Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Kaua Fabiano

[Resolvido!] Problema no computador

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

wings    22

wings
Postado

*Desative temporariamente seu antivírus

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix irá continuar o processo automaticamente. Caso não esteja uma janela, conforme abaixo, será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

 

recovery-console-prompt.jpg

 

*Após a instalação, clique em [sIM] para continuar.

 

recovery-console-installed.jpg

 

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

Compartilhar este post

Link para o post
Compartilhar em outros sites

Kaua Fabiano    0

Kaua Fabiano
Postado

ComboFix 09-12-19.03 - Administrador 20/12/2009 23:28:43.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.503.158 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

ADS - drivers: deleted 216 bytes in 2 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\Fast Browser Search

c:\arquivos de programas\Fast Browser Search\IE\FBStoolbar.exe

c:\documents and settings\Administrador\Dados de aplicativos\Desktopicon

c:\documents and settings\Administrador\Dados de aplicativos\Desktopicon\mc.ico

c:\windows\a3kebook.ini

c:\windows\akebook.ini

c:\windows\ANS2000.INI

c:\windows\arp32.exe

c:\windows\steps.txt

c:\windows\system32\d3d10_1core.dll

c:\windows\system32\d3d10core.dll

c:\windows\system32\dwmapi.dll

c:\windows\system32\dxgi.dll

c:\windows\system32\kernel32new.dll

c:\windows\system32\micr0st.dll

c:\windows\system32\msvcrtnew.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_BHDRVX86

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-21 to 2009-12-21 ))))))))))))))))))))))))))))

.

 

2009-12-21 01:17 . 2009-12-20 23:50 -------- d-----w- C:\32788R22FWJFW

2009-12-17 12:50 . 2009-12-17 12:50 -------- d-----w- c:\arquivos de programas\DVD Decrypter

2009-12-16 01:21 . 2009-12-20 22:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent

2009-12-16 01:21 . 2009-12-16 01:21 -------- d-----w- c:\arquivos de programas\BitTorrent

2009-12-14 20:02 . 2009-12-14 20:03 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2009-12-12 16:56 . 2009-12-13 16:13 -------- d-----w- c:\arquivos de programas\ZEQ II

2009-12-12 13:56 . 2009-12-12 13:56 2368 ----a-w- c:\windows\system32\SVKP.sys

2009-12-12 13:50 . 2009-12-12 13:50 -------- d-----w- c:\arquivos de programas\Iomatic

2009-12-12 13:47 . 2009-12-12 13:47 -------- d-----w- c:\arquivos de programas\Free Offers from Freeze.com

2009-12-12 10:15 . 2009-12-12 10:18 -------- d-----w- c:\arquivos de programas\eMule

2009-12-09 02:30 . 2009-12-09 02:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SystemExplorer

2009-12-09 02:30 . 2009-12-09 02:30 -------- d-----w- c:\arquivos de programas\System Explorer

2009-12-09 00:59 . 2001-03-28 14:38 69632 ----a-w- c:\windows\system32\GkSui18.EXE

2009-12-09 00:58 . 2009-12-09 00:59 -------- d-----w- c:\arquivos de programas\RAM Defrag V2.55

2009-12-08 14:42 . 2009-12-20 19:42 -------- d-----w- c:\arquivos de programas\English Bid for Power Final 4.0

2009-12-05 19:12 . 2009-12-12 10:43 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Quake3

2009-12-04 22:54 . 2009-12-04 22:54 45056 ----a-w- c:\windows\NCUNINST.EXE

2009-12-04 22:53 . 2009-12-04 22:53 -------- d-----w- C:\AnimeGames

2009-12-04 22:45 . 2009-12-04 22:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\SWF Studio

2009-12-04 01:16 . 2009-12-04 01:16 -------- d--h--w- c:\documents and settings\All Users\Dados de aplicativos\{1088B796-B77C-456D-937C-2956360A8529}

2009-12-04 01:14 . 2009-12-04 01:14 -------- d-----w- c:\arquivos de programas\Digital 1 Audio

2009-12-03 22:11 . 2009-12-03 22:11 -------- d-----w- c:\arquivos de programas\softendo.com

2009-12-03 12:17 . 2009-12-03 12:18 -------- d-----w- c:\arquivos de programas\7-Zip

2009-12-03 11:50 . 2009-12-03 11:50 -------- d-----w- c:\arquivos de programas\Portabilizer

2009-12-02 13:20 . 2009-12-13 16:14 -------- d-----w- c:\arquivos de programas\SDW

2009-11-29 13:00 . 2009-11-29 13:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\fltk.org

2009-11-28 19:17 . 2009-12-13 16:14 -------- d-----w- c:\arquivos de programas\epsxe170

2009-11-28 19:14 . 2009-11-28 19:14 -------- d-----w- c:\arquivos de programas\psx emulation cheater

2009-11-28 18:21 . 2009-12-01 23:45 -------- d-----w- c:\arquivos de programas\Dragon Ball GT - Final Bout

2009-11-26 22:06 . 2009-11-26 22:06 -------- d-----w- c:\windows\system32\Adobe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-21 01:47 . 2009-11-17 03:07 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Hamachi

2009-12-21 01:44 . 2009-08-23 19:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit

2009-12-20 12:32 . 2009-11-15 16:32 -------- d-----w- c:\arquivos de programas\Pcsx2

2009-12-19 22:09 . 2009-10-11 14:29 -------- d-----r- c:\arquivos de programas\hdr.eng.rip

2009-12-19 18:28 . 2009-08-02 16:13 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-12-15 23:19 . 2009-08-28 02:11 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent

2009-12-15 15:56 . 2009-08-09 18:44 -------- d-----w- c:\arquivos de programas\Valve

2009-12-09 12:14 . 2009-08-20 01:51 -------- d-----w- c:\arquivos de programas\ViGlance

2009-12-09 12:13 . 2009-09-12 16:29 -------- d-----w- c:\arquivos de programas\Internet Speed Booster

2009-12-09 12:12 . 2009-10-11 23:18 -------- d-----w- c:\arquivos de programas\Super DVD Ripper

2009-12-08 11:35 . 2009-08-23 20:24 -------- d-----w- c:\arquivos de programas\Thoosje Sevenbar

2009-12-04 21:31 . 2009-08-01 18:54 -------- d-----w- c:\arquivos de programas\PES 2006

2009-12-03 18:14 . 2009-08-02 16:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-03 18:13 . 2009-08-02 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-01 22:51 . 2009-10-15 15:10 -------- d-----w- c:\arquivos de programas\MTX MOTOTRAX

2009-12-01 22:51 . 2009-10-11 17:19 -------- d-----w- c:\arquivos de programas\winkawaks159

2009-12-01 22:51 . 2009-09-19 21:13 -------- d-----w- c:\arquivos de programas\Cooking Academy 2 World Cuisine

2009-12-01 22:49 . 2009-08-19 13:56 -------- d-----w- c:\arquivos de programas\Chaos Legion

2009-12-01 22:47 . 2009-08-18 01:44 -------- d-----w- c:\arquivos de programas\Frets on Fire

2009-12-01 22:47 . 2009-08-01 23:20 -------- d-----w- c:\arquivos de programas\XMen-TheOfficialGame

2009-12-01 22:46 . 2009-08-02 01:12 -------- d-----w- c:\arquivos de programas\www.oyun-forum.com_JonTurk

2009-12-01 22:46 . 2009-08-01 22:49 -------- d-----w- c:\arquivos de programas\Urban Freestyle soccer.-.InFeCtEd!.-.usinavirtual.com

2009-12-01 22:46 . 2009-08-01 22:17 -------- d-----w- c:\arquivos de programas\RFG

2009-12-01 22:44 . 2009-08-01 04:32 -------- d-----w- c:\arquivos de programas\Ice.Age.2

2009-12-01 22:43 . 2009-08-15 13:54 -------- d-----w- c:\arquivos de programas\SF3TS MAME119

2009-12-01 22:41 . 2009-08-02 01:42 -------- d-----w- c:\arquivos de programas\Juiced

2009-12-01 22:40 . 2009-08-23 21:35 -------- d-----w- c:\arquivos de programas\Sonic mega game collection plus

2009-12-01 22:40 . 2009-09-10 15:24 -------- d-----w- c:\arquivos de programas\Mashed

2009-12-01 22:40 . 2009-09-06 20:40 -------- d-----w- c:\arquivos de programas\TARZAN

2009-12-01 22:40 . 2009-09-13 15:52 -------- d-----w- c:\arquivos de programas\Avatar The Last Airbender

2009-12-01 22:40 . 2009-10-08 22:33 -------- d-----w- c:\arquivos de programas\aerWER

2009-12-01 22:39 . 2009-10-14 13:54 -------- d-----w- c:\arquivos de programas\tomb_raider_2

2009-12-01 22:39 . 2009-07-31 20:22 -------- d-----w- c:\arquivos de programas\3D

2009-12-01 22:38 . 2009-08-01 18:27 -------- d-----w- c:\arquivos de programas\[puxando.com]GTA-Grand Theft Auto- Vice City- Full Version full version

2009-11-27 12:13 . 2009-08-16 01:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ViSplore

2009-11-25 19:54 . 2009-08-16 00:38 -------- d-----w- c:\arquivos de programas\ViSplore

2009-11-21 17:23 . 2009-08-16 00:38 -------- d-----w- c:\arquivos de programas\ViStart

2009-11-21 17:19 . 2009-07-31 18:21 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ViStart

2009-11-17 03:07 . 2009-11-17 03:03 -------- d-----w- c:\arquivos de programas\Hamachi

2009-11-17 03:03 . 2009-11-17 03:03 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys

2009-11-16 21:01 . 2009-08-10 04:59 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-11-15 00:36 . 2009-11-15 00:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterAction studios

2009-11-15 00:35 . 2009-11-15 00:34 -------- d-----w- c:\arquivos de programas\Chicken Invaders 3

2009-11-14 18:24 . 2009-11-14 18:24 -------- d-----w- c:\arquivos de programas\Tunatic

2009-11-12 00:30 . 2007-07-21 21:40 80570 ----a-w- c:\windows\system32\perfc016.dat

2009-11-12 00:30 . 2007-07-21 21:40 471804 ----a-w- c:\windows\system32\perfh016.dat

2009-11-07 20:35 . 2009-11-07 20:35 -------- d-----w- c:\arquivos de programas\KONAMI

2009-11-05 22:50 . 2009-09-02 21:28 -------- d-----w- c:\arquivos de programas\Vimicro

2009-11-05 22:50 . 2009-07-31 00:49 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-11-04 23:59 . 2009-11-04 23:59 -------- d-----w- c:\arquivos de programas\MP3 Player Utilities 4.00

2009-11-02 22:42 . 2009-10-14 13:00 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-11-02 21:10 . 2009-11-02 21:10 -------- d-----w- c:\arquivos de programas\GIF Movie Gear

2009-11-02 21:06 . 2009-11-02 20:40 -------- d-----w- c:\arquivos de programas\PhotoScape

2009-11-02 12:22 . 2009-11-02 12:22 -------- d-----w- c:\arquivos de programas\Kwyshell

2009-10-31 12:34 . 2009-10-31 12:34 -------- d-----w- c:\arquivos de programas\Aneesoft

2009-10-29 00:25 . 2009-10-29 00:24 -------- d-----w- c:\arquivos de programas\Muziic

2009-10-28 12:10 . 2009-10-28 10:33 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2009-10-28 12:10 . 2009-10-28 12:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bitstream

2009-10-28 10:33 . 2009-10-28 10:32 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Corel

2009-10-28 10:33 . 2009-10-28 10:33 8 --sh--r- c:\documents and settings\All Users\Dados de aplicativos\1DEAD0B2EF.sys

2009-10-28 10:28 . 2009-10-28 10:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Corel

2009-10-28 10:28 . 2009-10-28 10:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Protexis

2009-10-28 10:22 . 2009-10-28 10:22 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel

2009-10-28 10:16 . 2009-10-28 10:16 -------- d-----w- c:\arquivos de programas\Corel

2009-10-27 13:50 . 2009-10-27 13:50 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1

2009-10-27 13:50 . 2009-10-27 13:50 -------- d-----w- c:\arquivos de programas\Livebrush

2009-10-27 13:49 . 2009-10-27 13:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

2009-10-26 20:41 . 2009-08-02 22:50 -------- d-----w- c:\arquivos de programas\Winamp

2009-10-26 11:48 . 2009-10-26 11:48 4608 ----a-w- c:\windows\system32\w95inf32.dll

2009-10-26 11:48 . 2009-10-26 11:48 2272 ----a-w- c:\windows\system32\w95inf16.dll

2009-10-25 16:42 . 2009-10-25 16:41 -------- d-----w- c:\arquivos de programas\Parallel Port Joystick

2009-10-25 10:45 . 2009-07-31 19:19 -------- d-----w- c:\arquivos de programas\CAPCOM

2009-10-09 15:00 . 2009-10-09 15:00 229224 ----a-w- c:\windows\system32\drivers\VMM.sys

2009-10-02 13:51 . 2009-10-02 13:27 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-10 02:22 . 2009-08-10 02:22 2578 ----a-w- c:\arquivos de programas\Arquivos comuns\unins000.dat

2009-08-10 02:21 . 2009-08-10 02:22 730656 ----a-w- c:\arquivos de programas\Arquivos comuns\unins000.exe

2008-03-09 10:25 . 2009-08-10 02:22 236 ---ha-w- c:\arquivos de programas\Arquivos comuns\dx.reg

.

 

------- Sigcheck -------

 

[-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\explorer.exe

[-] 2007-09-02 . 85406FDA49C929E7451A8B840E7547EA . 1425408 . . [6.00.2900.3156] . . c:\windows\explorer.exe

[-] 2007-09-02 . EE1F04EF3ECBCEF3EBC47812C8374C84 . 1035264 . . [6.00.2900.3156] . . c:\windows\system32\VITrans\explorer.exe

 

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll

[-] 2007-09-02 . DB3AA410ED1228B9DF98C06549AE0763 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

 

[-] 2007-09-02 17:20 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-02-03 1004544]

"Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-09-23 133104]

"SystemExplorer"="c:\arquivos de programas\System Explorer\SystemExplorer.exe" [2008-08-25 1833472]

"RAM Medic"="c:\arquivos de programas\Iomatic\RAM Medic\RAMMedic.exe" [2004-01-24 1235968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]

"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]

"RTHDCPL"="RTHDCPL.EXE" [2007-11-30 16858624]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-05-26 413696]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-09-07 136600]

"MSSE"="c:\arquivos de programas\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

hamachi.lnk - c:\arquivos de programas\Hamachi\hamachi.exe [2009-11-17 624416]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-12-14 1678536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="%windir%\resources\logon\logonui.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2009-10-20 23:47 210168 ----a-w- c:\arquivos de programas\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wbsys.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Stardock ObjectDock.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Stardock ObjectDock.lnk

backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Styler.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Styler.lnk

backup=c:\windows\pss\Styler.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^WinFlip.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\WinFlip.lnk

backup=c:\windows\pss\WinFlip.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BlueSoleil.lnk

backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^eBoostr Control Panel.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\eBoostr Control Panel.lnk

backup=c:\windows\pss\eBoostr Control Panel.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 04:04 39792 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

2009-02-03 13:22 1004544 ----a-w- c:\arquivos de programas\Ares\Ares.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2007-07-21 21:40 110592 ------w- c:\windows\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-09-23 15:27 133104 ----atw- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]

2004-09-20 04:27 65536 ----a-w- c:\arquivos de programas\LClock\LClock.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 20:18 413696 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueTransparency]

2008-06-25 00:19 372224 ----a-w- c:\arquivos de programas\TrueTransparency\TrueTransparency.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]

2009-10-17 17:21 167936 ----a-w- c:\arquivos de programas\ViOrb\ViOrb.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Rainbar]

2008-11-15 00:57 131778 ----a-w- c:\arquivos de programas\Vista Rainbar\launcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]

2009-11-15 14:40 827392 ----a-w- c:\arquivos de programas\ViStart\ViStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaSwitcher]

2009-10-14 00:29 176592 ----a-w- c:\arquivos de programas\VistaSwitcher\vswitch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]

2007-04-25 12:45 956928 ----a-w- c:\arquivos de programas\VisualTooltip\VisualToolTip.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\viwc]

2006-05-12 11:19 1861632 ----a-w- c:\windows\system32\viwc.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Valve\\hlds.exe"=

"c:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\tthug2\\Game\\OiV mod.exe"=

"c:\\Arquivos de programas\\VDOWNLOADER\\VDownloader.exe"=

"c:\\Level Up! Games\\The Duel\\theduel.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 6\\pes6.exe"=

"c:\\Arquivos de programas\\English Bid for Power Final 4.0\\EBFPF 4.0 Cel.exe"=

"c:\\Arquivos de programas\\English Bid for Power Final 4.0\\EBFPF 4.0 DED.exe"=

"c:\\Arquivos de programas\\English Bid for Power Final 4.0\\EBFPF 4.0.exe"=

"c:\\Arquivos de programas\\English Bid for Power Final 4.0\\EBFPF 4.0 LOW.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\ZEQ II\\ZEQ2.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4219:TCP"= 4219:TCP:ragzwwkm

"25192:TCP"= 25192:TCP:BitComet 25192 TCP

"25192:UDP"= 25192:UDP:BitComet 25192 UDP

 

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/8/2009 00:40 721904]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [7/9/2009 11:29 12672]

R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [12/12/2009 11:56 2368]

R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23/1/2004 17:33 13952]

R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [23/1/2004 17:32 28800]

S2 bgrmaz;Network Universal;c:\windows\system32\svchost.exe -k netsvcs [21/7/2007 19:41 14336]

S3 FXDrv32;FXDrv32;\??\h:\fxdrv32.sys --> h:\FXDrv32.sys [?]

S3 lgusbsmodem;LGE Mobile USB Modem;c:\windows\system32\drivers\lgusbsmodem.sys [10/8/2009 23:47 42436]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\79.tmp --> c:\windows\system32\79.tmp [?]

S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]

S3 XDva297;XDva297;\??\c:\windows\system32\XDva297.sys --> c:\windows\system32\XDva297.sys [?]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

irfsvng

bgrmaz

.

------- Scan Suplementar -------

.

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Add to AMV Convert Tool... - c:\arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: Link to &MidpX - c:\arquivos de programas\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\bud7k3ke.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={33CE5E38-4C8F-6A1C-26A2-94D8338FBB13}&q=

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 50

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - (no file)

MSConfigStartUp-cFosSpeed - c:\arquivos de programas\cFosSpeed\cFosSpeed.exe

MSConfigStartUp-Cobian Backup 9 interface - c:\arquivos de programas\Cobian Backup 9\cbInterface.exe

MSConfigStartUp-TransBar - c:\arquivos de programas\AKSoftware\TransBar\TransBar.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-20 23:43

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x823741F8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf84b7fc3

\Driver\ACPI -> ACPI.sys @ 0xf8231cb8

\Driver\atapi -> 0x823741f8

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578c34

ParseProcedure -> ntkrnlpa.exe @ 0x80577896

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578c34

ParseProcedure -> ntkrnlpa.exe @ 0x80577896

NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf80cfba0

PacketIndicateHandler -> NDIS.sys @ 0xf80dcb21

SendHandler -> NDIS.sys @ 0xf80ba87b

Warning: possible MBR rootkit infection !

user & kernel MBR OK

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\79.tmp"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1482476501-1580818891-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,75,43,30,cf,3b,c0,43,ba,54,00,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,75,43,30,cf,3b,c0,43,ba,54,00,\

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1184)

c:\windows\system32\cscui.dll

c:\arquivos de programas\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

 

- - - - - - - > 'explorer.exe'(3304)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\msi.dll

c:\windows\system32\wpdshserviceobj.dll

c:\arquivos de programas\Microsoft Virtual PC\VPCShExH.DLL

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Microsoft Security Essentials\MsMpEng.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\System32\TUProgSt.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\arquivos de programas\Orbitdownloader\orbitnet.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\arquivos de programas\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-12-21 00:09:33 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-12-21 02:09

 

Pré-execução: 30 pasta(s) 10.515.841.024 bytes disponíveis

Pós execução: 32 pasta(s) 10.483.412.992 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 38DA0A4B26E749B2575AB9971C1AB7AC

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

File::

c:\windows\system32\viwc.exe

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\viwc]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4219:TCP"=-

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

CFScript.gif

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt

 

Informe também como está o PC....

Compartilhar este post

Link para o post
Compartilhar em outros sites

Kaua Fabiano    0

Kaua Fabiano
Postado

Aqui esta o log

ComboFix 09-12-19.03 - Administrador 21/12/2009 11:11:57.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.503.169 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

 

FILE ::

"c:\windows\system32\viwc.exe"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\viwc.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-21 to 2009-12-21 ))))))))))))))))))))))))))))

.

 

2009-12-17 12:50 . 2009-12-17 12:50 -------- d-----w- c:\arquivos de programas\DVD Decrypter

2009-12-16 01:21 . 2009-12-21 13:08 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent

2009-12-16 01:21 . 2009-12-16 01:21 -------- d-----w- c:\arquivos de programas\BitTorrent

2009-12-14 20:02 . 2009-12-14 20:03 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2009-12-12 16:56 . 2009-12-13 16:13 -------- d-----w- c:\arquivos de programas\ZEQ II

2009-12-12 13:56 . 2009-12-12 13:56 2368 ----a-w- c:\windows\system32\SVKP.sys

2009-12-12 13:50 . 2009-12-12 13:50 -------- d-----w- c:\arquivos de programas\Iomatic

2009-12-12 13:47 . 2009-12-12 13:47 -------- d-----w- c:\arquivos de programas\Free Offers from Freeze.com

2009-12-12 10:15 . 2009-12-12 10:18 -------- d-----w- c:\arquivos de programas\eMule

2009-12-09 02:30 . 2009-12-09 02:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SystemExplorer

2009-12-09 02:30 . 2009-12-09 02:30 -------- d-----w- c:\arquivos de programas\System Explorer

2009-12-09 00:59 . 2001-03-28 14:38 69632 ----a-w- c:\windows\system32\GkSui18.EXE

2009-12-09 00:58 . 2009-12-09 00:59 -------- d-----w- c:\arquivos de programas\RAM Defrag V2.55

2009-12-08 14:42 . 2009-12-20 19:42 -------- d-----w- c:\arquivos de programas\English Bid for Power Final 4.0

2009-12-05 19:12 . 2009-12-12 10:43 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Quake3

2009-12-04 22:54 . 2009-12-04 22:54 45056 ----a-w- c:\windows\NCUNINST.EXE

2009-12-04 22:53 . 2009-12-04 22:53 -------- d-----w- C:\AnimeGames

2009-12-04 22:45 . 2009-12-04 22:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\SWF Studio

2009-12-04 01:16 . 2009-12-04 01:16 -------- d--h--w- c:\documents and settings\All Users\Dados de aplicativos\{1088B796-B77C-456D-937C-2956360A8529}

2009-12-04 01:14 . 2009-12-04 01:14 -------- d-----w- c:\arquivos de programas\Digital 1 Audio

2009-12-03 22:11 . 2009-12-03 22:11 -------- d-----w- c:\arquivos de programas\softendo.com

2009-12-03 12:17 . 2009-12-03 12:18 -------- d-----w- c:\arquivos de programas\7-Zip

2009-12-03 11:50 . 2009-12-03 11:50 -------- d-----w- c:\arquivos de programas\Portabilizer

2009-12-02 13:20 . 2009-12-13 16:14 -------- d-----w- c:\arquivos de programas\SDW

2009-11-29 13:00 . 2009-11-29 13:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\fltk.org

2009-11-28 19:17 . 2009-12-13 16:14 -------- d-----w- c:\arquivos de programas\epsxe170

2009-11-28 19:14 . 2009-11-28 19:14 -------- d-----w- c:\arquivos de programas\psx emulation cheater

2009-11-28 18:21 . 2009-12-01 23:45 -------- d-----w- c:\arquivos de programas\Dragon Ball GT - Final Bout

2009-11-26 22:06 . 2009-11-26 22:06 -------- d-----w- c:\windows\system32\Adobe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-21 11:23 . 2009-08-23 19:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit

2009-12-21 11:23 . 2009-11-17 03:07 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Hamachi

2009-12-20 12:32 . 2009-11-15 16:32 -------- d-----w- c:\arquivos de programas\Pcsx2

2009-12-19 22:09 . 2009-10-11 14:29 -------- d-----r- c:\arquivos de programas\hdr.eng.rip

2009-12-19 20:59 . 2009-12-19 20:59 298831 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\LocalCopy\{1789EEE4-DE5A-38AD-A5B6-3BE2C13098AB}-GTA-SA Crazy IMG Editor.exe

2009-12-19 18:28 . 2009-08-02 16:13 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-12-19 18:27 . 2009-08-02 22:13 4844296 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-15 23:19 . 2009-08-28 02:11 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent

2009-12-15 15:56 . 2009-08-09 18:44 -------- d-----w- c:\arquivos de programas\Valve

2009-12-09 12:14 . 2009-08-20 01:51 -------- d-----w- c:\arquivos de programas\ViGlance

2009-12-09 12:13 . 2009-09-12 16:29 -------- d-----w- c:\arquivos de programas\Internet Speed Booster

2009-12-09 12:12 . 2009-10-11 23:18 -------- d-----w- c:\arquivos de programas\Super DVD Ripper

2009-12-08 11:35 . 2009-08-23 20:24 -------- d-----w- c:\arquivos de programas\Thoosje Sevenbar

2009-12-04 21:31 . 2009-08-01 18:54 -------- d-----w- c:\arquivos de programas\PES 2006

2009-12-03 18:14 . 2009-08-02 16:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-03 18:13 . 2009-08-02 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-01 22:51 . 2009-10-15 15:10 -------- d-----w- c:\arquivos de programas\MTX MOTOTRAX

2009-12-01 22:51 . 2009-10-11 17:19 -------- d-----w- c:\arquivos de programas\winkawaks159

2009-12-01 22:51 . 2009-09-19 21:13 -------- d-----w- c:\arquivos de programas\Cooking Academy 2 World Cuisine

2009-12-01 22:49 . 2009-08-19 13:56 -------- d-----w- c:\arquivos de programas\Chaos Legion

2009-12-01 22:47 . 2009-08-18 01:44 -------- d-----w- c:\arquivos de programas\Frets on Fire

2009-12-01 22:47 . 2009-08-01 23:20 -------- d-----w- c:\arquivos de programas\XMen-TheOfficialGame

2009-12-01 22:46 . 2009-08-02 01:12 -------- d-----w- c:\arquivos de programas\www.oyun-forum.com_JonTurk

2009-12-01 22:46 . 2009-08-01 22:49 -------- d-----w- c:\arquivos de programas\Urban Freestyle soccer.-.InFeCtEd!.-.usinavirtual.com

2009-12-01 22:46 . 2009-08-01 22:17 -------- d-----w- c:\arquivos de programas\RFG

2009-12-01 22:44 . 2009-08-01 04:32 -------- d-----w- c:\arquivos de programas\Ice.Age.2

2009-12-01 22:43 . 2009-08-15 13:54 -------- d-----w- c:\arquivos de programas\SF3TS MAME119

2009-12-01 22:41 . 2009-08-02 01:42 -------- d-----w- c:\arquivos de programas\Juiced

2009-12-01 22:40 . 2009-08-23 21:35 -------- d-----w- c:\arquivos de programas\Sonic mega game collection plus

2009-12-01 22:40 . 2009-09-10 15:24 -------- d-----w- c:\arquivos de programas\Mashed

2009-12-01 22:40 . 2009-09-06 20:40 -------- d-----w- c:\arquivos de programas\TARZAN

2009-12-01 22:40 . 2009-09-13 15:52 -------- d-----w- c:\arquivos de programas\Avatar The Last Airbender

2009-12-01 22:40 . 2009-10-08 22:33 -------- d-----w- c:\arquivos de programas\aerWER

2009-12-01 22:39 . 2009-10-14 13:54 -------- d-----w- c:\arquivos de programas\tomb_raider_2

2009-12-01 22:39 . 2009-07-31 20:22 -------- d-----w- c:\arquivos de programas\3D

2009-12-01 22:38 . 2009-08-01 18:27 -------- d-----w- c:\arquivos de programas\[puxando.com]GTA-Grand Theft Auto- Vice City- Full Version full version

2009-11-27 12:13 . 2009-08-16 01:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ViSplore

2009-11-25 19:54 . 2009-08-16 00:38 -------- d-----w- c:\arquivos de programas\ViSplore

2009-11-25 13:58 . 2009-11-25 12:40 79488 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-21 17:23 . 2009-08-16 00:38 -------- d-----w- c:\arquivos de programas\ViStart

2009-11-21 17:19 . 2009-07-31 18:21 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ViStart

2009-11-17 03:07 . 2009-11-17 03:03 -------- d-----w- c:\arquivos de programas\Hamachi

2009-11-17 03:03 . 2009-11-17 03:03 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys

2009-11-16 21:01 . 2009-08-10 04:59 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-11-15 16:32 . 2009-11-15 16:32 12862 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe

2009-11-15 00:36 . 2009-11-15 00:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterAction studios

2009-11-15 00:35 . 2009-11-15 00:34 -------- d-----w- c:\arquivos de programas\Chicken Invaders 3

2009-11-14 18:24 . 2009-11-14 18:24 -------- d-----w- c:\arquivos de programas\Tunatic

2009-11-12 00:30 . 2007-07-21 21:40 80570 ----a-w- c:\windows\system32\perfc016.dat

2009-11-12 00:30 . 2007-07-21 21:40 471804 ----a-w- c:\windows\system32\perfh016.dat

2009-11-07 20:35 . 2009-11-07 20:35 -------- d-----w- c:\arquivos de programas\KONAMI

2009-11-05 22:50 . 2009-09-02 21:28 -------- d-----w- c:\arquivos de programas\Vimicro

2009-11-05 22:50 . 2009-07-31 00:49 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-11-04 23:59 . 2009-11-04 23:59 766 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_294823.exe

2009-11-04 23:59 . 2009-11-04 23:59 2238 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_4ae13d6c.exe

2009-11-04 23:59 . 2009-11-04 23:59 1518 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_69525f90.exe

2009-11-04 23:59 . 2009-11-04 23:59 1078 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_2cd672ae.exe

2009-11-04 23:59 . 2009-11-04 23:59 1078 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_18be6784.exe

2009-11-04 23:59 . 2009-11-04 23:59 -------- d-----w- c:\arquivos de programas\MP3 Player Utilities 4.00

2009-11-02 22:42 . 2009-10-14 13:00 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-11-02 21:10 . 2009-11-02 21:10 -------- d-----w- c:\arquivos de programas\GIF Movie Gear

2009-11-02 21:06 . 2009-11-02 20:40 -------- d-----w- c:\arquivos de programas\PhotoScape

2009-11-02 12:22 . 2009-11-02 12:22 -------- d-----w- c:\arquivos de programas\Kwyshell

2009-10-31 12:34 . 2009-10-31 12:34 -------- d-----w- c:\arquivos de programas\Aneesoft

2009-10-29 00:25 . 2009-10-29 00:24 -------- d-----w- c:\arquivos de programas\Muziic

2009-10-28 12:10 . 2009-10-28 10:33 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2009-10-28 12:10 . 2009-10-28 10:33 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2009-10-28 12:10 . 2009-10-28 12:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bitstream

2009-10-28 10:33 . 2009-10-28 10:32 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Corel

2009-10-28 10:33 . 2009-10-28 10:33 8 --sh--r- c:\documents and settings\All Users\Dados de aplicativos\1DEAD0B2EF.sys

2009-10-28 10:33 . 2009-10-28 10:33 8 --sh--r- c:\documents and settings\All Users\Dados de aplicativos\1DEAD0B2EF.sys

2009-10-28 10:28 . 2009-10-28 10:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Corel

2009-10-28 10:28 . 2009-10-28 10:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Protexis

2009-10-28 10:22 . 2009-10-28 10:22 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel

2009-10-28 10:16 . 2009-10-28 10:16 -------- d-----w- c:\arquivos de programas\Corel

2009-10-27 13:50 . 2009-10-27 13:50 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1

2009-10-27 13:50 . 2009-10-27 13:50 -------- d-----w- c:\arquivos de programas\Livebrush

2009-10-27 13:49 . 2009-10-27 13:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

2009-10-27 13:42 . 2009-10-27 14:33 38208 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-10-27 13:42 . 2009-10-27 13:50 38208 ----a-w- c:\documents and settings\Default User\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-10-26 20:41 . 2009-08-02 22:50 -------- d-----w- c:\arquivos de programas\Winamp

2009-10-26 11:48 . 2009-10-26 11:48 4608 ----a-w- c:\windows\system32\w95inf32.dll

2009-10-26 11:48 . 2009-10-26 11:48 2272 ----a-w- c:\windows\system32\w95inf16.dll

2009-10-25 16:42 . 2009-10-25 16:41 -------- d-----w- c:\arquivos de programas\Parallel Port Joystick

2009-10-25 10:45 . 2009-07-31 19:19 -------- d-----w- c:\arquivos de programas\CAPCOM

2009-10-09 15:00 . 2009-10-09 15:00 229224 ----a-w- c:\windows\system32\drivers\VMM.sys

2009-10-08 23:00 . 2009-10-08 22:58 164880 ---ha-w- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Virtual PC\VPCKeyboard.dll

2009-10-02 13:51 . 2009-10-02 13:27 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-10 02:22 . 2009-08-10 02:22 2578 ----a-w- c:\arquivos de programas\Arquivos comuns\unins000.dat

2009-08-10 02:21 . 2009-08-10 02:22 730656 ----a-w- c:\arquivos de programas\Arquivos comuns\unins000.exe

2008-03-09 10:25 . 2009-08-10 02:22 236 ---ha-w- c:\arquivos de programas\Arquivos comuns\dx.reg

.

 

------- Sigcheck -------

 

[-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\explorer.exe

[-] 2007-09-02 . 85406FDA49C929E7451A8B840E7547EA . 1425408 . . [6.00.2900.3156] . . c:\windows\explorer.exe

[-] 2007-09-02 . EE1F04EF3ECBCEF3EBC47812C8374C84 . 1035264 . . [6.00.2900.3156] . . c:\windows\system32\VITrans\explorer.exe

 

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll

[-] 2007-09-02 . DB3AA410ED1228B9DF98C06549AE0763 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

 

[-] 2007-09-02 17:20 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-02-03 1004544]

"Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-09-23 133104]

"SystemExplorer"="c:\arquivos de programas\System Explorer\SystemExplorer.exe" [2008-08-25 1833472]

"RAM Medic"="c:\arquivos de programas\Iomatic\RAM Medic\RAMMedic.exe" [2004-01-24 1235968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]

"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]

"RTHDCPL"="RTHDCPL.EXE" [2007-11-30 16858624]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-05-26 413696]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-09-07 136600]

"MSSE"="c:\arquivos de programas\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

hamachi.lnk - c:\arquivos de programas\Hamachi\hamachi.exe [2009-11-17 624416]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-12-14 1678536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="%windir%\resources\logon\logonui.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2009-10-20 23:47 210168 ----a-w- c:\arquivos de programas\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wbsys.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Stardock ObjectDock.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Stardock ObjectDock.lnk

backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Styler.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Styler.lnk

backup=c:\windows\pss\Styler.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^WinFlip.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\WinFlip.lnk

backup=c:\windows\pss\WinFlip.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BlueSoleil.lnk

backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^eBoostr Control Panel.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\eBoostr Control Panel.lnk

backup=c:\windows\pss\eBoostr Control Panel.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 04:04 39792 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

2009-02-03 13:22 1004544 ----a-w- c:\arquivos de programas\Ares\Ares.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2007-07-21 21:40 110592 ------w- c:\windows\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-09-23 15:27 133104 ----atw- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]

2004-09-20 04:27 65536 ----a-w- c:\arquivos de programas\LClock\LClock.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 20:18 413696 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueTransparency]

2008-06-25 00:19 372224 ----a-w- c:\arquivos de programas\TrueTransparency\TrueTransparency.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]

2009-10-17 17:21 167936 ----a-w- c:\arquivos de programas\ViOrb\ViOrb.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Rainbar]

2008-11-15 00:57 131778 ----a-w- c:\arquivos de programas\Vista Rainbar\launcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]

2009-11-15 14:40 827392 ----a-w- c:\arquivos de programas\ViStart\ViStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaSwitcher]

2009-10-14 00:29 176592 ----a-w- c:\arquivos de programas\VistaSwitcher\vswitch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]

2007-04-25 12:45 956928 ----a-w- c:\arquivos de programas\VisualTooltip\VisualToolTip.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Valve\\hlds.exe"=

"c:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\tthug2\\Game\\OiV mod.exe"=

"c:\\Arquivos de programas\\VDOWNLOADER\\VDownloader.exe"=

"c:\\Level Up! Games\\The Duel\\theduel.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 6\\pes6.exe"=

"c:\\Arquivos de programas\\English Bid for Power Final 4.0\\EBFPF 4.0 Cel.exe"=

"c:\\Arquivos de programas\\English Bid for Power Final 4.0\\EBFPF 4.0 DED.exe"=

"c:\\Arquivos de programas\\English Bid for Power Final 4.0\\EBFPF 4.0.exe"=

"c:\\Arquivos de programas\\English Bid for Power Final 4.0\\EBFPF 4.0 LOW.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\ZEQ II\\ZEQ2.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"25192:TCP"= 25192:TCP:BitComet 25192 TCP

"25192:UDP"= 25192:UDP:BitComet 25192 UDP

 

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [7/9/2009 11:29 12672]

R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [12/12/2009 11:56 2368]

R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23/1/2004 17:33 13952]

R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [23/1/2004 17:32 28800]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/8/2009 00:40 721904]

S2 bgrmaz;Network Universal;c:\windows\system32\svchost.exe -k netsvcs [21/7/2007 19:41 14336]

S3 FXDrv32;FXDrv32;\??\h:\fxdrv32.sys --> h:\FXDrv32.sys [?]

S3 lgusbsmodem;LGE Mobile USB Modem;c:\windows\system32\drivers\lgusbsmodem.sys [10/8/2009 23:47 42436]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\79.tmp --> c:\windows\system32\79.tmp [?]

S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]

S3 XDva297;XDva297;\??\c:\windows\system32\XDva297.sys --> c:\windows\system32\XDva297.sys [?]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

irfsvng

bgrmaz

.

------- Scan Suplementar -------

.

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Add to AMV Convert Tool... - c:\arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: Link to &MidpX - c:\arquivos de programas\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\bud7k3ke.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={33CE5E38-4C8F-6A1C-26A2-94D8338FBB13}&q=

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 50

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

AddRemove-Vista Transformation Pack - c:\windows\system32\viwc.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-21 11:22

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\79.tmp"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1482476501-1580818891-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,75,43,30,cf,3b,c0,43,ba,54,00,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,75,43,30,cf,3b,c0,43,ba,54,00,\

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1164)

c:\windows\system32\cscui.dll

c:\arquivos de programas\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

.

Tempo para conclusão: 2009-12-21 11:28:00

ComboFix-quarantined-files.txt 2009-12-21 13:27

ComboFix2.txt 2009-12-21 02:09

 

Pré-execução: 9.612.550.144 bytes disponíveis

Pós execução: 31 pasta(s) 10.416.095.232 bytes disponíveis

 

- - End Of File - - ACD456E6AE8171BFB873D26C03E69AB3

 

O PC ainda esta do mesmo jeito.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

O log está limpo...

 

1.

*Clique em [iniciar] > [Executar] > digite: combofix /uninstall

*Clique [OK]

 

92674490.jpg

 

*Clique em [Executar]

*Surgirá a mensagem: "ComboFix está desinstalado"

 

*Clique [OK]

*Delete o arquivo C:\combofix.txt

 

 

Só vejo 3 possibilidades para tentar corrigir...fora isso não sei mais como te ajudar.

 

a) Rever o layout do teclado:

http://www.xtibia.com/forum/Teclado-Desconfigurado-Aprenda-Concertar-t111727.html

 

B) Testar outro teclado no PC

 

c) Reparar o Windows.

*Dê o boot pelo CD de instalação do Windows

*Na primeira tela, tecle R para entrar no Console de Recuperação do Windows

10ov7.jpg

Compartilhar este post

Link para o post
Compartilhar em outros sites

Kaua Fabiano    0

Kaua Fabiano
Postado

Fiz o processo b e deu tudo certo

 

muito obrigado wings por me ajudar nesse processo todo ^^

e desculpe o imcomodo

 

muito obrigado

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito