Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
sainty

virus irremovivel ¬¬

Recommended Posts

imagemli.jpg

:mad: socorro :eek:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:37:04, on 14/8/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgemc.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\João\Meus documentos\Downloads\HiJackThis.exe

O2 - BHO: (no name) - {3E779078-B361-4073-ADF4-366BFA1DA7C2} - c:\windows\system32\yqueqyb.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Nero AG - (no file)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 2867 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia o tópico "Leia Antes de Postar" e poste os logs solicitados.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume1

    Install Date: 16/8/2009 03:54:51

    System Uptime: 14/8/2010 14:29:45 (33 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | 945GZM-S2

    Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2210/200mhz

    ==== Disk Partitions =========================

    A: is Removable

    C: is FIXED (NTFS) - 59 GiB total, 10,13 GiB free.

    D: is FIXED (NTFS) - 90 GiB total, 22,564 GiB free.

    E: is CDROM ()

    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

    Description: Nokia 5800 XpressMusic

    Device ID: ROOT\WPD\0000

    Manufacturer: Nokia

    Name: Nokia 5800 XpressMusic

    PNP Device ID: ROOT\WPD\0000

    Service: WUDFRd

    ==== System Restore Points ===================

    RP1: 14/8/2010 14:32:18 - Ponto de verificação do sistema

    ==== Installed Programs ======================

    'X3: Çîëîòîå èçäàíèå' (v.2.5)

    "Nero SoundTrax Help

    Absolute Video to Audio Converter 3.1.8

    AC2 server emulator 0.41 by Dormine

    Adobe AIR

    Adobe Anchor Service CS3

    Adobe Asset Services CS3

    Adobe Bridge CS3

    Adobe Bridge Start Meeting

    Adobe Camera Raw 4.0

    Adobe CMaps

    Adobe Color - Photoshop Specific

    Adobe Color Common Settings

    Adobe Color EU Extra Settings

    Adobe Color JA Extra Settings

    Adobe Color NA Recommended Settings

    Adobe Default Language CS3

    Adobe Device Central CS3

    Adobe Dreamweaver CS3

    Adobe ExtendScript Toolkit 2

    Adobe Extension Manager CS3

    Adobe Flash Player 10 Plugin

    Adobe Fonts All

    Adobe Help Viewer CS3

    Adobe Linguistics CS3

    Adobe PDF Library Files

    Adobe Photoshop CS3

    Adobe Reader 9.3.3 - Português

    Adobe Setup

    Adobe Shockwave Player 11.5

    Adobe Stock Photos CS3

    Adobe Type Support

    Adobe Update Manager CS3

    Adobe Version Cue CS3 Client

    Adobe WinSoft Linguistics Plugin

    Adobe XMP Panels CS3

    Advertising Center

    AiO_Scan

    Any Video Converter 3.0.1

    Apple Software Update

    Arquivo do WinRAR

    Ask Toolbar

    Assassin's Creed II

    AVG Free 9.0

    AVI ReComp 1.5.0

    AviSynth 2.5

    BitComet 1.15

    BSPlayer

    CCleaner

    CDisplay 1.8

    Counter-Strike 1.6

    CPUID CPU-Z 1.52.1

    DAEMON Tools Toolbar

    Doctor Alex Antispyware

    Dofus

    DolbyFiles

    DVD Shrink 3.2

    EAGLE 5.9.0

    Ferramenta de Carregamento do Windows Live

    Garena

    Garena 2010

    GOM Player

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Windows XP (KB954550-v5)

    Hotfix para Windows XP (KB938759)

    HP Image Zone 4.2

    HP PSC & OfficeJet 4.2

    ImagXpress

    Java 6 Update 17

    JDownloader

    K-Lite Codec Pack 4.5.3 (Full)

    Menu Templates - Starter Kit

    Messenger Plus! Live

    Microsoft .NET Framework 2.0 Language Pack - PTB

    Microsoft .NET Framework 2.0 Service Pack 2

    Microsoft .NET Framework 3.0 Service Pack 2

    Microsoft .NET Framework 3.5 SP1

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft Compression Client Pack 1.0 for Windows XP

    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

    Microsoft Office Access MUI (Portuguese (Brazil)) 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

    Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

    Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (Portuguese (Brazil)) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (Portuguese (Brazil)) 2007

    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

    Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

    Microsoft Office Word MUI (Portuguese (Brazil)) 2007

    Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

    Microsoft User-Mode Driver Framework Feature Pack 1.5

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual J# 2.0 Redistributable Package

    Movie Templates - Starter Kit

    Mozilla Firefox (3.6.8)

    MPEG2 Codec(libmpeg2/mad)

    MSVCRT

    MSXML 6.0 Parser (KB933579)

    MSXML4 Parser

    MV RegClean 5.9

    Nero 7 Essentials

    Nero BurningROM

    Nero BurnRights

    Nero ControlCenter

    Nero CoverDesigner

    Nero CoverDesigner Help

    Nero Disc Copy Gadget

    Nero Disc Copy Gadget Help

    Nero DiscSpeed

    Nero DriveSpeed

    Nero Express

    Nero InfoTool

    Nero Installer

    Nero Live

    Nero Live Help

    Nero PhotoSnap

    Nero PhotoSnap Help

    Nero Recode

    Nero Recode Help

    Nero Rescue Agent

    Nero RescueAgent Help

    Nero ShowTime

    Nero StartSmart

    Nero StartSmart Help

    Nero Vision

    Nero WaveEditor

    Nero WaveEditor Help

    NeroBurningROM

    NeroExpress

    neroxml

    NVIDIA Drivers

    NVIDIA nView Desktop Manager

    NVIDIA PhysX

    Pacote de Driver do Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

    Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

    PC-Controller10-Demo-FR

    PC Connectivity Solution

    PDF Settings

    Proteus 7 Demonstration

    QFolder

    QuickTime

    QuickTime Alternative 1.47

    Realtek AC'97 Audio

    REALTEK GbE & FE Ethernet PCI NIC Driver

    Realtek High Definition Audio Driver

    Reg (DOFUS Audio Subsystem)

    Revo Uninstaller 1.83

    Rome - Total War

    Scan

    Segoe UI

    Skype web features

    Skype™ 4.1

    SoundTrax

    Subtitle Workshop 2.51

    sXe Injected

    The Battle for Middle-earth II

    Ubisoft Game Launcher

    Universe at War Earth Assault

    VDownloader 1.12

    Videopower

    VobSub 2.23

    WebFldrs XP

    WinAVI MP4 Converter

    WinAVI Video Converter

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Messenger

    Windows Media Format 11 runtime

    Windows Media Player 11

    XP Codec Pack

    Xvid 1.2.2

    Yahoo! Companion

    Zezenia Online

    ==== End Of File ===========================

    DDS (Ver_10-03-17.01) - NTFSx86

    Run by JoÆo at 23:47:42,45 on dom 15/08/2010

    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17

    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1080 [GMT -3:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

    svchost.exe

    svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

    C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    svchost.exe

    C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\Arquivos de programas\AVG\AVG9\avgemc.exe

    C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

    C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

    C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

    C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

    C:\WINDOWS\Explorer.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\wbem\wmiapsrv.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Arquivos de programas\AVG\AVG9\avgtray.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    C:\WINDOWS\System32\svchost.exe -k HTTPFilter

    C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

    C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

    D:\wow\WoW.exe

    C:\Documents and Settings\João\Meus documentos\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

    uWinlogon: Shell=Explorer.exe csrcs.exe

    BHO: : {3e779078-b361-4073-adf4-366bfa1da7c2} - c:\windows\system32\yqueqyb.dll

    BHO: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

    TB: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

    TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll

    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\arquivos de programas\daemon tools toolbar\DTToolbar.dll

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

    mPolicies-system: EnableLUA = 0 (0x0)

    IE: &B&aixar &com o BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddLink.htm

    IE: &B&aixar todos os vídeos com o BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddVideo.htm

    IE: &B&aixar tudo usando o BitComet - c:\arquivos de programas\bitcomet\BitComet.exe/AddAllLink.htm

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\joo~1\dadosd~1\mozilla\firefox\profiles\mn5sijii.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.localstrike.com.ar/?q={searchTerms}

    FF - prefs.js: browser.search.selectedEngine - Ask.com

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=pt_BR&apn_uid=1B8687AD-A418-4121-9E30-909FF5A60967&apn_ptnrs=VY&apn_sauid=A451566E-5937-42D6-AF6A-E321B47FDBFD&apn_dtid=YYY-YYYW3&q=

    FF - component: c:\arquivos de programas\avg\avg9\firefox\components\avgssff.dll

    FF - component: c:\documents and settings\joão\dados de aplicativos\mozilla\firefox\profiles\mn5sijii.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll

    FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

    FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

    FF - plugin: c:\documents and settings\all users\dados de aplicativos\nexonus\ngm\npNxGameUS.dll

    FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

    c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

    c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 dzugonvn;dzugonvn;c:\windows\system32\drivers\dzugonvn.sys [2008-4-14 23424]

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-29 216400]

    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-29 29584]

    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-29 243024]

    R2 avg9emc;AVG Free E-mail Scanner;c:\arquivos de programas\avg\avg9\avgemc.exe [2010-7-29 921952]

    R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\avg\avg9\avgwdsvc.exe [2010-7-29 308136]

    R2 StarWindServiceAE;StarWind AE Service;c:\arquivos de programas\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

    S2 ffjoxhga;IEEE-1284.4 HPZid412Controller;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

    S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-8-18 12672]

    S3 GarenaPEngine;GarenaPEngine; [x]

    S3 npggsvc;nProtect GameGuard Service; [x]

    S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys --> c:\windows\system32\drivers\snp325.sys [?]

    =============== Created Last 30 ================

    2010-08-14 17:24:13 92672 ----a-w- c:\windows\system32\KillBox.exe

    2010-08-14 17:04:14 0 d-----w- C:\LinhaDefensiva

    2010-08-14 17:01:04 0 d-----w- C:\!KillBox

    2010-08-14 16:25:10 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Blizzard Entertainment

    2010-08-06 03:25:25 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

    2010-08-02 21:26:59 0 d-----w- c:\docume~1\joo~1\dadosd~1\ZezeniaOnline

    2010-08-02 21:26:54 0 d-----w- c:\arquivos de programas\Zezenia Online

    2010-07-30 02:29:09 0 d--h--w- C:\$AVG

    2010-07-30 02:28:00 0 d--h--r- c:\documents and settings\joão\Recent

    2010-07-30 02:10:29 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

    2010-07-30 02:10:29 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    2010-07-30 02:10:20 0 d-----w- c:\windows\system32\drivers\Avg

    2010-07-30 02:10:11 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

    2010-07-30 02:10:11 0 d-----w- c:\docume~1\alluse~1\dadosd~1\avg9

    2010-07-29 16:52:55 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Blizzard

    2010-07-29 16:08:48 0 d-----w- c:\arquivos de programas\arquivos comuns\Blizzard Entertainment

    2010-07-27 22:15:43 0 d-----w- c:\arquivos de programas\Alcohol Soft

    2010-07-25 19:09:13 32 ----a-w- c:\windows\system32\Dhss32.drv

    2010-07-25 19:08:50 253952 ------w- c:\windows\Setup1.exe

    2010-07-25 19:08:49 73216 ----a-w- c:\windows\ST6UNST.EXE

    ==================== Find3M ====================

    2010-08-15 17:35:15 6553600 ---ha-w- c:\documents and settings\joão\NTUSER.DAT

    2010-06-03 16:25:40 80198 ----a-w- c:\windows\system32\perfc016.dat

    2010-06-03 16:25:40 471376 ----a-w- c:\windows\system32\perfh016.dat

    ============= FINISH: 23:48:22,64 ===============

    GMER 1.0.15.15281 - http://www.gmer.net

    Rootkit scan 2010-08-16 05:55:05

    Windows 5.1.2600 Service Pack 3

    Running: gmer.exe; Driver: C:\DOCUME~1\JOO~1\CONFIG~1\Temp\fwedrpob.sys

    ---- System - GMER 1.0.15 ----

    SSDT sput.sys ZwCreateKey [0xB7EA70E0]

    SSDT sput.sys ZwEnumerateKey [0xB7EC5CA4]

    SSDT sput.sys ZwEnumerateValueKey [0xB7EC6032]

    SSDT sput.sys ZwOpenKey [0xB7EA70C0]

    SSDT sput.sys ZwQueryKey [0xB7EC610A]

    SSDT sput.sys ZwQueryValueKey [0xB7EC5F8A]

    SSDT sput.sys ZwSetValueKey [0xB7EC619C]

    INT 0x62 ? 89E55BF8

    INT 0x63 ? 89CAABF8

    INT 0x73 ? 89CAABF8

    INT 0x82 ? 89E55BF8

    INT 0x83 ? 89CAABF8

    INT 0xB4 ? 89CAABF8

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ObReferenceObjectByHandle + 44F 805BB8E1 7 Bytes JMP 89E22218

    ? sput.sys O sistema não pode encontrar o arquivo especificado. !

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6BF7380, 0x3DEB95, 0xE8000020]

    .text USBPORT.SYS!DllUnload B6BD78AC 5 Bytes JMP 89CAA1D8

    .text atnats52.SYS B6B3D386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]

    .text atnats52.SYS B6B3D3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]

    .text atnats52.SYS B6B3D3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}

    .text atnats52.SYS B6B3D3C9 1 Byte [2E]

    .text atnats52.SYS B6B3D3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]

    .text ...

    .rsrc C:\WINDOWS\system32\DRIVERS\tcpip.sys entry point in ".rsrc" section [0xB4329994]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[1024] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 007F000A

    .text C:\WINDOWS\System32\svchost.exe[1024] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 0080000A

    .text C:\WINDOWS\System32\svchost.exe[1024] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 007E000C

    .text C:\WINDOWS\System32\svchost.exe[1024] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 00F9000A

    .text C:\WINDOWS\System32\svchost.exe[1024] ole32.dll!CoCreateInstance 774E057E 5 Bytes JMP 00A1000A

    .text C:\WINDOWS\Explorer.exe[3044] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00A2000A

    .text C:\WINDOWS\Explorer.exe[3044] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00B0000A

    .text C:\WINDOWS\Explorer.exe[3044] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00A1000C

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] kernel32.dll!LoadResource 7C80A045 7 Bytes JMP 28001E20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] kernel32.dll!FindResourceExW 7C80AD18 7 Bytes JMP 28001C60 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] kernel32.dll!FindResourceW 7C80BC5E 7 Bytes JMP 28001BE0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] kernel32.dll!SizeofResource 7C80BCF9 7 Bytes JMP 28001EE0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] kernel32.dll!FindResourceA 7C80BF19 7 Bytes JMP 28001CF0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] kernel32.dll!LockResource 7C80CD27 5 Bytes JMP 28001F50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] kernel32.dll!CreateEventA 7C83089D 5 Bytes JMP 28001840 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] kernel32.dll!FindResourceExA 7C835F90 7 Bytes JMP 28001D80 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] ADVAPI32.dll!CryptDeriveKey 77F69FDD 7 Bytes JMP 28001000 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] ADVAPI32.dll!CryptDecrypt 77F6A109 7 Bytes JMP 28001060 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] USER32.dll!GetWindowLongW 7E3688A6 7 Bytes JMP 28006A70 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 28004630 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] USER32.dll!SetWindowPlacement 7E36DE46 5 Bytes JMP 28005E10 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 28006090 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] USER32.dll!LoadImageW 7E377B97 5 Bytes JMP 280066E0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 28003C60 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] USER32.dll!SetWindowRgn 7E37E528 7 Bytes JMP 28005F50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] USER32.dll!LoadIconW 7E37E8BC 5 Bytes JMP 280068D0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 28006280 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 28004F10 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] WS2_32.dll!closesocket 71A73E2B 5 Bytes JMP 2800B8C0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] WS2_32.dll!send 71A74C27 5 Bytes JMP 2800B4A0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] WS2_32.dll!WSARecv 71A74CB5 5 Bytes JMP 2800B280 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] WS2_32.dll!recv 71A7676F 5 Bytes JMP 2800B0E0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] WS2_32.dll!WSASend 71A768FA 5 Bytes JMP 2800B680 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] SHELL32.dll!Shell_NotifyIconW 7CA2A52F 5 Bytes JMP 280033B0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] ole32.dll!CoInitializeEx 774DEF7B 5 Bytes JMP 28002260 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] ole32.dll!CoCreateInstance 774E057E 5 Bytes JMP 28002600 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] ole32.dll!CoRegisterClassObject 774F7E90 5 Bytes JMP 28002360 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] WININET.dll!HttpOpenRequestA 771A2AF9 5 Bytes JMP 28009F00 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] WININET.dll!InternetCloseHandle 771A4D8C 5 Bytes JMP 2800A240 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] WININET.dll!HttpSendRequestA 771A60A1 5 Bytes JMP 2800A170 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    .text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[3244] WININET.dll!InternetReadFile 771A82EA 5 Bytes JMP 2800A090 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b7EA8042] sput.sys

    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b7EA813E] sput.sys

    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b7EA80C0] sput.sys

    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b7EA8800] sput.sys

    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b7EA86D6] sput.sys

    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [b7EB7E9C] sput.sys

    IAT \SystemRoot\System32\Drivers\atnats52.SYS[HAL.dll!KfAcquireSpinLock] 8BEC8B55

    IAT \SystemRoot\System32\Drivers\atnats52.SYS[HAL.dll!READ_PORT_UCHAR] 00C73445

    IAT \SystemRoot\System32\Drivers\atnats52.SYS[HAL.dll!KeGetCurrentIrql] 00000000

    IAT \SystemRoot\System32\Drivers\atnats52.SYS[HAL.dll!KfRaiseIrql] 830C458B

    IAT \SystemRoot\System32\Drivers\atnats52.SYS[HAL.dll!KfLowerIrql] C0840CEC

    IAT \SystemRoot\System32\Drivers\atnats52.SYS[HAL.dll!HalGetInterruptVector] 053C0D74

    IAT \SystemRoot\System32\Drivers\atnats52.SYS[HAL.dll!HalTranslateBusAddress] 57B80974

    IAT \SystemRoot\System32\Drivers\atnats52.SYS[HAL.dll!KeStallExecutionProcessor] 8B000000

    IAT \SystemRoot\System32\Drivers\atnats52.SYS[HAL.dll!KfReleaseSpinLock] 56C35DE5

    IAT \SystemRoot\System32\Drivers\atnats52.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D08758B

    IAT \SystemRoot\System32\Drivers\atnats52.SYS[HAL.dll!READ_PORT_USHORT] 8D51FC4D

    IAT \SystemRoot\System32\Drivers\atnats52.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8D52FD55

    IAT \SystemRoot\System32\Drivers\atnats52.SYS[HAL.dll!WRITE_PORT_UCHAR] 8D51FE4D

    IAT \SystemRoot\System32\Drivers\atnats52.SYS[WMILIB.SYS!WmiSystemControl] 8D51F84D

    IAT \SystemRoot\System32\Drivers\atnats52.SYS[WMILIB.SYS!WmiCompleteRequest] 5052F455

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 89E541F8

    Device \FileSystem\Fastfat \FatCdrom 89A74500

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbuhci \Device\USBPDO-0 89B8A500

    Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DE61F8

    Device \Driver\dmio \Device\DmControl\DmConfig 89DE61F8

    Device \Driver\dmio \Device\DmControl\DmPnP 89DE61F8

    Device \Driver\dmio \Device\DmControl\DmInfo 89DE61F8

    Device \Driver\usbuhci \Device\USBPDO-1 89B8A500

    Device \Driver\PCI_PNP3540 \Device\00000045 sput.sys

    Device \Driver\usbuhci \Device\USBPDO-2 89B8A500

    Device \Driver\usbuhci \Device\USBPDO-3 89B8A500

    Device \Driver\usbehci \Device\USBPDO-4 89B661F8

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 89E561F8

    Device \Driver\Cdrom \Device\CdRom0 89B4C1F8

    Device \Driver\Ftdisk \Device\HarddiskVolume2 89E561F8

    Device \Driver\Cdrom \Device\CdRom1 89B4C1F8

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [b7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

    Device \Driver\atapi \Device\Ide\IdePort0 [b7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

    Device \Driver\atapi \Device\Ide\IdePort1 [b7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

    Device \Driver\NetBT \Device\NetBT_Tcpip_{B9F52F16-DAD4-4768-A9EE-B6B8FC775D60} 89C25500

    Device \Driver\NetBT \Device\NetBt_Wins_Export 89C25500

    Device \Driver\NetBT \Device\NetbiosSmb 89C25500

    Device \Driver\sptd \Device\3850507290 sput.sys

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbuhci \Device\USBFDO-0 89B8A500

    Device \Driver\usbuhci \Device\USBFDO-1 89B8A500

    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89C67500

    Device \Driver\usbuhci \Device\USBFDO-2 89B8A500

    Device \FileSystem\MRxSmb \Device\LanmanRedirector 89C67500

    Device \Driver\usbuhci \Device\USBFDO-3 89B8A500

    Device \Driver\usbehci \Device\USBFDO-4 89B661F8

    Device \Driver\Ftdisk \Device\FtControl 89E561F8

    Device \Driver\atnats52 \Device\Scsi\atnats521Port2Path0Target0Lun0 89B3E1F8

    Device \Driver\atnats52 \Device\Scsi\atnats521 89B3E1F8

    Device \FileSystem\Fastfat \Fat 89A74500

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 89A78500

    Device -> \Driver\atapi \Device\Harddisk0\DR0 892B3EC5

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018e408b597

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018e408b597@0022669f5a8b 0xC6 0x2D 0xCA 0x92 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x75 0x33 0x85 0x15 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x95 0x0B 0x71 0xD9 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE5 0x98 0xAA 0xC2 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6F 0x5D 0x2A 0x72 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2D 0xB0 0xE6 0x0E ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF6 0x48 0x28 0x43 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB9 0x9F 0x0C 0x79 ...

    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018e408b597 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018e408b597@0022669f5a8b 0xC6 0x2D 0xCA 0x92 ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x75 0x33 0x85 0x15 ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x95 0x0B 0x71 0xD9 ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE5 0x98 0xAA 0xC2 ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6F 0x5D 0x2A 0x72 ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2D 0xB0 0xE6 0x0E ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF6 0x48 0x28 0x43 ...

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB9 0x9F 0x0C 0x79 ...

    :confused::confused: tentei rodar o gmer 4x e em nenhuma consegui concluir, fica rodando ate eu nao poder esperar mais, ai deixo pc ligado quando volta reiniciou :wacko: o gmer é dos registros.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Vejo que você tem uma infecção por backdoor. Este programa tem a capacidade de roubar senhas e outras informações do seu computador. Recomendo que tome essas seguintes providências o quanto antes:

    • Informe seu banco do ocorrido, caso use banco pela internet, tomando as devidas precauções para que não haja fraudes.
    • Após eu dar o log como limpo troque suas senhas de e-mails e demais serviços que usa pela internet.
    • Considere informações que possam ter sido roubadas de seu computador e tome as providências necessárias.

    Agora vamos a remoção.

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 10-08-16.03 - João 17/08/2010 5:40.1.2 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1246 [GMT -3:00]

    Executando de: c:\documents and settings\João\Meus documentos\Downloads\ComboFix.exe

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\arquivos de programas\Microsoft Office\acpi.vxd

    c:\windows\system32\acpi.vxd

    c:\windows\system32\drivers\bgbqpsnc.sys

    c:\windows\system32\drivers\dzugonvn.sys

    c:\windows\system32\ntkrnlp.exe

    c:\windows\system32\ypkkryi.dll

    c:\windows\system32\yqueqyb.dll

    A cópia de c:\windows\system32\drivers\tcpip.sys foi encontrada e desinfectada

    Cópia restaurada de - Kitty had a snack :P

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_DZUGONVN

    -------\Legacy_FFJOXHGA

    -------\Legacy_SRVWINUPD

    -------\Service_dzugonvn

    -------\Service_ffjoxhga

    (((((((((((((((( Arquivos/Ficheiros criados de 2010-07-17 to 2010-08-17 ))))))))))))))))))))))))))))

    .

    2010-08-17 01:33 . 2010-08-17 03:47 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite

    2010-08-14 17:24 . 2010-08-14 17:01 92672 ----a-w- c:\windows\system32\KillBox.exe

    2010-08-14 17:04 . 2010-08-14 17:04 -------- d-----w- C:\LinhaDefensiva

    2010-08-14 17:01 . 2010-08-14 17:01 -------- d-----w- C:\!KillBox

    2010-08-14 16:25 . 2010-08-14 16:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Blizzard Entertainment

    2010-08-07 02:15 . 2010-08-07 02:15 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center

    2010-08-06 03:25 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

    2010-08-02 21:26 . 2010-08-02 21:26 -------- d-----w- c:\arquivos de programas\Zezenia Online

    2010-07-30 02:29 . 2010-07-30 02:29 -------- d-----w- C:\$AVG

    2010-07-30 02:10 . 2010-07-30 02:10 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

    2010-07-30 02:10 . 2010-07-30 02:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    2010-07-30 02:10 . 2010-07-30 02:10 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

    2010-07-30 02:10 . 2010-08-17 03:51 -------- d-----w- c:\windows\system32\drivers\Avg

    2010-07-30 02:10 . 2010-08-17 03:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

    2010-07-30 02:10 . 2010-07-30 02:10 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

    2010-07-29 16:52 . 2010-07-29 16:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Blizzard

    2010-07-29 16:08 . 2010-07-29 16:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Blizzard Entertainment

    2010-07-28 21:57 . 2010-07-28 21:57 -------- d-s---w- c:\documents and settings\NetworkService\UserData

    2010-07-27 22:15 . 2010-07-27 22:15 -------- d-----w- c:\arquivos de programas\Alcohol Soft

    2010-07-25 19:09 . 2010-07-25 19:10 32 ----a-w- c:\windows\system32\Dhss32.drv

    2010-07-25 19:08 . 2010-07-25 19:08 253952 ------w- c:\windows\Setup1.exe

    2010-07-25 19:08 . 2010-07-25 19:08 73216 ----a-w- c:\windows\ST6UNST.EXE

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-08-17 01:34 . 2009-09-17 19:46 -------- d-----w- c:\arquivos de programas\DAEMON Tools Toolbar

    2010-08-15 17:01 . 2010-01-15 13:32 -------- d-----w- c:\arquivos de programas\Ask.com

    2010-08-15 13:59 . 2009-09-30 16:39 -------- d-----w- c:\arquivos de programas\BitComet

    2010-08-09 22:15 . 2009-08-21 09:52 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

    2010-08-08 01:39 . 2009-12-09 03:26 -------- d-----w- c:\arquivos de programas\WinAVI MP4 Converter

    2010-08-07 02:36 . 2009-09-30 20:25 -------- d-----w- c:\arquivos de programas\Valve

    2010-08-07 02:36 . 2009-08-18 22:26 -------- d-----w- c:\arquivos de programas\sXe Injected

    2010-07-30 02:10 . 2009-09-08 13:31 -------- d-----w- c:\arquivos de programas\AVG

    2010-07-25 20:07 . 2010-06-24 23:51 -------- d-----w- c:\arquivos de programas\EA Games

    2010-07-25 20:07 . 2009-08-16 07:14 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

    2010-07-24 00:24 . 2010-01-30 20:32 -------- d-----w- c:\arquivos de programas\JDownloader

    2010-07-14 22:07 . 2010-07-14 22:07 -------- d-----w- c:\arquivos de programas\GameVicio

    2010-06-26 16:48 . 2010-06-25 01:55 979 ----a-w- c:\windows\eReg.dat

    2010-06-03 16:25 . 2008-04-14 12:00 80198 ----a-w- c:\windows\system32\perfc016.dat

    2010-06-03 16:25 . 2008-04-14 12:00 471376 ----a-w- c:\windows\system32\perfh016.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

    2010-05-26 18:23 1385864 ----a-w- c:\arquivos de programas\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

    "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

    2010-06-20 02:04 35760 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

    2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]

    2007-02-12 17:50 20480 ----a-w- c:\windows\FixCamera.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

    2009-07-14 16:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

    2009-07-14 16:34 86016 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

    2009-07-09 03:03 1657376 ----a-w- c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

    2006-11-14 09:21 16270848 ------r- c:\windows\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

    2009-09-02 18:27 25623336 ----a-r- c:\arquivos de programas\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

    2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "c:\\Arquivos de programas\\BitComet\\BitComet.exe"=

    "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

    "c:\\Arquivos de programas\\Garena\\Garena.exe"=

    "c:\\Arquivos de programas\\VDOWNLOADER\\VDownloader.exe"=

    "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

    "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

    "c:\\Arquivos de programas\\Electronic Arts\\The Battle for Middle-earth II\\game.dat"=

    "c:\\Arquivos de programas\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

    "c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=

    "c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=

    "c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=

    "c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "23644:TCP"= 23644:TCP:BitComet 23644 TCP

    "23644:UDP"= 23644:UDP:BitComet 23644 UDP

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29/7/2010 23:10 216400]

    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29/7/2010 23:10 243024]

    S2 avg9emc;AVG Free E-mail Scanner;c:\arquivos de programas\AVG\AVG9\avgemc.exe [29/7/2010 23:10 921952]

    S2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [29/7/2010 23:10 308136]

    S3 GarenaPEngine;GarenaPEngine; [x]

    S3 npggsvc;nProtect GameGuard Service; [x]

    S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys --> c:\windows\system32\DRIVERS\snp325.sys [?]

    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/9/2009 16:44 721904]

    --- =Outros Serviços/Drivers Na Memória ---

    *NewlyCreated* - DZUGONVN

    *Deregistered* - dzugonvn

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2010-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:57]

    2010-08-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

    - c:\arquivos de programas\Ask.com\UpdateTask.exe [2010-02-04 19:50]

    .

    .

    ------- Scan Suplementar -------

    .

    IE: &B&aixar &com o BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm

    IE: &B&aixar todos os vídeos com o BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

    IE: &B&aixar tudo usando o BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

    FF - ProfilePath - c:\documents and settings\João\Dados de aplicativos\Mozilla\Firefox\Profiles\mn5sijii.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.localstrike.com.ar/?q={searchTerms}

    FF - prefs.js: browser.search.selectedEngine - DAEMON Search

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=pt_BR&apn_uid=1B8687AD-A418-4121-9E30-909FF5A60967&apn_ptnrs=VY&apn_sauid=A451566E-5937-42D6-AF6A-E321B47FDBFD&apn_dtid=YYY-YYYW3&q=

    FF - component: c:\documents and settings\João\Dados de aplicativos\Mozilla\Firefox\Profiles\mn5sijii.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

    FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

    c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

    c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

    c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

    c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    AddRemove-KLiteCodecPack_is1 - e:\arquivos de programas\K-Lite Codec Pack\unins000.exe

    AddRemove-WinRAR archiver - e:\arquivos de programas\uninstall.exe

    AddRemove-XP Codec Pack - e:\arquivos de programas\XP Codec Pack\Uninstall.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-08-17 05:46

    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos: 0

    **************************************************************************

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{03e62870-be27-43c7-9a53-1642378a1921}]

    @Denied: (Full) (Everyone)

    "Model"=dword:00000003

    "Therad"=dword:0000001e

    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

    38,95,44,ab,9e,50,1b,eb,77,d1,ab,6a,27,53,fa,84,f7,ee,8e,83,e0,8b,c5,07,bb,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

    @Denied: (Full) (Everyone)

    "scansk"=hex(0):a7,b4,19,79,99,f6,bd,13,f9,18,5b,d8,65,f1,d7,20,b2,25,a0,5f,a0,

    31,26,7a,9d,cd,ad,ca,cf,b5,85,1f,2f,76,77,b9,1c,51,c7,48,00,00,00,00,00,00,\

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'explorer.exe'(3144)

    c:\windows\system32\WPDShServiceObj.dll

    c:\windows\system32\PortableDeviceTypes.dll

    c:\windows\system32\PortableDeviceApi.dll

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\windows\system32\nvsvc32.exe

    c:\arquivos de programas\Bonjour\mDNSResponder.exe

    c:\arquivos de programas\Java\jre6\bin\jqs.exe

    c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    c:\windows\system32\wbem\wmiapsrv.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2010-08-17 05:48:51 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2010-08-17 08:48

    Pré-execução: 1.705.000.960 bytes disponíveis

    Pós execução: 1.697.153.024 bytes disponíveis

    - - End Of File - - 43464080B9F1307A043824E3B4B2223D

    :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Leia atentamente toda a instrução abaixo antes de executar o programa.

    Faça download do Kaspersky Removal Tool e salve em seu desktop.

    • Instale o programa normalmente, seguindo todas as instruções.
    • Uma pasta chamada Virus Removal Tool será criada no desktop.
    • Na tela do programa clique nas opções:
      • Meu computador
      • Hidden Startup objects
      • Disk boot sectors
      • System Memory

      [*]Clique no botão Start Scan.[*]Seja paciente, o scan é demorado![*]Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.[*]Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:

      • Desinfection (quando possível)
      • Delete
      • Skip
    • Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
    • Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
      • Autoscan
      • Group by result
      • All Events

      [*]Expanda Autoscan clicando no sinal ao lado de +[*]Expanda Result: Detected.[*]Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.[*]Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.[*]Abra o Bloco de Notas e cole (ctrl + v)[*]Dê um nome para o arquivo e salve numa pasta de sua preferência.[*]Feche o resultado clicando no botão Exit.[*]Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.[*]Reinicie o computador quando for pedido.[*]Poste o conteúdo desse arquivo em sua próxima resposta.

    OBSERVAÇÃO1:
    Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,

    • verde
      :
      baixo risco
    • amarelo
      :
      médio risco
    • vermelho
      :
      alto risco

    Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em
    Skip
    .

    OBSERVAÇÃO2:
    Se no resultado final do scan apenas tiver
    Result:
    OK
    , não precisa gerar um relatório, apenas informe deste.

    OBSERVAÇÃO3:
    Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus:
    c:\
    QooBox
    . Caso isto aconteça escolha a opção
    Skip
    , pois a mesma pertence ao
    ComboFix
    e será removida quando o mesmo for desinstalado.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Autoscan: completed 4 minutes ago (events: 260167, objects: 257987, time: 06:19:18)

    Result: OK (events: 254223)

    Result: Detected (events: 13)

    18/8/2010 00:21:48 File C:\Arquivos de programas\Arquivos comuns\eBay\eBayLauncher.exe/ UPX

    18/8/2010 00:34:47 File C:\Documents and Settings\João\Meus documentos\Downloads\backups\ backup-20100814-141316-505.dll

    18/8/2010 00:34:47 File C:\Documents and Settings\João\Meus documentos\Downloads\backups\ backup-20100814-141318-185.dll

    18/8/2010 06:20:15 File C:\Documents and Settings\João\Meus documentos\Downloads\backups\ backup-20100814-141322-399.dll

    18/8/2010 06:20:15 File C:\Documents and Settings\João\Meus documentos\Downloads\backups\ backup-20100814-141323-950.dll

    18/8/2010 06:22:06 File C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\_dzugonvn_.sys.zip/ dzugonvn.sys

    18/8/2010 06:22:07 File C:\Qoobox\Quarantine\C\WINDOWS\system32\ yqueqyb.dll.vir

    18/8/2010 06:22:08 File C:\System Volume Information\_restore{B54E333F-14C9-4F76-9435-62DDE6B17672}\RP1\ A0000005.dll

    18/8/2010 06:22:08 File C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ tcpip.sys.vir

    18/8/2010 06:22:23 File C:\System Volume Information\_restore{B54E333F-14C9-4F76-9435-62DDE6B17672}\RP1\ A0000008.sys

    18/8/2010 06:22:25 File C:\System Volume Information\_restore{B54E333F-14C9-4F76-9435-62DDE6B17672}\RP2\A0000126.exe/ UPX

    18/8/2010 06:28:29 File D:\Backup\Completed Downloads\sXeInjectedSetup.8.0.Fix.3.0.exe/ sXe.dll

    18/8/2010 06:31:29 File D:\System Volume Information\_restore{B54E333F-14C9-4F76-9435-62DDE6B17672}\RP2\A0000127.exe/ sXe.dll

    Result: Archive (events: 3433)

    Result: Packed (events: 954)

    Result: Disinfected (events: 2)

    Result: Deleted (events: 11)

    Result: Backed up (events: 13)

    Result: Not processed (events: 1)

    Result: Password protected (events: 1513)

    Result: Disinfected (events: 2)

    Result: Task started (events: 1)

    Result: Task completed (events: 1)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Parabéns, seu log está limpo.

    De agora em diante fique ALERTA!

    Para finalizar faça o seguinte:

    Vá em Iniciar > Executar e digite ComboFix /Uninstall . Isso desinstalará o ComboFix de sua máquina.

    Faça download do OTCleanIt by OldTimer

    • Salve no seu desktop (área/ambiente de trabalho).
    • Duplo-clique no icone do OTC.
    • Clique no botão "Cleanup" 8gehxg0.gif
    • Permita que o seu computador seja reiniciado.

    Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

    • Abra o programa e clique em Executar Limpeza;
    • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

    Sugiro também que consulte este artigo: Proteja seu PC

    Mais algum problema com o computador?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • :D:D só alegria mestre, muito obrigado pela ajuda Renato, agora ta tudo no esquema :P se houver qualquer coisa que eu possa fazer só me dar ideia :hehehe:

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×