sylvyojr 0 Denunciar post Postado Outubro 29, 2010 Prezados Colegas, Estou com alguns problema no meu PC, de novo, da outra vez vcs me ajudaram muito e esqueci de agradece, Obrigado e Desculpas. Vamos aos problemas....obs: não uso anti-virus só firewall * Não consigo vê os arquivos ocultos, vou em ferramenta/opção de pasta/modo de exibição clico em mostra pasta e arquivos oculto clico OK, mais não funciona... * As vezes meu PC fica muito lento, minha maquina é razoavel(E8400,3Gbram,HD1Tb+1,5Tb), aperto ctrl+alt+del na guia desempenho o uso do CPU fica la em cima, mesmo não tendo motivo para o mesmo. * Fica uns processos estranhos tipo b.exe, explored.exe, XPA5AA1CEB.exe..... não sei o q são! * Uso o Firewall Comodo, do nada ele bugou, monitor de rede ficou desligado e monitor de componente está aprendendo, e as vezes ele fica usando muito a CPU fui vê a atividade dele ele fica bloqueando toda hora a atividade de explored.exe(estranho!?) e o tal svchost.exe(q eu acho q faz atualização do windows sendo que já coloquei no painel de controle que não quero atualização automática, mais acho q ele ficou doido....) * Menu iniciar\inicializar tem uma pasta chamada iiiii. * Qnd eu coloco um Pendrive/HDexterno/Celular na minha maquina, algumas pasta ficam coim extensão .exe, algumas eu não consigo mais gravar coisa dentro. Sendo que meu celular e meu HDexterno ficaram "contaminados" fui testar em outras maquinas as pastas exe ficaram lá! Fico agradecido desde já com a ajuda. Segue o log do hijackthis.log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:26:22, on 26/10/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe C:\Arquivos de programas\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Tunngle\TnglCtrl.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\DOCUME~1\Junior\CONFIG~1\Temp\b.exe C:\explored.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Microsoft Xbox 360 Accessories\XboxStat.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp325.exe C:\WINDOWS\vsnp325.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Arquivos de programas\Comodo\Firewall\CPF.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe C:\WINDOWS\system32\XP-A5AA1CEB.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Junior\Dados de aplicativos\FlashGetBHO\FlashGetBHO3.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [XboxStat] "C:\Arquivos de programas\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [iSUSPM] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKLM\..\Run: [Recycler] \explored.exe O4 - HKLM\..\Run: [XP-A5AA1CEB] C:\WINDOWS\system32\XP-A5AA1CEB.EXE O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\RunServices: [Recycler] \explored.exe O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKLM\..\RunOnce: [Recycler] \explored.exe O4 - HKLM\..\RunServicesOnce: [Recycler] \explored.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TurboNet] C:\DOCUME~1\Junior\CONFIG~1\Temp\b.exe O4 - HKCU\..\Run: [iMobile] C:\Documents and Settings\Junior\Meus documentos\Downloads\ImobileHelper.exe 0 O4 - HKCU\..\Run: [Recycler] \explored.exe O4 - HKCU\..\RunServices: [Recycler] \explored.exe O4 - HKCU\..\RunServicesOnce: [Recycler] \explored.exe O4 - HKCU\..\Policies\Explorer\Run: [Recycler] \explored.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-A5AA1CEB.EXE O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Junior\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Junior\Dados de aplicativos\FlashGetBHO\GetUrl.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://software.kuaiche.com O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O21 - SSODL: GootkitSSO - {6FE86292-F465-45AB-B070-13E67D5C6E04} - C:\WINDOWS\System32\msxsltsso.dll O22 - SharedTaskScheduler: \explored.exe - Recycler - (no file) O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: Comodo Application Agent (cmdagent) - COMODO - C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA (pnkbstra) - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: TunngleService - Tunngle.net GmbH - C:\Arquivos de programas\Tunngle\TnglCtrl.exe -- End of file - 9802 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Outubro 29, 2010 :) Olá sylvyojr! :seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: Faça o download do ComboFix Salve-o no Desktop (área de trabalho). * Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! ) * Feche todas as janelas e execute a ferramenta. * Ps: A execução, por comando, também é possível: * Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall * Clique em Ok. * Na solicitação: "Negação de garantia de software" --> Clique em Sim. * Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo. * Terminando,clique Sim ou Yes. --> Aguarde. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX :!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download. * Salve-a no Desktop,renomeada como: Kombo.exe * Ps: Nomeie durante o salvamento,e não após salvá-la! * Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://www.caixadedicas.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link! * Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: * Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos. * Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! * Ps: Para evitar problemas, siga todas as recomendações propostas. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX * Abrir-se-á a janela Auto Scan. --> Aguarde! * Para finalizar remoções, o ComboFix poderá reiniciar o computador. * Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! * Durante o scan, evite manusear o mouse ou teclado! <-- Importante! * Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter. <><><><><><><><><><><><> O log do Combofix estará em C:\ComboFix.txt _____________________________ :seta: Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes: '>http://www.caixadedicas.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e o log do Combofix que estará em C:\ComboFix.txt e nos diga como está o seu PC após estes procedimentos. Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
sylvyojr 0 Denunciar post Postado Novembro 20, 2010 Segue o Log do ComboFix ComboFix 10-10-28.09 - Junior 30/10/2010 13:04:53.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3070.2675 [GMT -2:00] Executando de: c:\documents and settings\Junior\desktop\Combofix.exe Comandos utilizados :: /killall FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\arquivos de programas\DaemonTools_WhenUSave_Installer c:\arquivos de programas\FlashGet Network c:\arquivos de programas\FlashGet Network\FlashGet 3\adns.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\btcoreu.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\BugReport.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\BugReport.exe c:\arquivos de programas\FlashGet Network\FlashGet 3\cd1.ico c:\arquivos de programas\FlashGet Network\FlashGet 3\ckcore.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\commonlib.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\componentskrnl.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\config\clients.met c:\arquivos de programas\FlashGet Network\FlashGet 3\config\clients.met.bak c:\arquivos de programas\FlashGet Network\FlashGet 3\config\cryptkey.dat c:\arquivos de programas\FlashGet Network\FlashGet 3\config\emfriends.met c:\arquivos de programas\FlashGet Network\FlashGet 3\config\known.met c:\arquivos de programas\FlashGet Network\FlashGet 3\config\known2_64.met c:\arquivos de programas\FlashGet Network\FlashGet 3\config\preferences.dat c:\arquivos de programas\FlashGet Network\FlashGet 3\config\preferences.ini c:\arquivos de programas\FlashGet Network\FlashGet 3\config\server.met c:\arquivos de programas\FlashGet Network\FlashGet 3\config\server_met.old c:\arquivos de programas\FlashGet Network\FlashGet 3\config\upload.met c:\arquivos de programas\FlashGet Network\FlashGet 3\corestat.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\Appsetting.cfg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_222.jpg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_3332.jpg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_33665566.jpg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_5-04400194A.jpg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_5_4504_1.jpg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_icon03.jpg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_icon04.jpg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_km.jpg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_logo.jpg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_Noname111.jpg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_OL-2.jpg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_ycmc.jpg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\dian.jpg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\directui_new_1275638340.zip c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\gameall.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\gametop.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\newgame.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p1.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p2.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p3.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p4.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p5.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p6.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p7.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p8.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\reom.jpg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\soft.jpg c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\tab.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\FlashGet3db.db c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue.png c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_classic.png c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat c:\arquivos de programas\FlashGet Network\FlashGet 3\dbghelp.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\fg.ico c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\FGResDetector.conf c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml c:\arquivos de programas\FlashGet Network\FlashGet 3\FGSoftware.exe c:\arquivos de programas\FlashGet Network\FlashGet 3\Flashget3.exe c:\arquivos de programas\FlashGet Network\FlashGet 3\FlashGet3.xpi c:\arquivos de programas\FlashGet Network\FlashGet 3\FlashGetBHO3.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\FlashGetHook.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\fnsArchive.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\fnsDirectuix.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\fnsLanguage.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\fnslanguage_en.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\fnsScheduler.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\fnsSecurity.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\fnsSkinX.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\fnsStatistics.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\game.ico c:\arquivos de programas\FlashGet Network\FlashGet 3\gb2312-unicode.dic c:\arquivos de programas\FlashGet Network\FlashGet 3\gdiplus.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\GetAllUrl.htm c:\arquivos de programas\FlashGet Network\FlashGet 3\GetUrl.htm c:\arquivos de programas\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe c:\arquivos de programas\FlashGet Network\FlashGet 3\libem.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\license.txt c:\arquivos de programas\FlashGet Network\FlashGet 3\lst_tz.bin c:\arquivos de programas\FlashGet Network\FlashGet 3\P2PCfg.ini c:\arquivos de programas\FlashGet Network\FlashGet 3\p2pcore.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\p2score.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\perf.ini c:\arquivos de programas\FlashGet Network\FlashGet 3\pncrt.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\pstat.dat c:\arquivos de programas\FlashGet Network\FlashGet 3\pup.dat c:\arquivos de programas\FlashGet Network\FlashGet 3\RdOldDb.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\RealMediaSplitter.ax c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\preview.png c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\skin.xml c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\topmain.png c:\arquivos de programas\FlashGet Network\FlashGet 3\SnapShot.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\storage.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\SysOptimize.exe c:\arquivos de programas\FlashGet Network\FlashGet 3\uninst.exe c:\arquivos de programas\FlashGet Network\FlashGet 3\VodCore.dll c:\arquivos de programas\FlashGet Network\FlashGet 3\zlib.dll c:\documents and settings\Junior\Dados de aplicativos\BITS c:\documents and settings\Junior\Dados de aplicativos\BITS\BITS.ini c:\documents and settings\Junior\Dados de aplicativos\BITS\DHTTable.dat c:\documents and settings\Junior\Dados de aplicativos\BITS\ProxyList.ini c:\documents and settings\Junior\Dados de aplicativos\FlashGetBHO c:\documents and settings\Junior\Dados de aplicativos\FlashGetBHO\FlashGetBHO3.dll c:\documents and settings\Junior\Dados de aplicativos\FlashGetBHO\FlashGetHook.dll c:\documents and settings\Junior\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm c:\documents and settings\Junior\Dados de aplicativos\FlashGetBHO\GetUrl.htm c:\documents and settings\Junior\Menu Iniciar\Programas\Inicializar\¡¡¡¡¡¡.lnk c:\windows\daemon.dll c:\windows\libem.INI c:\windows\system\WINSPOOL.DRV c:\windows\system32\alrsv.dll c:\windows\system32\com.run c:\windows\system32\dp1.fne c:\windows\system32\drivers\KGootkit.sys c:\windows\system32\eAPI.fne c:\windows\system32\internet.fne c:\windows\system32\krnln.fnr c:\windows\system32\msconfig.exe c:\windows\system32\msxsltsso.dll c:\windows\system32\og.dll c:\windows\system32\og.edt c:\windows\system32\RegEx.fnr c:\windows\system32\secustat.dat c:\windows\system32\shell.fne c:\windows\system32\spec.fne c:\windows\system32\Thumbs.db c:\windows\system32\ul.dll c:\windows\system32\XP-A5AA1CEB.EXE c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job K:\install.exe c:\windows\system32\drivers\873d3d00.sys . . . está infectado!! . . . Failed to find a valid replacement. c:\windows\system32\drivers\KGootkit.sys . . . está infectado!! . . . Failed to find a valid replacement. A cópia de c:\windows\system32\drivers\ndis.sys foi encontrada e desinfectada Cópia restaurada de - c:\windows\system32\dllcache\cache\ndis.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_KGOOTKIT -------\Legacy_tcpsr -------\Service_KGootkit -------\Service_tcpsr (((((((((((((((( Arquivos/Ficheiros criados de 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))) . 2010-10-27 17:21 . 2004-08-04 04:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2010-10-27 17:21 . 2004-08-04 04:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2010-10-23 21:22 . 2010-10-23 21:24 -------- d-----w- C:\MNO35S 2010-10-23 19:42 . 2010-10-23 19:42 -------- d-----w- c:\windows\13diretrizes para uma vida próspera e financeiramente equilibrada 2010-10-15 22:48 . 2010-10-27 17:02 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\Tunngle 2010-10-15 22:48 . 2010-10-15 22:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Tunngle 2010-10-15 22:48 . 2009-09-16 11:02 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys 2010-10-15 22:48 . 2010-10-15 22:49 -------- d-----w- c:\arquivos de programas\Tunngle 2010-10-10 23:59 . 2010-10-11 00:00 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\GameRanger 2010-10-02 18:00 . 2010-07-27 21:42 1774720 ----a-w- c:\windows\system32\BootMan.exe 2010-10-02 18:00 . 2010-07-15 11:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe 2010-10-02 18:00 . 2010-07-15 11:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys 2010-10-02 18:00 . 2010-07-15 11:44 13192 ----a-w- c:\windows\system32\epmntdrv.sys 2010-10-02 18:00 . 2010-07-15 11:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll 2010-10-02 17:25 . 2010-10-02 17:25 -------- d-----w- c:\arquivos de programas\PowerQuest 2010-10-01 21:54 . 2010-10-01 22:21 -------- d-----w- c:\windows\system32\NtmsData 2010-10-01 21:38 . 2010-06-21 22:07 26216 ----a-w- c:\windows\system32\nvhdap32.dll 2010-10-01 21:38 . 2010-06-21 22:07 232040 ----a-w- c:\windows\system32\nvcohda.dll 2010-10-01 21:38 . 2010-06-21 22:07 91496 ----a-w- c:\windows\system32\drivers\nvhda32.sys 2010-10-01 21:38 . 2010-10-27 17:50 233856 ----a-w- c:\windows\system32\nvdrsdb0.bin 2010-10-01 21:37 . 2010-10-27 17:50 233856 ----a-w- c:\windows\system32\nvdrsdb1.bin 2010-10-01 21:37 . 2010-10-27 17:50 1 ----a-w- c:\windows\system32\nvdrssel.bin . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-25 23:02 . 2009-06-21 04:51 233960 ----a-w- c:\windows\system32\PnkBstrB.xtr 2010-10-25 23:02 . 2008-03-16 00:45 233960 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-10-25 20:21 . 2008-03-16 00:45 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-09-15 00:00 . 2010-09-15 00:00 33280 --sh--r- C:\explored.exe 2010-08-14 18:38 . 2008-03-16 02:06 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2010-08-14 18:38 . 2008-03-16 02:06 109080 ----a-w- c:\windows\system32\OpenAL32.dll . ------- Sigcheck ------- [7] 2001-10-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\beep.sys [7] 2001-10-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys [7] 2008-03-13 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\system32\dllcache\tcpip.sys [7] 2008-03-13 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\system32\dllcache\cache\tcpip.sys [-] 2008-03-13 . 21B001A7135418AA06FF73D85C4169C9 . 360832 . . [5.1.2600.3244] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-03-13 . F878166961C0DAFA618A20F0F48A0D14 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll [-] 2009-09-02 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll [-] 2009-09-02 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll c:\windows\System32\drivers\beep.sys ... está faltando !! . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMobile"="c:\documents and settings\Junior\Meus documentos\Downloads\ImobileHelper.exe" [2010-05-21 185848] "Recycler"="\explored.exe" [2010-09-15 33280] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Recycler"="\explored.exe" [2010-09-15 33280] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] "Recycler"="\explored.exe" [2010-09-15 33280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 110592] "XboxStat"="c:\arquivos de programas\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264] "FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480] "tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336] "snp325"="c:\windows\vsnp325.exe" [2007-05-09 835584] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "COMODO Firewall Pro"="c:\arquivos de programas\Comodo\Firewall\CPF.exe" [2009-11-09 1115728] "ISUSPM"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936] "IntelliPoint"="c:\arquivos de programas\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256] "BtTray"="c:\arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe" [2010-07-12 258134] "Recycler"="\explored.exe" [2010-09-15 33280] "nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2002-12-31 137216] "Recycler"="\explored.exe" [2010-09-15 33280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] "Recycler"="\explored.exe" [2010-09-15 33280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-03-13 124928] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496] c:\documents and settings\Junior\Menu Iniciar\Programas\Inicializar\ Stardock ObjectDock.lnk - c:\arquivos de programas\Stardock\ObjectDock\ObjectDock.exe [2008-3-22 3450608] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2002-12-31 11:00 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP] 2006-05-24 18:31 1372160 ----a-w- c:\arquivos de programas\TGTSoft\StyleXP\StyleXP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "InCDsrv"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "e:\\jogos\\Test Drive Unlimited\\TestDriveUnlimited.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "e:\\jogos\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "e:\\jogos\\FEAR\\FEAR.exe"= "e:\\jogos\\FEAR\\FEARMP.exe"= "e:\\jogos\\FEAR\\FEARXP\\FEARXP.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "e:\\jogos\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "e:\\jogos\\AITD\\Alone.exe"= "e:\\jogos\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"= "e:\\jogos\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"= "e:\\jogos\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"= "e:\\jogos\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"= "e:\\jogos\\Bionic Commando Rearmed\\bcr.exe"= "e:\\jogos\\Quantum of Solace\\JB_LiveEngine_s.exe"= "e:\\jogos\\Call of Duty - World at War\\CoDWaW.exe"= "e:\\jogos\\Call of Duty - World at War\\CoDWaWmp.exe"= "e:\\jogos\\STREETFIGHTERIV\\StreetFighterIV.exe"= "e:\\jogos\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"= "e:\\jogos\\FUEL\\FUEL.exe"= "e:\\jogos\\ANNO 1404\\Anno4.exe"= "e:\\jogos\\ANNO 1404\\tools\\Anno4Web.exe"= "d:\\jogos II\\GRID\\GRID.exe"= "d:\\jogos II\\SWAT 4\\Content\\System\\swat4.exe"= "e:\\jogos\\FLOCK!\\Flock.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"= "c:\\Downloads\\Project64KVE\\Project64KVE.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Arquivos de programas\\Steam\\steamapps\\sylvyojrj\\source sdk base 2007\\hl2.exe"= "c:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Arquivos de programas\\Tunngle\\TnglCtrl.exe"= "c:\\Arquivos de programas\\Tunngle\\Tunngle.exe"= "k:\\Lost Planet 2\\LP2DX9.exe"= "k:\\Lost Planet 2\\LP2DX11.exe"= "d:\\jogos II\\RESIDENT EVIL 5\\RE5DX9.EXE"= "d:\\jogos II\\RESIDENT EVIL 5\\RE5DX10.EXE"= "c:\\Arquivos de programas\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"= "c:\\Arquivos de programas\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"= "c:\\Arquivos de programas\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"= "c:\\Arquivos de programas\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= "c:\\Arquivos de programas\\Steam\\steamapps\\common\\left 4 dead 2\\srcds.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8080:TCP"= 8080:TCP:*:Disabled:hamachi "8080:UDP"= 8080:UDP:*:Disabled:hamachi "4245:TCP"= 4245:TCP:anagwt R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [16/3/2008 00:07 137216] R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [16/3/2008 00:07 5248] R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [21/7/2008 12:50 106496] R2 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [14/7/2007 23:37 27992] R2 TunngleService;TunngleService;c:\arquivos de programas\Tunngle\TnglCtrl.exe [15/10/2010 20:48 716024] R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [30/10/2010 13:14 3584] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/10/2010 19:38 91496] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [15/10/2010 20:48 27136] R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21/4/2007 12:15 9344] S1 873d3d00;873d3d00;c:\windows\system32\drivers\873d3d00.sys [8/11/2009 19:24 0] S1 aswSP;avast! Self Protection; [x] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [11/9/2009 14:17 133104] S2 qdjnqzcd;Update Center;c:\windows\system32\svchost.exe -k netsvcs [31/12/2002 09:00 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?] S3 bticiu;bticiu;\??\c:\windows\system32\01A.tmp --> c:\windows\system32\01A.tmp [?] S3 cexwrwt;cexwrwt;\??\c:\windows\system32\014.tmp --> c:\windows\system32\014.tmp [?] S3 cvqusucz;cvqusucz;\??\c:\windows\system32\021.tmp --> c:\windows\system32\021.tmp [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2/10/2010 16:00 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2/10/2010 16:00 8456] S3 fkdad;fkdad;\??\c:\windows\system32\018.tmp --> c:\windows\system32\018.tmp [?] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Junior\CONFIG~1\Temp\NBIAA.tmp --> c:\docume~1\Junior\CONFIG~1\Temp\NBIAA.tmp [?] S3 gmdsxm;gmdsxm;\??\c:\windows\system32\026.tmp --> c:\windows\system32\026.tmp [?] S3 GPU-Z;GPU-Z;\??\c:\docume~1\Junior\CONFIG~1\Temp\GPU-Z.sys --> c:\docume~1\Junior\CONFIG~1\Temp\GPU-Z.sys [?] S3 hyvzin;hyvzin;\??\c:\windows\system32\013.tmp --> c:\windows\system32\013.tmp [?] S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2/7/2009 15:23 10343168] S3 trwkp;trwkp;\??\c:\windows\system32\019.tmp --> c:\windows\system32\019.tmp [?] S3 uceeejav;uceeejav;\??\c:\windows\system32\01E.tmp --> c:\windows\system32\01E.tmp [?] S3 xdva286;XDva286;\??\c:\windows\system32\XDva286.sys --> c:\windows\system32\XDva286.sys [?] S3 ynfzkzsse;ynfzkzsse;\??\c:\windows\system32\01B.tmp --> c:\windows\system32\01B.tmp [?] S3 yxsxycq;yxsxycq;\??\c:\windows\system32\0D.tmp --> c:\windows\system32\0D.tmp [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/6/2008 00:23 685816] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs qdjnqzcd [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-02-25 14:12 451872 ----a-w- c:\arquivos de programas\Arquivos comuns\LightScribe\LSRunOnce.exe . Conteúdo da pasta 'Tarefas Agendadas' 2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-11 16:17] 2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-11 16:17] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com/ IE: Descarregar tudo com o FlashGet - c:\arquivos de programas\FlashGet\jc_all.htm IE: Descarregar utilizando o FlashGet - c:\arquivos de programas\FlashGet\jc_link.htm IE: Download all by FlashGet3 - c:\documents and settings\Junior\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm IE: Download by FlashGet3 - c:\documents and settings\Junior\Dados de aplicativos\FlashGetBHO\GetUrl.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: kuaiche.com\software DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab FF - ProfilePath - c:\documents and settings\Junior\Dados de aplicativos\Mozilla\Firefox\Profiles\j4nkybsc.default\ FF - prefs.js: browser.startup.homepage - hxxp://therebels.biz/portal.php FF - component: c:\documents and settings\Junior\Dados de aplicativos\Mozilla\Firefox\Profiles\j4nkybsc.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\np-mswmp.dll FF - plugin: c:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\arquivos de programas\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Junior\Dados de aplicativos\Mozilla\Firefox\Profiles\j4nkybsc.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . - - - - ORFÃOS REMOVIDOS - - - - HKLM-Run-XP-A5AA1CEB - c:\windows\system32\XP-A5AA1CEB.EXE SharedTaskScheduler-Recycler - (no file) SSODL-GootkitSSO-{6FE86292-F465-45AB-B070-13E67D5C6E04} - c:\windows\System32\msxsltsso.dll AddRemove-FlashGet 3.3 - c:\arquivos de programas\FlashGet Network\FlashGet 3\uninst.exe AddRemove-Metro 2033 Update 2_is1 - d:\jogos ii\Metro 2033\Metro 2033\unins000.exe AddRemove-Patch Brazukas Evolution 2009 v1.3 + Konami 1.3 ~0B162870_is1 - d:\jogos ii\PES 2009\unins000.exe AddRemove-X-Blades_is1 - d:\jogos ii\Unleashed\unins000.exe AddRemove-¡¾Õ½Éñ2Ìì´ÍµÄ³Í·£¡¿_is1 - f:\godofwar2\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-30 13:14 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run IMobile = c:\documents and settings\Junior\Meus documentos\Downloads\ImobileHelper.exe 0????????????????????????????????? ???????x?????????? Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bticiu] "ImagePath"="\??\c:\windows\system32\01A.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cexwrwt] "ImagePath"="\??\c:\windows\system32\014.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cvqusucz] "ImagePath"="\??\c:\windows\system32\021.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fkdad] "ImagePath"="\??\c:\windows\system32\018.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Junior\CONFIG~1\Temp\NBIAA.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gmdsxm] "ImagePath"="\??\c:\windows\system32\026.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hyvzin] "ImagePath"="\??\c:\windows\system32\013.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv] "ImagePath"="\??\c:\windows\TEMP\drv1.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trwkp] "ImagePath"="\??\c:\windows\system32\019.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uceeejav] "ImagePath"="\??\c:\windows\system32\01E.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ynfzkzsse] "ImagePath"="\??\c:\windows\system32\01B.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yxsxycq] "ImagePath"="\??\c:\windows\system32\0D.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qdjnqzcd] "ServiceDll"="c:\windows\system32\dlyytmuw.dll" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(2036) c:\arquivos de programas\Stardock\ObjectDock\DockShellHook.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\BsLangInDepRes.dll c:\windows\system32\Bs2Res.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\nvsvc32.exe c:\arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe c:\arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe c:\arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe c:\windows\system32\PnkBstrA.exe c:\arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\explored.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Tempo para conclusão: 2010-10-30 13:19:56 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-10-30 15:19 ComboFix2.txt 2009-09-01 00:32 Pré-execução: 8.405.381.120 bytes disponíveis Pós execução: 9.496.190.976 bytes disponíveis - - End Of File - - 3AD96499BA3EA0BD1968471CD6707138 LOG do Malwarebytes Anti-Malware Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4998 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 12/11/2010 22:27:58 mbam-log-2010-11-12 (22-27-58).txt Scan type: Full scan (C:\|K:\|) Objects scanned: 351051 Time elapsed: 1 hour(s), 29 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 8 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 25 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet security (Trojan.Jorik) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\internet security (Trojan.Jorik) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\recycler (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\recycler (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\recycler (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\recycler (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\recycler (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\recycler (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Junior\Configurações locais\temp\iexplorer.exe (Trojan.Jorik) -> Quarantined and deleted successfully. C:\asefdwit.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\erase_me937225.exe (Trojan.Jorik) -> Quarantined and deleted successfully. C:\explored.exe (Trojan.PWS) -> Quarantined and deleted successfully. C:\rycbgcq.exe (Trojan.Waledac) -> Quarantined and deleted successfully. C:\xgmqcrh.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Junior\Configurações locais\Temporary Internet Files\Content.IE5\1KJRI379\newhttp[1].exe (Trojan.Jorik) -> Quarantined and deleted successfully. C:\Documents and Settings\Junior\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\9\479ad089-4ca99cb0 (Trojan.Cycler) -> Quarantined and deleted successfully. C:\Documents and Settings\Junior\Meus documentos\WinRAR v4.65\WinRAR_4.65.exe (Spyware.Agent) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\dp1.fne.vir (Worm.Autorun) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\internet.fne.vir (HackTool.Patcher) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\msxsltsso.dll.vir (Trojan.GootKit) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ndis.sys.vir (Rootkit.Protector) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1ADEE231-9EB7-4B3F-8354-ED37FF8E13FF}\RP407\A0101650.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1ADEE231-9EB7-4B3F-8354-ED37FF8E13FF}\RP407\A0101656.sys (Rootkit.Protector) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1ADEE231-9EB7-4B3F-8354-ED37FF8E13FF}\RP407\A0101657.sys (Rootkit.Protector) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1ADEE231-9EB7-4B3F-8354-ED37FF8E13FF}\RP407\A0101732.dll (Trojan.GootKit) -> Quarantined and deleted successfully. K:\backup\HD F\Downloads\WinRAR_4.65.exe (Spyware.Agent) -> Quarantined and deleted successfully. K:\backup\HD I\arquivos\[C.O.D.4.Crackfix.Keygen-Razor1911][by.felipheee]\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911\rzr-cod4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. K:\Downloads\CryptLoad_1.1.8\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully. K:\Downloads\CryptLoad_1.1.8\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully. K:\System Volume Information\_restore{1ADEE231-9EB7-4B3F-8354-ED37FF8E13FF}\RP364\A0092077.exe (Trojan.Dropper) -> Quarantined and deleted successfully. K:\System Volume Information\_restore{1ADEE231-9EB7-4B3F-8354-ED37FF8E13FF}\RP370\A0092334.rbf (Password.Stealer) -> Quarantined and deleted successfully. C:\wrjcmwbu.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully. Por enquanto ta bom, o comodo voltou a funcionar, as pastas oculta estão aparecendo de novo, e as pasta exe q apareciam nos dispositivo removivel preciso de mais tempo pra verificar se parou de acontecer... Tive problema com o daemon, pelo q eu li o combofix detonouuma dll dele, eu desistalei o restante do programa e instalei outra versão...aparentemente está funcionando Daqui a pouco eu posto o novo log do Hijackthis, sempre q inicio o PC eu esqueço.... Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Novembro 20, 2010 :) Vários problemas foram removidos pelo Combofix e Malwarebytes. __________________________ :seta: Siga também estas dicas: Tutorial do Norman Malware Cleaner Tutorial do antivirus Nod32 Online _____________________________ :seta: Na sua próxima resposta poste este log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis e o log do Norman Malware Cleaner e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Dezembro 20, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
