Twilight 0 Denunciar post Postado Maio 4, 2010 Bom foi assim, estava usando o PC, quando derepente o Avast achou um virus, eu cliquei em mandar pra quarentena mas logo apareceu vaaarios, e fui mandando pra quarentena (Desespero).Logo todos os icones do PC quando era clicado, aparecia aquela imagem de lupa...escrito "Procurando", e nao abri o programa, Ai um recado estranho do Avast apreceu e ele fechou logo depois o FireWall tambem desativou sozinho, Na hora eu tirei o Avast e fui baixar o Avira mas ele nao istala, ele fecha sozinho tambem! Entrar pelo F5 Tambem nao pega ta... Bom acho que e so isso que notei de estranho nele... Pessoa a ajuda de alguem... O log do Hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:55:55, on 3/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\tsnp325.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\vsnp325.exe C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe C:\WINDOWS\PixArt\PAP7501\PACTray.exe C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Ares\Ares.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\AWS\WeatherBug Alert\WeatherBugAlert.exe C:\Arquivos de programas\ManyCam 2.4\ManyCam.exe C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe C:\Arquivos de programas\Software Informer\softinfo.exe C:\WINDOWS\system32\XP-7AB8F326.EXE C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe C:\Arquivos de programas\Scramby\voicetunerserver.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\ulemfh.exe C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winichys.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Arquivos de programas\ChameleonTom\wit4ie.dll (file missing) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GUCI_AVS] C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe O4 - HKLM\..\Run: [PACTray] C:\WINDOWS\PixArt\PAP7501\PACTray.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [XP-7AB8F326] C:\WINDOWS\system32\XP-7AB8F326.EXE O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\LClock.exe O4 - HKCU\..\Run: [Vista Sidebar] C:\Arquivos de programas\Vista Sidebar\sidebar.exe O4 - HKCU\..\Run: [ViStart] C:\Arquivos de programas\ViStart\ViStart.exe O4 - HKCU\..\Run: [ViOrb] C:\Arquivos de programas\ViOrb\ViOrb.exe O4 - HKCU\..\Run: [settingsfunk] C:\DOCUME~1\ADMINI~1\DADOSD~1\MP3MEO~1\Real Fast.exe O4 - HKCU\..\Run: [ProxyCap] C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WeatherBugAlert] "C:\Arquivos de programas\AWS\WeatherBug Alert\WeatherBugAlert.exe" /st O4 - HKCU\..\Run: [ManyCam] "C:\Arquivos de programas\ManyCam 2.4\ManyCam.exe" O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun O4 - HKCU\..\Run: [software Informer] "C:\Arquivos de programas\Software Informer\softinfo.exe" -autorun O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-7AB8F326.EXE O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: AMV convert tool grab multimedia file - grab.html O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - grab.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/49.12/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223584145359 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{129A86AC-EA3B-4062-82A6-819173563CB3}: NameServer = 192.168.240.3,66.28.0.45 O17 - HKLM\System\CS1\Services\Tcpip\..\{129A86AC-EA3B-4062-82A6-819173563CB3}: NameServer = 192.168.240.3,66.28.0.45 O17 - HKLM\System\CS2\Services\Tcpip\..\{129A86AC-EA3B-4062-82A6-819173563CB3}: NameServer = 192.168.240.3,66.28.0.45 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gerenciador do Google Desktop 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c9c29a4f8175aa) (gupdate1c9c29a4f8175aa) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Voice Tuner (voicetuner) - RapidSolution - C:\Arquivos de programas\Scramby\voicetunerserver.exe O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (file missing) -- End of file - 16385 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 4, 2010 Boa noite... Contaminação por Sality....a tentativa de remoção pode não ser eficaz. Desejas tentar ou formatar? Caso deseje formatar, não salve nenhum aplicativo instalado no PC. Instale o Windows, o Office e um antivírus. Compartilhar este post Link para o post Compartilhar em outros sites
Twilight 0 Denunciar post Postado Maio 4, 2010 Boa noite... Contaminação por Sality....a tentativa de remoção pode não ser eficaz. Desejas tentar ou formatar? Caso deseje formatar, não salve nenhum aplicativo instalado no PC. Instale o Windows, o Office e um antivírus. Primeiramente obrigado pela ajuda, vou tentar a primeira opçao, talvez com sorte eu consiga remover...^^ Oque tenho que fazer... Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 4, 2010 1. *Baixe o SalityKiller e salve-o no desktop *Extraia o seu conteúdo para C:\ *Desative a Restauração do Sistema Clique com o botão direito do mouse em Meu Computador > Propriedades > Restauração do Sistema > Desativar Restauração do Sistema > OK > Sim *Este programa irá rodar em 2 janelas distintas ao mesmo tempo!! *A primeira janela: *Clique em [iniciar] > [Executar] > copi e cole: C:\salitykiller.exe -m *Clique [OK] *Mantenha a janela rodando. Não feche-a!! Se desejar, minimize-a. *A segunda janela: *Clique em [iniciar] > [Executar] > copie e cole: C:\salitykiller.exe -y -x -j -l sality.txt -v *Clique [OK] *Ao término, a janela 2 será fechada automaticamente. Feche, então, a janela 1. *Cole o resumo localizado no final do arquivo C:\sality.txt, conforme mostrado abaixo: 23:57:51:0 Infected files: 823:57:51:0 Infected processes: 0 23:57:51:0 Infected threads: 2 23:57:51:0 Cured files: 8 23:57:51:0 Executed registry scripts: 1 Compartilhar este post Link para o post Compartilhar em outros sites
Twilight 0 Denunciar post Postado Maio 4, 2010 23:57:51:0 Infected files: 823:57:51:0 Infected processes: 0 23:57:51:0 Infected threads: 2 23:57:51:0 Cured files: 8 23:57:51:0 Executed registry scripts: 1 completed 18:12:50:718 Infected files: 113 18:12:50:734 Infected processes: 0 18:12:50:734 Infected threads: 0 18:12:50:734 Cured files: 108 18:12:50:734 Executed registry scripts: 1 Caracolis demoro muito UAHSAUHS to desde aquele teu ultimo post ate agora AUSHAUHSUA...E ai? consegui tirar? *O* Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 4, 2010 *Baixe o ComboFix e salve-o no desktop *Execute o Combofix e aceite o contrato *Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação. *Clique em [sIM] para continuar. *Aguarde a conclusão de todas as etapas *Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER. *O programa será fechado automaticamente *Cole o relatório criado em C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Twilight 0 Denunciar post Postado Maio 4, 2010 *Baixe o ComboFix'>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]ComboFix e salve-o no desktop *Execute o Combofix e aceite o contrato *Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação. *Clique em [sIM] para continuar. *Aguarde a conclusão de todas as etapas *Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER. *O programa será fechado automaticamente *Cole o relatório criado em C:\combofix.txt ComboFix 10-05-04.01 - Administrador 04/05/2010 18:48:37.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2039.1438 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\arquivos de programas\Cheat Engine\dbk32.sys c:\arquivos de programas\Gravity\Ragnarok Online\skin\default\basic_interface\_desktop.ini c:\arquivos de programas\Gravity\Ragnarok Online\skin\Scribbling Kid\_desktop.ini c:\arquivos de programas\Gravity\Ragnarok Online\skin\Scribbling Kid\basic_interface\_desktop.ini c:\arquivos de programas\Internet Explorer\SET12.tmp c:\arquivos de programas\Internet Explorer\SET13.tmp c:\arquivos de programas\Internet Explorer\SET24A.tmp c:\arquivos de programas\Internet Explorer\SET24B.tmp c:\arquivos de programas\Internet Explorer\SET26E.tmp c:\arquivos de programas\Internet Explorer\SET26F.tmp c:\arquivos de programas\Internet Explorer\SETC.tmp c:\arquivos de programas\Internet Explorer\SETD.tmp c:\arquivos de programas\Internet Explorer\SETE.tmp c:\arquivos de programas\Internet Explorer\SETF.tmp c:\arquivos de programas\WindowsUpdate C:\autorun.inf c:\docume~1\ADMINI~1\CONFIG~1\Temp\000DE271_Rar\chrome.exe c:\documents and settings\Administrador\Configurações locais\Temp\000DE271_Rar\chrome.exe c:\documents and settings\Administrador\Dados de aplicativos\addon.dat c:\documents and settings\Administrador\Dados de aplicativos\Desktopicon c:\documents and settings\Administrador\Dados de aplicativos\Desktopicon\eBayShortcuts.exe c:\documents and settings\Administrador\Dados de aplicativos\Desktopicon\mc.ico c:\documents and settings\Administrador\Dados de aplicativos\EurekaLog c:\documents and settings\Administrador\Dados de aplicativos\Wplugin.dll c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\¡¡¡¡¡¡.lnk c:\documents and settings\Administrador\Recent\Thumbs.db c:\documents and settings\All Users\Menu Iniciar\Programas\325 USB PC Camera c:\documents and settings\All Users\Menu Iniciar\Programas\325 USB PC Camera \AMCap.lnk c:\documents and settings\All Users\Menu Iniciar\Programas\325 USB PC Camera \Uninstall.lnk c:\windows\explorer.exe.local c:\windows\system32\com.run c:\windows\system32\dp1.fne c:\windows\system32\eAPI.fne c:\windows\system32\internet.fne c:\windows\system32\krnln.fnr c:\windows\system32\og.dll c:\windows\system32\og.edt c:\windows\system32\plugin.dat c:\windows\system32\RegEx.fnr c:\windows\system32\scvideo.dll c:\windows\system32\shell.fne c:\windows\system32\spec.fne c:\windows\system32\system32 c:\windows\system32\system32\klog.dat c:\windows\system32\Thumbs.db c:\windows\system32\ul.dll c:\windows\Wplugin.dll c:\windows\ws2help.dll A cópia de c:\windows\system32\midimap.dll foi encontrada e desinfectada Cópia restaurada de - c:\windows\VistaMizer\old\midimap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR -------\Legacy_ILVMONEYDRIVER53 -------\Service_IlvMoneyDRIVER53 -------\Legacy_DBKDRVR54 -------\Service_DBKDRVR54 (((((((((((((((( Arquivos/Ficheiros criados de 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))) . 2010-05-04 16:49 . 2009-08-11 13:54 212744 ----a-w- C:\SalityKiller.exe 2010-05-04 16:47 . 2009-09-25 02:21 133422 ----a-w- C:\salitykiller.zip 2010-05-04 01:24 . 2010-05-04 01:24 -------- d-----w- c:\arquivos de programas\Orban 2010-05-04 00:37 . 2010-05-04 00:38 -------- d-----w- C:\UsbFix 2010-05-03 21:32 . 2010-05-04 01:06 13824 ----a-w- c:\windows\system32\QT63146F.EXE 2010-05-03 21:32 . 2010-05-03 21:32 13824 --sh--w- c:\windows\system32\TC-WZ6.EXE 2010-05-03 21:32 . 2010-05-04 01:06 23552 ----a-w- c:\windows\system32\Z778179B.EXE 2010-05-03 21:32 . 2010-05-03 21:32 23552 --sh--w- c:\windows\system32\GC-BZ6.EXE 2010-05-03 21:29 . 2010-05-03 21:29 1685359 --sh--r- c:\windows\system32\XP-7AB8F326.EXE 2010-05-03 16:15 . 2010-05-03 16:57 75 ----a-w- c:\documents and settings\Administrador\jagex_runescape_preferences2.dat 2010-05-03 16:11 . 2010-05-03 16:16 41 ----a-w- c:\documents and settings\Administrador\jagex_runescape_preferences.dat 2010-05-03 16:10 . 2010-05-03 16:10 -------- d-----w- c:\windows\.jagex_cache_32 2010-04-30 17:47 . 2010-03-26 00:49 66048 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll 2010-04-30 17:47 . 2010-01-05 18:57 103424 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2010-04-30 17:46 . 2010-01-05 18:57 734662 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe 2010-04-30 17:46 . 2010-01-05 18:57 534650 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe 2010-04-30 17:46 . 2010-01-05 18:57 153600 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll 2010-04-30 17:46 . 2010-01-05 18:57 57856 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\piclens@cooliris.com\components\coolirisstub.dll 2010-04-30 17:46 . 2010-01-05 18:57 4725760 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\piclens@cooliris.com\libs\cooliris192.dll 2010-04-29 21:44 . 2010-04-29 21:44 -------- d-----w- C:\Netmarble 2010-04-29 16:50 . 2010-04-29 16:50 -------- d-----w- c:\arquivos de programas\Windows Journal Viewer 2010-04-27 17:06 . 2010-02-25 06:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-04-27 17:06 . 2010-02-25 06:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-04-27 15:54 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys 2010-04-27 01:49 . 2010-04-27 01:49 -------- d-----w- c:\arquivos de programas\MSXML 4.0 2010-04-26 22:52 . 2010-02-17 17:07 2194176 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-04-26 22:52 . 2010-02-16 19:07 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-04-26 22:52 . 2010-02-16 19:07 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-04-26 22:52 . 2010-04-26 22:52 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-04-26 18:57 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-04-26 18:57 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys 2010-04-26 17:16 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-04-25 16:10 . 2010-04-25 16:10 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\IObit 2010-04-25 16:10 . 2010-04-25 16:10 -------- d-----w- c:\arquivos de programas\IObit 2010-04-25 16:10 . 2010-04-25 16:10 -------- d-----w- c:\arquivos de programas\VS Revo Group 2010-04-25 15:53 . 2010-04-25 15:53 -------- d-----w- c:\documents and settings\NetworkService\Menu Iniciar 2010-04-25 15:53 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-04-25 15:53 . 2009-08-06 22:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-04-23 14:22 . 2001-09-06 02:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-04-23 14:22 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-04-19 17:59 . 2010-04-19 17:59 255472 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll 2010-04-18 19:14 . 2010-04-19 02:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent 2010-04-18 19:14 . 2010-04-18 19:14 -------- d-----w- c:\arquivos de programas\BitTorrent 2010-04-05 16:24 . 2010-04-28 21:04 629198 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Real\Update\setup3.10\setup.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-04 22:02 . 2010-05-04 22:00 782 --sha-w- c:\windows\system32\og.dll 2010-05-04 22:00 . 2010-05-04 22:00 2404 --sha-w- c:\windows\system32\ul.dll 2010-05-04 22:00 . 2010-03-31 21:31 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Software Informer 2010-05-04 22:00 . 2010-05-04 21:59 110592 ----a-w- c:\windows\Wplugin.dll 2010-05-04 21:56 . 2009-05-02 01:12 -------- d-----w- c:\arquivos de programas\Cheat Engine 2010-05-04 21:39 . 2009-03-11 23:21 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit 2010-05-04 21:21 . 2009-05-08 22:32 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-04 16:18 . 2009-04-21 15:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Google Updater 2010-05-04 01:24 . 2008-11-05 17:36 -------- d-----w- c:\arquivos de programas\Megacubo 2010-05-03 22:03 . 2009-07-31 15:36 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype 2010-05-03 21:59 . 2008-04-14 12:00 2864 ----a-w- c:\windows\system32\winsock.dll 2010-05-03 21:56 . 2009-09-28 19:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM 2010-05-03 21:52 . 2009-09-27 19:41 -------- d-----w- c:\arquivos de programas\ManyCam 2.4 2010-05-03 21:48 . 2008-12-04 00:52 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2010-05-03 21:46 . 2010-03-31 21:31 -------- d-----w- c:\arquivos de programas\Free Download Manager 2010-05-03 21:45 . 2008-10-31 21:39 -------- d-----w- c:\arquivos de programas\Audacity 1.3 Beta (Unicode) 2010-05-03 21:43 . 2009-11-18 18:29 -------- d-----w- c:\arquivos de programas\Any Video Converter 2010-05-03 21:34 . 2010-03-31 21:31 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Free Download Manager 2010-05-03 21:27 . 2009-09-06 22:04 -------- d-----w- c:\arquivos de programas\QuickTime 2010-04-30 20:23 . 2009-04-13 20:07 -------- d-----w- c:\arquivos de programas\PhotoScape 2010-04-29 21:44 . 2008-10-07 13:01 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-04-28 20:38 . 2008-04-14 12:00 79588 ----a-w- c:\windows\system32\perfc016.dat 2010-04-28 20:38 . 2008-04-14 12:00 468794 ----a-w- c:\windows\system32\perfh016.dat 2010-04-27 15:35 . 2009-10-02 15:15 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight 2010-04-25 16:09 . 2009-03-11 23:21 -------- d-----w- c:\arquivos de programas\Orbitdownloader 2010-04-12 20:06 . 2008-10-09 20:34 -------- d-----w- c:\arquivos de programas\Google 2010-03-31 21:31 . 2010-03-31 21:31 -------- d-----w- c:\arquivos de programas\Software Informer 2010-03-31 21:31 . 2010-03-31 21:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG 2010-03-27 17:35 . 2009-04-27 19:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer 2010-03-27 17:33 . 2010-03-27 17:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2010-03-27 17:33 . 2010-03-27 17:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2010-03-25 01:48 . 2010-03-25 01:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles 2010-03-10 06:16 . 2008-04-14 12:00 420352 ------w- c:\windows\system32\vbscript.dll 2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 19:07 . 2008-04-14 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:07 . 2008-04-13 19:00 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 15:09 . 2010-02-12 15:09 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll 2010-02-12 15:07 . 2010-02-12 15:07 79488 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll 2010-02-12 04:34 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2008-10-17 21:37 . 2008-10-17 21:37 15984024 ----a-w- c:\arquivos de programas\jre-6u7-windows-i586-p-s.exe 2009-04-05 18:32 . 2009-04-05 18:32 122880 ----a-w- c:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll 2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll 2008-11-14 19:27 . 2008-11-14 19:26 24 --sha-w- c:\windows\S12A1A851.tmp 2009-02-02 22:36 . 2009-01-16 17:17 168 --sh--r- c:\windows\system32\906E9FFB63.sys 2009-02-02 22:36 . 2009-01-16 16:32 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe [7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe [-] 2008-04-14 . 4A82CD98D559D958523E9CAD9FDA399E . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2008-04-14 . 4A82CD98D559D958523E9CAD9FDA399E . 724992 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll [-] 2008-04-14 . 7C0E5D593730414B5994A15A6D10C201 . 588288 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2008-04-14 . 7C0E5D593730414B5994A15A6D10C201 . 588288 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll [7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll [-] 2008-04-14 . 418E7BA055147AE6364BA5E19E281A1F . 1554432 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . C958AC6FE26A7F9B45021311D6FB5178 . 3329024 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe [-] 2008-04-14 . C958AC6FE26A7F9B45021311D6FB5178 . 3329024 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe [-] 2008-04-14 . D67945A2290E98BB54D7792F09E7504E . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2008-04-14 . D67945A2290E98BB54D7792F09E7504E . 25088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe [7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-02-26 14:25 809864 ----a-w- c:\arquivos de programas\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-02-03 1004544] "Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-05-04 227795] "WeatherBugAlert"="c:\arquivos de programas\AWS\WeatherBug Alert\WeatherBugAlert.exe" [2010-05-04 442368] "ManyCam"="c:\arquivos de programas\ManyCam 2.4\ManyCam.exe" [2010-05-04 1824040] "Pando Media Booster"="c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe" [2010-02-21 2937528] "Software Informer"="c:\arquivos de programas\Software Informer\softinfo.exe" [2010-05-04 2261061] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088] "tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 339968] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 3684352] "AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480] "snp325"="c:\windows\vsnp325.exe" [2007-05-10 913408] "Google Desktop Search"="c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2009-04-05 30192] "GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 397312] "PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2008-09-02 417792] "nwiz"="nwiz.exe" [2008-05-02 1708032] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016] "QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-05-04 495616] "XP-7AB8F326"="c:\windows\system32\XP-7AB8F326.EXE" [2010-05-03 1685359] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088] c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\ .lnk - c:\windows\system32\XP-7AB8F326.EXE [2010-5-3 1685359] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-11-26 17:54 1057064 ----a-w- c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-01-09 01:17 52256 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 17:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-02 14:46 13529088 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-02 14:46 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-05-02 14:46 1708032 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-03-15 00:01 71216 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-02-13 06:31 16857600 ------r- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2007-11-26 17:54 1629480 ----a-w- c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Ares\\Ares.exe"= "c:\\Level Up! Games\\The Duel\\theduel.exe"= "c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"= "c:\\Level Up! Games\\Grand Chase Season 2\\main.exe"= "c:\\Arquivos de programas\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Arquivos de programas\\Secured eMule\\securedemule.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"= "c:\\Arquivos de programas\\Garena\\Garena.exe"= "c:\\Arquivos de programas\\Gravity\\Ragnarok Online\\Ragnarok.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\PhotoJoy\\Bin\\PjApp.exe"= "c:\\Arquivos de programas\\PhotoJoy\\Bin\\PjImp.exe"= "c:\\Arquivos de programas\\PhotoJoy\\Bin\\PhotoJoy.exe"= "c:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\WINDOWS\\Installer\\{D103C4BA-F905-437A-8049-DB24763BBE36}\\SkypeIcon.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Documents and Settings\\Administrador\\Meus documentos\\progamas\\cs16\\hl.exe"= "c:\\Level Up! Games\\MapleStory\\MapleStory.exe"= "c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"= "c:\\WINDOWS\\tsnp325.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\XP-7AB8F326.EXE"= "c:\\Arquivos de programas\\Software Informer\\softinfo.exe"= "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"= "c:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Chrome\\Application\\chrome.exe"= "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\wintxwagu.exe"= "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winjpjvei.exe"= "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winhikcf.exe"= "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winflbdq.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58915:TCP"= 58915:TCP:AresChatServer "5353:TCP"= 5353:TCP:Adobe CSI CS4 "58139:TCP"= 58139:TCP:Pando Media Booster "58139:UDP"= 58139:UDP:Pando Media Booster R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/11/2008 13:34 717296] R2 voicetuner;Voice Tuner;c:\arquivos de programas\Scramby\voicetunerserver.exe [9/1/2010 12:32 391168] R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\kpkjkn.sys --> c:\windows\system32\drivers\kpkjkn.sys [?] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/1/2008 07:06 21632] S2 gupdate1c9c29a4f8175aa;Google Update Service (gupdate1c9c29a4f8175aa);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [21/4/2009 13:00 133104] S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz130\cpuz_x32.sys [?] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\RBQ518.tmp --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\RBQ518.tmp [?] S3 GoogleDesktopManager-092308-165331;Gerenciador do Google Desktop 5.8.809.23506;c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [5/4/2009 15:32 30192] S3 GUCI_AVS;Generic USB Controller Interface (AVS);c:\windows\system32\drivers\GUCI_AVS.sys [3/3/2010 15:45 560128] S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [20/7/2009 16:49 131072] S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [20/7/2009 16:49 79104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23/1/2004 16:33 13952] S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [23/1/2004 16:32 28800] S3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [8/8/2007 07:31 23840] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [25/11/2009 23:06 34384] S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [7/10/2008 18:40 10384896] S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [28/10/2009 17:31 17792] S3 XDva200;XDva200;\??\c:\windows\system32\XDva200.sys --> c:\windows\system32\XDva200.sys [?] S3 XDva212;XDva212;\??\c:\windows\system32\XDva212.sys --> c:\windows\system32\XDva212.sys [?] S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?] S3 XDva272;XDva272;\??\c:\windows\system32\XDva272.sys --> c:\windows\system32\XDva272.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?] S3 XDva297;XDva297;\??\c:\windows\system32\XDva297.sys --> c:\windows\system32\XDva297.sys [?] S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?] S3 ZIDDRVR;ZIDDRVR;\??\c:\documents and settings\Administrador\Desktop\Ryu Engine\zid32.sys --> c:\documents and settings\Administrador\Desktop\Ryu Engine\zid32.sys [?] --- =Outros Serviços/Drivers Na Memória --- *NewlyCreated* - ASC3360PR . Conteúdo da pasta 'Tarefas Agendadas' 2010-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:15] 2010-05-04 c:\windows\Tasks\Google Software Updater.job - c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-09 15:54] 2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-04-21 16:00] 2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-04-21 16:00] 2010-05-04 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07] 2010-05-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\arquivos de programas\Ask.com\UpdateTask.exe [2009-02-26 14:25] 2010-04-25 c:\windows\Tasks\SmartDefrag.job - c:\arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-25 19:48] . . ------- Scan Suplementar ------- . uStart Page = hxxp://search.orbitdownloader.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: AMV convert tool grab multimedia file - grab.html IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202 IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: MediaManager tool grab multimedia file - grab.html TCP: {129A86AC-EA3B-4062-82A6-819173563CB3} = 192.168.240.3,66.28.0.45 . - - - - ORFÃOS REMOVIDOS - - - - HKCU-Run-LClock - c:\arquivos de programas\LClock\LClock.exe HKCU-Run-Vista Sidebar - c:\arquivos de programas\Vista Sidebar\sidebar.exe HKCU-Run-ViStart - c:\arquivos de programas\ViStart\ViStart.exe HKCU-Run-ViOrb - c:\arquivos de programas\ViOrb\ViOrb.exe HKCU-Run-Settingsfunk - c:\docume~1\ADMINI~1\DADOSD~1\MP3MEO~1\Real Fast.exe HKCU-Run-ProxyCap - c:\arquiv~1\PROXYL~1\ProxyCap\ProxyCap.exe HKCU-Run-Free Download Manager - c:\arquivos de programas\Free Download Manager\fdm.exe HKCU-Run-fsm - (no file) HKLM-Run-TkBellExe - c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe HKLM-Run-ISUSScheduler - c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe HKLM-Run-SunJavaUpdateSched - c:\arquivos de programas\Java\jre6\bin\jusched.exe AddRemove-Audacity_is1 - c:\arquivos de programas\Audacity\unins000.exe AddRemove-Tomb Raider: Underworld - c:\arquivos de programas\Tomb Raider Underworld\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-04 18:59 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... c:\windows\system32\RegEx.fnr 217088 bytes executable c:\windows\system32\shell.fne 40960 bytes executable c:\windows\system32\dp1.fne 114688 bytes executable c:\windows\system32\krnln.fnr 1097728 bytes executable c:\windows\system32\internet.fne 184320 bytes executable c:\windows\system32\spec.fne 73728 bytes executable c:\windows\system32\eAPI.fne 323584 bytes executable c:\windows\system32\com.run 270336 bytes executable Varredura completada com sucesso arquivos/ficheiros ocultos: 8 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spqe.sys >>UNKNOWN [0x8A6E1938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba8fcf28 \Driver\ACPI -> ACPI.sys @ 0xba667cb8 \Driver\atapi -> sfsync02.sys @ 0xba8c98b4 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba505bb0 PacketIndicateHandler -> NDIS.sys @ 0xba512a21 SendHandler -> NDIS.sys @ 0xba4f087b user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\RBQ518.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1757981266-1220945662-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,23,3c,59,c6,d4,40,42,99,0b,6c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,23,3c,59,c6,d4,40,42,99,0b,6c,\ [HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ [HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(784) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\COMRes.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(848) c:\windows\system32\setupapi.dll c:\windows\system32\psbase.dll - - - - - - - > 'explorer.exe'(3084) c:\windows\system32\SHDOCVW.dll c:\windows\system32\WININET.dll c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\arquiv~1\WINDOW~2\wmpband.dll c:\windows\system32\LINKINFO.dll c:\windows\system32\ntshrui.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\MSVCP60.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Bonjour\mDNSResponder.exe c:\arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\Z778179B.EXE c:\windows\system32\QT63146F.EXE c:\docume~1\ADMINI~1\CONFIG~1\Temp\wintxwagu.exe c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe c:\docume~1\ADMINI~1\CONFIG~1\Temp\winjpjvei.exe . ************************************************************************** . Tempo para conclusão: 2010-05-04 19:05:47 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-05-04 22:05 Pré-execução: 23 pasta(s) 116.308.934.656 bytes disponíveis Pós execução: 24 pasta(s) 121.419.321.344 bytes disponíveis - - End Of File - - 6C918F7886D93C9F43A858D19496AB12 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 5, 2010 1. *Execute o hijack, clique em [Do a system scan only], selecione a entrada abaixo e clique em [Fix checked] O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-7AB8F326.EXE *Feche o hijack 2. *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo: File::C:\SalityKiller.exe C:\salitykiller.zip c:\windows\system32\QT63146F.EXE c:\windows\system32\TC-WZ6.EXE c:\windows\system32\Z778179B.EXE c:\windows\system32\GC-BZ6.EXE c:\windows\system32\XP-7AB8F326.EXE c:\windows\system32\og.dll c:\windows\system32\ul.dll c:\docume~1\ADMINI~1\CONFIG~1\Temp\wintxwagu.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winjpjvei.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winhikcf.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winflbdq.exe Rootkit:: c:\windows\system32\drivers\kpkjkn.sys FileLook:: c:\windows\S12A1A851.tmp c:\windows\system32\906E9FFB63.sys Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XP-7AB8F326"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\wintxwagu.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winjpjvei.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winhikcf.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winflbdq.exe"=- Driver:: asc3360pr *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, evite usar o mouse nem o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório criado em C:\combofix.txt 3. *Baixe o USBFix e salve-o no desktop *Espete o Pendrive no PC *Duplo clique em UsbFix *Tecle P > [ENTER] *Tecle 2 > [ENTER] e aguarde o término *Remova o Pendrive *Cole o relatório criado em C:\UsbFix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Twilight 0 Denunciar post Postado Maio 5, 2010 1. *Execute o hijack, clique em [Do a system scan only], selecione a entrada abaixo e clique em [Fix checked] O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-7AB8F326.EXE *Feche o hijack 2. *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo: File::C:\SalityKiller.exe C:\salitykiller.zip c:\windows\system32\QT63146F.EXE c:\windows\system32\TC-WZ6.EXE c:\windows\system32\Z778179B.EXE c:\windows\system32\GC-BZ6.EXE c:\windows\system32\XP-7AB8F326.EXE c:\windows\system32\og.dll c:\windows\system32\ul.dll c:\docume~1\ADMINI~1\CONFIG~1\Temp\wintxwagu.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winjpjvei.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winhikcf.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winflbdq.exe Rootkit:: c:\windows\system32\drivers\kpkjkn.sys FileLook:: c:\windows\S12A1A851.tmp c:\windows\system32\906E9FFB63.sys Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XP-7AB8F326"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\wintxwagu.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winjpjvei.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winhikcf.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winflbdq.exe"=- Driver:: asc3360pr *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, evite usar o mouse nem o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório criado em C:\combofix.txt 3. *Baixe o USBFix'>http://chiquitine.changelog.fr/UsbFix.exe"]USBFix e salve-o no desktop *Espete o Pendrive no PC *Duplo clique em UsbFix *Tecle P > [ENTER] *Tecle 2 > [ENTER] e aguarde o término *Remova o Pendrive *Cole o relatório criado em C:\UsbFix.txt ############################## | UsbFix V6.111 | User : Administrador (Administradores) # MATHEUSVINICIOS Update on 03/05/2010 by El Desaparecido , C_XX & Chimay8 Start at: 22:52:58 | 4/5/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Processador Intel Pentium III Xeon Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled C:\ -> Disco fixo local # 232,88 Go (112,57 Go free) # NTFS D:\ -> Disco CD-ROM G:\ -> Disco removível # 1,9 Go (45,57 Mo free) # FAT32 ################## | Ficheiros # pastas infeciosos | Supprimido ! C:\Recycler\S-1-5-21-1757981266-1220945662-1177238915-500 G:\autorun.inf -> ficheiro chamado : "G:\ ppnq.cmd" ( Ausente ! ) G:\autorun.inf -> ficheiro chamado : "G:\ ppnq.cmd" ( Ausente ! ) G:\autorun.inf -> ficheiro chamado : "G:\ppnq.cmd" ( Presente ! ) Supprimido ! G:\ppnq.cmd Supprimido ! G:\autorun.inf Supprimido ! G:\Recycled.exe Supprimido ! G:\RECYCLER.exe Supprimido ! G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Supprimido ! G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665 Supprimido ! C:\System Volume Information\_restore{F9D96C74-DE43-415C-9B25-D9FD643C2956}\RP1\A0000140.EXE Supprimido ! C:\System Volume Information\_restore{F9D96C74-DE43-415C-9B25-D9FD643C2956}\RP2\A0000778.EXE Supprimido ! G:\Grand Chase Season 2.exe ################## | Registro | Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" ################## | Mountpoints2 | ################## | Listing | [13/03/2009 22:49|--a------|385396] C:\adorage-protocol.txt [07/10/2008 09:55|--a------|0] C:\AUTOEXEC.BAT [07/10/2008 10:18|--a------|210] C:\Boot.bak [04/05/2010 18:45|-rahs----|281] C:\boot.ini [30/03/2009 18:01|---------|23240] C:\bootex.log [14/04/2008 09:00|-rahs----|4952] C:\Bootfont.bin [03/08/2004 23:00|--a------|261856] C:\cmldr [04/05/2010 22:39|--a------|36063] C:\ComboFix.txt [07/10/2008 09:55|--a------|0] C:\CONFIG.SYS [02/02/2009 19:35|--a------|7784] C:\emule_RE.txt [15/09/2009 21:03|--a------|12236] C:\graph.log [07/10/2008 09:55|-rahs----|0] C:\IO.SYS [07/10/2008 09:55|-rahs----|0] C:\MSDOS.SYS [14/04/2008 09:00|-rahs----|47564] C:\NTDETECT.COM [14/04/2008 09:00|-rahs----|251696] C:\ntldr [?|?|?] C:\pagefile.sys [16/07/2009 18:55|--a------|10152] C:\PatchLog.txt [25/02/2009 23:22|--a------|13030] C:\PDOXUSRS.NET [02/02/2009 12:58|--a------|4926] C:\PERF.LOG [19/04/2010 12:14|--a------|1467] C:\profile_43.txt [19/10/2009 16:11|--a------|2048] C:\pumpprex3.ini [04/05/2010 18:12|--a------|50066469] C:\sality.txt [04/05/2010 23:05|--a------|2878] C:\UsbFix.txt [15/04/2007 07:57|---hs----|25214] C:\vista.ico [01/01/2007 00:03|--a------|4608] G:\TIT2.BIN [01/01/2007 00:03|--a------|4608] G:\TPE1.BIN [01/01/2007 00:03|--a------|4608] G:\TALB.BIN [01/01/2007 00:03|--a------|4608] G:\FILENAME.BIN [29/04/2010 20:29|-r-hs----|267234] G:\dbqr.exe [01/01/2007 00:00|--a------|512] G:\MUSICEDT.INI [01/01/2007 00:00|--a------|8192] G:\BOOKMARK.BMK [01/01/2007 00:00|--a------|52736] G:\USERPL.PL [04/08/2004 21:06|-rahs----|897501] G:\xaxpxy.exe [04/05/2010 22:52|--a------|1552] G:\BOOTEX.LOG ################## | Vaccinação | # C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido). # G:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido). ################## | Upload | Favor enviar o arquivo : C:\UsbFix_Upload_Me_MATHEUSVINICIOS.zip : http://chiquitine.changelog.fr/Sample/Upload.php Obrigado pela sua contribuição . ################## | ! Fim do relatório # UsbFix V6.111 ! | Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 5, 2010 Cole o relatório do combofix, conforme solicitei. Compartilhar este post Link para o post Compartilhar em outros sites
Twilight 0 Denunciar post Postado Maio 5, 2010 Cole o relatório do combofix, conforme solicitei. ComboFix 10-05-04.01 - Administrador 04/05/2010 22:26:58.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2039.1678 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt FILE :: "c:\docume~1\ADMINI~1\CONFIG~1\Temp\winflbdq.exe" "c:\docume~1\ADMINI~1\CONFIG~1\Temp\winhikcf.exe" "c:\docume~1\ADMINI~1\CONFIG~1\Temp\winjpjvei.exe" "c:\docume~1\ADMINI~1\CONFIG~1\Temp\wintxwagu.exe" "C:\SalityKiller.exe" "C:\salitykiller.zip" "c:\windows\system32\GC-BZ6.EXE" "c:\windows\system32\og.dll" "c:\windows\system32\QT63146F.EXE" "c:\windows\system32\TC-WZ6.EXE" "c:\windows\system32\ul.dll" "c:\windows\system32\XP-7AB8F326.EXE" "c:\windows\system32\Z778179B.EXE" . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrador\Dados de aplicativos\Wplugin.dll C:\SalityKiller.exe C:\salitykiller.zip c:\windows\system32\com.run c:\windows\system32\dp1.fne c:\windows\system32\eAPI.fne c:\windows\system32\GC-BZ6.EXE c:\windows\system32\internet.fne c:\windows\system32\krnln.fnr c:\windows\system32\og.dll c:\windows\system32\og.edt c:\windows\system32\QT63146F.EXE c:\windows\system32\RegEx.fnr c:\windows\system32\shell.fne c:\windows\system32\spec.fne c:\windows\system32\TC-WZ6.EXE c:\windows\system32\ul.dll c:\windows\system32\XP-7AB8F326.EXE c:\windows\system32\Z778179B.EXE c:\windows\Wplugin.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR -------\Service_asc3360pr (((((((((((((((( Arquivos/Ficheiros criados de 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))) . 2010-05-05 01:34 . 2008-04-14 12:00 21172 ----a-w- c:\windows\ws2help.dll 2010-05-05 01:34 . 2010-05-05 01:34 110592 ----a-w- c:\windows\Wplugin.dll 2010-05-04 01:24 . 2010-05-04 01:24 -------- d-----w- c:\arquivos de programas\Orban 2010-05-04 00:37 . 2010-05-04 00:38 -------- d-----w- C:\UsbFix 2010-05-03 16:15 . 2010-05-03 16:57 75 ----a-w- c:\documents and settings\Administrador\jagex_runescape_preferences2.dat 2010-05-03 16:11 . 2010-05-03 16:16 41 ----a-w- c:\documents and settings\Administrador\jagex_runescape_preferences.dat 2010-05-03 16:10 . 2010-05-03 16:10 -------- d-----w- c:\windows\.jagex_cache_32 2010-04-30 17:47 . 2010-03-26 00:49 66048 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll 2010-04-30 17:47 . 2010-01-05 18:57 103424 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2010-04-30 17:46 . 2010-01-05 18:57 734662 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe 2010-04-30 17:46 . 2010-01-05 18:57 534650 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe 2010-04-30 17:46 . 2010-01-05 18:57 153600 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll 2010-04-30 17:46 . 2010-01-05 18:57 57856 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\piclens@cooliris.com\components\coolirisstub.dll 2010-04-30 17:46 . 2010-01-05 18:57 4725760 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\piclens@cooliris.com\libs\cooliris192.dll 2010-04-29 21:44 . 2010-04-29 21:44 -------- d-----w- C:\Netmarble 2010-04-29 16:50 . 2010-04-29 16:50 -------- d-----w- c:\arquivos de programas\Windows Journal Viewer 2010-04-27 17:06 . 2010-02-25 06:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-04-27 17:06 . 2010-02-25 06:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-04-27 15:54 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys 2010-04-27 01:49 . 2010-04-27 01:49 -------- d-----w- c:\arquivos de programas\MSXML 4.0 2010-04-26 22:52 . 2010-02-17 17:07 2194176 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-04-26 22:52 . 2010-02-16 19:07 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-04-26 22:52 . 2010-02-16 19:07 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-04-26 22:52 . 2010-04-26 22:52 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-04-26 18:57 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-04-26 18:57 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys 2010-04-26 17:16 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-04-25 16:10 . 2010-04-25 16:10 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\IObit 2010-04-25 16:10 . 2010-04-25 16:10 -------- d-----w- c:\arquivos de programas\IObit 2010-04-25 16:10 . 2010-04-25 16:10 -------- d-----w- c:\arquivos de programas\VS Revo Group 2010-04-25 15:53 . 2010-04-25 15:53 -------- d-----w- c:\documents and settings\NetworkService\Menu Iniciar 2010-04-25 15:53 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-04-25 15:53 . 2009-08-06 22:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-04-23 14:22 . 2001-09-06 02:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-04-23 14:22 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-04-19 17:59 . 2010-04-19 17:59 255472 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll 2010-04-18 19:14 . 2010-04-19 02:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent 2010-04-18 19:14 . 2010-04-18 19:14 -------- d-----w- c:\arquivos de programas\BitTorrent 2010-04-05 16:24 . 2010-04-28 21:04 629198 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Real\Update\setup3.10\setup.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-05 01:35 . 2010-03-31 21:31 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Software Informer 2010-05-05 01:14 . 2009-05-08 22:32 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-05 00:12 . 2009-03-11 23:21 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit 2010-05-05 00:04 . 2008-10-09 20:42 -------- d-----w- c:\arquivos de programas\Windows Live 2010-05-04 22:31 . 2009-07-31 15:36 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype 2010-05-04 21:56 . 2009-05-02 01:12 -------- d-----w- c:\arquivos de programas\Cheat Engine 2010-05-04 16:18 . 2009-04-21 15:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Google Updater 2010-05-04 01:24 . 2008-11-05 17:36 -------- d-----w- c:\arquivos de programas\Megacubo 2010-05-03 21:59 . 2008-04-14 12:00 2864 ----a-w- c:\windows\system32\winsock.dll 2010-05-03 21:56 . 2009-09-28 19:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM 2010-05-03 21:52 . 2009-09-27 19:41 -------- d-----w- c:\arquivos de programas\ManyCam 2.4 2010-05-03 21:48 . 2008-12-04 00:52 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2010-05-03 21:46 . 2010-03-31 21:31 -------- d-----w- c:\arquivos de programas\Free Download Manager 2010-05-03 21:45 . 2008-10-31 21:39 -------- d-----w- c:\arquivos de programas\Audacity 1.3 Beta (Unicode) 2010-05-03 21:43 . 2009-11-18 18:29 -------- d-----w- c:\arquivos de programas\Any Video Converter 2010-05-03 21:34 . 2010-03-31 21:31 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Free Download Manager 2010-05-03 21:27 . 2009-09-06 22:04 -------- d-----w- c:\arquivos de programas\QuickTime 2010-04-30 20:23 . 2009-04-13 20:07 -------- d-----w- c:\arquivos de programas\PhotoScape 2010-04-29 21:44 . 2008-10-07 13:01 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-04-28 20:38 . 2008-04-14 12:00 79588 ----a-w- c:\windows\system32\perfc016.dat 2010-04-28 20:38 . 2008-04-14 12:00 468794 ----a-w- c:\windows\system32\perfh016.dat 2010-04-27 15:35 . 2009-10-02 15:15 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight 2010-04-25 16:09 . 2009-03-11 23:21 -------- d-----w- c:\arquivos de programas\Orbitdownloader 2010-04-12 20:06 . 2008-10-09 20:34 -------- d-----w- c:\arquivos de programas\Google 2010-03-31 21:31 . 2010-03-31 21:31 -------- d-----w- c:\arquivos de programas\Software Informer 2010-03-31 21:31 . 2010-03-31 21:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG 2010-03-27 17:35 . 2009-04-27 19:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer 2010-03-27 17:33 . 2010-03-27 17:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2010-03-27 17:33 . 2010-03-27 17:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2010-03-25 01:48 . 2010-03-25 01:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles 2010-03-10 06:16 . 2008-04-14 12:00 420352 ------w- c:\windows\system32\vbscript.dll 2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 19:07 . 2008-04-14 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:07 . 2008-04-13 19:00 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 15:09 . 2010-02-12 15:09 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll 2010-02-12 15:07 . 2010-02-12 15:07 79488 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll 2010-02-12 04:34 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2008-10-17 21:37 . 2008-10-17 21:37 15984024 ----a-w- c:\arquivos de programas\jre-6u7-windows-i586-p-s.exe 2009-04-05 18:32 . 2009-04-05 18:32 122880 ----a-w- c:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll 2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll 2008-11-14 19:27 . 2008-11-14 19:26 24 --sha-w- c:\windows\S12A1A851.tmp 2009-02-02 22:36 . 2009-01-16 17:17 168 --sh--r- c:\windows\system32\906E9FFB63.sys 2009-02-02 22:36 . 2009-01-16 16:32 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . --- c:\windows\S12A1A851.tmp --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File size: 24 Created time: 2008-11-14 19:26 Modified time: 2008-11-14 19:27 MD5: 34AAC94F28A468BBC8C014F0ED216A74 SHA1: 62A0C8AB229CB007BAA156E06C576BC003A25CCB --- c:\windows\system32\906E9FFB63.sys --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File size: 168 Created time: 2009-01-16 17:17 Modified time: 2009-02-02 22:36 MD5: 67A95F84C7965B44750856179F80C3B9 SHA1: 3B9470C49872AC32225152117E2B64B91B4B844C ------- Sigcheck ------- [-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe [7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe [-] 2008-04-14 . 4A82CD98D559D958523E9CAD9FDA399E . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2008-04-14 . 4A82CD98D559D958523E9CAD9FDA399E . 724992 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll [-] 2008-04-14 . 7C0E5D593730414B5994A15A6D10C201 . 588288 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2008-04-14 . 7C0E5D593730414B5994A15A6D10C201 . 588288 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll [7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll [-] 2008-04-14 . 418E7BA055147AE6364BA5E19E281A1F . 1554432 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . C958AC6FE26A7F9B45021311D6FB5178 . 3329024 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe [-] 2008-04-14 . C958AC6FE26A7F9B45021311D6FB5178 . 3329024 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe [-] 2008-04-14 . D67945A2290E98BB54D7792F09E7504E . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2008-04-14 . D67945A2290E98BB54D7792F09E7504E . 25088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe [7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe . ((((((((((((((((((((((((((((( SnapShot@2010-05-04_21.59.47 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-05 01:34 . 2010-05-05 01:34 16384 c:\windows\Temp\Perflib_Perfdata_798.dat + 2010-05-05 00:41 . 2010-05-05 00:41 58880 c:\windows\Installer\949c99.msi - 2009-10-02 15:11 . 2009-10-02 15:11 80395 c:\windows\Installer\{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}\MsblIco.Exe + 2010-05-05 00:41 . 2010-05-05 00:41 80395 c:\windows\Installer\{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}\MsblIco.Exe + 2010-05-05 00:41 . 2010-05-05 00:41 62304 c:\windows\Installer\{32BC546A-8AA3-4239-AE92-9CF3291C35A6}\IconWlc.exe - 2009-02-19 18:45 . 2009-02-19 18:45 62304 c:\windows\Installer\{32BC546A-8AA3-4239-AE92-9CF3291C35A6}\IconWlc.exe + 2010-05-05 00:41 . 2010-05-05 00:41 430080 c:\windows\Installer\949ca9.msi + 2010-05-05 00:41 . 2010-05-05 00:41 152576 c:\windows\Installer\949ca1.msi . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-02-26 14:25 809864 ----a-w- c:\arquivos de programas\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-02-03 1004544] "Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-05-04 227795] "WeatherBugAlert"="c:\arquivos de programas\AWS\WeatherBug Alert\WeatherBugAlert.exe" [2010-05-04 442368] "ManyCam"="c:\arquivos de programas\ManyCam 2.4\ManyCam.exe" [2010-05-04 1824040] "Pando Media Booster"="c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe" [2010-02-21 2937528] "Software Informer"="c:\arquivos de programas\Software Informer\softinfo.exe" [2010-05-04 2261061] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088] "tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 339968] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 3684352] "AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480] "snp325"="c:\windows\vsnp325.exe" [2007-05-10 913408] "Google Desktop Search"="c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2009-04-05 30192] "GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 397312] "PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2008-09-02 417792] "nwiz"="nwiz.exe" [2008-05-02 1708032] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2010-05-04 495616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-11-26 17:54 1057064 ----a-w- c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-01-09 01:17 52256 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 17:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-02 14:46 13529088 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-02 14:46 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-05-02 14:46 1708032 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-03-15 00:01 71216 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-02-13 06:31 16857600 ------r- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2007-11-26 17:54 1629480 ----a-w- c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Ares\\Ares.exe"= "c:\\Level Up! Games\\The Duel\\theduel.exe"= "c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"= "c:\\Level Up! Games\\Grand Chase Season 2\\main.exe"= "c:\\Arquivos de programas\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Arquivos de programas\\Secured eMule\\securedemule.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"= "c:\\Arquivos de programas\\Garena\\Garena.exe"= "c:\\Arquivos de programas\\Gravity\\Ragnarok Online\\Ragnarok.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\PhotoJoy\\Bin\\PjApp.exe"= "c:\\Arquivos de programas\\PhotoJoy\\Bin\\PjImp.exe"= "c:\\Arquivos de programas\\PhotoJoy\\Bin\\PhotoJoy.exe"= "c:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\WINDOWS\\Installer\\{D103C4BA-F905-437A-8049-DB24763BBE36}\\SkypeIcon.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Documents and Settings\\Administrador\\Meus documentos\\progamas\\cs16\\hl.exe"= "c:\\Level Up! Games\\MapleStory\\MapleStory.exe"= "c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"= "c:\\WINDOWS\\tsnp325.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Arquivos de programas\\Software Informer\\softinfo.exe"= "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"= "c:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\rlup.exe"= "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winutpght.exe"= "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winyqubs.exe"= "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winhbxo.exe"= "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winoksurt.exe"= "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winvlinnp.exe"= "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\dltacv.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58915:TCP"= 58915:TCP:AresChatServer "5353:TCP"= 5353:TCP:Adobe CSI CS4 "58139:TCP"= 58139:TCP:Pando Media Booster "58139:UDP"= 58139:UDP:Pando Media Booster R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/11/2008 13:34 717296] R2 voicetuner;Voice Tuner;c:\arquivos de programas\Scramby\voicetunerserver.exe [9/1/2010 12:32 391168] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/1/2008 07:06 21632] S2 gupdate1c9c29a4f8175aa;Google Update Service (gupdate1c9c29a4f8175aa);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [21/4/2009 13:00 133104] S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz130\cpuz_x32.sys [?] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\RBQ518.tmp --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\RBQ518.tmp [?] S3 GoogleDesktopManager-092308-165331;Gerenciador do Google Desktop 5.8.809.23506;c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [5/4/2009 15:32 30192] S3 GUCI_AVS;Generic USB Controller Interface (AVS);c:\windows\system32\drivers\GUCI_AVS.sys [3/3/2010 15:45 560128] S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [20/7/2009 16:49 131072] S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [20/7/2009 16:49 79104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23/1/2004 16:33 13952] S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [23/1/2004 16:32 28800] S3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [8/8/2007 07:31 23840] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [25/11/2009 23:06 34384] S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [7/10/2008 18:40 10384896] S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [28/10/2009 17:31 17792] S3 XDva200;XDva200;\??\c:\windows\system32\XDva200.sys --> c:\windows\system32\XDva200.sys [?] S3 XDva212;XDva212;\??\c:\windows\system32\XDva212.sys --> c:\windows\system32\XDva212.sys [?] S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?] S3 XDva272;XDva272;\??\c:\windows\system32\XDva272.sys --> c:\windows\system32\XDva272.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?] S3 XDva297;XDva297;\??\c:\windows\system32\XDva297.sys --> c:\windows\system32\XDva297.sys [?] S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?] S3 ZIDDRVR;ZIDDRVR;\??\c:\documents and settings\Administrador\Desktop\Ryu Engine\zid32.sys --> c:\documents and settings\Administrador\Desktop\Ryu Engine\zid32.sys [?] --- =Outros Serviços/Drivers Na Memória --- *NewlyCreated* - ASC3360PR . Conteúdo da pasta 'Tarefas Agendadas' 2010-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:15] 2010-05-05 c:\windows\Tasks\Google Software Updater.job - c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-09 15:54] 2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-04-21 16:00] 2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-04-21 16:00] 2010-05-05 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07] 2010-05-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\arquivos de programas\Ask.com\UpdateTask.exe [2009-02-26 14:25] 2010-05-04 c:\windows\Tasks\SmartDefrag.job - c:\arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-25 19:48] . . ------- Scan Suplementar ------- . uStart Page = hxxp://search.orbitdownloader.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: AMV convert tool grab multimedia file - grab.html IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202 IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: MediaManager tool grab multimedia file - grab.html TCP: {129A86AC-EA3B-4062-82A6-819173563CB3} = 192.168.240.3,66.28.0.45 FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\ FF - prefs.js: browser.search.defaulturl - hxxp://chameleontom.iamwired.net/search.php?src=tops&q= FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://chameleontom.iamwired.net/search.php?src=tops&q= FF - component: c:\arquivos de programas\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\arquivos de programas\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll FF - plugin: c:\arquivos de programas\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\arquivos de programas\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\nptidfusionplugin.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\arquivos de programas\Total Immersion\DFusionWeb\nptidfusionplugin.dll FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-04 22:34 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spkc.sys >>UNKNOWN [0x8A6E2938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba8fcf28 \Driver\ACPI -> ACPI.sys @ 0xba667cb8 \Driver\atapi -> sfsync02.sys @ 0xba8c98b4 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba505bb0 PacketIndicateHandler -> NDIS.sys @ 0xba512a21 SendHandler -> NDIS.sys @ 0xba4f087b user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\RBQ518.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1757981266-1220945662-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,23,3c,59,c6,d4,40,42,99,0b,6c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,23,3c,59,c6,d4,40,42,99,0b,6c,\ [HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ [HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(752) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\COMRes.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(816) c:\windows\system32\setupapi.dll c:\windows\system32\psbase.dll - - - - - - - > 'explorer.exe'(3908) c:\windows\system32\SHDOCVW.dll c:\windows\system32\WININET.dll c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\arquiv~1\WINDOW~2\wmpband.dll c:\windows\system32\LINKINFO.dll c:\windows\system32\ntshrui.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Bonjour\mDNSResponder.exe c:\arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\docume~1\ADMINI~1\CONFIG~1\Temp\rlup.exe c:\docume~1\ADMINI~1\CONFIG~1\Temp\winhbxo.exe . ************************************************************************** . Tempo para conclusão: 2010-05-04 22:39:38 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-05-05 01:39 ComboFix2.txt 2010-05-04 22:05 Pré-execução: 23 pasta(s) 120.942.047.232 bytes disponíveis Pós execução: 24 pasta(s) 120.895.909.888 bytes disponíveis - - End Of File - - D7A9EF7659C6ADBD898E8F8C8E3A8AA0 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 5, 2010 O Sality ainda está ativo... Tentaremos mais uma vez. Caso não obtenha sucesso, recomendo que formate. 1. *Delete o arquivo C:\combofix.txt 2. *Delete a pasta C:\qoobox 3. *Duplo clique em UsbFix *Tecle P > [ENTER] *Tecle 6 > [ENTER] 4. *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo: File::c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\rlup.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winutpght.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winyqubs.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winhbxo.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winoksurt.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winvlinnp.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\dltacv.exe c:\windows\S12A1A851.tmp c:\windows\system32\906E9FFB63.sys Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\rlup.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winutpght.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winyqubs.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winhbxo.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winoksurt.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winvlinnp.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\dltacv.exe"=- Driver:: ASC3360PR *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, evite usar o mouse nem o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório criado em C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Twilight 0 Denunciar post Postado Maio 5, 2010 O Sality ainda está ativo... Tentaremos mais uma vez. Caso não obtenha sucesso, recomendo que formate. 1. *Delete o arquivo C:\combofix.txt 2. *Delete a pasta C:\qoobox 3. *Duplo clique em UsbFix *Tecle P > [ENTER] *Tecle 6 > [ENTER] 4. *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo: File::c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\rlup.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winutpght.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winyqubs.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winhbxo.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winoksurt.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\winvlinnp.exe c:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\dltacv.exe c:\windows\S12A1A851.tmp c:\windows\system32\906E9FFB63.sys Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\rlup.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winutpght.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winyqubs.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winhbxo.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winoksurt.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winvlinnp.exe"=- "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\dltacv.exe"=- Driver:: ASC3360PR *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, evite usar o mouse nem o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório criado em C:\combofix.txt Ok. vou tentar mais 1 vez, Olha apareceu uma mensagem assim: !!Warning!! CD-Emulation drivers are running on this machine. Combofix needs temporarily disable them. Dovo clicar em ok? Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 5, 2010 Sim.... Antes, salve seus arquivos pessoais (.doc, mpeg, jpeg, etc...) salve-os num pendrive. Não salve nenhum aplicativo (.exe)!! Compartilhar este post Link para o post Compartilhar em outros sites
Twilight 0 Denunciar post Postado Maio 5, 2010 Sim.... Antes, salve seus arquivos pessoais (.doc, mpeg, jpeg, etc...) salve-os num pendrive. Não salve nenhum aplicativo (.exe)!! ComboFix 10-05-04.01 - Administrador 04/05/2010 23:44:42.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2039.1605 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt FILE :: "c:\docume~1\ADMINI~1\CONFIG~1\Temp\rlup.exe" "c:\docume~1\ADMINI~1\CONFIG~1\Temp\winhbxo.exe" "c:\windows\S12A1A851.tmp" "c:\windows\system32\906E9FFB63.sys" . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrador\Dados de aplicativos\Wplugin.dll c:\windows\explorer.exe.local c:\windows\S12A1A851.tmp c:\windows\system32\906E9FFB63.sys c:\windows\Wplugin.dll c:\windows\ws2help.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR -------\Service_asc3360pr (((((((((((((((( Arquivos/Ficheiros criados de 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))) . 2010-05-05 02:06 . 2010-05-05 02:06 7962445 ----a-w- C:\UsbFix_Upload_Me_MATHEUSVINICIOS.zip 2010-05-04 01:24 . 2010-05-04 01:24 -------- d-----w- c:\arquivos de programas\Orban 2010-05-04 00:37 . 2010-05-05 02:35 -------- d-----w- C:\UsbFix 2010-05-03 16:15 . 2010-05-03 16:57 75 ----a-w- c:\documents and settings\Administrador\jagex_runescape_preferences2.dat 2010-05-03 16:11 . 2010-05-03 16:16 41 ----a-w- c:\documents and settings\Administrador\jagex_runescape_preferences.dat 2010-05-03 16:10 . 2010-05-03 16:10 -------- d-----w- c:\windows\.jagex_cache_32 2010-04-29 21:44 . 2010-04-29 21:44 -------- d-----w- C:\Netmarble 2010-04-29 16:50 . 2010-04-29 16:50 -------- d-----w- c:\arquivos de programas\Windows Journal Viewer 2010-04-27 17:06 . 2010-02-25 06:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-04-27 17:06 . 2010-02-25 06:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-04-27 15:54 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys 2010-04-27 01:49 . 2010-04-27 01:49 -------- d-----w- c:\arquivos de programas\MSXML 4.0 2010-04-26 22:52 . 2010-02-17 17:07 2194176 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-04-26 22:52 . 2010-02-16 19:07 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-04-26 22:52 . 2010-02-16 19:07 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-04-26 22:52 . 2010-04-26 22:52 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-04-26 18:57 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-04-26 18:57 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys 2010-04-26 17:16 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-04-25 16:10 . 2010-04-25 16:10 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\IObit 2010-04-25 16:10 . 2010-04-25 16:10 -------- d-----w- c:\arquivos de programas\IObit 2010-04-25 16:10 . 2010-04-25 16:10 -------- d-----w- c:\arquivos de programas\VS Revo Group 2010-04-25 15:53 . 2010-04-25 15:53 -------- d-----w- c:\documents and settings\NetworkService\Menu Iniciar 2010-04-25 15:53 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-04-25 15:53 . 2009-08-06 22:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-04-23 14:22 . 2001-09-06 02:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-04-23 14:22 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-04-18 19:14 . 2010-04-19 02:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent 2010-04-18 19:14 . 2010-04-18 19:14 -------- d-----w- c:\arquivos de programas\BitTorrent . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-05 02:53 . 2010-03-31 21:31 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Software Informer 2010-05-05 02:53 . 2010-05-05 02:52 110592 ----a-w- c:\windows\Wplugin.dll 2010-05-05 01:14 . 2009-05-08 22:32 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-05 00:12 . 2009-03-11 23:21 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit 2010-05-05 00:04 . 2008-10-09 20:42 -------- d-----w- c:\arquivos de programas\Windows Live 2010-05-04 22:31 . 2009-07-31 15:36 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype 2010-05-04 21:56 . 2009-05-02 01:12 -------- d-----w- c:\arquivos de programas\Cheat Engine 2010-05-04 16:18 . 2009-04-21 15:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Google Updater 2010-05-04 01:24 . 2008-11-05 17:36 -------- d-----w- c:\arquivos de programas\Megacubo 2010-05-03 21:59 . 2008-04-14 12:00 2864 ----a-w- c:\windows\system32\winsock.dll 2010-05-03 21:56 . 2009-09-28 19:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM 2010-05-03 21:52 . 2009-09-27 19:41 -------- d-----w- c:\arquivos de programas\ManyCam 2.4 2010-05-03 21:48 . 2008-12-04 00:52 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2010-05-03 21:46 . 2010-03-31 21:31 -------- d-----w- c:\arquivos de programas\Free Download Manager 2010-05-03 21:45 . 2008-10-31 21:39 -------- d-----w- c:\arquivos de programas\Audacity 1.3 Beta (Unicode) 2010-05-03 21:43 . 2009-11-18 18:29 -------- d-----w- c:\arquivos de programas\Any Video Converter 2010-05-03 21:34 . 2010-03-31 21:31 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Free Download Manager 2010-05-03 21:27 . 2009-09-06 22:04 -------- d-----w- c:\arquivos de programas\QuickTime 2010-04-30 20:23 . 2009-04-13 20:07 -------- d-----w- c:\arquivos de programas\PhotoScape 2010-04-29 21:44 . 2008-10-07 13:01 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-04-28 21:04 . 2010-04-05 16:24 629198 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Real\Update\setup3.10\setup.exe 2010-04-28 20:38 . 2008-04-14 12:00 79588 ----a-w- c:\windows\system32\perfc016.dat 2010-04-28 20:38 . 2008-04-14 12:00 468794 ----a-w- c:\windows\system32\perfh016.dat 2010-04-27 15:35 . 2009-10-02 15:15 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight 2010-04-25 16:09 . 2009-03-11 23:21 -------- d-----w- c:\arquivos de programas\Orbitdownloader 2010-04-19 17:59 . 2010-04-19 17:59 255472 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll 2010-04-12 20:06 . 2008-10-09 20:34 -------- d-----w- c:\arquivos de programas\Google 2010-03-31 21:31 . 2010-03-31 21:31 -------- d-----w- c:\arquivos de programas\Software Informer 2010-03-31 21:31 . 2010-03-31 21:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG 2010-03-27 17:35 . 2009-04-27 19:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer 2010-03-27 17:33 . 2010-03-27 17:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2010-03-27 17:33 . 2010-03-27 17:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2010-03-26 00:49 . 2010-04-30 17:47 66048 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll 2010-03-25 01:48 . 2010-03-25 01:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles 2010-03-10 06:16 . 2008-04-14 12:00 420352 ------w- c:\windows\system32\vbscript.dll 2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 19:07 . 2008-04-14 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:07 . 2008-04-13 19:00 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 15:09 . 2010-02-12 15:09 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll 2010-02-12 15:07 . 2010-02-12 15:07 79488 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll 2010-02-12 04:34 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2008-10-17 21:37 . 2008-10-17 21:37 15984024 ----a-w- c:\arquivos de programas\jre-6u7-windows-i586-p-s.exe 2009-04-05 18:32 . 2009-04-05 18:32 122880 ----a-w- c:\arquivos de programas\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll 2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll 2009-02-02 22:36 . 2009-01-16 16:32 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe [7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe [-] 2008-04-14 . 4A82CD98D559D958523E9CAD9FDA399E . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2008-04-14 . 4A82CD98D559D958523E9CAD9FDA399E . 724992 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll [-] 2008-04-14 . 7C0E5D593730414B5994A15A6D10C201 . 588288 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2008-04-14 . 7C0E5D593730414B5994A15A6D10C201 . 588288 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll [7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll [-] 2008-04-14 . 418E7BA055147AE6364BA5E19E281A1F . 1554432 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . C958AC6FE26A7F9B45021311D6FB5178 . 3329024 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe [-] 2008-04-14 . C958AC6FE26A7F9B45021311D6FB5178 . 3329024 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe [-] 2008-04-14 . D67945A2290E98BB54D7792F09E7504E . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2008-04-14 . D67945A2290E98BB54D7792F09E7504E . 25088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe [7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-02-26 14:25 809864 ----a-w- c:\arquivos de programas\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-02-03 1004544] "Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-05-04 301523] "WeatherBugAlert"="c:\arquivos de programas\AWS\WeatherBug Alert\WeatherBugAlert.exe" [2010-05-04 520192] "ManyCam"="c:\arquivos de programas\ManyCam 2.4\ManyCam.exe" [2010-05-04 1897768] "Pando Media Booster"="c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe" [2010-02-21 2937528] "Software Informer"="c:\arquivos de programas\Software Informer\softinfo.exe" [2010-05-04 2330693] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088] "tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 339968] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 3684352] "AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480] "snp325"="c:\windows\vsnp325.exe" [2007-05-10 913408] "Google Desktop Search"="c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2009-04-05 30192] "GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 397312] "PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2008-09-02 417792] "nwiz"="nwiz.exe" [2008-05-02 1708032] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2010-05-04 495616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-11-26 17:54 1057064 ----a-w- c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-01-09 01:17 52256 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 17:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-02 14:46 13529088 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-02 14:46 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-05-02 14:46 1708032 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-03-15 00:01 71216 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-02-13 06:31 16857600 ------r- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2007-11-26 17:54 1629480 ----a-w- c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Ares\\Ares.exe"= "c:\\Level Up! Games\\The Duel\\theduel.exe"= "c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"= "c:\\Level Up! Games\\Grand Chase Season 2\\main.exe"= "c:\\Arquivos de programas\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Arquivos de programas\\Secured eMule\\securedemule.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"= "c:\\Arquivos de programas\\Garena\\Garena.exe"= "c:\\Arquivos de programas\\Gravity\\Ragnarok Online\\Ragnarok.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\PhotoJoy\\Bin\\PjApp.exe"= "c:\\Arquivos de programas\\PhotoJoy\\Bin\\PjImp.exe"= "c:\\Arquivos de programas\\PhotoJoy\\Bin\\PhotoJoy.exe"= "c:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\WINDOWS\\Installer\\{D103C4BA-F905-437A-8049-DB24763BBE36}\\SkypeIcon.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Documents and Settings\\Administrador\\Meus documentos\\progamas\\cs16\\hl.exe"= "c:\\Level Up! Games\\MapleStory\\MapleStory.exe"= "c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"= "c:\\WINDOWS\\tsnp325.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Arquivos de programas\\Software Informer\\softinfo.exe"= "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"= "c:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\PixArt\\PAP7501\\GUCI_AVS.exe"= "c:\\Documents and Settings\\Administrador\\Desktop\\ComboFix.exe"= "c:\\WINDOWS\\system32\\wscntfy.exe"= "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\gydqa.exe"= "c:\\DOCUME~1\\ADMINI~1\\CONFIG~1\\Temp\\winyfjhht.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58915:TCP"= 58915:TCP:AresChatServer "5353:TCP"= 5353:TCP:Adobe CSI CS4 "58139:TCP"= 58139:TCP:Pando Media Booster "58139:UDP"= 58139:UDP:Pando Media Booster R2 voicetuner;Voice Tuner;c:\arquivos de programas\Scramby\voicetunerserver.exe [9/1/2010 12:32 391168] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/1/2008 07:06 21632] S2 gupdate1c9c29a4f8175aa;Google Update Service (gupdate1c9c29a4f8175aa);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [21/4/2009 13:00 133104] S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz130\cpuz_x32.sys [?] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\RBQ518.tmp --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\RBQ518.tmp [?] S3 GoogleDesktopManager-092308-165331;Gerenciador do Google Desktop 5.8.809.23506;c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [5/4/2009 15:32 30192] S3 GUCI_AVS;Generic USB Controller Interface (AVS);c:\windows\system32\drivers\GUCI_AVS.sys [3/3/2010 15:45 560128] S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [20/7/2009 16:49 131072] S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [20/7/2009 16:49 79104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23/1/2004 16:33 13952] S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [23/1/2004 16:32 28800] S3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [8/8/2007 07:31 23840] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [25/11/2009 23:06 34384] S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [7/10/2008 18:40 10384896] S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [28/10/2009 17:31 17792] S3 XDva200;XDva200;\??\c:\windows\system32\XDva200.sys --> c:\windows\system32\XDva200.sys [?] S3 XDva212;XDva212;\??\c:\windows\system32\XDva212.sys --> c:\windows\system32\XDva212.sys [?] S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?] S3 XDva272;XDva272;\??\c:\windows\system32\XDva272.sys --> c:\windows\system32\XDva272.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?] S3 XDva297;XDva297;\??\c:\windows\system32\XDva297.sys --> c:\windows\system32\XDva297.sys [?] S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?] S3 ZIDDRVR;ZIDDRVR;\??\c:\documents and settings\Administrador\Desktop\Ryu Engine\zid32.sys --> c:\documents and settings\Administrador\Desktop\Ryu Engine\zid32.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/11/2008 13:34 717296] --- =Outros Serviços/Drivers Na Memória --- *NewlyCreated* - ASC3360PR . Conteúdo da pasta 'Tarefas Agendadas' 2010-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:15] 2010-05-05 c:\windows\Tasks\Google Software Updater.job - c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-09 15:54] 2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-04-21 16:00] 2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-04-21 16:00] 2010-05-05 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07] 2010-05-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\arquivos de programas\Ask.com\UpdateTask.exe [2009-02-26 14:25] . . ------- Scan Suplementar ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: AMV convert tool grab multimedia file - grab.html IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202 IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: MediaManager tool grab multimedia file - grab.html TCP: {129A86AC-EA3B-4062-82A6-819173563CB3} = 192.168.240.3,66.28.0.45 FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\ FF - prefs.js: browser.search.defaulturl - hxxp://chameleontom.iamwired.net/search.php?src=tops&q= FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://chameleontom.iamwired.net/search.php?src=tops&q= FF - component: c:\arquivos de programas\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\arquivos de programas\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nf66nt2j.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll FF - plugin: c:\arquivos de programas\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\arquivos de programas\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\nptidfusionplugin.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\arquivos de programas\Total Immersion\DFusionWeb\nptidfusionplugin.dll FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-04 23:53 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\RBQ518.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1757981266-1220945662-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,23,3c,59,c6,d4,40,42,99,0b,6c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,23,3c,59,c6,d4,40,42,99,0b,6c,\ [HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ [HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(740) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\COMRes.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(804) c:\windows\system32\setupapi.dll c:\windows\system32\psbase.dll - - - - - - - > 'explorer.exe'(136) c:\windows\system32\SHDOCVW.dll c:\windows\system32\WININET.dll c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\arquiv~1\WINDOW~2\wmpband.dll c:\windows\system32\LINKINFO.dll c:\windows\system32\ntshrui.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\MSVCP60.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Bonjour\mDNSResponder.exe c:\arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\docume~1\ADMINI~1\CONFIG~1\Temp\gydqa.exe c:\docume~1\ADMINI~1\CONFIG~1\Temp\winyfjhht.exe . ************************************************************************** . Tempo para conclusão: 2010-05-04 23:59:14 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-05-05 02:59 Pré-execução: 24 pasta(s) 120.809.738.240 bytes disponíveis Pós execução: 26 pasta(s) 120.696.266.752 bytes disponíveis - - End Of File - - D0D5A7552CC5572AD4011AEE3D7737B7 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 5, 2010 Negativo... O Sality ainda está ativo. Formate o PC, instale o Windows, instale o Office e depois um antivírus. Recomendo o Avira. Compartilhar este post Link para o post Compartilhar em outros sites
Twilight 0 Denunciar post Postado Maio 5, 2010 Negativo... O Sality ainda está ativo. Formate o PC, instale o Windows, instale o Office e depois um antivírus. Recomendo o Avira'>http://www.free-av.com/"]Avira. :/ Poxa tudo bem então, MUITO obrigado pela ajuda que você me deu viu ^^ Mas tipow posso levar qualquer aquivo ne? Contanto que não seja exe.? Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 5, 2010 Negativo... O Sality ainda está ativo. Formate o PC, instale o Windows, instale o Office e depois um antivírus. Recomendo o Avira. :/ Poxa tudo bem então, MUITO obrigado pela ajuda que você me deu viu ^^ Mas tipow posso levar qualquer aquivo ne? Contanto que não seja exe.? Sim...não salve nenhum .exe e antes de instalar qualquer programa faça sempre um scan do arquivo com o antivírus!! Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Junho 5, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
