[Arquivado] Sites de antivirus inacessíveis, Reboot inusitados

[Vvander 0]

Boa tarde,

Desculpe minha introdução, mas gostaria de expor minha admiração pelo trabalho de vocês.

Enfim, não instalei um antivírus na minha máquina desde que a comprei ( 2 meses atrás),tal fato pode ter sido causador de possíveis infecções por malwares...

 

- Sites relacionados com antivírus e remoção dos mesmo são inacessíveis;

- A máquina da Reboot esporadicamente e;

- Utilizo o windows vista, a opção de "Dormir" que antes funcionava, não funciona mais, agora aparece rapidamente uma tela azul e o computador Reboota.

 

Segue o log do Hijack.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:01:59, on 19/09/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18294)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\sdra64.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SOUNDMAN.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Last.fm\LastFM.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\conime.exe

C:\Hijack\HiJackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {00001858-D0A7-4B2D-AFB0-CAF6EAFC3380} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00002F47-9184-49F4-B115-75983639F742} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000032F1-4C66-4F19-BB65-7D687CEB2AAa} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000039A6-2259-41BB-8970-6FEC81A5AD2d} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00006298-3BAE-4917-BFD3-5280694AB2A9} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000073AA-D9E3-4BF9-A157-1DCC471A1566} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0000DA4E-0C10-4E7C-9149-0740599EE215} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00019531-C372-4030-BD27-9D6DA8B6AADf} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00029843-B4F6-4081-8702-5C5B5CB255Fb} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0002AD98-CCBD-429F-8CC9-7941D7100F6b} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0002CF77-C8DD-44A5-BFA9-FB88C8134294} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0002E813-05D9-4A63-A812-3CD20FE0D746} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00039CDC-C8E4-4616-9433-B8B941D01A43} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0006EFB0-C2A5-4982-A31B-72DAF61EA16b} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0007A652-F7B3-4349-BDD1-14E242FA5FD5} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000CBC75-4C66-4F19-BB65-7D687CEB2AAa} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0018236F-9779-48E0-BA2D-F935DBBF7D5c} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {002D9C5F-56A1-4BBE-9D9D-1FBA51D92D54} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00484730-60F3-4FD4-BF05-183A6CBD4607} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {006D7981-F029-4559-AFC9-225D3A5D66Cd} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00B86E18-DEE9-4FF4-998F-4DEDBAB06A82} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {074FA833-947C-43DE-952D-F90EE99C69F0} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0B4D1E6A-42F9-4DF9-A808-B7EC0054C134} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {83C84A26-7070-4C3D-BD67-846321CD7869} - c:\windows\system32\fqvjvud.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WinDLL (service.exe)] service.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: islzoyjc - C:\Windows\SYSTEM32\fqvjvud.dll

O20 - Winlogon Notify: rgadtm - C:\Windows\SYSTEM32\rgadtm.dll

O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\Windows\system32\svshost.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 8038 bytes

[Power Max 54]

:thumbsup: Olá Vvander! Seja bem-vindo ao Fórum Imasters.

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Clique em “SIM” para continuar.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console antes de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADO COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log dele estará em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO ou caso os virus ou malwares bloqueiem a execução do Combofix, baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Neste caso, nomeie-o como Kombofix durante o salvamento e não após salvá-lo!

 

Em último caso, se não for possível executar o Combofix no Modo Normal do Windows, tente utilizar o ComboFix em MODO SEGURO (reiniciando o computador e pressionando a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento;

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

* Se por algum motivo você precisar parar ou sair do ComboFix, tecle "N".

* Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

[Vvander 0]

Boa noite, Antonio Vieira !

Obrigado pela sua disposição.

 

Obs.: Os sites de antivírus continuam inacessíveis.

 

Seguem os Logs;

 

ComboFix:

 

ComboFix 09-09-18.02 - Vvander 19/09/2009 21:48.1.2 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.55.1046.18.2046.1262 [GMT -3:00]

Executando de: c:\users\Vvander\Downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

Overlay abortado ... Por favor execute novamente o ComboFix

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500

c:\windows\service.exe

c:\windows\system32\drivers\ipinip.sys

c:\windows\system32\drivers\kbiwkmekmtxkws.sys

c:\windows\system32\drivers\nwlnkflt.sys

c:\windows\system32\Drivers\nwlnkfwd.sys

c:\windows\system32\fqvjvud.dll

c:\windows\system32\GCC0D.tmp.exe

c:\windows\system32\lowsec

c:\windows\system32\lowsec\local.ds

c:\windows\system32\lowsec\user.ds

c:\windows\system32\lowsec\user.ds.lll

c:\windows\system32\mssrv32.exe

c:\windows\system32\rgadta.sys

c:\windows\system32\sdra64.exe

c:\windows\system32\svSHost.dll

c:\windows\system32\uvopxuqx.dll

c:\windows\system32\wininet.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_msupdate

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-20 to 2009-09-20 ))))))))))))))))))))))))))))

.

 

2009-09-20 00:55 . 2009-09-20 00:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2009-09-20 00:55 . 2009-09-20 00:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-09-19 16:42 . 2009-09-19 17:01 -------- d-----w- C:\Hijack

2009-09-19 14:31 . 2009-09-19 14:31 -------- d-----w- c:\programdata\FLEXnet

2009-09-19 14:13 . 2009-09-19 14:13 -------- d-----w- c:\program files\Adobe Media Player

2009-09-19 14:10 . 2009-09-19 14:10 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-09-19 14:06 . 2009-09-19 14:06 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2009-09-19 00:33 . 2009-09-19 00:45 -------- d-----w- c:\program files\CAPCOM

2009-09-19 00:33 . 2009-03-09 18:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll

2009-09-19 00:33 . 2009-03-09 18:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll

2009-09-19 00:33 . 2009-03-09 18:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll

2009-09-19 00:33 . 2009-03-16 17:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2009-09-19 00:33 . 2009-03-16 17:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll

2009-09-19 00:33 . 2009-03-16 17:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll

2009-09-19 00:32 . 2008-03-05 18:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll

2009-09-19 00:32 . 2008-03-05 18:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll

2009-09-19 00:32 . 2008-02-06 02:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll

2009-09-19 00:32 . 2007-04-04 21:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2009-09-19 00:32 . 2009-09-19 00:32 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

2009-09-19 00:32 . 2009-09-19 00:32 -------- d-----w- c:\windows\system32\xlive

2009-09-15 01:33 . 2009-09-15 01:33 1966080 ----a-w- c:\windows\system32\default3.bin

2009-09-15 01:24 . 2009-07-17 19:53 80384 ----a-w- c:\windows\system32\drivers\ser2pl.sys

2009-09-15 01:24 . 2005-08-03 19:05 35892 ----a-w- c:\windows\system32\SER9PL.sys

2009-09-15 01:24 . 2009-09-15 01:24 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-15 01:19 . 2009-09-19 14:10 -------- d-----w- c:\users\Vvander\AppData\Local\Adobe

2009-09-03 03:55 . 2009-09-03 03:55 -------- d-----w- c:\users\Vvander\AppData\Roaming\Media Player Classic

2009-09-01 02:00 . 2009-09-01 02:25 -------- d-----w- c:\program files\Street Fighter IV

2009-08-31 00:20 . 2009-09-19 14:14 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-30 14:26 . 2009-08-30 14:26 -------- d-----w- c:\programdata\Last.fm

2009-08-30 14:25 . 2009-09-19 16:30 -------- d-----w- c:\users\Vvander\AppData\Local\Last.fm

2009-08-30 14:25 . 2009-08-30 14:25 -------- d-----w- c:\program files\Last.fm

2009-08-24 14:40 . 2009-08-24 14:40 16 ----a-w- c:\windows\pxydb.dat

2009-08-24 14:40 . 2009-08-24 14:40 23150 ----a-w- c:\windows\system32\rgadtm.dll

2009-08-23 04:53 . 2009-08-23 04:53 -------- d-----w- c:\program files\Guitar Pro 5

2009-08-21 19:25 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-08-21 19:25 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll

2009-08-21 19:25 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll

2009-08-21 19:25 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll

2009-08-21 19:25 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll

2009-08-21 19:25 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll

2009-08-21 19:25 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll

2009-08-21 19:25 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-20 00:57 . 2009-08-09 02:30 109109 ----a-w- c:\programdata\nvModes.dat

2009-09-20 00:57 . 2009-09-20 00:57 4096 ----a-w- c:\windows\system32\08387.tmp

2009-09-20 00:57 . 2009-08-09 02:27 -------- d-----w- c:\programdata\NVIDIA

2009-09-20 00:52 . 2008-04-12 01:38 79666 ----a-w- c:\windows\system32\prfc0416.dat

2009-09-20 00:52 . 2008-04-12 01:38 481882 ----a-w- c:\windows\system32\prfh0416.dat

2009-09-20 00:46 . 2009-09-20 00:46 4096 ----a-w- c:\windows\system32\0B64F.tmp

2009-09-20 00:45 . 2009-08-15 14:56 -------- d-----w- c:\users\Vvander\AppData\Roaming\uTorrent

2009-09-19 14:31 . 2009-08-09 00:17 49000 ----a-w- c:\users\Vvander\AppData\Local\GDIPFONTCACHEV1.DAT

2009-09-19 11:35 . 2009-09-19 11:35 4096 ----a-w- c:\windows\system32\0BEEB.tmp

2009-09-19 00:44 . 2009-09-19 00:44 4096 ----a-w- c:\windows\system32\0758D.tmp

2009-09-17 11:56 . 2009-09-17 11:56 4096 ----a-w- c:\windows\system32\075BC.tmp

2009-09-17 02:33 . 2009-09-17 02:33 4096 ----a-w- c:\windows\system32\08C42.tmp

2009-09-15 00:54 . 2009-09-15 00:54 4096 ----a-w- c:\windows\system32\07A12.tmp

2009-09-12 22:47 . 2009-09-12 22:47 4096 ----a-w- c:\windows\system32\07A41.tmp

2009-09-12 14:08 . 2009-09-12 14:08 4096 ----a-w- c:\windows\system32\07EB5.tmp

2009-09-09 21:45 . 2009-09-09 21:45 4096 ----a-w- c:\windows\system32\07530.tmp

2009-09-09 20:44 . 2009-09-09 20:44 4096 ----a-w- c:\windows\system32\05861.tmp

2009-09-09 19:07 . 2009-09-09 19:07 4096 ----a-w- c:\windows\system32\07966.tmp

2009-09-09 01:29 . 2009-09-09 01:29 4096 ----a-w- c:\windows\system32\078C9.tmp

2009-09-07 23:34 . 2009-09-07 23:34 4096 ----a-w- c:\windows\system32\07773.tmp

2009-09-07 22:32 . 2009-09-07 22:32 4096 ----a-w- c:\windows\system32\07A8F.tmp

2009-09-07 18:27 . 2009-09-07 18:27 4096 ----a-w- c:\windows\system32\0780E.tmp

2009-09-06 20:25 . 2009-09-06 20:25 4096 ----a-w- c:\windows\system32\06E4A.tmp

2009-09-05 03:36 . 2009-09-05 03:36 4096 ----a-w- c:\windows\system32\07752.tmp

2009-09-05 03:27 . 2009-09-05 03:27 4096 ----a-w- c:\windows\system32\05505.tmp

2009-09-04 00:56 . 2009-09-04 00:56 4096 ----a-w- c:\windows\system32\058FD.tmp

2009-09-03 03:43 . 2009-09-03 03:42 -------- d-----w- c:\program files\K-Lite Codec Pack

2009-09-01 21:17 . 2009-09-01 21:17 4096 ----a-w- c:\windows\system32\07CA2.tmp

2009-09-01 11:52 . 2009-09-01 11:52 4096 ----a-w- c:\windows\system32\07F61.tmp

2009-09-01 00:16 . 2009-09-01 00:16 4096 ----a-w- c:\windows\system32\073E8.tmp

2009-08-31 23:15 . 2009-08-31 23:15 4096 ----a-w- c:\windows\system32\06FD1.tmp

2009-08-31 22:13 . 2009-08-31 22:13 4096 ----a-w- c:\windows\system32\07B79.tmp

2009-08-31 21:12 . 2009-08-31 21:12 4096 ----a-w- c:\windows\system32\07A40.tmp

2009-08-31 20:10 . 2009-08-31 20:10 4096 ----a-w- c:\windows\system32\075FB.tmp

2009-08-31 19:09 . 2009-08-31 19:09 4096 ----a-w- c:\windows\system32\086F2.tmp

2009-08-30 14:57 . 2009-08-30 14:57 4096 ----a-w- c:\windows\system32\082DC.tmp

2009-08-30 14:43 . 2009-08-15 18:32 -------- d-----w- c:\users\Vvander\AppData\Roaming\Apple Computer

2009-08-30 14:35 . 2009-08-15 18:29 -------- d-----w- c:\programdata\Apple

2009-08-30 14:26 . 2009-08-15 18:31 -------- d-----w- c:\program files\iTunes

2009-08-30 13:27 . 2009-08-30 13:27 4096 ----a-w- c:\windows\system32\073E7.tmp

2009-08-30 00:50 . 2009-08-30 00:50 4096 ----a-w- c:\windows\system32\066E7.tmp

2009-08-29 04:21 . 2009-08-29 04:21 4096 ----a-w- c:\windows\system32\05841.tmp

2009-08-29 03:19 . 2009-08-29 03:19 4096 ----a-w- c:\windows\system32\05B8D.tmp

2009-08-29 02:18 . 2009-08-29 02:18 4096 ----a-w- c:\windows\system32\053AD.tmp

2009-08-29 01:16 . 2009-08-29 01:16 4096 ----a-w- c:\windows\system32\05A74.tmp

2009-08-28 23:19 . 2009-08-28 23:19 4096 ----a-w- c:\windows\system32\0566D.tmp

2009-08-28 22:00 . 2009-08-28 22:00 4096 ----a-w- c:\windows\system32\057B5.tmp

2009-08-28 20:58 . 2009-08-28 20:58 4096 ----a-w- c:\windows\system32\059E7.tmp

2009-08-28 19:57 . 2009-08-28 19:57 4096 ----a-w- c:\windows\system32\05582.tmp

2009-08-28 18:55 . 2009-08-28 18:55 4096 ----a-w- c:\windows\system32\055B1.tmp

2009-08-28 17:54 . 2009-08-28 17:54 4096 ----a-w- c:\windows\system32\05786.tmp

2009-08-28 16:52 . 2009-08-28 16:52 4096 ----a-w- c:\windows\system32\05C1A.tmp

2009-08-28 15:40 . 2009-08-28 15:40 4096 ----a-w- c:\windows\system32\05C0A.tmp

2009-08-28 10:59 . 2009-08-28 10:59 4096 ----a-w- c:\windows\system32\07762.tmp

2009-08-28 02:15 . 2009-08-28 02:15 4096 ----a-w- c:\windows\system32\08339.tmp

2009-08-27 01:44 . 2009-08-27 01:44 4096 ----a-w- c:\windows\system32\0121B.tmp

2009-08-26 11:28 . 2009-08-26 11:28 4096 ----a-w- c:\windows\system32\0730D.tmp

2009-08-26 02:24 . 2009-08-26 02:24 4096 ----a-w- c:\windows\system32\0A19F.tmp

2009-08-24 21:10 . 2009-08-24 21:10 4096 ----a-w- c:\windows\system32\07ABD.tmp

2009-08-24 20:09 . 2009-08-24 20:09 4096 ----a-w- c:\windows\system32\08A8C.tmp

2009-08-24 14:40 . 2009-08-23 21:36 8432 ----a-w- c:\windows\system32\07F90.tmp

2009-08-24 10:25 . 2009-08-24 10:25 4096 ----a-w- c:\windows\system32\071D4.tmp

2009-08-24 08:50 . 2009-08-24 08:50 4096 ----a-w- c:\windows\system32\07A6F.tmp

2009-08-24 07:48 . 2009-08-24 07:48 4096 ----a-w- c:\windows\system32\07772.tmp

2009-08-24 06:47 . 2009-08-24 06:47 4096 ----a-w- c:\windows\system32\07698.tmp

2009-08-24 05:45 . 2009-08-24 05:45 4096 ----a-w- c:\windows\system32\074A3.tmp

2009-08-24 04:44 . 2009-08-24 04:44 4096 ----a-w- c:\windows\system32\07697.tmp

2009-08-24 03:43 . 2009-08-24 03:43 4096 ----a-w- c:\windows\system32\07975.tmp

2009-08-24 02:41 . 2009-08-24 02:41 4096 ----a-w- c:\windows\system32\07261.tmp

2009-08-24 01:40 . 2009-08-24 01:40 4096 ----a-w- c:\windows\system32\08230.tmp

2009-08-24 00:46 . 2009-08-24 00:46 4096 ----a-w- c:\windows\system32\07D2E.tmp

2009-08-23 21:29 . 2009-08-23 21:29 4096 ----a-w- c:\windows\system32\0854D.tmp

2009-08-23 14:13 . 2009-08-23 14:13 4096 ----a-w- c:\windows\system32\084D0.tmp

2009-08-23 05:55 . 2009-08-23 05:55 4096 ----a-w- c:\windows\system32\0BB3.tmp

2009-08-22 13:14 . 2009-08-22 13:14 4096 ----a-w- c:\windows\system32\0F6D5.tmp

2009-08-18 01:50 . 2009-08-18 01:50 -------- d-----w- c:\program files\Bytescout XLS Viewer

2009-08-17 05:42 . 2009-08-17 05:42 2173472 ----a-w- c:\windows\system32\nvcplui.exe

2009-08-17 05:42 . 2009-08-17 05:42 1346080 ----a-w- c:\windows\system32\nvsvs.dll

2009-08-17 05:41 . 2009-08-17 05:41 3176992 ----a-w- c:\windows\system32\nvwss.dll

2009-08-17 05:41 . 2009-08-17 05:41 4033056 ----a-w- c:\windows\system32\nvvitvs.dll

2009-08-17 05:41 . 2009-08-17 05:41 195104 ----a-w- c:\windows\system32\nvmccss.dll

2009-08-17 05:41 . 2009-08-17 05:41 1292832 ----a-w- c:\windows\system32\nvmobls.dll

2009-08-17 05:41 . 2009-08-17 05:41 3553824 ----a-w- c:\windows\system32\nvgames.dll

2009-08-17 05:41 . 2009-08-17 05:41 92704 ----a-w- c:\windows\system32\nvmctray.dll

2009-08-17 05:41 . 2009-08-17 05:41 764448 ----a-w- c:\windows\system32\nvsvc.dll

2009-08-17 05:41 . 2009-08-17 05:41 4930080 ----a-w- c:\windows\system32\nvdisps.dll

2009-08-17 05:41 . 2009-08-17 05:41 215584 ----a-w- c:\windows\system32\nvvsvc.exe

2009-08-17 05:41 . 2009-08-17 05:41 13904416 ----a-w- c:\windows\system32\nvcpl.dll

2009-08-17 03:57 . 2009-08-17 03:57 9545152 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2009-08-17 03:57 . 2009-08-17 03:57 485920 ----a-w- c:\windows\system32\nvudisp.exe

2009-08-17 03:57 . 2009-08-17 03:57 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2009-08-17 03:57 . 2009-08-17 03:57 3298304 ----a-w- c:\windows\system32\nvwgf2um.dll

2009-08-17 03:57 . 2009-08-17 03:57 2169376 ----a-w- c:\windows\system32\nvcuvid.dll

2009-08-17 03:57 . 2009-08-17 03:57 1985536 ----a-w- c:\windows\system32\nvcuda.dll

2009-08-17 03:57 . 2009-08-17 03:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-08-17 03:57 . 2009-08-17 03:57 155648 ----a-w- c:\windows\system32\nvcod162.dll

2009-08-17 03:57 . 2009-08-17 03:57 155648 ----a-w- c:\windows\system32\nvcod.dll

2009-08-17 03:57 . 2009-08-17 03:57 10858496 ----a-w- c:\windows\system32\nvoglv32.dll

2009-08-17 03:57 . 2009-08-09 02:26 7569920 ----a-w- c:\windows\system32\nvd3dum.dll

2009-08-17 03:57 . 2009-08-09 02:26 1044992 ----a-w- c:\windows\system32\nvapi.dll

2009-02-13 08:49 . 2009-08-09 19:50 161768 --sha-r- c:\windows\System32\yeducvkl.dll

2008-04-12 00:36 . 2006-11-22 14:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00001858-D0A7-4B2D-AFB0-CAF6EAFC3380}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00002F47-9184-49F4-B115-75983639F742}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000032F1-4C66-4F19-BB65-7D687CEB2AAa}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000039A6-2259-41BB-8970-6FEC81A5AD2d}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00006298-3BAE-4917-BFD3-5280694AB2A9}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000073AA-D9E3-4BF9-A157-1DCC471A1566}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0000DA4E-0C10-4E7C-9149-0740599EE215}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00019531-C372-4030-BD27-9D6DA8B6AADf}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00029843-B4F6-4081-8702-5C5B5CB255Fb}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0002AD98-CCBD-429F-8CC9-7941D7100F6b}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0002CF77-C8DD-44A5-BFA9-FB88C8134294}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0002E813-05D9-4A63-A812-3CD20FE0D746}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00039CDC-C8E4-4616-9433-B8B941D01A43}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0006EFB0-C2A5-4982-A31B-72DAF61EA16b}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0007A652-F7B3-4349-BDD1-14E242FA5FD5}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000CBC75-4C66-4F19-BB65-7D687CEB2AAa}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0018236F-9779-48E0-BA2D-F935DBBF7D5c}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{002D9C5F-56A1-4BBE-9D9D-1FBA51D92D54}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00484730-60F3-4FD4-BF05-183A6CBD4607}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{006D7981-F029-4559-AFC9-225D3A5D66Cd}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00B86E18-DEE9-4FF4-998F-4DEDBAB06A82}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{074FA833-947C-43DE-952D-F90EE99C69F0}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B4D1E6A-42F9-4DF9-A808-B7EC0054C134}]

2008-04-12 00:23 147968 ----a-w- c:\windows\System32\uvopxuqx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83C84A26-7070-4C3D-BD67-846321CD7869}]

2008-04-12 00:23 102912 ----a-w- c:\windows\System32\fqvjvud.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-12 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-04-12 202240]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-08-15 288048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-09 149280]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-08-03 577536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableInstallerDetection"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\islzoyjc]

2008-04-12 00:23 102912 ----a-w- c:\windows\System32\fqvjvud.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rgadtm]

2009-08-24 14:40 23150 ----a-w- c:\windows\System32\rgadtm.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{27ED901D-6F48-4BE9-9EE6-22D0275B7B81}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{E535B0A6-5BE8-414F-9332-B0FCAEDAEF8D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{7C1B3ECB-6726-4E8A-8860-81717E3F44E4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{C4C5CC00-E390-46A6-BF45-87A2251EB42F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{D280F0CA-91D0-4A43-93BB-3FBC88A0F9C7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{1EB96948-2CAD-4682-B8E7-13C61242F50D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{68FE7C07-4BE8-43AD-8A28-4F3372442E46}"= UDP:2120:vbessd

"{65217492-E17A-4ACB-97C9-550566F2E64A}"= UDP:2120:vbessd

"{2E917524-3AF6-44EE-A7CC-7F343831CA2F}"= UDP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV

"{0C109955-15FA-48B8-A1F1-F8BF57EFC478}"= TCP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV

"{22FFB6E0-233B-4A83-BD82-87E1D5B533A7}"= UDP:5353:Adobe CSI CS4

"{F7B0835F-2F35-469F-AD0E-88637BAC0469}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{068CD6C0-2481-4BB7-9AC7-7DB70499913E}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

 

R2 ndpgzxbg;Software Bus Monitor;c:\windows\System32\svchost.exe -k netsvcs [11/04/2008 21:23 21504]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14/07/2009 12:28 239648]

S2 lnmjdd;Update Config;c:\windows\system32\svchost.exe -k netsvcs [11/04/2008 21:23 21504]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - ADVPWXR

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ndpgzxbg

lnmjdd

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\users\Vvander\AppData\Roaming\Mozilla\Firefox\Profiles\2fxg8kic.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - component: c:\users\Vvander\AppData\Roaming\Mozilla\Firefox\Profiles\2fxg8kic.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-WinDLL (service.exe) - service.exe

SafeBoot-rgadta.sys

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-19 21:57

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos:

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-09-20 22:01 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-09-20 01:01

 

Pré-execução: 130.233.036.800 bytes disponíveis

Pós execução: 131.117.199.360 bytes disponíveis

 

324 --- E O F --- 2009-08-22 06:00

 

 

 

 

Hijack:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:08:21, on 19/09/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18294)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SOUNDMAN.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Windows\Explorer.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {00001858-D0A7-4B2D-AFB0-CAF6EAFC3380} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00002F47-9184-49F4-B115-75983639F742} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000032F1-4C66-4F19-BB65-7D687CEB2AAa} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000039A6-2259-41BB-8970-6FEC81A5AD2d} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00006298-3BAE-4917-BFD3-5280694AB2A9} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000073AA-D9E3-4BF9-A157-1DCC471A1566} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0000DA4E-0C10-4E7C-9149-0740599EE215} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00019531-C372-4030-BD27-9D6DA8B6AADf} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00029843-B4F6-4081-8702-5C5B5CB255Fb} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0002AD98-CCBD-429F-8CC9-7941D7100F6b} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0002CF77-C8DD-44A5-BFA9-FB88C8134294} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0002E813-05D9-4A63-A812-3CD20FE0D746} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00039CDC-C8E4-4616-9433-B8B941D01A43} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0006EFB0-C2A5-4982-A31B-72DAF61EA16b} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0007A652-F7B3-4349-BDD1-14E242FA5FD5} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {000CBC75-4C66-4F19-BB65-7D687CEB2AAa} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0018236F-9779-48E0-BA2D-F935DBBF7D5c} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {002D9C5F-56A1-4BBE-9D9D-1FBA51D92D54} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00484730-60F3-4FD4-BF05-183A6CBD4607} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {006D7981-F029-4559-AFC9-225D3A5D66Cd} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {00B86E18-DEE9-4FF4-998F-4DEDBAB06A82} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {074FA833-947C-43DE-952D-F90EE99C69F0} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: (no name) - {0B4D1E6A-42F9-4DF9-A808-B7EC0054C134} - C:\Windows\system32\uvopxuqx.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {83C84A26-7070-4C3D-BD67-846321CD7869} - c:\windows\system32\fqvjvud.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: islzoyjc - C:\Windows\SYSTEM32\fqvjvud.dll

O20 - Winlogon Notify: rgadtm - C:\Windows\SYSTEM32\rgadtm.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 5816 bytes

[Power Max 54]

:thumbsup: Vários problemas foram removidos pelo Combofix.

 

:seta: Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):

http://swandog46.geekstogo.com/avenger2/download.php

 

*Selecione e copie (Ctrl+C) todo o texto dentro do Quote (caixa branca) abaixo:

 

Files to delete:

C:\Windows\system32\uvopxuqx.dll

c:\windows\system32\fqvjvud.dll

C:\Windows\SYSTEM32\rgadtm.dll

 

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado

*O relatório será criado em C:\avenger.txt

_________________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {00001858-D0A7-4B2D-AFB0-CAF6EAFC3380} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {00002F47-9184-49F4-B115-75983639F742} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {000032F1-4C66-4F19-BB65-7D687CEB2AAa} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {000039A6-2259-41BB-8970-6FEC81A5AD2d} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {00006298-3BAE-4917-BFD3-5280694AB2A9} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {000073AA-D9E3-4BF9-A157-1DCC471A1566} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0000DA4E-0C10-4E7C-9149-0740599EE215} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {00019531-C372-4030-BD27-9D6DA8B6AADf} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {00029843-B4F6-4081-8702-5C5B5CB255Fb} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0002AD98-CCBD-429F-8CC9-7941D7100F6b} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0002CF77-C8DD-44A5-BFA9-FB88C8134294} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0002E813-05D9-4A63-A812-3CD20FE0D746} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {00039CDC-C8E4-4616-9433-B8B941D01A43} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0006EFB0-C2A5-4982-A31B-72DAF61EA16b} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0007A652-F7B3-4349-BDD1-14E242FA5FD5} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {000CBC75-4C66-4F19-BB65-7D687CEB2AAa} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0018236F-9779-48E0-BA2D-F935DBBF7D5c} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {002D9C5F-56A1-4BBE-9D9D-1FBA51D92D54} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {00484730-60F3-4FD4-BF05-183A6CBD4607} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {006D7981-F029-4559-AFC9-225D3A5D66Cd} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {00B86E18-DEE9-4FF4-998F-4DEDBAB06A82} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {074FA833-947C-43DE-952D-F90EE99C69F0} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {0B4D1E6A-42F9-4DF9-A808-B7EC0054C134} - C:\Windows\system32\uvopxuqx.dll

 

O2 - BHO: (no name) - {83C84A26-7070-4C3D-BD67-846321CD7869} - c:\windows\system32\fqvjvud.dll

 

O20 - Winlogon Notify: islzoyjc - C:\Windows\SYSTEM32\fqvjvud.dll

 

O20 - Winlogon Notify: rgadtm - C:\Windows\SYSTEM32\rgadtm.dll

_________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o. Poste este log dele em sua próxima resposta.

_________________________________

 

:seta: Depois de executar todas as etapas acima, execute novamente o Combofix seguindo aqueles passos que te indiquei na resposta anterior.

 

Poste este novo log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis, o log do Malwarebytes e log do Avenger que estará em C:\avenger.txt em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.