Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

sylvyojr

[Arquivado] &nbspMalvares voltaram e novos chegaram

Recommended Posts

Prezados Colegas,

 

Estou com alguns problema no meu PC, de novo, da outra vez vcs me ajudaram muito e esqueci de agradece, Obrigado e Desculpas.

Vamos aos problemas....obs: não uso anti-virus só firewall

* Não consigo vê os arquivos ocultos, vou em ferramenta/opção de pasta/modo de exibição clico em mostra pasta e arquivos oculto clico OK, mais não funciona...

* As vezes meu PC fica muito lento, minha maquina é razoavel(E8400,3Gbram,HD1Tb+1,5Tb), aperto ctrl+alt+del na guia desempenho o uso do CPU fica la em cima, mesmo não tendo motivo para o mesmo.

* Fica uns processos estranhos tipo b.exe, explored.exe, XPA5AA1CEB.exe..... não sei o q são!

* Uso o Firewall Comodo, do nada ele bugou, monitor de rede ficou desligado e monitor de componente está aprendendo, e as vezes ele fica usando muito a CPU fui vê a atividade dele ele fica bloqueando toda hora a atividade de explored.exe(estranho!?) e o tal svchost.exe(q eu acho q faz atualização do windows sendo que já coloquei no painel de controle que não quero atualização automática, mais acho q ele ficou doido....)

* Menu iniciar\inicializar tem uma pasta chamada iiiii.

* Qnd eu coloco um Pendrive/HDexterno/Celular na minha maquina, algumas pasta ficam coim extensão .exe, algumas eu não consigo mais gravar coisa dentro. Sendo que meu celular e meu HDexterno ficaram "contaminados" fui testar em outras maquinas as pastas exe ficaram lá!

 

Fico agradecido desde já com a ajuda.

 

Segue o log do hijackthis.log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:26:22, on 26/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20733)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Tunngle\TnglCtrl.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\DOCUME~1\Junior\CONFIG~1\Temp\b.exe

C:\explored.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp325.exe

C:\WINDOWS\vsnp325.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Comodo\Firewall\CPF.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe

C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe

C:\WINDOWS\system32\XP-A5AA1CEB.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Junior\Dados de aplicativos\FlashGetBHO\FlashGetBHO3.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [XboxStat] "C:\Arquivos de programas\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [iSUSPM] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [Recycler] \explored.exe

O4 - HKLM\..\Run: [XP-A5AA1CEB] C:\WINDOWS\system32\XP-A5AA1CEB.EXE

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\RunServices: [Recycler] \explored.exe

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKLM\..\RunOnce: [Recycler] \explored.exe

O4 - HKLM\..\RunServicesOnce: [Recycler] \explored.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TurboNet] C:\DOCUME~1\Junior\CONFIG~1\Temp\b.exe

O4 - HKCU\..\Run: [iMobile] C:\Documents and Settings\Junior\Meus documentos\Downloads\ImobileHelper.exe 0

O4 - HKCU\..\Run: [Recycler] \explored.exe

O4 - HKCU\..\RunServices: [Recycler] \explored.exe

O4 - HKCU\..\RunServicesOnce: [Recycler] \explored.exe

O4 - HKCU\..\Policies\Explorer\Run: [Recycler] \explored.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-A5AA1CEB.EXE

O8 - Extra context menu item: Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Junior\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm

O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Junior\Dados de aplicativos\FlashGetBHO\GetUrl.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://software.kuaiche.com

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: GootkitSSO - {6FE86292-F465-45AB-B070-13E67D5C6E04} - C:\WINDOWS\System32\msxsltsso.dll

O22 - SharedTaskScheduler: \explored.exe - Recycler - (no file)

O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: Comodo Application Agent (cmdagent) - COMODO - C:\Arquivos de programas\COMODO\Firewall\cmdagent.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA (pnkbstra) - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: TunngleService - Tunngle.net GmbH - C:\Arquivos de programas\Tunngle\TnglCtrl.exe

 

--

End of file - 9802 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Olá sylvyojr!

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

RcAuto1.gif

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://www.caixadedicas.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

O log do Combofix estará em C:\ComboFix.txt

_____________________________

 

:seta: Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

 

'>http://www.caixadedicas.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e o log do Combofix que estará em C:\ComboFix.txt e nos diga como está o seu PC após estes procedimentos.

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o Log do ComboFix

 

ComboFix 10-10-28.09 - Junior 30/10/2010 13:04:53.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3070.2675 [GMT -2:00]

Executando de: c:\documents and settings\Junior\desktop\Combofix.exe

Comandos utilizados :: /killall

FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\DaemonTools_WhenUSave_Installer

c:\arquivos de programas\FlashGet Network

c:\arquivos de programas\FlashGet Network\FlashGet 3\adns.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\btcoreu.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\BugReport.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\BugReport.exe

c:\arquivos de programas\FlashGet Network\FlashGet 3\cd1.ico

c:\arquivos de programas\FlashGet Network\FlashGet 3\ckcore.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\commonlib.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\componentskrnl.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\config\clients.met

c:\arquivos de programas\FlashGet Network\FlashGet 3\config\clients.met.bak

c:\arquivos de programas\FlashGet Network\FlashGet 3\config\cryptkey.dat

c:\arquivos de programas\FlashGet Network\FlashGet 3\config\emfriends.met

c:\arquivos de programas\FlashGet Network\FlashGet 3\config\known.met

c:\arquivos de programas\FlashGet Network\FlashGet 3\config\known2_64.met

c:\arquivos de programas\FlashGet Network\FlashGet 3\config\preferences.dat

c:\arquivos de programas\FlashGet Network\FlashGet 3\config\preferences.ini

c:\arquivos de programas\FlashGet Network\FlashGet 3\config\server.met

c:\arquivos de programas\FlashGet Network\FlashGet 3\config\server_met.old

c:\arquivos de programas\FlashGet Network\FlashGet 3\config\upload.met

c:\arquivos de programas\FlashGet Network\FlashGet 3\corestat.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\Appsetting.cfg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_222.jpg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_3332.jpg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_33665566.jpg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_5-04400194A.jpg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_5_4504_1.jpg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_icon03.jpg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_icon04.jpg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_km.jpg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_logo.jpg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_Noname111.jpg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_OL-2.jpg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\client_ycmc.jpg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\dian.jpg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\directui_new_1275638340.zip

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\gameall.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\gametop.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\newgame.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p1.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p2.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p3.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p4.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p5.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p6.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p7.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\p8.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\reom.jpg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\soft.jpg

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\directui\tab.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\FlashGet3db.db

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_classic.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat

c:\arquivos de programas\FlashGet Network\FlashGet 3\dbghelp.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\fg.ico

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\FGResDetector.conf

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml

c:\arquivos de programas\FlashGet Network\FlashGet 3\FGSoftware.exe

c:\arquivos de programas\FlashGet Network\FlashGet 3\Flashget3.exe

c:\arquivos de programas\FlashGet Network\FlashGet 3\FlashGet3.xpi

c:\arquivos de programas\FlashGet Network\FlashGet 3\FlashGetBHO3.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\FlashGetHook.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\fnsArchive.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\fnsDirectuix.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\fnsLanguage.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\fnslanguage_en.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\fnsScheduler.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\fnsSecurity.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\fnsSkinX.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\fnsStatistics.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\game.ico

c:\arquivos de programas\FlashGet Network\FlashGet 3\gb2312-unicode.dic

c:\arquivos de programas\FlashGet Network\FlashGet 3\gdiplus.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\GetAllUrl.htm

c:\arquivos de programas\FlashGet Network\FlashGet 3\GetUrl.htm

c:\arquivos de programas\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe

c:\arquivos de programas\FlashGet Network\FlashGet 3\libem.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\license.txt

c:\arquivos de programas\FlashGet Network\FlashGet 3\lst_tz.bin

c:\arquivos de programas\FlashGet Network\FlashGet 3\P2PCfg.ini

c:\arquivos de programas\FlashGet Network\FlashGet 3\p2pcore.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\p2score.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\perf.ini

c:\arquivos de programas\FlashGet Network\FlashGet 3\pncrt.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\pstat.dat

c:\arquivos de programas\FlashGet Network\FlashGet 3\pup.dat

c:\arquivos de programas\FlashGet Network\FlashGet 3\RdOldDb.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\RealMediaSplitter.ax

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\preview.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\skin.xml

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav

c:\arquivos de programas\FlashGet Network\FlashGet 3\skin\international\default\topmain.png

c:\arquivos de programas\FlashGet Network\FlashGet 3\SnapShot.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\storage.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\SysOptimize.exe

c:\arquivos de programas\FlashGet Network\FlashGet 3\uninst.exe

c:\arquivos de programas\FlashGet Network\FlashGet 3\VodCore.dll

c:\arquivos de programas\FlashGet Network\FlashGet 3\zlib.dll

c:\documents and settings\Junior\Dados de aplicativos\BITS

c:\documents and settings\Junior\Dados de aplicativos\BITS\BITS.ini

c:\documents and settings\Junior\Dados de aplicativos\BITS\DHTTable.dat

c:\documents and settings\Junior\Dados de aplicativos\BITS\ProxyList.ini

c:\documents and settings\Junior\Dados de aplicativos\FlashGetBHO

c:\documents and settings\Junior\Dados de aplicativos\FlashGetBHO\FlashGetBHO3.dll

c:\documents and settings\Junior\Dados de aplicativos\FlashGetBHO\FlashGetHook.dll

c:\documents and settings\Junior\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm

c:\documents and settings\Junior\Dados de aplicativos\FlashGetBHO\GetUrl.htm

c:\documents and settings\Junior\Menu Iniciar\Programas\Inicializar\¡¡¡¡¡¡.lnk

c:\windows\daemon.dll

c:\windows\libem.INI

c:\windows\system\WINSPOOL.DRV

c:\windows\system32\alrsv.dll

c:\windows\system32\com.run

c:\windows\system32\dp1.fne

c:\windows\system32\drivers\KGootkit.sys

c:\windows\system32\eAPI.fne

c:\windows\system32\internet.fne

c:\windows\system32\krnln.fnr

c:\windows\system32\msconfig.exe

c:\windows\system32\msxsltsso.dll

c:\windows\system32\og.dll

c:\windows\system32\og.edt

c:\windows\system32\RegEx.fnr

c:\windows\system32\secustat.dat

c:\windows\system32\shell.fne

c:\windows\system32\spec.fne

c:\windows\system32\Thumbs.db

c:\windows\system32\ul.dll

c:\windows\system32\XP-A5AA1CEB.EXE

c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

K:\install.exe

 

c:\windows\system32\drivers\873d3d00.sys . . . está infectado!! . . . Failed to find a valid replacement.

c:\windows\system32\drivers\KGootkit.sys . . . está infectado!! . . . Failed to find a valid replacement.

A cópia de c:\windows\system32\drivers\ndis.sys foi encontrada e desinfectada

Cópia restaurada de - c:\windows\system32\dllcache\cache\ndis.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_KGOOTKIT

-------\Legacy_tcpsr

-------\Service_KGootkit

-------\Service_tcpsr

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-09-28 to 2010-10-30 ))))))))))))))))))))))))))))

.

 

2010-10-27 17:21 . 2004-08-04 04:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2010-10-27 17:21 . 2004-08-04 04:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2010-10-23 21:22 . 2010-10-23 21:24 -------- d-----w- C:\MNO35S

2010-10-23 19:42 . 2010-10-23 19:42 -------- d-----w- c:\windows\13diretrizes para uma vida próspera e financeiramente equilibrada

2010-10-15 22:48 . 2010-10-27 17:02 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\Tunngle

2010-10-15 22:48 . 2010-10-15 22:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Tunngle

2010-10-15 22:48 . 2009-09-16 11:02 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys

2010-10-15 22:48 . 2010-10-15 22:49 -------- d-----w- c:\arquivos de programas\Tunngle

2010-10-10 23:59 . 2010-10-11 00:00 -------- d-----w- c:\documents and settings\Junior\Dados de aplicativos\GameRanger

2010-10-02 18:00 . 2010-07-27 21:42 1774720 ----a-w- c:\windows\system32\BootMan.exe

2010-10-02 18:00 . 2010-07-15 11:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe

2010-10-02 18:00 . 2010-07-15 11:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys

2010-10-02 18:00 . 2010-07-15 11:44 13192 ----a-w- c:\windows\system32\epmntdrv.sys

2010-10-02 18:00 . 2010-07-15 11:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll

2010-10-02 17:25 . 2010-10-02 17:25 -------- d-----w- c:\arquivos de programas\PowerQuest

2010-10-01 21:54 . 2010-10-01 22:21 -------- d-----w- c:\windows\system32\NtmsData

2010-10-01 21:38 . 2010-06-21 22:07 26216 ----a-w- c:\windows\system32\nvhdap32.dll

2010-10-01 21:38 . 2010-06-21 22:07 232040 ----a-w- c:\windows\system32\nvcohda.dll

2010-10-01 21:38 . 2010-06-21 22:07 91496 ----a-w- c:\windows\system32\drivers\nvhda32.sys

2010-10-01 21:38 . 2010-10-27 17:50 233856 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-10-01 21:37 . 2010-10-27 17:50 233856 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-10-01 21:37 . 2010-10-27 17:50 1 ----a-w- c:\windows\system32\nvdrssel.bin

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-25 23:02 . 2009-06-21 04:51 233960 ----a-w- c:\windows\system32\PnkBstrB.xtr

2010-10-25 23:02 . 2008-03-16 00:45 233960 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-10-25 20:21 . 2008-03-16 00:45 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-09-15 00:00 . 2010-09-15 00:00 33280 --sh--r- C:\explored.exe

2010-08-14 18:38 . 2008-03-16 02:06 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2010-08-14 18:38 . 2008-03-16 02:06 109080 ----a-w- c:\windows\system32\OpenAL32.dll

.

 

------- Sigcheck -------

 

[7] 2001-10-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\beep.sys

[7] 2001-10-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

 

[7] 2008-03-13 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\system32\dllcache\tcpip.sys

[7] 2008-03-13 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\system32\dllcache\cache\tcpip.sys

[-] 2008-03-13 . 21B001A7135418AA06FF73D85C4169C9 . 360832 . . [5.1.2600.3244] . . c:\windows\system32\drivers\tcpip.sys

 

[-] 2008-03-13 . F878166961C0DAFA618A20F0F48A0D14 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

 

[-] 2009-09-02 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[-] 2009-09-02 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

 

c:\windows\System32\drivers\beep.sys ... está faltando !!

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMobile"="c:\documents and settings\Junior\Meus documentos\Downloads\ImobileHelper.exe" [2010-05-21 185848]

"Recycler"="\explored.exe" [2010-09-15 33280]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Recycler"="\explored.exe" [2010-09-15 33280]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

"Recycler"="\explored.exe" [2010-09-15 33280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 110592]

"XboxStat"="c:\arquivos de programas\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]

"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]

"tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336]

"snp325"="c:\windows\vsnp325.exe" [2007-05-09 835584]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"COMODO Firewall Pro"="c:\arquivos de programas\Comodo\Firewall\CPF.exe" [2009-11-09 1115728]

"ISUSPM"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]

"IntelliPoint"="c:\arquivos de programas\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]

"BtTray"="c:\arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe" [2010-07-12 258134]

"Recycler"="\explored.exe" [2010-09-15 33280]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2002-12-31 137216]

"Recycler"="\explored.exe" [2010-09-15 33280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

"Recycler"="\explored.exe" [2010-09-15 33280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2008-03-13 124928]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]

 

c:\documents and settings\Junior\Menu Iniciar\Programas\Inicializar\

Stardock ObjectDock.lnk - c:\arquivos de programas\Stardock\ObjectDock\ObjectDock.exe [2008-3-22 3450608]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2002-12-31 11:00 15360 ------w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]

2006-05-24 18:31 1372160 ----a-w- c:\arquivos de programas\TGTSoft\StyleXP\StyleXP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"InCDsrv"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"e:\\jogos\\Test Drive Unlimited\\TestDriveUnlimited.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"e:\\jogos\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"e:\\jogos\\FEAR\\FEAR.exe"=

"e:\\jogos\\FEAR\\FEARMP.exe"=

"e:\\jogos\\FEAR\\FEARXP\\FEARXP.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"e:\\jogos\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"e:\\jogos\\AITD\\Alone.exe"=

"e:\\jogos\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=

"e:\\jogos\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"=

"e:\\jogos\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"=

"e:\\jogos\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"=

"e:\\jogos\\Bionic Commando Rearmed\\bcr.exe"=

"e:\\jogos\\Quantum of Solace\\JB_LiveEngine_s.exe"=

"e:\\jogos\\Call of Duty - World at War\\CoDWaW.exe"=

"e:\\jogos\\Call of Duty - World at War\\CoDWaWmp.exe"=

"e:\\jogos\\STREETFIGHTERIV\\StreetFighterIV.exe"=

"e:\\jogos\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=

"e:\\jogos\\FUEL\\FUEL.exe"=

"e:\\jogos\\ANNO 1404\\Anno4.exe"=

"e:\\jogos\\ANNO 1404\\tools\\Anno4Web.exe"=

"d:\\jogos II\\GRID\\GRID.exe"=

"d:\\jogos II\\SWAT 4\\Content\\System\\swat4.exe"=

"e:\\jogos\\FLOCK!\\Flock.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\Downloads\\Project64KVE\\Project64KVE.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\sylvyojrj\\source sdk base 2007\\hl2.exe"=

"c:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=

"c:\\Arquivos de programas\\Tunngle\\TnglCtrl.exe"=

"c:\\Arquivos de programas\\Tunngle\\Tunngle.exe"=

"k:\\Lost Planet 2\\LP2DX9.exe"=

"k:\\Lost Planet 2\\LP2DX11.exe"=

"d:\\jogos II\\RESIDENT EVIL 5\\RE5DX9.EXE"=

"d:\\jogos II\\RESIDENT EVIL 5\\RE5DX10.EXE"=

"c:\\Arquivos de programas\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\common\\left 4 dead 2\\srcds.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8080:TCP"= 8080:TCP:*:Disabled:hamachi

"8080:UDP"= 8080:UDP:*:Disabled:hamachi

"4245:TCP"= 4245:TCP:anagwt

 

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [16/3/2008 00:07 137216]

R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [16/3/2008 00:07 5248]

R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [21/7/2008 12:50 106496]

R2 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [14/7/2007 23:37 27992]

R2 TunngleService;TunngleService;c:\arquivos de programas\Tunngle\TnglCtrl.exe [15/10/2010 20:48 716024]

R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [30/10/2010 13:14 3584]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/10/2010 19:38 91496]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [15/10/2010 20:48 27136]

R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21/4/2007 12:15 9344]

S1 873d3d00;873d3d00;c:\windows\system32\drivers\873d3d00.sys [8/11/2009 19:24 0]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [11/9/2009 14:17 133104]

S2 qdjnqzcd;Update Center;c:\windows\system32\svchost.exe -k netsvcs [31/12/2002 09:00 14336]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]

S3 bticiu;bticiu;\??\c:\windows\system32\01A.tmp --> c:\windows\system32\01A.tmp [?]

S3 cexwrwt;cexwrwt;\??\c:\windows\system32\014.tmp --> c:\windows\system32\014.tmp [?]

S3 cvqusucz;cvqusucz;\??\c:\windows\system32\021.tmp --> c:\windows\system32\021.tmp [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2/10/2010 16:00 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2/10/2010 16:00 8456]

S3 fkdad;fkdad;\??\c:\windows\system32\018.tmp --> c:\windows\system32\018.tmp [?]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Junior\CONFIG~1\Temp\NBIAA.tmp --> c:\docume~1\Junior\CONFIG~1\Temp\NBIAA.tmp [?]

S3 gmdsxm;gmdsxm;\??\c:\windows\system32\026.tmp --> c:\windows\system32\026.tmp [?]

S3 GPU-Z;GPU-Z;\??\c:\docume~1\Junior\CONFIG~1\Temp\GPU-Z.sys --> c:\docume~1\Junior\CONFIG~1\Temp\GPU-Z.sys [?]

S3 hyvzin;hyvzin;\??\c:\windows\system32\013.tmp --> c:\windows\system32\013.tmp [?]

S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2/7/2009 15:23 10343168]

S3 trwkp;trwkp;\??\c:\windows\system32\019.tmp --> c:\windows\system32\019.tmp [?]

S3 uceeejav;uceeejav;\??\c:\windows\system32\01E.tmp --> c:\windows\system32\01E.tmp [?]

S3 xdva286;XDva286;\??\c:\windows\system32\XDva286.sys --> c:\windows\system32\XDva286.sys [?]

S3 ynfzkzsse;ynfzkzsse;\??\c:\windows\system32\01B.tmp --> c:\windows\system32\01B.tmp [?]

S3 yxsxycq;yxsxycq;\??\c:\windows\system32\0D.tmp --> c:\windows\system32\0D.tmp [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/6/2008 00:23 685816]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

qdjnqzcd

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-02-25 14:12 451872 ----a-w- c:\arquivos de programas\Arquivos comuns\LightScribe\LSRunOnce.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-11 16:17]

 

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-11 16:17]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

IE: Descarregar tudo com o FlashGet - c:\arquivos de programas\FlashGet\jc_all.htm

IE: Descarregar utilizando o FlashGet - c:\arquivos de programas\FlashGet\jc_link.htm

IE: Download all by FlashGet3 - c:\documents and settings\Junior\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm

IE: Download by FlashGet3 - c:\documents and settings\Junior\Dados de aplicativos\FlashGetBHO\GetUrl.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: kuaiche.com\software

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab

FF - ProfilePath - c:\documents and settings\Junior\Dados de aplicativos\Mozilla\Firefox\Profiles\j4nkybsc.default\

FF - prefs.js: browser.startup.homepage - hxxp://therebels.biz/portal.php

FF - component: c:\documents and settings\Junior\Dados de aplicativos\Mozilla\Firefox\Profiles\j4nkybsc.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\arquivos de programas\VistaCodecPack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\documents and settings\Junior\Dados de aplicativos\Mozilla\Firefox\Profiles\j4nkybsc.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-XP-A5AA1CEB - c:\windows\system32\XP-A5AA1CEB.EXE

SharedTaskScheduler-Recycler - (no file)

SSODL-GootkitSSO-{6FE86292-F465-45AB-B070-13E67D5C6E04} - c:\windows\System32\msxsltsso.dll

AddRemove-FlashGet 3.3 - c:\arquivos de programas\FlashGet Network\FlashGet 3\uninst.exe

AddRemove-Metro 2033 Update 2_is1 - d:\jogos ii\Metro 2033\Metro 2033\unins000.exe

AddRemove-Patch Brazukas Evolution 2009 v1.3 + Konami 1.3 ~0B162870_is1 - d:\jogos ii\PES 2009\unins000.exe

AddRemove-X-Blades_is1 - d:\jogos ii\Unleashed\unins000.exe

AddRemove-¡¾Õ½Éñ2Ìì´ÍµÄ³Í·£¡¿_is1 - f:\godofwar2\unins000.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-30 13:14

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

IMobile = c:\documents and settings\Junior\Meus documentos\Downloads\ImobileHelper.exe 0????????????????????????????????? ???????x??????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bticiu]

"ImagePath"="\??\c:\windows\system32\01A.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cexwrwt]

"ImagePath"="\??\c:\windows\system32\014.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cvqusucz]

"ImagePath"="\??\c:\windows\system32\021.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fkdad]

"ImagePath"="\??\c:\windows\system32\018.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\Junior\CONFIG~1\Temp\NBIAA.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gmdsxm]

"ImagePath"="\??\c:\windows\system32\026.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hyvzin]

"ImagePath"="\??\c:\windows\system32\013.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]

"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trwkp]

"ImagePath"="\??\c:\windows\system32\019.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uceeejav]

"ImagePath"="\??\c:\windows\system32\01E.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ynfzkzsse]

"ImagePath"="\??\c:\windows\system32\01B.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yxsxycq]

"ImagePath"="\??\c:\windows\system32\0D.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qdjnqzcd]

"ServiceDll"="c:\windows\system32\dlyytmuw.dll"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2036)

c:\arquivos de programas\Stardock\ObjectDock\DockShellHook.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\BsLangInDepRes.dll

c:\windows\system32\Bs2Res.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

c:\arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

c:\arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

c:\windows\system32\PnkBstrA.exe

c:\arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\explored.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

.

**************************************************************************

.

Tempo para conclusão: 2010-10-30 13:19:56 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-10-30 15:19

ComboFix2.txt 2009-09-01 00:32

 

Pré-execução: 8.405.381.120 bytes disponíveis

Pós execução: 9.496.190.976 bytes disponíveis

 

- - End Of File - - 3AD96499BA3EA0BD1968471CD6707138

 

 

LOG do Malwarebytes Anti-Malware

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4998

 

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

 

12/11/2010 22:27:58

mbam-log-2010-11-12 (22-27-58).txt

 

Scan type: Full scan (C:\|K:\|)

Objects scanned: 351051

Time elapsed: 1 hour(s), 29 minute(s), 57 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 8

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 25

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet security (Trojan.Jorik) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\internet security (Trojan.Jorik) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\recycler (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\recycler (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\recycler (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\recycler (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\recycler (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\recycler (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Documents and Settings\Junior\Configurações locais\temp\iexplorer.exe (Trojan.Jorik) -> Quarantined and deleted successfully.

C:\asefdwit.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\erase_me937225.exe (Trojan.Jorik) -> Quarantined and deleted successfully.

C:\explored.exe (Trojan.PWS) -> Quarantined and deleted successfully.

C:\rycbgcq.exe (Trojan.Waledac) -> Quarantined and deleted successfully.

C:\xgmqcrh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Junior\Configurações locais\Temporary Internet Files\Content.IE5\1KJRI379\newhttp[1].exe (Trojan.Jorik) -> Quarantined and deleted successfully.

C:\Documents and Settings\Junior\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\9\479ad089-4ca99cb0 (Trojan.Cycler) -> Quarantined and deleted successfully.

C:\Documents and Settings\Junior\Meus documentos\WinRAR v4.65\WinRAR_4.65.exe (Spyware.Agent) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\dp1.fne.vir (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\internet.fne.vir (HackTool.Patcher) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\msxsltsso.dll.vir (Trojan.GootKit) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ndis.sys.vir (Rootkit.Protector) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1ADEE231-9EB7-4B3F-8354-ED37FF8E13FF}\RP407\A0101650.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1ADEE231-9EB7-4B3F-8354-ED37FF8E13FF}\RP407\A0101656.sys (Rootkit.Protector) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1ADEE231-9EB7-4B3F-8354-ED37FF8E13FF}\RP407\A0101657.sys (Rootkit.Protector) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1ADEE231-9EB7-4B3F-8354-ED37FF8E13FF}\RP407\A0101732.dll (Trojan.GootKit) -> Quarantined and deleted successfully.

K:\backup\HD F\Downloads\WinRAR_4.65.exe (Spyware.Agent) -> Quarantined and deleted successfully.

K:\backup\HD I\arquivos\[C.O.D.4.Crackfix.Keygen-Razor1911][by.felipheee]\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911\rzr-cod4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

K:\Downloads\CryptLoad_1.1.8\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.

K:\Downloads\CryptLoad_1.1.8\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.

K:\System Volume Information\_restore{1ADEE231-9EB7-4B3F-8354-ED37FF8E13FF}\RP364\A0092077.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

K:\System Volume Information\_restore{1ADEE231-9EB7-4B3F-8354-ED37FF8E13FF}\RP370\A0092334.rbf (Password.Stealer) -> Quarantined and deleted successfully.

C:\wrjcmwbu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.

 

 

Por enquanto ta bom, o comodo voltou a funcionar, as pastas oculta estão aparecendo de novo, e as pasta exe q apareciam nos dispositivo removivel preciso de mais tempo pra verificar se parou de acontecer...

Tive problema com o daemon, pelo q eu li o combofix detonouuma dll dele, eu desistalei o restante do programa e instalei outra versão...aparentemente está funcionando

Daqui a pouco eu posto o novo log do Hijackthis, sempre q inicio o PC eu esqueço....

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Vários problemas foram removidos pelo Combofix e Malwarebytes.

__________________________

 

:seta: Siga também estas dicas:

 

Tutorial do Norman Malware Cleaner

 

Tutorial do antivirus Nod32 Online

_____________________________

 

:seta: Na sua próxima resposta poste este log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis e o log do Norman Malware Cleaner e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.