Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Boa tarde ! DigRam
Conforme solicitado segue :
ComboFix 10-05-26.03 - edsom luis 28/05/2010 13:46:41.16.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.281 [GMT -3:00]
Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe
AV: AntiVir Desktop On-access scanning enabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\rrxx.dll
d:\windows\system32\KB907265.log
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-28 to 2010-05-28 ))))))))))))))))))))))))))))
.
2010-05-26 20:31 . 2008-06-03 11:31 8704 ----a-w- D:\fixccs.exe
2010-05-24 13:58 . 2010-05-24 13:58 503808 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-78abc9e4-n\msvcp71.dll
2010-05-24 13:58 . 2010-05-24 13:58 499712 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-78abc9e4-n\jmc.dll
2010-05-24 13:58 . 2010-05-24 13:58 348160 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-78abc9e4-n\msvcr71.dll
2010-05-24 13:58 . 2010-05-24 13:58 61440 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1d19f863-n\decora-sse.dll
2010-05-24 13:58 . 2010-05-24 13:58 12800 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1d19f863-n\decora-d3d.dll
2010-05-23 19:44 . 2008-11-06 05:03 -------- d-----w- D:\SDFix
2010-05-23 12:43 . 2010-05-23 12:43 -------- d-----w- d:\documents and settings\edsom luis\.VirtualBox
2010-05-23 12:39 . 2010-05-23 12:39 -------- d-----w- d:\arquivos de programas\Oracle
2010-05-22 19:15 . 2010-05-22 19:15 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\CA
2010-05-21 00:43 . 2010-05-21 00:43 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\K-Meleon
2010-05-21 00:42 . 2010-05-21 00:42 -------- d-----w- d:\arquivos de programas\K-Meleon
2010-05-18 23:28 . 2010-05-18 23:28 133648 ----a-w- d:\windows\system32\VBoxNetFltNotify.dll
2010-05-18 23:28 . 2010-05-18 23:28 111248 ----a-w- d:\windows\system32\drivers\VBoxNetFlt.sys
2010-05-18 23:09 . 2010-05-17 19:48 702120 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-05-18 23:09 . 2010-05-17 19:48 868456 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-05-18 22:11 . 2010-05-18 22:11 -------- d-----w- d:\arquivos de programas\MSBuild
2010-05-15 21:20 . 2010-05-15 21:20 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\QuickScan
2010-05-05 13:14 . 2010-05-05 13:14 -------- d-----w- d:\arquivos de programas\navilog1
2010-05-05 12:53 . 2010-05-05 12:53 -------- d-----w- D:\Lop SD
2010-05-05 12:53 . 2010-04-04 16:04 537842 ----a-w- D:\HaxFix.exe
2010-05-05 12:53 . 2010-05-05 12:53 -------- d---a-w- D:\Navilog1
2010-05-04 18:34 . 2010-05-04 18:34 12552 ----a-w- d:\windows\system32\drivers\hddirect.sys
2010-05-04 03:41 . 2010-05-04 03:41 -------- d-----w- d:\arquivos de programas\CCleaner
2010-05-03 18:07 . 2010-05-03 18:07 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Avira
2010-05-03 18:00 . 2010-03-01 13:05 124784 ----a-w- d:\windows\system32\drivers\avipbb.sys
2010-05-03 18:00 . 2010-02-16 17:24 60936 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2010-05-03 18:00 . 2009-05-11 15:49 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys
2010-05-03 18:00 . 2010-05-03 18:00 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira
2010-05-03 18:00 . 2010-05-03 18:00 -------- d-----w- d:\arquivos de programas\Avira
2010-05-03 18:00 . 2009-05-11 15:49 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys
2010-05-03 01:06 . 2010-05-03 01:06 0 ----a-w- d:\documents and settings\edsom luis\settings.dat
2010-05-02 21:04 . 2010-04-29 18:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-05-02 21:04 . 2010-04-29 18:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-05-01 14:11 . 2010-05-01 14:11 -------- d-----w- d:\arquivos de programas\Opera
2010-04-30 21:42 . 2008-04-13 17:44 2560 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Microsoft\USMT\iconlib.dll
2010-04-30 00:45 . 2010-04-30 00:45 -------- d-----w- d:\windows\system32\wbem\Repository
2010-04-29 22:09 . 2007-01-18 12:00 3968 ----a-w- d:\windows\system32\drivers\AvgArCln.sys
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 15:39 . 2009-08-27 01:37 664 ----a-w- d:\windows\system32\d3d9caps.dat
2010-05-21 21:03 . 2009-09-22 20:52 1 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-18 23:28 . 2009-09-18 16:11 100368 ----a-w- d:\windows\system32\drivers\VBoxNetAdp.sys
2010-05-18 23:28 . 2009-09-18 16:11 142864 ----a-w- d:\windows\system32\drivers\VBoxDrv.sys
2010-05-18 23:28 . 2009-09-18 16:10 41744 ----a-w- d:\windows\system32\drivers\VBoxUSBMon.sys
2010-05-18 23:02 . 2001-10-28 21:07 81050 ----a-w- d:\windows\system32\perfc016.dat
2010-05-18 23:02 . 2001-10-28 21:07 472248 ----a-w- d:\windows\system32\perfh016.dat
2010-05-18 02:30 . 2004-08-04 10:45 219648 ----a-w- d:\windows\system32\uxtheme.dll
2010-05-17 18:52 . 2010-02-06 22:21 12 ----a-w- d:\windows\system32\drivers\IncompleteBoot.cnt
2010-04-22 23:54 . 2010-04-22 23:54 -------- d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware
2010-04-21 18:22 . 2010-04-18 01:03 79488 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\jre1.6.0_20\gtapi.dll
2010-04-21 18:22 . 2010-04-18 01:03 152576 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\jre1.6.0_20\lzma.dll
2010-04-18 20:27 . 2010-04-18 20:27 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Stardock
2010-04-18 00:33 . 2010-04-18 00:33 411368 ----a-w- d:\windows\system32\deployJava1.dll
2010-04-14 07:02 . 2007-09-19 14:24 327168 ----a-w- d:\windows\IsUn0416.exe
2010-04-06 01:42 . 2010-04-06 01:42 -------- d-----w- d:\arquivos de programas\Safari
2010-04-06 01:41 . 2010-04-06 01:41 -------- d-----w- d:\arquivos de programas\Apple Software Update
2010-04-04 19:14 . 2010-04-04 19:14 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Apple
2010-04-04 19:14 . 2010-04-04 19:14 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Apple
2010-04-01 20:31 . 2010-04-01 20:31 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\WinZip
2010-03-10 06:16 . 2004-08-04 10:45 420352 ----a-w- d:\windows\system32\vbscript.dll
2010-03-04 07:00 . 2010-03-04 07:00 79144 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2009-12-01 18:16 . 2009-12-01 18:16 38338 ------w- d:\arquivos de programas\Uninst.isu
2009-11-27 21:47 . 2009-11-13 21:19 218 ------w- d:\arquivos de programas\Arquivos comuns\operaprefs_default.ini
2009-11-20 22:11 . 2009-11-20 22:11 15828 ------w- d:\arquivos de programas\Arquivos comuns\license.rtf
2009-11-20 22:01 . 2009-11-20 22:01 832296 ------w- d:\arquivos de programas\Arquivos comuns\opera.exe
2009-11-20 22:01 . 2009-11-20 22:01 4450088 ------w- d:\arquivos de programas\Arquivos comuns\opera.dll
2009-11-20 22:00 . 2009-11-20 22:00 20480 ------w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll
2009-11-20 22:00 . 2009-11-20 22:00 653419 ------w- d:\arquivos de programas\Arquivos comuns\encoding.bin
2009-11-13 21:19 . 2009-03-27 23:27 2320 ------w- d:\arquivos de programas\Arquivos comuns\operadef6.ini
2009-08-19 08:39 . 2009-08-19 08:39 330 ------w- d:\arquivos de programas\setup.ini
2009-07-10 06:20 . 2009-12-01 18:16 621546 ----a-w- d:\arquivos de programas\Arquivos comuns\ACIHELP.HLP.vir
2009-07-10 06:20 . 2009-12-01 18:16 3219 ----a-w- d:\arquivos de programas\Arquivos comuns\Acihelp.cnt.vir
2009-06-17 17:41 . 2009-06-17 17:41 3870 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt.vir
2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml.vir
2004-02-26 16:35 . 2004-02-26 16:35 7904 ------w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ------w- d:\arquivos de programas\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ------w- d:\arquivos de programas\instmsia.exe
2009-11-24 09:18 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-03-08 17:09 . 2010-05-18 02:33 638816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
2008-04-14 03:21 . 2010-05-18 02:33 73728 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\wmplayer.exe
.
------- Sigcheck -------
[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe
[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . d:\windows\system32\dllcache\winlogon.exe
[7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . d:\windows\system32\comctl32.dll
[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . d:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2010-02-25 . A709662B2C291B04B765FAC8583AC8E0 . 6106112 . . [8.00.6001.18904] . . d:\windows\system32\mshtml.dll
[-] 2010-02-25 . A709662B2C291B04B765FAC8583AC8E0 . 6106112 . . [8.00.6001.18904] . . d:\windows\system32\dllcache\mshtml.dll
[7] 2010-02-25 . 23099BB44DA6A7D80B15FF4F7C51877D . 5944832 . . [8.00.6001.18904] . . d:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2010-02-25 . A709662B2C291B04B765FAC8583AC8E0 . 6106112 . . [8.00.6001.18904] . . d:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2010-02-25 . 6D179FBB1B42A3C33955652D3A38BFDF . 5946880 . . [8.00.6001.22995] . . d:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[7] 2009-12-21 . B5A5C997C2F926C40CCC64A3BD377D4B . 5942784 . . [8.00.6001.18876] . . d:\windows\ie8updates\KB980182-IE8\mshtml.dll
[7] 2009-12-21 . AAD700DEA94EE6E56E591C351111941A . 5945856 . . [8.00.6001.22967] . . d:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . 58A17D0C94F23CD59346720B0C374A90 . 5940736 . . [8.00.6001.18854] . . d:\windows\ie8updates\KB978207-IE8\mshtml.dll
[7] 2009-10-29 . 80F9322FBC4BBBC3A0DB6E9B3C953C60 . 5944320 . . [8.00.6001.22945] . . d:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-22 . 61245C5B4B4F06058F4038DC2C7D9C72 . 5939712 . . [8.00.6001.18852] . . d:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2009-10-22 . 4E0FB322DCCB816F5DD56E9B2BE5E664 . 5943296 . . [8.00.6001.22942] . . d:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[7] 2009-08-29 . DB337CCC2E1111068F0FFD08982810F7 . 5940224 . . [8.00.6001.18828] . . d:\windows\ie8updates\KB976749-IE8\mshtml.dll
[7] 2009-08-29 . E719DAF5D7972B69647CF32C9FD1601D . 5942272 . . [8.00.6001.22918] . . d:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . CD4DC10D4F812033C4B402C9620F10BB . 5937152 . . [8.00.6001.18812] . . d:\windows\ie8updates\KB974455-IE8\mshtml.dll
[7] 2009-07-19 . 5B7C8A16598E79AD559323C81737AC4D . 5938176 . . [8.00.6001.22902] . . d:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . BE87C13E58E44084D7B81B047EB1121B . 5936128 . . [8.00.6001.22873] . . d:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . 285B63B5E7BE2B4237F6528DFE11CDB4 . 5936128 . . [8.00.6001.18783] . . d:\windows\ie8updates\KB972260-IE8\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . d:\windows\ie8updates\KB969897-IE8\mshtml.dll
[7] 2009-01-17 . BC083F2B02EA9E69A636970859AF8DAF . 3594752 . . [7.00.6000.16809] . . d:\windows\ie8\mshtml.dll
[7] 2009-01-16 . 628A8E851FBA1F2183CE327B76E19E3E . 3596288 . . [7.00.6000.20996] . . d:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 . A294B659329C4007D75FF675A8A3A94F . 3593216 . . [7.00.6000.16788] . . d:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-12-13 . 4C2F6BAFA9236FA50620CC3E6DDF3BAD . 3594752 . . [7.00.6000.20973] . . d:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2008-10-16 . 2B042E339C0C5E1584D49EB5579ABBD1 . 3595264 . . [7.00.6000.20935] . . d:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-02-16 . 9D318F222A6FF820D92EC97F4F1935EC . 3087872 . . [6.00.2900.3314] . . d:\windows\$hf_mig$\KB947864\SP2QFE\mshtml.dll
[7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . d:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2010-02-17 . 16F9B5E8C253A9211ED01885077C7526 . 2354304 . . [5.1.2600.5938] . . d:\windows\system32\ntoskrnl.exe
[-] 2010-02-17 . 16F9B5E8C253A9211ED01885077C7526 . 2354304 . . [5.1.2600.5938] . . d:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-02-17 . 124F4EC97A7683D1A67B3AECFE258ABD . 2194176 . . [5.1.2600.5938] . . d:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2010-02-17 . 124F4EC97A7683D1A67B3AECFE258ABD . 2194176 . . [5.1.2600.5938] . . d:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2010-02-17 . 16F9B5E8C253A9211ED01885077C7526 . 2354304 . . [5.1.2600.5938] . . d:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2010-02-16 . 8A47EB27E99109826F8A54BB64BE8131 . 2194304 . . [5.1.2600.5938] . . d:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . C25035B93BDF12E2CB89C6F5BF8B99F1 . 2193536 . . [5.1.2600.5913] . . d:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . EB331E36934D9016B66CDF694954A8AF . 2193408 . . [5.1.2600.5913] . . d:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[7] 2009-08-04 . 3B75E61D1546C05A959EDFE11F1510D1 . 2193536 . . [5.1.2600.5857] . . d:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . d:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . A42CC3CFC02A7B2BAEC7B0D45808B257 . 2193408 . . [5.1.2600.5657] . . d:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . B72A025A758683552C4FEC7EABCB0661 . 2190208 . . [5.1.2600.3427] . . d:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 . 04BA43B0D2A13BD6B06D707299243CFC . 2193408 . . [5.1.2600.5657] . . d:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2007-02-28 . BFB4C8761976CCE0B544D557B4C70825 . 2186368 . . [5.1.2600.3093] . . d:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2005-03-02 . 6E3AB4241E058B248CB7CDC5157449C3 . 2183808 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll
[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . d:\windows\system32\dllcache\user32.dll
[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\user32.dll
[7] 2005-03-02 . 3ED0A4D74EFD5AAF8408095F452E2613 . 577536 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2010-02-25 . 9B25F4F2E1C0622CB951FCAED549F0A9 . 983040 . . [8.00.6001.18904] . . d:\windows\system32\wininet.dll
[-] 2010-02-25 . 9B25F4F2E1C0622CB951FCAED549F0A9 . 983040 . . [8.00.6001.18904] . . d:\windows\system32\dllcache\wininet.dll
[7] 2010-02-25 . E5CC74D62E06066451D59248CBFBAED0 . 916480 . . [8.00.6001.18904] . . d:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2010-02-25 . 9B25F4F2E1C0622CB951FCAED549F0A9 . 983040 . . [8.00.6001.18904] . . d:\windows\ServicePackFiles\i386\wininet.dll
[7] 2010-02-25 . D8E3E2FD8928B2BD8BEB2518C2E45ED1 . 919040 . . [8.00.6001.22995] . . d:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2009-12-21 . 79805286A6D381A658A1871F6B3588B9 . 916480 . . [8.00.6001.18876] . . d:\windows\ie8updates\KB980182-IE8\wininet.dll
[7] 2009-12-21 . 11162780821A0531D39E675A662D766F . 916480 . . [8.00.6001.22967] . . d:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 191FFB2798E4DB25F04C2E71C9595A85 . 916480 . . [8.00.6001.18854] . . d:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-10-29 . E30B8F0D3BFAF4B403C57F05242AEF74 . 916480 . . [8.00.6001.22945] . . d:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-08-29 . 83438BBF93CA586ED5149B1E1AA1BDBB . 916480 . . [8.00.6001.18828] . . d:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2009-08-29 . 4F4F8F0B432A8B4B0D23829375358F34 . 916480 . . [8.00.6001.22918] . . d:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 9572842DA52CF071068FAAB8AD4D74A5 . 915456 . . [8.00.6001.22896] . . d:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 903350F08A1DF38714EF37F09EA11BB4 . 915456 . . [8.00.6001.18806] . . d:\windows\ie8updates\KB974455-IE8\wininet.dll
[7] 2009-05-13 . 4E74AEBA5546A61C9DC35BC531EFFA23 . 915456 . . [8.00.6001.22873] . . d:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-05-13 . 14E350ABCCBE0279D042AF2854E6D894 . 915456 . . [8.00.6001.18783] . . d:\windows\ie8updates\KB972260-IE8\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . d:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2008-12-21 . E048867C310B09ED1C79E59B68DB8050 . 827904 . . [7.00.6000.20978] . . d:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 . 94A623D9C0F2632796B4CE2753331F98 . 826368 . . [7.00.6000.16791] . . d:\windows\ie8\wininet.dll
[7] 2008-10-16 . 779479E6F38BC77831F26BD9AAE3FAD3 . 826368 . . [7.00.6000.16762] . . d:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-10-16 . 4BCD45D77BD42A5E9C2DD2E847A5467E . 827904 . . [7.00.6000.20935] . . d:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-02-16 . F3AD9DF6B30D5A3F67B5561109640958 . 668160 . . [6.00.2900.3314] . . d:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
[7] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . d:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . d:\windows\explorer.exe
[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . d:\windows\system32\dllcache\explorer.exe
[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\explorer.exe
[7] 2007-06-13 . 45D521506825A10B80833B4E9621CCF6 . 1035264 . . [6.00.2900.3156] . . d:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . d:\windows\system32\dllcache\ctfmon.exe
[7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2010-02-16 . 297C1AE40DE572E38618042B781EEE15 . 2231168 . . [5.1.2600.5938] . . d:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . 297C1AE40DE572E38618042B781EEE15 . 2231168 . . [5.1.2600.5938] . . d:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-02-16 . 1F54DE75A9C8EC46E9FB53C1890C9ED3 . 2071040 . . [5.1.2600.5938] . . d:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2010-02-16 . 1F54DE75A9C8EC46E9FB53C1890C9ED3 . 2071040 . . [5.1.2600.5938] . . d:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2010-02-16 . 297C1AE40DE572E38618042B781EEE15 . 2231168 . . [5.1.2600.5938] . . d:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2010-02-16 . E94AC126E7ADFD40DC4E38D2E91236D8 . 2071168 . . [5.1.2600.5938] . . d:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . 7D45AF0A376A7EEE59B2A4BCDC304C9C . 2070400 . . [5.1.2600.5913] . . d:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . FA72BE44F0715BD88A37C77559ACB3B7 . 2070272 . . [5.1.2600.5913] . . d:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[7] 2009-08-05 . 6FEC1B436323CC29B3008D7C5BF2A10F . 2070400 . . [5.1.2600.5857] . . d:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . d:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 586A93E0C23F6A1893F6706F36B22598 . 2070272 . . [5.1.2600.5657] . . d:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 145CD2BBA58988B7A2E9B910AC4D4CA4 . 2067200 . . [5.1.2600.3427] . . d:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A62251C7C1F0DBC3241ABF1985EDE75E . 2070272 . . [5.1.2600.5657] . . d:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2007-02-28 . D027F0097B8F099C09369B8CC97D7C32 . 2063616 . . [5.1.2600.3093] . . d:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2005-03-02 . AED7B3AA86AD031CF39C6E4BBA37E818 . 2061184 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="d:\arquivos de programas\CursorXP\CursorXP.exe" [2005-01-19 128000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRealMode"= 0 (0x0)
"HonorAutoRunSetting"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoUpdateCheck"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk]
[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_15.01.2010_15-37.lnk]
[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_18.02.2010_16-03.lnk]
[HKLM\~\startupfolder\^.mjsync_pt_BR]
path=\.mjsync_pt_BR
[HKLM\~\startupfolder\^catchme.exe]
path=\catchme.exe
[HKLM\~\startupfolder\^Desktop.rar]
path=\Desktop.rar
[HKLM\~\startupfolder\^dumphive.exe]
path=\dumphive.exe
[HKLM\~\startupfolder\^Favoritos.rar]
path=\Favoritos.rar
[HKLM\~\startupfolder\^haxoth2.txt]
path=\haxoth2.txt
[HKLM\~\startupfolder\^md5file.exe]
path=\md5file.exe
[HKLM\~\startupfolder\^moveex.exe]
path=\moveex.exe
[HKLM\~\startupfolder\^NTUSER.DAT]
path=\ntuser.dat
[HKLM\~\startupfolder\^NTUSER.DAT.bak_jv16pt]
path=\NTUSER.DAT.bak_jv16pt
[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
[HKLM\~\startupfolder\^NTUSER.DAT.tmp.LOG]
path=\NTUSER.DAT.tmp.LOG
[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
[HKLM\~\startupfolder\^ntuser.pol]
path=\ntuser.pol
[HKLM\~\startupfolder\^PrivacIE.rar]
path=\PrivacIE.rar
[HKLM\~\startupfolder\^process.exe]
path=\process.exe
[HKLM\~\startupfolder\^rebuilt.Menu Iniciar.rar]
path=\rebuilt.Menu Iniciar.rar
[HKLM\~\startupfolder\^rebuilt.UserData.rar]
path=\rebuilt.UserData.rar
[HKLM\~\startupfolder\^run2.hax]
path=\run2.hax
[HKLM\~\startupfolder\^swreg.exe]
path=\swreg.exe
[HKLM\~\startupfolder\^swsc.exe]
path=\swsc.exe
[HKLM\~\startupfolder\^tool_en.log]
path=\tool_en.log
[HKLM\~\startupfolder\^UserData.rar]
path=\UserData.rar
[HKLM\~\startupfolder\^vfind.exe]
path=\vfind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- d:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:20 40448 ----a-w- d:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
2005-01-19 19:34 128000 ----a-w- d:\arquivos de programas\CursorXP\CursorXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2008-11-04 04:44 435096 ------w- d:\arquiv~1\ARQUIV~1\MICROS~1\DW\DWTRIG20.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 14:43 248040 ----a-w- d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoogleDesktopManager-060409-093314"=3 (0x3)
"ZeppelinService"=2 (0x2)
"idsvc"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Arquivos de programas\\Arquivos comuns\\opera.exe"=
"d:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"d:\\Arquivos de programas\\Opera\\opera.exe"=
"d:\\Arquivos de programas\\Oracle\\VirtualBox\\VirtualBox.exe"=
R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [18/9/2009 13:11 142864]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [18/9/2009 13:10 41744]
R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/3/2005 12:00 277504]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [3/5/2010 15:00 135336]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [18/9/2009 13:11 100368]
R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [18/5/2010 20:28 111248]
R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/3/2007 02:00 30032]
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-05-28 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job
.
.
------- Scan Suplementar -------
.
mWindow Title =
IE: E&xportar para o Microsoft Excel
FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/webhp?hl=pt-BR
FF - component: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: d:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
.------- Associação de arquivos/ficheiros -------
.
.txt=
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 13:52
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\.Default\Software\Stardock\WindowBlinds\WB5.ini\Installed]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\sfc_os.dll
d:\windows\system32\cscui.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\psbase.dll
.
Tempo para conclusão: 2010-05-28 13:51:50
ComboFix-quarantined-files.txt 2010-05-28 14:13
ComboFix2.txt 2010-05-28 14:13
ComboFix3.txt 2010-05-18 19:31
ComboFix4.txt 2010-05-17 18:37
ComboFix5.txt 2010-05-15 13:45
Pré-execução: 19 pasta(s) 40.769.454.080 bytes disponíveis
Pós execução: 21 pasta(s) 40.744.812.544 bytes disponíveis
Obrigado
Carregando comentários...