Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
NiKoLaU_

[Ajuda] Analise de Log's

Recommended Posts

Então venho até aqui pedir uma ajuda a vocês.

A uns dois meses o meu pc parou de funcionar o ctrl+alt+del, regedit, modo de segurança não acessa e por ai vai.

Ok, passei o Combo Fix e o ctrl+alt+del, regedit voltaram normal. No mesmo dia a noite já estava normal. Tenho a mania de deixar o antivirus desabilitado, na verdade nem usava, porque sei bem onde eu navego e quais emails e links visitar ou não.

Meu Kaspersky 2009 entra, e vaza fora. Nenhum anti-vírus passa, inicia e para.

O pc não pedeu velocidade nem nada, mas as vezes da uma travada, e persistentemente um vírus retorna ao meu pendrive.

Já pensei em formatar o PC mas to sem espaço no meu HD para backupear os arquivos.

LOG DDS


DDS (Ver_09-03-16.01) - NTFSx86
Run by Nikolas at 15:16:34,64 on qua 08/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1293 [GMT -3:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\DAEMON Tools\daemon.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Winamp\winamp.exe
C:\WINDOWS\TEMP\owkp.exe
C:\WINDOWS\TEMP\jqbg.exe
C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Nikolas\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\WINDOWS\TEMP\wingiwt.exe
C:\Documents and Settings\Nikolas\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nikolas\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nikolas\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nikolas\Meus documentos\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = local
mWinlogon: UIHost=XPize_Logon.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\arquivos de programas\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\arquivos de programas\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\arquivos de programas\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\arquivos de programas\orbitdownloader\GrabPro.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"
uRun: [DAEMON Tools] "c:\arquivos de programas\daemon tools\daemon.exe" -lang 1033
uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\documents and settings\nikolas\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\arquivos de programas\utorrent\uTorrent.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [WinampAgent] "c:\arquivos de programas\winamp\winampa.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SkyTel] SkyTel.EXE
StartupFolder: c:\docume~1\nikolas\menuin~1\progra~1\inicia~1\Esternet.lnk -
StartupFolder: c:\docume~1\nikolas\menuin~1\progra~1\inicia~1\metacafe.lnk - c:\arquivos de programas\metacafe\MetacafeAgent.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\metacafe.lnk - c:\arquivos de programas\metacafe\MetacafeAgent.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Download by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/204
IE: Baixar Link Utiizando Gerenciador Mega... - c:\arquivos de programas\megaupload\mega manager\mm_file.htm
IE: Do&wnload selected by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/202
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~3\office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {669AEF56-01D4-4565-B467-748A875AB5E1} = 192.168.3.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nikolas\dadosd~1\mozilla\firefox\profiles\nls5xgsd.default\
FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\arquivos de programas\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\documents and settings\nikolas\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-1-8 31296]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2008-10-6 29696]
R3 dac970nt;dac970nt;\??\c:\windows\system32\drivers\mojhrm.sys --> c:\windows\system32\drivers\mojhrm.sys [?]
R3 DCamUSBIntel;USB Video Camera;c:\windows\system32\drivers\TP6800.sys [2008-10-9 201032]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [2005-8-8 6640]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-5-9 13824]
S3 DirectNT;DirectNT;\??\c:\documents and settings\nikolas\desktop\directnt.sys --> c:\documents and settings\nikolas\desktop\DirectNT.sys [?]
S3 RTCore32;RTCore32;c:\arquivos de programas\evga precision\RTCore32.sys [2005-5-25 4608]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2007-11-2 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2008-11-27 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2008-11-27 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [2008-11-27 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [2008-11-27 100008]
S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]

=============== Created Last 30 ================

2009-04-02 00:39 <DIR> --d----- c:\arquivos de programas\MSN Messenger
2009-04-01 19:34 <DIR> --d----- c:\arquivos de programas\Windows Live SkyDrive
2009-03-22 00:19 161,792 a------- c:\windows\SWREG.exe
2009-03-22 00:19 98,816 a------- c:\windows\sed.exe
2009-03-11 23:00 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-10 01:23 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Akamai

==================== Find3M ====================

2009-04-05 23:53 2,568 a--sh--- c:\docume~1\alluse~1\dadosd~1\KGyGaAvL.sys
2009-04-05 00:10 460,722 a------- c:\windows\system32\perfh016.dat
2009-04-05 00:10 75,230 a------- c:\windows\system32\perfc016.dat
2009-03-15 14:14 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-15 14:14 183,112 a------- c:\windows\system32\PnkBstrB.exe
2009-02-17 17:39 128,840 a------- c:\windows\system32\Metacafe.scr
2009-02-09 11:06 1,846,912 a------- c:\windows\system32\win32k.sys
2009-01-31 05:28 109,127 ---shr-- C:\hl80c6b1.com
2009-01-30 16:55 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-01 14:35 22,328 a------- c:\docume~1\nikolas\dadosd~1\PnkBstrK.sys
2008-10-22 22:55 8 ---shr-- c:\docume~1\alluse~1\dadosd~1\0E43AED475.sys
2008-10-12 20:22 47,360 a------- c:\docume~1\nikolas\dadosd~1\pcouffin.sys
2008-12-23 01:19 85,504 ---shr-- c:\windows\system32\vbsdfe0.dll
2008-12-14 18:30 85,504 ---shr-- c:\windows\system32\vbsdfe1.dll
2008-12-28 09:28 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008122820081229\index.dat

============= FINISH: 15:16:49,04 ===============

GMER

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-08 17:51:51
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xBA6C3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6C4340]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A7CC1E8

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado a Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Eu ja fiz isso, passo o ComboFix e não muda mais nada. Passei ele antes de postar. Ao menos que queiram o LOG dele também.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Desculpe a demora, mas estava viajando. Segue o LOG do ComboFix

    ComboFix

    ComboFix 09-04-20.02 - Nikolas 19/04/2009 23:17.4 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1473 [GMT -3:00]

    Executando de: c:\documents and settings\Nikolas\Meus documentos\Downloads\ComboFix.exe

    AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)

    * Criado um novo ponto de restauro

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_DAC970NT

    -------\Service_dac970nt

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

    Metacafe.lnk - c:\arquivos de programas\Metacafe\MetacafeAgent.exe [2009-2-17 145736]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "DisableTaskMgr"= 1 (0x1)

    "DisableRegistryTools"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

    "UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusDisableNotify"=dword:00000001

    "UpdatesDisableNotify"=dword:00000001

    "AntiVirusOverride"=dword:00000001

    "FirewallOverride"=dword:00000001

    "UacDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "AntiVirusOverride"=dword:00000001

    "AntiVirusDisableNotify"=dword:00000001

    "FirewallDisableNotify"=dword:00000001

    "FirewallOverride"=dword:00000001

    "UpdatesDisableNotify"=dword:00000001

    "UacDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

    "d:\\Games\\Test Drive Unlimited\\TestDriveUnlimited.exe"=

    "d:\\Arquivos de Programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

    "d:\\Arquivos de Programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

    "d:\\Arquivos de Programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

    "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

    "c:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"=

    "d:\\Arquivos de Programas\\Codemasters\\GRID\\GRID.exe"=

    "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

    "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

    "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

    "c:\\Nexon\\Combat Arms\\NMService.exe"=

    "d:\\Arquivos de Programas\\EA Games\\Battlefield 2\\BF2.exe"=

    "c:\\Arquivos de programas\\eMule\\emule.exe"=

    "e:\\D velho\\Jogos\\Valve\\hl.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=

    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=

    "c:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

    "c:\\Arquivos de programas\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

    "d:\\Arquivos de Programas\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

    "d:\\Arquivos de Programas\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

    "c:\\WINDOWS\\system32\\dpvsetup.exe"=

    "c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

    "c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

    "d:\\Arquivos de Programas\\EA Games\\Need for Speed Underground 2\\speed2.exe"=

    "c:\\Arquivos de programas\\Metacafe\\Metacafe.exe"=

    "c:\\WINDOWS\\ALCMTR.EXE"=

    "c:\\Arquivos de programas\\Java\\jre6\\bin\\jusched.exe"=

    "c:\\WINDOWS\\SkyTel.EXE"=

    "c:\\Arquivos de programas\\DAEMON Tools\\chkupd.exe"=

    "c:\\WINDOWS\\system32\\userinit.exe"=

    "c:\\Arquivos de programas\\Java\\jre6\\bin\\jqs.exe"=

    "c:\\Arquivos de programas\\Winamp\\winamp.exe"=

    "c:\\WINDOWS\\system32\\nwiz.exe"=

    "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

    "c:\\Arquivos de programas\\QuickTime\\QTTask.exe"=

    "c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FARNAAL.EXE"=

    "c:\\WINDOWS\\system32\\WISPTIS.EXE"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\usnsvc.exe"=

    "c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAL.EXE"=

    "c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

    "c:\\Arquivos de programas\\EPSON\\Ink Monitor\\InkMonitor.exe"=

    "c:\\Arquivos de programas\\Winamp\\winampa.exe"=

    "c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"=

    "c:\\WINDOWS\\RTHDCPL.EXE"=

    "c:\\Arquivos de programas\\Metacafe\\MetacafeAgent.exe"=

    "c:\\Arquivos de programas\\EVGA Precision\\EVGAPrecision.exe"=

    "c:\\Documents and Settings\\Nikolas\\Configurações locais\\Dados de aplicativos\\Google\\Update\\GoogleUpdate.exe"=

    "c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

    "c:\\Arquivos de programas\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

    "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

    "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

    "c:\\Documents and Settings\\Nikolas\\Configurações locais\\Dados de aplicativos\\Google\\Chrome\\Application\\chrome.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    "2486:TCP"= 2486:TCP:Akamai NetSession Interface

    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    "2974:TCP"= 2974:TCP:Akamai NetSession Interface

    "4295:TCP"= 4295:TCP:Akamai NetSession Interface

    "2696:TCP"= 2696:TCP:Akamai NetSession Interface

    "1081:TCP"= 1081:TCP:Akamai NetSession Interface

    "2162:TCP"= 2162:TCP:Akamai NetSession Interface

    "1995:TCP"= 1995:TCP:Akamai NetSession Interface

    "3664:TCP"= 3664:TCP:Akamai NetSession Interface

    "2272:TCP"= 2272:TCP:Akamai NetSession Interface

    "2768:TCP"= 2768:TCP:Akamai NetSession Interface

    "4098:TCP"= 4098:TCP:Akamai NetSession Interface

    "1982:TCP"= 1982:TCP:Akamai NetSession Interface

    "4196:TCP"= 4196:TCP:Akamai NetSession Interface

    "2994:TCP"= 2994:TCP:Akamai NetSession Interface

    "2250:TCP"= 2250:TCP:Akamai NetSession Interface

    "2237:TCP"= 2237:TCP:Akamai NetSession Interface

    "4185:TCP"= 4185:TCP:Akamai NetSession Interface

    "3163:TCP"= 3163:TCP:Akamai NetSession Interface

    "4921:TCP"= 4921:TCP:Akamai NetSession Interface

    "1907:TCP"= 1907:TCP:Akamai NetSession Interface

    "2060:TCP"= 2060:TCP:Akamai NetSession Interface

    "3592:TCP"= 3592:TCP:Akamai NetSession Interface

    "1080:TCP"= 1080:TCP:Akamai NetSession Interface

    "2844:TCP"= 2844:TCP:Akamai NetSession Interface

    "3798:TCP"= 3798:TCP:Akamai NetSession Interface

    "3314:TCP"= 3314:TCP:Akamai NetSession Interface

    "3914:TCP"= 3914:TCP:Akamai NetSession Interface

    "3371:TCP"= 3371:TCP:Akamai NetSession Interface

    "4242:TCP"= 4242:TCP:Akamai NetSession Interface

    "4995:TCP"= 4995:TCP:Akamai NetSession Interface

    "3571:TCP"= 3571:TCP:Akamai NetSession Interface

    "1096:TCP"= 1096:TCP:Akamai NetSession Interface

    "2213:TCP"= 2213:TCP:Akamai NetSession Interface

    "1917:TCP"= 1917:TCP:Akamai NetSession Interface

    "4401:TCP"= 4401:TCP:Akamai NetSession Interface

    "1189:TCP"= 1189:TCP:Akamai NetSession Interface

    "1894:TCP"= 1894:TCP:Akamai NetSession Interface

    "1073:TCP"= 1073:TCP:Akamai NetSession Interface

    "3481:TCP"= 3481:TCP:Akamai NetSession Interface

    "1067:TCP"= 1067:TCP:Akamai NetSession Interface

    "3990:TCP"= 3990:TCP:Akamai NetSession Interface

    "1886:TCP"= 1886:TCP:Akamai NetSession Interface

    "2233:TCP"= 2233:TCP:Akamai NetSession Interface

    "4786:TCP"= 4786:TCP:Akamai NetSession Interface

    "1074:TCP"= 1074:TCP:Akamai NetSession Interface

    "1290:TCP"= 1290:TCP:Akamai NetSession Interface

    "1084:TCP"= 1084:TCP:Akamai NetSession Interface

    "1089:TCP"= 1089:TCP:Akamai NetSession Interface

    "4596:TCP"= 4596:TCP:Akamai NetSession Interface

    "2212:TCP"= 2212:TCP:Akamai NetSession Interface

    "3152:TCP"= 3152:TCP:Akamai NetSession Interface

    "2855:TCP"= 2855:TCP:Akamai NetSession Interface

    "3485:TCP"= 3485:TCP:Akamai NetSession Interface

    "1044:TCP"= 1044:TCP:Akamai NetSession Interface

    "2282:TCP"= 2282:TCP:Akamai NetSession Interface

    "3993:TCP"= 3993:TCP:Akamai NetSession Interface

    "2745:TCP"= 2745:TCP:Akamai NetSession Interface

    "2490:TCP"= 2490:TCP:Akamai NetSession Interface

    "3310:TCP"= 3310:TCP:Akamai NetSession Interface

    "1097:TCP"= 1097:TCP:Akamai NetSession Interface

    "2214:TCP"= 2214:TCP:Akamai NetSession Interface

    "3866:TCP"= 3866:TCP:Akamai NetSession Interface

    "1530:TCP"= 1530:TCP:Akamai NetSession Interface

    "1262:TCP"= 1262:TCP:Akamai NetSession Interface

    "1170:TCP"= 1170:TCP:Akamai NetSession Interface

    "3195:TCP"= 3195:TCP:Akamai NetSession Interface

    "1159:TCP"= 1159:TCP:Akamai NetSession Interface

    "3154:TCP"= 3154:TCP:Akamai NetSession Interface

    "1898:TCP"= 1898:TCP:Akamai NetSession Interface

    "4381:TCP"= 4381:TCP:Akamai NetSession Interface

    "4521:TCP"= 4521:TCP:Akamai NetSession Interface

    "3025:TCP"= 3025:TCP:Akamai NetSession Interface

    "1191:TCP"= 1191:TCP:Akamai NetSession Interface

    "4770:TCP"= 4770:TCP:Akamai NetSession Interface

    "1109:TCP"= 1109:TCP:Akamai NetSession Interface

    "3968:TCP"= 3968:TCP:Akamai NetSession Interface

    "1689:TCP"= 1689:TCP:Akamai NetSession Interface

    "1600:TCP"= 1600:TCP:Akamai NetSession Interface

    "1382:TCP"= 1382:TCP:Akamai NetSession Interface

    "1193:TCP"= 1193:TCP:Akamai NetSession Interface

    "4597:TCP"= 4597:TCP:Akamai NetSession Interface

    "4768:TCP"= 4768:TCP:Akamai NetSession Interface

    "1119:TCP"= 1119:TCP:Akamai NetSession Interface

    "1325:TCP"= 1325:TCP:Akamai NetSession Interface

    "1138:TCP"= 1138:TCP:Akamai NetSession Interface

    "3144:TCP"= 3144:TCP:Akamai NetSession Interface

    "3207:TCP"= 3207:TCP:Akamai NetSession Interface

    "3932:TCP"= 3932:TCP:Akamai NetSession Interface

    "3184:TCP"= 3184:TCP:Akamai NetSession Interface

    "3512:TCP"= 3512:TCP:Akamai NetSession Interface

    "3489:TCP"= 3489:TCP:Akamai NetSession Interface

    "4544:TCP"= 4544:TCP:Akamai NetSession Interface

    "4667:TCP"= 4667:TCP:Akamai NetSession Interface

    "1180:TCP"= 1180:TCP:Akamai NetSession Interface

    "1131:TCP"= 1131:TCP:Akamai NetSession Interface

    "1199:TCP"= 1199:TCP:Akamai NetSession Interface

    "1375:TCP"= 1375:TCP:Akamai NetSession Interface

    "1683:TCP"= 1683:TCP:Akamai NetSession Interface

    "1139:TCP"= 1139:TCP:Akamai NetSession Interface

    "1300:TCP"= 1300:TCP:Akamai NetSession Interface

    "2414:TCP"= 2414:TCP:Akamai NetSession Interface

    "3068:TCP"= 3068:TCP:Akamai NetSession Interface

    "3322:TCP"= 3322:TCP:Akamai NetSession Interface

    "1155:TCP"= 1155:TCP:Akamai NetSession Interface

    "2489:TCP"= 2489:TCP:Akamai NetSession Interface

    "2502:TCP"= 2502:TCP:Akamai NetSession Interface

    "3832:TCP"= 3832:TCP:Akamai NetSession Interface

    "1136:TCP"= 1136:TCP:Akamai NetSession Interface

    "1164:TCP"= 1164:TCP:Akamai NetSession Interface

    "1571:TCP"= 1571:TCP:Akamai NetSession Interface

    "1130:TCP"= 1130:TCP:Akamai NetSession Interface

    "1094:TCP"= 1094:TCP:Akamai NetSession Interface

    "1098:TCP"= 1098:TCP:Akamai NetSession Interface

    R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2006-05-09 13824]

    R3 DirectNT;DirectNT; [x]

    R3 RTCore32;RTCore32;c:\arquivos de programas\EVGA Precision\RTCore32.sys [2005-05-25 4608]

    R3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]

    R3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]

    R3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]

    R3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s916mgmt.sys [2007-11-02 103976]

    R3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s916obex.sys [2007-11-02 100008]

    R3 XDva190;XDva190; [x]

    S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-10-24 31296]

    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]

    S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-07-03 29696]

    S3 DCamUSBIntel;USB Video Camera;c:\windows\system32\Drivers\TP6800.sys [2006-12-21 201032]

    S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

    S3 MouseCap;MouseCapture Driver;c:\windows\system32\Drivers\MouseCap.sys [2005-08-08 6640]

    --- ---

    *NewlyCreated* - DAC970NT

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    Akamai REG_MULTI_SZ Akamai

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0422e041-1188-11de-a212-001fc6ae6754}]

    \sheLL\AUtOplAy\command - H:\exqnrt.pif

    \sheLL\AutoRun\command - H:\exqnrt.pif

    \sheLL\ExplORe\coMmaND - H:\exqnrt.pif

    \sheLL\open\CoMmand - H:\exqnrt.pif

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55be09bb-9a65-11dd-a136-001fc6ae6754}]

    \sHell\autoplay\coMmAnD - H:\lvltn.pif

    \sHell\AutoRun\command - H:\lvltn.pif

    \sHell\EXPlORE\ComMAnD - H:\lvltn.pif

    \sHell\opeN\commANd - H:\lvltn.pif

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69975f96-fa37-11dd-a200-001fc6ae6754}]

    \shEll\AutOPLay\coMmAnd - nemopo.pif

    \shEll\AutoRun\command - nemopo.pif

    \shEll\exploRE\COMmAND - nemopo.pif

    \shEll\opEn\coMmAnd - nemopo.pif

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7786222b-1f3e-11de-a21d-001fc6ae6754}]

    \Shell\AutopLAY\ComMaNd - H:\pxlmos.exe

    \Shell\AutoRun\command - H:\pxlmos.exe

    \Shell\EXPloRE\cOmmaNd - H:\pxlmos.exe

    \Shell\Open\ComMAND - H:\pxlmos.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92aed4ae-bbff-11dd-a17f-0018e7436242}]

    \Shell\AutoRun\command - H:\iqe68o.bat

    \Shell\explore\Command - H:\iqe68o.bat

    \Shell\open\Command - H:\iqe68o.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06e8aa7-054f-11de-a206-001fc6ae6754}]

    \Shell\AutoRun\command - H:\zmhbpd.exe

    \Shell\explore\Command - H:\zmhbpd.exe

    \Shell\open\Command - H:\zmhbpd.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de979b41-0dcf-11de-a20f-001fc6ae6754}]

    \shelL\AutoplAY\COmmaNd - H:\sxksc.pif

    \shelL\AutoRun\command - H:\sxksc.pif

    \shelL\EXpLore\ComMand - H:\sxksc.pif

    \shelL\oPeN\cOmmand - H:\sxksc.pif

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff283427-079b-11de-a209-001fc6ae6754}]

    \Shell\Autoplay\coMmand - H:\nvfhpy.exe

    \Shell\AutoRun\command - H:\nvfhpy.exe

    \Shell\eXpLOrE\CoMMaNd - H:\nvfhpy.exe

    \Shell\Open\commanD - H:\nvfhpy.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = about:blank

    IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

    IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

    IE: Baixar Link Utiizando Gerenciador Mega... - c:\arquivos de programas\Megaupload\Mega Manager\mm_file.htm

    IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

    IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

    IE: Sothink SWF Catcher - c:\arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    TCP: {669AEF56-01D4-4565-B467-748A875AB5E1} = 192.168.3.1

    DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

    FF - ProfilePath - c:\documents and settings\Nikolas\Dados de aplicativos\Mozilla\Firefox\Profiles\nls5xgsd.default\

    FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin8.dll

    FF - plugin: c:\arquivos de programas\QuickTime\Plugins\npqtplugin8.dll

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-04-19 23:24

    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dac970nt]

    "ImagePath"="\??\c:\windows\system32\drivers\mojhrm.sys"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-861567501-776561741-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

    @Denied: (Full) (LocalSystem)

    [HKEY_USERS\S-1-5-21-861567501-776561741-839522115-1004\Software\SecuROM\License information*]

    "datasecu"=hex:0c,2a,0c,f9,bb,a8,bb,c1,95,16,78,fd,cd,05,3d,fb,c0,50,30,36,72,

    fc,5f,fe,06,fb,51,51,e2,bc,7b,11,11,17,e1,d6,95,b0,ad,3f,87,b5,9e,04,0d,3c,\

    "rkeysecu"=hex:1d,2f,0f,da,25,70,7c,43,1d,2e,8a,7c,84,fd,4e,d8

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

    @DACL=(02 0000)

    "Asynchronous"=dword:00000001

    "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"

    "Startup"="WlDimsStartup"

    "Shutdown"="WlDimsShutdown"

    "Logon"="WlDimsLogon"

    "Logoff"="WlDimsLogoff"

    "StartShell"="WlDimsStartShell"

    "Lock"="WlDimsLock"

    "Unlock"="WlDimsUnlock"

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'winlogon.exe'(1212)

    c:\arquivos de programas\Arquivos comuns\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

    - - - - - - - > 'explorer.exe'(2424)

    c:\arquiv~1\WINDOW~2\wmpband.dll

    c:\windows\system32\msi.dll

    c:\windows\system32\WPDShServiceObj.dll

    c:\windows\system32\PortableDeviceTypes.dll

    c:\windows\system32\PortableDeviceApi.dll

    c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    c:\arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

    c:\arquivos de programas\Arquivos comuns\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

    c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\windows\RTHDCPL.exe

    c:\arquivos de programas\Winamp\winampa.exe

    c:\windows\system32\rundll32.exe

    c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

    c:\arquivos de programas\DAEMON Tools\daemon.exe

    c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

    c:\documents and settings\Nikolas\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

    c:\arquivos de programas\uTorrent\uTorrent.exe

    c:\arquivos de programas\Bonjour\mDNSResponder.exe

    c:\arquivos de programas\Java\jre6\bin\jqs.exe

    c:\windows\system32\nvsvc32.exe

    c:\windows\system32\HPZipm12.exe

    c:\windows\system32\PnkBstrA.exe

    c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

    c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

    c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

    c:\windows\system32\wbem\wmiapsrv.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2009-04-20 23:28 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2009-04-20 02:28

    ComboFix2.txt 2009-03-25 03:27

    ComboFix3.txt 2009-03-05 04:52

    Pré-execução: 16 pasta(s) 12.391.800.832 bytes disponíveis

    Pós execução: 15 pasta(s) 12.706.205.696 bytes disponíveis

    Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

    379 --- E O F --- 2009-04-20 02:02

    Editado por RenatoMejias
    Remover tag CODE

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)

    Seu antivírus está desatualizado.

    Você faz uso de programas da Akamai?

    Desconecte-se da internet antes de cumprir os procedimentos abaixo.

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":


    File::
    H:\exqnrt.pif
    H:\lvltn.pif
    H:\pxlmos.exe
    H:\iqe68o.bat
    H:\zmhbpd.exe
    H:\sxksc.pif
    H:\nvfhpy.exe
    c:\windows\system32\drivers\mojhrm.sys

    Registry::
    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
    "DisableTaskMgr"=-
    "DisableRegistryTools"=-

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0422e041-1188-11de-a212-001fc6ae6754}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55be09bb-9a65-11dd-a136-001fc6ae6754}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69975f96-fa37-11dd-a200-001fc6ae6754}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7786222b-1f3e-11de-a21d-001fc6ae6754}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92aed4ae-bbff-11dd-a17f-0018e7436242}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06e8aa7-054f-11de-a206-001fc6ae6754}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de979b41-0dcf-11de-a20f-001fc6ae6754}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff283427-079b-11de-a209-001fc6ae6754}]

    Driver::
    dac970nt

    • Salve este arquivo como: CFScript.txt
      CFScriptB-4.gif
    • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
    • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ok, vou realizar o procedimento. Meu anti-vírus nem abre, por isso está desativado. Nem scan online consegui executar no computador.

    Akamai? Talvez use, mas não tenho conhecimento do fabricante. Pesquisando no google, acho que não uso não.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue novo log.

    Novo log ComboFix

    ComboFix 09-04-20.02 - Nikolas 21/04/2009 1:37.6 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1457 [GMT -3:00]

    Executando de: c:\documents and settings\Nikolas\Desktop\ComboFix.exe

    Comandos utilizados :: c:\documents and settings\Nikolas\Desktop\CFScript.txt

    AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)

    * Criado um novo ponto de restauro

    FILE ::

    c:\windows\system32\drivers\mojhrm.sys

    H:\exqnrt.pif

    H:\iqe68o.bat

    H:\lvltn.pif

    H:\nvfhpy.exe

    H:\pxlmos.exe

    H:\sxksc.pif

    H:\zmhbpd.exe

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_DAC970NT

    ((((((((((((((((((((((((((((( SnapShot@2009-04-20_02.24.58 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2009-04-21 04:40 . 2009-04-21 04:40 16384 c:\windows\Temp\Perflib_Perfdata_f80.dat

    + 2009-04-21 04:39 . 2009-04-21 04:39 16384 c:\windows\Temp\Perflib_Perfdata_858.dat

    + 2009-04-21 04:40 . 2009-04-21 04:40 16384 c:\windows\Temp\Perflib_Perfdata_5a0.dat

    - 2001-10-28 18:07 . 2009-04-17 03:11 75230 c:\windows\system32\perfc016.dat

    + 2001-10-28 18:07 . 2009-04-21 04:35 75230 c:\windows\system32\perfc016.dat

    + 2001-10-28 18:07 . 2009-04-21 04:35 66512 c:\windows\system32\perfc009.dat

    - 2001-10-28 18:07 . 2009-04-17 03:11 66512 c:\windows\system32\perfc009.dat

    + 2001-10-28 18:07 . 2009-04-21 04:35 460722 c:\windows\system32\perfh016.dat

    - 2001-10-28 18:07 . 2009-04-17 03:11 460722 c:\windows\system32\perfh016.dat

    + 2001-10-28 18:07 . 2009-04-21 04:35 427728 c:\windows\system32\perfh009.dat

    - 2001-10-28 18:07 . 2009-04-17 03:11 427728 c:\windows\system32\perfh009.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

    Metacafe.lnk - c:\arquivos de programas\Metacafe\MetacafeAgent.exe [2009-2-17 145736]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableLUA"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "DisableTaskMgr"= 1 (0x1)

    "DisableRegistryTools"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

    "DisableTaskMgr"= 1 (0x1)

    "DisableRegistryTools"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

    "UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusDisableNotify"=dword:00000001

    "UpdatesDisableNotify"=dword:00000001

    "AntiVirusOverride"=dword:00000001

    "FirewallOverride"=dword:00000001

    "UacDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "AntiVirusOverride"=dword:00000001

    "AntiVirusDisableNotify"=dword:00000001

    "FirewallDisableNotify"=dword:00000001

    "FirewallOverride"=dword:00000001

    "UpdatesDisableNotify"=dword:00000001

    "UacDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

    "d:\\Games\\Test Drive Unlimited\\TestDriveUnlimited.exe"=

    "d:\\Arquivos de Programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

    "d:\\Arquivos de Programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

    "d:\\Arquivos de Programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

    "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

    "c:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"=

    "d:\\Arquivos de Programas\\Codemasters\\GRID\\GRID.exe"=

    "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

    "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

    "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

    "c:\\Nexon\\Combat Arms\\NMService.exe"=

    "d:\\Arquivos de Programas\\EA Games\\Battlefield 2\\BF2.exe"=

    "c:\\Arquivos de programas\\eMule\\emule.exe"=

    "e:\\D velho\\Jogos\\Valve\\hl.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=

    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=

    "c:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

    "c:\\Arquivos de programas\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

    "d:\\Arquivos de Programas\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

    "d:\\Arquivos de Programas\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

    "c:\\WINDOWS\\system32\\dpvsetup.exe"=

    "c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

    "c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

    "d:\\Arquivos de Programas\\EA Games\\Need for Speed Underground 2\\speed2.exe"=

    "c:\\Arquivos de programas\\Metacafe\\Metacafe.exe"=

    "c:\\WINDOWS\\ALCMTR.EXE"=

    "c:\\Arquivos de programas\\Java\\jre6\\bin\\jusched.exe"=

    "c:\\WINDOWS\\SkyTel.EXE"=

    "c:\\Arquivos de programas\\DAEMON Tools\\chkupd.exe"=

    "c:\\WINDOWS\\system32\\userinit.exe"=

    "c:\\Arquivos de programas\\Java\\jre6\\bin\\jqs.exe"=

    "c:\\Arquivos de programas\\Winamp\\winamp.exe"=

    "c:\\WINDOWS\\system32\\nwiz.exe"=

    "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

    "c:\\Arquivos de programas\\QuickTime\\QTTask.exe"=

    "c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FARNAAL.EXE"=

    "c:\\WINDOWS\\system32\\WISPTIS.EXE"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\usnsvc.exe"=

    "c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAAL.EXE"=

    "c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

    "c:\\Arquivos de programas\\EPSON\\Ink Monitor\\InkMonitor.exe"=

    "c:\\Arquivos de programas\\Winamp\\winampa.exe"=

    "c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"=

    "c:\\WINDOWS\\RTHDCPL.EXE"=

    "c:\\Arquivos de programas\\Metacafe\\MetacafeAgent.exe"=

    "c:\\Arquivos de programas\\EVGA Precision\\EVGAPrecision.exe"=

    "c:\\Documents and Settings\\Nikolas\\Configurações locais\\Dados de aplicativos\\Google\\Update\\GoogleUpdate.exe"=

    "c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

    "c:\\Arquivos de programas\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

    "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

    "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

    "c:\\Documents and Settings\\Nikolas\\Configurações locais\\Dados de aplicativos\\Google\\Chrome\\Application\\chrome.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    "2486:TCP"= 2486:TCP:Akamai NetSession Interface

    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    "2974:TCP"= 2974:TCP:Akamai NetSession Interface

    "4295:TCP"= 4295:TCP:Akamai NetSession Interface

    "2696:TCP"= 2696:TCP:Akamai NetSession Interface

    "1081:TCP"= 1081:TCP:Akamai NetSession Interface

    "2162:TCP"= 2162:TCP:Akamai NetSession Interface

    "1995:TCP"= 1995:TCP:Akamai NetSession Interface

    "3664:TCP"= 3664:TCP:Akamai NetSession Interface

    "2272:TCP"= 2272:TCP:Akamai NetSession Interface

    "2768:TCP"= 2768:TCP:Akamai NetSession Interface

    "4098:TCP"= 4098:TCP:Akamai NetSession Interface

    "1982:TCP"= 1982:TCP:Akamai NetSession Interface

    "4196:TCP"= 4196:TCP:Akamai NetSession Interface

    "2994:TCP"= 2994:TCP:Akamai NetSession Interface

    "2250:TCP"= 2250:TCP:Akamai NetSession Interface

    "2237:TCP"= 2237:TCP:Akamai NetSession Interface

    "4185:TCP"= 4185:TCP:Akamai NetSession Interface

    "3163:TCP"= 3163:TCP:Akamai NetSession Interface

    "4921:TCP"= 4921:TCP:Akamai NetSession Interface

    "1907:TCP"= 1907:TCP:Akamai NetSession Interface

    "2060:TCP"= 2060:TCP:Akamai NetSession Interface

    "3592:TCP"= 3592:TCP:Akamai NetSession Interface

    "1080:TCP"= 1080:TCP:Akamai NetSession Interface

    "2844:TCP"= 2844:TCP:Akamai NetSession Interface

    "3798:TCP"= 3798:TCP:Akamai NetSession Interface

    "3314:TCP"= 3314:TCP:Akamai NetSession Interface

    "3914:TCP"= 3914:TCP:Akamai NetSession Interface

    "3371:TCP"= 3371:TCP:Akamai NetSession Interface

    "4242:TCP"= 4242:TCP:Akamai NetSession Interface

    "4995:TCP"= 4995:TCP:Akamai NetSession Interface

    "3571:TCP"= 3571:TCP:Akamai NetSession Interface

    "1096:TCP"= 1096:TCP:Akamai NetSession Interface

    "2213:TCP"= 2213:TCP:Akamai NetSession Interface

    "1917:TCP"= 1917:TCP:Akamai NetSession Interface

    "4401:TCP"= 4401:TCP:Akamai NetSession Interface

    "1189:TCP"= 1189:TCP:Akamai NetSession Interface

    "1894:TCP"= 1894:TCP:Akamai NetSession Interface

    "1073:TCP"= 1073:TCP:Akamai NetSession Interface

    "3481:TCP"= 3481:TCP:Akamai NetSession Interface

    "1067:TCP"= 1067:TCP:Akamai NetSession Interface

    "3990:TCP"= 3990:TCP:Akamai NetSession Interface

    "1886:TCP"= 1886:TCP:Akamai NetSession Interface

    "2233:TCP"= 2233:TCP:Akamai NetSession Interface

    "4786:TCP"= 4786:TCP:Akamai NetSession Interface

    "1074:TCP"= 1074:TCP:Akamai NetSession Interface

    "1290:TCP"= 1290:TCP:Akamai NetSession Interface

    "1084:TCP"= 1084:TCP:Akamai NetSession Interface

    "1089:TCP"= 1089:TCP:Akamai NetSession Interface

    "4596:TCP"= 4596:TCP:Akamai NetSession Interface

    "2212:TCP"= 2212:TCP:Akamai NetSession Interface

    "3152:TCP"= 3152:TCP:Akamai NetSession Interface

    "2855:TCP"= 2855:TCP:Akamai NetSession Interface

    "3485:TCP"= 3485:TCP:Akamai NetSession Interface

    "1044:TCP"= 1044:TCP:Akamai NetSession Interface

    "2282:TCP"= 2282:TCP:Akamai NetSession Interface

    "3993:TCP"= 3993:TCP:Akamai NetSession Interface

    "2745:TCP"= 2745:TCP:Akamai NetSession Interface

    "2490:TCP"= 2490:TCP:Akamai NetSession Interface

    "3310:TCP"= 3310:TCP:Akamai NetSession Interface

    "1097:TCP"= 1097:TCP:Akamai NetSession Interface

    "2214:TCP"= 2214:TCP:Akamai NetSession Interface

    "3866:TCP"= 3866:TCP:Akamai NetSession Interface

    "1530:TCP"= 1530:TCP:Akamai NetSession Interface

    "1262:TCP"= 1262:TCP:Akamai NetSession Interface

    "1170:TCP"= 1170:TCP:Akamai NetSession Interface

    "3195:TCP"= 3195:TCP:Akamai NetSession Interface

    "1159:TCP"= 1159:TCP:Akamai NetSession Interface

    "3154:TCP"= 3154:TCP:Akamai NetSession Interface

    "1898:TCP"= 1898:TCP:Akamai NetSession Interface

    "4381:TCP"= 4381:TCP:Akamai NetSession Interface

    "4521:TCP"= 4521:TCP:Akamai NetSession Interface

    "3025:TCP"= 3025:TCP:Akamai NetSession Interface

    "1191:TCP"= 1191:TCP:Akamai NetSession Interface

    "4770:TCP"= 4770:TCP:Akamai NetSession Interface

    "1109:TCP"= 1109:TCP:Akamai NetSession Interface

    "3968:TCP"= 3968:TCP:Akamai NetSession Interface

    "1689:TCP"= 1689:TCP:Akamai NetSession Interface

    "1600:TCP"= 1600:TCP:Akamai NetSession Interface

    "1382:TCP"= 1382:TCP:Akamai NetSession Interface

    "1193:TCP"= 1193:TCP:Akamai NetSession Interface

    "4597:TCP"= 4597:TCP:Akamai NetSession Interface

    "4768:TCP"= 4768:TCP:Akamai NetSession Interface

    "1119:TCP"= 1119:TCP:Akamai NetSession Interface

    "1325:TCP"= 1325:TCP:Akamai NetSession Interface

    "1138:TCP"= 1138:TCP:Akamai NetSession Interface

    "3144:TCP"= 3144:TCP:Akamai NetSession Interface

    "3207:TCP"= 3207:TCP:Akamai NetSession Interface

    "3932:TCP"= 3932:TCP:Akamai NetSession Interface

    "3184:TCP"= 3184:TCP:Akamai NetSession Interface

    "3512:TCP"= 3512:TCP:Akamai NetSession Interface

    "3489:TCP"= 3489:TCP:Akamai NetSession Interface

    "4544:TCP"= 4544:TCP:Akamai NetSession Interface

    "4667:TCP"= 4667:TCP:Akamai NetSession Interface

    "1180:TCP"= 1180:TCP:Akamai NetSession Interface

    "1131:TCP"= 1131:TCP:Akamai NetSession Interface

    "1199:TCP"= 1199:TCP:Akamai NetSession Interface

    "1375:TCP"= 1375:TCP:Akamai NetSession Interface

    "1683:TCP"= 1683:TCP:Akamai NetSession Interface

    "1139:TCP"= 1139:TCP:Akamai NetSession Interface

    "1300:TCP"= 1300:TCP:Akamai NetSession Interface

    "2414:TCP"= 2414:TCP:Akamai NetSession Interface

    "3068:TCP"= 3068:TCP:Akamai NetSession Interface

    "3322:TCP"= 3322:TCP:Akamai NetSession Interface

    "1155:TCP"= 1155:TCP:Akamai NetSession Interface

    "2489:TCP"= 2489:TCP:Akamai NetSession Interface

    "2502:TCP"= 2502:TCP:Akamai NetSession Interface

    "3832:TCP"= 3832:TCP:Akamai NetSession Interface

    "1136:TCP"= 1136:TCP:Akamai NetSession Interface

    "1164:TCP"= 1164:TCP:Akamai NetSession Interface

    "1571:TCP"= 1571:TCP:Akamai NetSession Interface

    "1130:TCP"= 1130:TCP:Akamai NetSession Interface

    "1094:TCP"= 1094:TCP:Akamai NetSession Interface

    "1098:TCP"= 1098:TCP:Akamai NetSession Interface

    "1255:TCP"= 1255:TCP:Akamai NetSession Interface

    "1150:TCP"= 1150:TCP:Akamai NetSession Interface

    "1946:TCP"= 1946:TCP:Akamai NetSession Interface

    "1652:TCP"= 1652:TCP:Akamai NetSession Interface

    R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2006-05-09 13824]

    R3 DirectNT;DirectNT; [x]

    R3 RTCore32;RTCore32;c:\arquivos de programas\EVGA Precision\RTCore32.sys [2005-05-25 4608]

    R3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]

    R3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]

    R3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]

    R3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s916mgmt.sys [2007-11-02 103976]

    R3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s916obex.sys [2007-11-02 100008]

    R3 XDva190;XDva190; [x]

    S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2008-10-24 31296]

    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]

    S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-07-03 29696]

    S3 dac970nt;dac970nt; [x]

    S3 DCamUSBIntel;USB Video Camera;c:\windows\system32\Drivers\TP6800.sys [2006-12-21 201032]

    S3 MouseCap;MouseCapture Driver;c:\windows\system32\Drivers\MouseCap.sys [2005-08-08 6640]

    --- ---

    *NewlyCreated* - DAC970NT

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    Akamai REG_MULTI_SZ Akamai

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = about:blank

    IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

    IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

    IE: Baixar Link Utiizando Gerenciador Mega... - c:\arquivos de programas\Megaupload\Mega Manager\mm_file.htm

    IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

    IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

    IE: Sothink SWF Catcher - c:\arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

    FF - ProfilePath - c:\documents and settings\Nikolas\Dados de aplicativos\Mozilla\Firefox\Profiles\nls5xgsd.default\

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-04-21 01:40

    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\klim5]

    "ImagePath"="system32\DRIVERS\klim5.sys"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-861567501-776561741-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

    @Denied: (Full) (LocalSystem)

    [HKEY_USERS\S-1-5-21-861567501-776561741-839522115-1004\Software\SecuROM\License information*]

    "datasecu"=hex:0c,2a,0c,f9,bb,a8,bb,c1,95,16,78,fd,cd,05,3d,fb,c0,50,30,36,72,

    fc,5f,fe,06,fb,51,51,e2,bc,7b,11,11,17,e1,d6,95,b0,ad,3f,87,b5,9e,04,0d,3c,\

    "rkeysecu"=hex:1d,2f,0f,da,25,70,7c,43,1d,2e,8a,7c,84,fd,4e,d8

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

    @DACL=(02 0000)

    "Asynchronous"=dword:00000001

    "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"

    "Startup"="WlDimsStartup"

    "Shutdown"="WlDimsShutdown"

    "Logon"="WlDimsLogon"

    "Logoff"="WlDimsLogoff"

    "StartShell"="WlDimsStartShell"

    "Lock"="WlDimsLock"

    "Unlock"="WlDimsUnlock"

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'winlogon.exe'(808)

    c:\arquivos de programas\Arquivos comuns\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

    - - - - - - - > 'explorer.exe'(1616)

    c:\arquiv~1\WINDOW~2\wmpband.dll

    c:\windows\system32\msi.dll

    c:\windows\system32\WPDShServiceObj.dll

    c:\windows\system32\PortableDeviceTypes.dll

    c:\windows\system32\PortableDeviceApi.dll

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\windows\RTHDCPL.exe

    c:\arquivos de programas\Winamp\winampa.exe

    c:\windows\system32\rundll32.exe

    c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

    c:\arquivos de programas\DAEMON Tools\daemon.exe

    c:\documents and settings\Nikolas\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

    c:\arquivos de programas\Bonjour\mDNSResponder.exe

    c:\arquivos de programas\Java\jre6\bin\jqs.exe

    c:\windows\system32\nvsvc32.exe

    c:\windows\system32\HPZipm12.exe

    c:\windows\system32\PnkBstrA.exe

    c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

    c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

    c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

    c:\windows\system32\wbem\wmiapsrv.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2009-04-21 1:43 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2009-04-21 04:43

    ComboFix2.txt 2009-04-21 04:27

    ComboFix3.txt 2009-04-20 02:28

    ComboFix4.txt 2009-03-25 03:27

    ComboFix5.txt 2009-04-21 04:37

    Pré-execução: 15 pasta(s) 11.990.495.232 bytes disponíveis

    Pós execução: 14 pasta(s) 11.981.983.744 bytes disponíveis

    Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

    365 --- E O F --- 2009-04-20 02:02

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • O server deu reload e postou duas vezes as mesmas infos. Pode apagar ESTA resposta.

    Editado por NiKoLaU_

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Configure o Windows para mostrar todos os arquivos

    Acesse este site: http://virusscan.jotti.org/

    Em File to upload coloque: c:\arquiv~1\WINDOW~2\wmpband.dll

    Em seguida clique em Submit

    Copie e poste o resultado deste exame.

    Repita o mesmo procedimento para:

    c:\windows\system32\msi.dll

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×