . 2009-08-22 13:14 4096 ----a-w- c:\windows\system32\0F6D5.tmp

2009-08-18 01:50 . 2009-08-18 01:50 -------- d-----w- c:\program files\Bytescout XLS Viewer

2009-08-17 05:42 . 2009-08-17 05:42 2173472 ----a-w- c:\windows\system32\nvcplui.exe

2009-08-17 05:42 . 2009-08-17 05:42 1346080 ----a-w- c:\windows\system32\nvsvs.dll

2009-08-17 05:41 . 2009-08-17 05:41 3176992 ----a-w- c:\windows\system32\nvwss.dll

2009-08-17 05:41 . 2009-08-17 05:41 4033056 ----a-w- c:\windows\system32\nvvitvs.dll

2009-08-17 05:41 . 2009-08-17 05:41 195104 ----a-w- c:\windows\system32\nvmccss.dll

2009-08-17 05:41 . 2009-08-17 05:41 1292832 ----a-w- c:\windows\system32\nvmobls.dll

2009-08-17 05:41 . 2009-08-17 05:41 3553824 ----a-w- c:\windows\system32\nvgames.dll

2009-08-17 05:41 . 2009-08-17 05:41 92704 ----a-w- c:\windows\system32\nvmctray.dll

2009-08-17 05:41 . 2009-08-17 05:41 764448 ----a-w- c:\windows\system32\nvsvc.dll

2009-08-17 05:41 . 2009-08-17 05:41 4930080 ----a-w- c:\windows\system32\nvdisps.dll

2009-08-17 05:41 . 2009-08-17 05:41 215584 ----a-w- c:\windows\system32\nvvsvc.exe

2009-08-17 05:41 . 2009-08-17 05:41 13904416 ----a-w- c:\windows\system32\nvcpl.dll

2009-08-17 03:57 . 2009-08-17 03:57 9545152 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2009-08-17 03:57 . 2009-08-17 03:57 485920 ----a-w- c:\windows\system32\nvudisp.exe

2009-08-17 03:57 . 2009-08-17 03:57 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2009-08-17 03:57 . 2009-08-17 03:57 3298304 ----a-w- c:\windows\system32\nvwgf2um.dll

2009-08-17 03:57 . 2009-08-17 03:57 2169376 ----a-w- c:\windows\system32\nvcuvid.dll

2009-08-17 03:57 . 2009-08-17 03:57 1985536 ----a-w- c:\windows\system32\nvcuda.dll

2009-08-17 03:57 . 2009-08-17 03:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-08-17 03:57 . 2009-08-17 03:57 155648 ----a-w- c:\windows\system32\nvcod162.dll

2009-08-17 03:57 . 2009-08-17 03:57 155648 ----a-w- c:\windows\system32\nvcod.dll

2009-08-17 03:57 . 2009-08-17 03:57 10858496 ----a-w- c:\windows\system32\nvoglv32.dll

2009-08-17 03:57 . 2009-08-09 02:26 7569920 ----a-w- c:\windows\system32\nvd3dum.dll

2009-08-17 03:57 . 2009-08-09 02:26 1044992 ----a-w- c:\windows\system32\nvapi.dll

2009-02-13 08:49 . 2009-08-09 19:50 161768 --sha-r- c:\windows\System32\yeducvkl.dll

2008-04-12 00:36 . 2006-11-22 14:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00001858-D0A7-4B2D-AFB0-CAF6EAFC3380}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00002F47-9184-49F4-B115-75983639F742}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000032F1-4C66-4F19-BB65-7D687CEB2AAa}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000039A6-2259-41BB-8970-6FEC81A5AD2d}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00006298-3BAE-4917-BFD3-5280694AB2A9}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000073AA-D9E3-4BF9-A157-1DCC471A1566}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0000DA4E-0C10-4E7C-9149-0740599EE215}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00019531-C372-4030-BD27-9D6DA8B6AADf}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00029843-B4F6-4081-8702-5C5B5CB255Fb}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0002AD98-CCBD-429F-8CC9-7941D7100F6b}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0002CF77-C8DD-44A5-BFA9-FB88C8134294}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0002E813-05D9-4A63-A812-3CD20FE0D746}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00039CDC-C8E4-4616-9433-B8B941D01A43}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0006EFB0-C2A5-4982-A31B-72DAF61EA16b}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0007A652-F7B3-4349-BDD1-14E242FA5FD5}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000CBC75-4C66-4F19-BB65-7D687CEB2AAa}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0018236F-9779-48E0-BA2D-F935DBBF7D5c}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{002D9C5F-56A1-4BBE-9D9D-1FBA51D92D54}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00484730-60F3-4FD4-BF05-183A6CBD4607}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{006D7981-F029-4559-AFC9-225D3A5D66Cd}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00B86E18-DEE9-4FF4-998F-4DEDBAB06A82}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{074FA833-947C-43DE-952D-F90EE99C69F0}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B4D1E6A-42F9-4DF9-A808-B7EC0054C134}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83C84A26-7070-4C3D-BD67-846321CD7869}]

2008-04-12 00:23 102912 ----a-w- c:\windows\System32\fqvjvud.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-12 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-04-12 202240]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-08-15 288048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-09 149280]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-08-03 577536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableInstallerDetection"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\islzoyjc]

2008-04-12 00:23 102912 ----a-w- c:\windows\System32\fqvjvud.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rgadtm]

2009-08-24 14:40 23150 ----a-w- c:\windows\System32\rgadtm.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{27ED901D-6F48-4BE9-9EE6-22D0275B7B81}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{E535B0A6-5BE8-414F-9332-B0FCAEDAEF8D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{7C1B3ECB-6726-4E8A-8860-81717E3F44E4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{C4C5CC00-E390-46A6-BF45-87A2251EB42F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{D280F0CA-91D0-4A43-93BB-3FBC88A0F9C7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{1EB96948-2CAD-4682-B8E7-13C61242F50D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{68FE7C07-4BE8-43AD-8A28-4F3372442E46}"= UDP:2120:vbessd

"{65217492-E17A-4ACB-97C9-550566F2E64A}"= UDP:2120:vbessd

"{2E917524-3AF6-44EE-A7CC-7F343831CA2F}"= UDP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV

"{0C109955-15FA-48B8-A1F1-F8BF57EFC478}"= TCP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV

"{22FFB6E0-233B-4A83-BD82-87E1D5B533A7}"= UDP:5353:Adobe CSI CS4

"{F7B0835F-2F35-469F-AD0E-88637BAC0469}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{068CD6C0-2481-4BB7-9AC7-7DB70499913E}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

 

R2 ndpgzxbg;Software Bus Monitor;c:\windows\System32\svchost.exe -k netsvcs [11/04/2008 21:23 21504]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14/07/2009 12:28 239648]

S2 lnmjdd;Update Config;c:\windows\system32\svchost.exe -k netsvcs [11/04/2008 21:23 21504]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - ADVPWXR

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ndpgzxbg

lnmjdd

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\users\Vvander\AppData\Roaming\Mozilla\Firefox\Profiles\2fxg8kic.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - component: c:\users\Vvander\AppData\Roaming\Mozilla\Firefox\Profiles\2fxg8kic.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-WinDLL (service.exe) - service.exe

SafeBoot-rgadta.sys

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-19 21:57

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos:

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-09-20 22:01 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-09-20 01:01

 

Pré-execução: 130.233.036.800 bytes disponíveis

Pós execução: 131.117.199.360 bytes disponíveis

 

324 --- E O F --- 2009-08-22 06:00

 

 

 

 

Hijack:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:08:21, on 19/09/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18294)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SOUNDMAN.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Windows\Explorer.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {00001858-D0A7-4B2D-AFB0-CAF6EAFC3380} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00002F47-9184-49F4-B115-75983639F742} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000032F1-4C66-4F19-BB65-7D687CEB2AAa} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000039A6-2259-41BB-8970-6FEC81A5AD2d} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00006298-3BAE-4917-BFD3-5280694AB2A9} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000073AA-D9E3-4BF9-A157-1DCC471A1566} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0000DA4E-0C10-4E7C-9149-0740599EE215} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00019531-C372-4030-BD27-9D6DA8B6AADf} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00029843-B4F6-4081-8702-5C5B5CB255Fb} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0002AD98-CCBD-429F-8CC9-7941D7100F6b} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0002CF77-C8DD-44A5-BFA9-FB88C8134294} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0002E813-05D9-4A63-A812-3CD20FE0D746} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00039CDC-C8E4-4616-9433-B8B941D01A43} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0006EFB0-C2A5-4982-A31B-72DAF61EA16b} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0007A652-F7B3-4349-BDD1-14E242FA5FD5} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000CBC75-4C66-4F19-BB65-7D687CEB2AAa} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0018236F-9779-48E0-BA2D-F935DBBF7D5c} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {002D9C5F-56A1-4BBE-9D9D-1FBA51D92D54} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00484730-60F3-4FD4-BF05-183A6CBD4607} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {006D7981-F029-4559-AFC9-225D3A5D66Cd} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00B86E18-DEE9-4FF4-998F-4DEDBAB06A82} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {074FA833-947C-43DE-952D-F90EE99C69F0} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0B4D1E6A-42F9-4DF9-A808-B7EC0054C134} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {83C84A26-7070-4C3D-BD67-846321CD7869} - c:\windows\system32\fqvjvud.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: islzoyjc - C:\Windows\SYSTEM32\fqvjvud.dll

O20 - Winlogon Notify: rgadtm - C:\Windows\SYSTEM32\rgadtm.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 5816 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Vários problemas foram removidos pelo Combofix.

 

:seta: Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):

http://swandog46.geekstogo.com/avenger2/download.php

 

*Selecione e copie (Ctrl+C) todo o texto dentro do Quote (caixa branca) abaixo:

 

Files to delete:

C:\Windows\system32\uvopxuqx.dll

c:\windows\system32\fqvjvud.dll

C:\Windows\SYSTEM32\rgadtm.dll

 

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado

*O relatório será criado em C:\avenger.txt

_________________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {00001858-D0A7-4B2D-AFB0-CAF6EAFC3380} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {00002F47-9184-49F4-B115-75983639F742} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {000032F1-4C66-4F19-BB65-7D687CEB2AAa} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {000039A6-2259-41BB-8970-6FEC81A5AD2d} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {00006298-3BAE-4917-BFD3-5280694AB2A9} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {000073AA-D9E3-4BF9-A157-1DCC471A1566} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0000DA4E-0C10-4E7C-9149-0740599EE215} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {00019531-C372-4030-BD27-9D6DA8B6AADf} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {00029843-B4F6-4081-8702-5C5B5CB255Fb} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0002AD98-CCBD-429F-8CC9-7941D7100F6b} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0002CF77-C8DD-44A5-BFA9-FB88C8134294} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0002E813-05D9-4A63-A812-3CD20FE0D746} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {00039CDC-C8E4-4616-9433-B8B941D01A43} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0006EFB0-C2A5-4982-A31B-72DAF61EA16b} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0007A652-F7B3-4349-BDD1-14E242FA5FD5} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {000CBC75-4C66-4F19-BB65-7D687CEB2AAa} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0018236F-9779-48E0-BA2D-F935DBBF7D5c} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {002D9C5F-56A1-4BBE-9D9D-1FBA51D92D54} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {00484730-60F3-4FD4-BF05-183A6CBD4607} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {006D7981-F029-4559-AFC9-225D3A5D66Cd} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {00B86E18-DEE9-4FF4-998F-4DEDBAB06A82} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {074FA833-947C-43DE-952D-F90EE99C69F0} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0B4D1E6A-42F9-4DF9-A808-B7EC0054C134} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {83C84A26-7070-4C3D-BD67-846321CD7869} - c:\windows\system32\fqvjvud.dll

 

O20 - Winlogon Notify: islzoyjc - C:\Windows\SYSTEM32\fqvjvud.dll

 

O20 - Winlogon Notify: rgadtm - C:\Windows\SYSTEM32\rgadtm.dll

_________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o. Poste este log dele em sua próxima resposta.

_________________________________

 

:seta: Depois de executar todas as etapas acima, execute novamente o Combofix seguindo aqueles passos que te indiquei na resposta anterior.

 

Poste este novo log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis, o log do Malwarebytes e log do Avenger que estará em C:\avenger.txt em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.