Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Boa noite !
Toda vez que reinstalo o service pack 3 a seção Sigcheck do log do combofix fica cfe. log parcial logo abaixo; porém o sistema fica rápido .
Bem depois do encerramento deste tópico http://forum.imasters.com.br/index.php?/topic/396854-correovalidao/page__p__1550976__fromsearch__1entry1550976; já tinha enviado uma MP ao DigRam .
2009-06-17 17:41 . 2009-06-17 17:41 3870 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt.vir
2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml.vir
2004-02-26 16:35 . 2004-02-26 16:35 7904 ------w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd
2009-11-24 09:18 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat
.
------- Sigcheck -------
[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe
[7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\WINLOGON.EXE
[7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . d:\windows\system32\comctl32.dll
[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . d:\windows\ERDNT\cache\COMCTL32.DLL
[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . d:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2010-06-24 . BFD26DB90A37C2B79EBA3F0FCB36B5CF . 5954560 . . [8.00.6001.23037] . . d:\windows\ie8\mshtml.dll
[7] 2010-06-24 . BFD26DB90A37C2B79EBA3F0FCB36B5CF . 5954560 . . [8.00.6001.23037] . . d:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 04819CB0FD378DF668E0126E795B39D1 . 6112768 . . [8.00.6001.18939] . . d:\windows\system32\mshtml.dll
[7] 2010-06-24 . 3E34A8371BF952433A4D645CAA15B1F8 . 5951488 . . [8.00.6001.18939] . . d:\windows\ERDNT\cache\mshtml.dll
[-] 2010-06-24 . 04819CB0FD378DF668E0126E795B39D1 . 6112768 . . [8.00.6001.18939] . . d:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2010-06-24 . 04819CB0FD378DF668E0126E795B39D1 . 6112768 . . [8.00.6001.18939] . . d:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2010-05-06 . 7DD1799F5CA037BE23A9C1ECE2222151 . 6112256 . . [8.00.6001.18928] . . d:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[7] 2010-05-06 . AA1410ABF16D5F3655569927075CEF05 . 5953024 . . [8.00.6001.23019] . . d:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . A709662B2C291B04B765FAC8583AC8E0 . 6106112 . . [8.00.6001.18904] . . d:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2010-04-28 . 17266497E25E5864AAE5A6779F67046B . 2354304 . . [5.1.2600.5973] . . d:\windows\system32\ntoskrnl.exe
[7] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . d:\windows\ERDNT\cache\ntoskrnl.exe
[7] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . d:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2010-04-28 . 17266497E25E5864AAE5A6779F67046B . 2354304 . . [5.1.2600.5973] . . d:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2010-04-28 . 2B14801C5D196E8BEC3EA573B3B2DA44 . 2194304 . . [5.1.2600.5973] . . d:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-17 . 16F9B5E8C253A9211ED01885077C7526 . 2354304 . . [5.1.2600.5938] . . d:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll
[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\USER32.DLL
[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\user32.dll
[7] 2010-06-24 . 119AC859ABDA997E87CD30E10145B1AD . 919040 . . [8.00.6001.23037] . . d:\windows\ie8\wininet.dll
[7] 2010-06-24 . 119AC859ABDA997E87CD30E10145B1AD . 919040 . . [8.00.6001.23037] . . d:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . BA2D3FF9F2F464CF86449AB436029A94 . 983040 . . [8.00.6001.18939] . . d:\windows\system32\wininet.dll
[7] 2010-06-24 . 1F337249AE3EF62110CEED8A0425E7C7 . 916480 . . [8.00.6001.18939] . . d:\windows\ERDNT\cache\WININET.DLL
[-] 2010-06-24 . BA2D3FF9F2F464CF86449AB436029A94 . 983040 . . [8.00.6001.18939] . . d:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2010-06-24 . BA2D3FF9F2F464CF86449AB436029A94 . 983040 . . [8.00.6001.18939] . . d:\windows\ServicePackFiles\i386\wininet.dll
[-] 2010-05-06 . 5CD052E4E5E4463BC6A5543D8351BFAA . 983040 . . [8.00.6001.18923] . . d:\windows\ie8updates\KB2183461-IE8\wininet.dll
[7] 2010-05-06 . 326CDF2109D669998922946D6B490836 . 919040 . . [8.00.6001.23014] . . d:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 9B25F4F2E1C0622CB951FCAED549F0A9 . 983040 . . [8.00.6001.18904] . . d:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . d:\windows\explorer.exe
[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . d:\windows\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-13 . 88578EEECDAC059F9B12B8D3DA41FFAB . 1312256 . . [5.1.2600.5512] . . d:\windows\system32\ole32.dll
[7] 2008-04-13 . 4DA89C78A5AC43DD98E7497324000378 . 1287168 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\ole32.dll
[7] 2008-04-13 . 4DA89C78A5AC43DD98E7497324000378 . 1287168 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2008-04-13 . 88578EEECDAC059F9B12B8D3DA41FFAB . 1312256 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . B300CB983AB3D3CDE4332E47852706FB . 1285632 . . [5.1.2600.2726] . . d:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 86A64F2146E3DE3E2D0251F7DEC38C3A . 1286144 . . [5.1.2600.2665] . . d:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe
[7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2010-04-29 . AA06D29D46C992CF620C6FE8037123E9 . 2231296 . . [5.1.2600.5973] . . d:\windows\system32\ntkrnlpa.exe
[7] 2010-04-29 . 7FDAC9D0C4F6EBC61160EC9F00F03C20 . 2071168 . . [5.1.2600.5973] . . d:\windows\ERDNT\cache\ntkrnlpa.exe
[7] 2010-04-29 . 7FDAC9D0C4F6EBC61160EC9F00F03C20 . 2071168 . . [5.1.2600.5973] . . d:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2010-04-29 . AA06D29D46C992CF620C6FE8037123E9 . 2231296 . . [5.1.2600.5973] . . d:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2010-04-29 . 7FDAC9D0C4F6EBC61160EC9F00F03C20 . 2071168 . . [5.1.2600.5973] . . d:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-02-16 . 297C1AE40DE572E38618042B781EEE15 . 2231168 . . [5.1.2600.5938] . . d:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . d:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . d:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . d:\windows\ie8\iexplore.exe
[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . d:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . d:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . d:\windows\ie7updates\KB958215-IE7\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-16_02.16.17 )))))))))))))))))))))))))))))))))))))))))
Removendo componentes do service pack 3; a seção Sigcheck do log do combofix fica cfe.log parcial logo infra; porém o sistema fica lento .
2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml.vir
2004-02-26 16:35 . 2004-02-26 16:35 7904 ------w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd
2009-11-24 09:18 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat
.
------- Sigcheck -------
[-] 2008-04-13 . 88578EEECDAC059F9B12B8D3DA41FFAB . 1312256 . . [5.1.2600.5512] . . d:\windows\system32\ole32.dll
[-] 2008-04-13 . 88578EEECDAC059F9B12B8D3DA41FFAB . 1312256 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . B300CB983AB3D3CDE4332E47852706FB . 1285632 . . [5.1.2600.2726] . . d:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 86A64F2146E3DE3E2D0251F7DEC38C3A . 1286144 . . [5.1.2600.2665] . . d:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . d:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . d:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . d:\windows\ie8\iexplore.exe
[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . d:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . d:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . d:\windows\ie7updates\KB958215-IE7\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-01_16.29.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-13 14:11 . 2010-09-13 14:11 16384 d:\windows\temp\Perflib_Perfdata_6f4.dat
+ 2010-09-13 17:57 . 2010-09-13 17:57 16384 d:\windows\temp\Perflib_Perfdata_148.dat
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:59:04, on 17/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
D:\WINDOWS\Explorer.EXE
D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
D:\Arquivos de programas\Java\jre6\bin\jqs.exe
D:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
D:\Arquivos de programas\CursorXP\CursorXP.exe
D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
D:\Arquivos de programas\Mozilla Firefox\firefox.exe
D:\Arquivos de programas\K-Meleon\k-meleon.exe
D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: K-Meleon Loader.lnk = D:\Arquivos de programas\K-Meleon\loader.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe
--
End of file - 4325 bytes
Abraços e obrigado
Boa tarde ! Analistas/moderadores
Conforme as MP´S tem este http://forum.imasters.com.br/index.php?/topic/409782-maquina-virtual-danificou-os/page__pid__1610397__st__0entry1610397 ; também ; e segue logs atualizados .
DDS (Ver_10-03-17.01) - FAT32x86
Run by edsom luis at 15:10:20,90 on ter 28/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.165 [GMT -3:00]
AV: avast! Antivirus On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\Explorer.EXE
D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
D:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe
D:\Arquivos de programas\CursorXP\CursorXP.exe
D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
D:\Arquivos de programas\K-Meleon\loader.exe
D:\Arquivos de programas\K-Meleon\k-meleon.exe
D:\Arquivos de programas\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
D:\Arquivos de programas\Java\jre6\bin\jqs.exe
D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
D:\Documents and Settings\edsom luis\Meus documentos\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.br/
mWindow Title =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CursorXP] d:\arquivos de programas\cursorxp\CursorXP.exe
uRun: [msnmsgr] "d:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background
mRun: [sunJavaUpdateSched] "d:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"
mRun: [MSConfig] d:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [avast5] "d:\arquivos de programas\alwil software\avast5\avastUI.exe" /nogui
mRun: [DWQueuedReporting] "d:\arquiv~1\arquiv~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: d:\docume~1\edsoml~1\menuin~1\progra~1\inicia~1\k-mele~1.lnk - d:\arquivos de programas\k-meleon\loader.exe
StartupFolder: d:\docume~1\edsoml~1\menuin~1\progra~1\inicia~1\k-mele~1.lnk - d:\arquivos de programas\k-meleon\loader.exe
IE: E&xportar para o Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\arquivos de programas\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - d:\docume~1\edsoml~1\dadosd~1\mozilla\firefox\profiles\izozpjim.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/webhp?hl=pt-BR
FF - component: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: d:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\documents and settings\edsom luis\dados de aplicativos\mozilla\firefox\profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "[http://www.firefox.com"](http://www.firefox.com));
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2010-9-23 165584]
R1 avgio;avgio;d:\arquivos de programas\avira\antivir desktop\avgio.sys [2010-9-23 11608]
R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2009-9-18 142864]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2009-9-18 41744]
R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504]
R2 AntiVirSchedulerService;Avira AntiVir Programador;d:\arquivos de programas\avira\antivir desktop\sched.exe [2010-9-23 108289]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2010-9-23 17744]
R2 avast! Antivirus;avast! Antivirus;d:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-9-23 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;d:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-9-23 40384]
R3 avast! Web Scanner;avast! Web Scanner;d:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-9-23 40384]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2009-9-18 100368]
R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2010-5-18 111248]
R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]
=============== Created Last 30 ================
2010-09-28 13:35:59 297808 ----a-w- d:\windows\system32\TBD1C5.tmp
2010-09-24 02:05:43 38848 ----a-w- d:\windows\avastSS.scr
2010-09-23 20:44:06 0 d-----w- d:\windows\system32\wbem\Repository
2010-09-23 18:10:22 0 d-----w- d:\docume~1\alluse~1\dadosd~1\Avira
2010-09-22 14:45:14 0 d-----w- d:\documents and settings\edsom luis\.VirtualBox
2010-09-19 23:58:27 0 d-----w- d:\arquivos de programas\arquivos comuns\PC Tools
2010-09-19 19:54:07 0 d-----w- d:\docume~1\alluse~1\dadosd~1\MFAData
2010-09-17 21:15:24 0 d-----w- d:\arquivos de programas\K-Meleon
2010-09-17 20:59:13 0 d-----w- d:\docume~1\edsoml~1\dadosd~1\K-Meleon
2010-09-16 17:33:36 0 d-sh--w- D:\Recycled
2010-09-15 17:04:12 0 d-----w- d:\arquivos de programas\Messenger
2010-09-15 16:59:18 0 d-----w- d:\windows\EHome
2010-09-13 22:48:57 0 d---a-r- D:\Autorun.inf
2010-09-13 16:33:50 0 d-----w- d:\docume~1\alluse~1\dadosd~1\Panda Security
2010-09-10 00:15:37 0 d-----w- d:\docume~1\alluse~1\dadosd~1\BigFishGamesCache
2010-09-02 15:31:18 0 d-----w- d:\windows\Cache
2010-09-01 01:27:46 0 d-----w- d:\windows\system32\LogFiles
2010-08-31 18:22:53 0 d-----w- d:\windows\system32\wbem\Logs
2010-08-30 15:21:43 0 d-----w- D:\Recycled(2)
==================== Find3M ====================
2010-09-16 16:02:10 219648 ----a-w- d:\windows\system32\uxtheme.dll
2010-08-28 20:03:30 423656 ----a-w- d:\windows\system32\deployJava1.dll
2010-08-17 13:17:06 58880 ----a-w- d:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ------w- d:\windows\system32\dllcache\spoolsv.exe
2010-07-22 15:46:04 590848 ----a-w- d:\windows\system32\rpcrt4.dll
2010-07-22 15:46:04 590848 ------w- d:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 06:19:06 5120 ----a-w- d:\windows\system32\xpsp4res.dll
2010-07-19 22:46:40 56324 ---ha-w- d:\windows\system32\mlfcache.dat
2009-12-01 18:16:32 38338 ------w- d:\arquivos de programas\Uninst.isu
2009-11-27 21:47:52 218 ------w- d:\arquivos de programas\arquivos comuns\operaprefs_default.ini
2009-11-20 22:11:28 15828 ------w- d:\arquivos de programas\arquivos comuns\license.rtf
2009-11-20 22:01:18 832296 ------w- d:\arquivos de programas\arquivos comuns\opera.exe
2009-11-20 22:01:16 4450088 ------w- d:\arquivos de programas\arquivos comuns\opera.dll
2009-11-20 22:00:42 20480 ------w- d:\arquivos de programas\arquivos comuns\OUniAnsi.dll
2009-11-20 22:00:24 653419 ------w- d:\arquivos de programas\arquivos comuns\encoding.bin
2009-11-13 21:19:06 2320 ------w- d:\arquivos de programas\arquivos comuns\operadef6.ini
2009-08-19 08:39:36 330 ------w- d:\arquivos de programas\setup.ini
2009-07-10 06:20:00 621546 ----a-w- d:\arquivos de programas\arquivos comuns\ACIHELP.HLP.vir
2009-07-10 06:20:00 3219 ----a-w- d:\arquivos de programas\arquivos comuns\Acihelp.cnt.vir
2009-06-17 17:41:58 3870 ----a-w- d:\arquivos de programas\arquivos comuns\lngcode.txt.vir
2008-06-09 13:17:20 301 ----a-w- d:\arquivos de programas\arquivos comuns\c3nform.vxml.vir
2004-02-26 16:35:04 7904 ------w- d:\arquivos de programas\arquivos comuns\html40_entities.dtd
2009-01-21 15:39:44 32768 --sha-w- d:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009012120090122\index.dat
2009-11-24 09:18:56 32 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-03-08 17:09:26 510816 --sha-w- d:\windows\niwradsoft shell pack\backup\iexplore.exe
============= FINISH: 15:11:55,78 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 19/9/2007 10:51:37
System Uptime: 28/9/2010 10:16:00 (5 hours ago)
Motherboard: ECS | | M825G
Processor: AMD Sempron 2400+ | Socket-A | 1669/166mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (FAT32) - 17 GiB total, 10,079 GiB free.
D: is FIXED (FAT32) - 59 GiB total, 29,089 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: RADEON 9200 PRO Family (Microsoft Corporation)
Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008
Manufacturer: ATI Technologies Inc.
Name: RADEON 9200 PRO Family (Microsoft Corporation)
PNP Device ID: PCI\VEN_1002&DEV_5960&SUBSYS_061018BC&REV_01\4&1FEB96E4&0&0008
Service: ati2mtag
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: RADEON 9200 PRO SEC Family (Microsoft Corporation)
Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON 9200 PRO SEC Family (Microsoft Corporation)
PNP Device ID: PCI\VEN_1002&DEV_5940&SUBSYS_061118BC&REV_01\4&1FEB96E4&0&0108
Service: ati2mtag
Class GUID:
Description:
Device ID: STREAM\7131TVTUNER\4&2164E342&0&0
Manufacturer:
Name:
PNP Device ID: STREAM\7131TVTUNER\4&2164E342&0&0
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Controlador de comunicação PCI simples
Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E
Manufacturer:
Name: Controlador de comunicação PCI simples
PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&61AAA01&0&8E
Service:
==== System Restore Points ===================
RP146: 27/9/2010 08:18:53 - lccd ate 80
RP147: 28/9/2010 10:19:58 - Software Distribution Service 3.0
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2 - Português
Apple Application Support
Apple Software Update
Assistente de Conexão do Windows Live
Atualização de Segurança para o Windows Media Player (KB975558)
Atualização de Segurança para o Windows Media Player (KB978695)
Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)
Atualização de Segurança para Windows Internet Explorer 7 (KB938127)
Atualização de Segurança para Windows Internet Explorer 7 (KB958215)
Atualização de Segurança para Windows Internet Explorer 7 (KB960714)
Atualização de Segurança para Windows Internet Explorer 7 (KB961260)
Atualização de Segurança para Windows Internet Explorer 8 (KB2183461)
Atualização de Segurança para Windows Internet Explorer 8 (KB969897)
Atualização de Segurança para Windows Internet Explorer 8 (KB971961)
Atualização de Segurança para Windows Internet Explorer 8 (KB972260)
Atualização de Segurança para Windows Internet Explorer 8 (KB974455)
Atualização de Segurança para Windows Internet Explorer 8 (KB976325)
Atualização de Segurança para Windows Internet Explorer 8 (KB978207)
Atualização de Segurança para Windows Internet Explorer 8 (KB981332)
Atualização de Segurança para Windows Internet Explorer 8 (KB982381)
Atualização de Segurança para Windows XP (KB2079403)
Atualização de Segurança para Windows XP (KB2115168)
Atualização de Segurança para Windows XP (KB2121546)
Atualização de Segurança para Windows XP (KB2160329)
Atualização de Segurança para Windows XP (KB2229593)
Atualização de Segurança para Windows XP (KB2259922)
Atualização de Segurança para Windows XP (KB2286198)
Atualização de Segurança para Windows XP (KB2347290)
Atualização de Segurança para Windows XP (KB951748)
Atualização de Segurança para Windows XP (KB955069)
Atualização de Segurança para Windows XP (KB956802)
Atualização de Segurança para Windows XP (KB958687)
Atualização de Segurança para Windows XP (KB975562)
Atualização de Segurança para Windows XP (KB978542)
Atualização de Segurança para Windows XP (KB979482)
Atualização de Segurança para Windows XP (KB979559)
Atualização de Segurança para Windows XP (KB980195)
Atualização de Segurança para Windows XP (KB980218)
Atualização de Segurança para Windows XP (KB980436)
Atualização de Segurança para Windows XP (KB981322)
Atualização de Segurança para Windows XP (KB981852)
Atualização de Segurança para Windows XP (KB981997)
Atualização de Segurança para Windows XP (KB982214)
Atualização de Segurança para Windows XP (KB982665)
Atualização de Segurança para Windows XP (KB982802)
Atualização para Windows Internet Explorer 8 (KB973874)
Atualização para Windows Internet Explorer 8 (KB976662)
Atualização para Windows Internet Explorer 8 (KB976749)
Atualização para Windows Internet Explorer 8 (KB980182)
Atualização para Windows XP (KB2141007)
avast! Free Antivirus
BrOffice.org 3.1
C-Media WDM Audio Driver
CCleaner
CursorXP
EVEREST Home Edition v2.20
Ferramenta de Carregamento do Windows Live
Gadwin PrintScreen
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix para Windows XP (KB981793)
Java Auto Updater
Java 6 Update 21
K-Meleon 1.5.4 en-US (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.10)
MSVCRT
MSXML 4.0 SP2 (KB973688)
Opera 10.62
Revo Uninstaller 1.89
Safari
Segoe UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
você 9.0 Runtime
VIA Rhine-Family Fast-Ethernet Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
XML Paper Specification Shared Components Pack 1.0
==== End Of File ===========================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:13:26, on 28/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\Explorer.EXE
D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
D:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe
D:\Arquivos de programas\CursorXP\CursorXP.exe
D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
D:\Arquivos de programas\K-Meleon\loader.exe
D:\Arquivos de programas\K-Meleon\k-meleon.exe
D:\Arquivos de programas\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
D:\Arquivos de programas\Java\jre6\bin\jqs.exe
D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
D:\Documents and Settings\edsom luis\Meus documentos\Downloads\HiJackThis.exe
D:\Arquivos de programas\Avira\AntiVir Desktop\update.exe
D:\WINDOWS\system32\msfeedssync.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [avast5] "D:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [DWQueuedReporting] "D:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [CursorXP] D:\Arquivos de programas\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: K-Meleon Loader.lnk = D:\Arquivos de programas\K-Meleon\loader.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Arquivos de programas\Java\jre6\bin\jqs.exe
--
End of file - 4830 bytes
Obrigado e abraços
Não há nada demais com o problema do Sigcheck.
Esta é uma opção no log do combofix para verificar assinaturas digitais.
Boa noite ! Wings
Vossa pessoa leu este tópico ( o mesmo consta no começo/1º post deste tópico ) logo infra ? Dê ênfase na seção Sigcheck dos logs do combofix, após os comandos dado pelo DigRam .
http://forum.imasters.com.br/index.php?/topic/396854-correovalidao/
E; mas o que representa para o sistema estas quantidades de assinaturas não reconhecidas ( [-] ) ou as reconhecidas cfe. o log abaixo do combofix; a nivel de infecção ?
ComboFix 10-10-01.01 - edsom luis 02/10/2010 20:11:43.63.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.303 [GMT -3:00]
Executando de: d:\documents and settings\edsom luis\Desktop\ComboFix.exe
AV: avast! Antivirus On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-09-02 to 2010-10-02 ))))))))))))))))))))))))))))
.
2010-10-01 01:30 . 2010-10-01 01:30 -------- d-----w- d:\arquivos de programas\IObit
2010-09-30 19:16 . 2010-09-24 19:43 618128 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-09-30 19:16 . 2010-09-24 19:42 644384 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-09-24 02:06 . 2010-09-07 14:52 165584 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-09-24 02:06 . 2010-09-07 14:47 17744 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-09-24 02:06 . 2010-09-07 14:47 23376 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-09-24 02:06 . 2010-09-07 14:52 46672 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-09-24 02:06 . 2010-09-07 14:47 100176 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-09-24 02:06 . 2010-09-07 14:47 94544 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-09-24 02:06 . 2010-09-07 14:46 28880 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2010-09-24 02:05 . 2010-09-07 15:12 38848 ----a-w- d:\windows\avastSS.scr
2010-09-24 02:05 . 2010-09-07 15:11 167592 ----a-w- d:\windows\system32\aswBoot.exe
2010-09-24 02:05 . 2010-09-24 02:05 -------- d-----w- d:\arquivos de programas\Alwil Software
2010-09-23 20:44 . 2010-09-23 20:44 -------- d-----w- d:\windows\system32\wbem\Repository
2010-09-23 18:10 . 2009-03-30 13:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys
2010-09-23 18:10 . 2009-02-13 15:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys
2010-09-23 18:10 . 2009-02-13 15:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys
2010-09-23 18:10 . 2010-09-23 18:10 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Avira
2010-09-22 14:45 . 2010-09-22 14:45 -------- d-----w- d:\documents and settings\edsom luis\.VirtualBox
2010-09-22 14:37 . 2010-09-22 14:37 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Download Manager
2010-09-19 23:58 . 2010-09-19 23:58 -------- d-----w- d:\arquivos de programas\Arquivos comuns\PC Tools
2010-09-19 19:54 . 2010-09-19 19:54 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\MFAData
2010-09-17 21:15 . 2010-09-17 21:15 -------- d-----w- d:\arquivos de programas\K-Meleon
2010-09-17 20:59 . 2010-09-17 20:59 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\K-Meleon
2010-09-15 16:59 . 2010-09-15 16:59 -------- d-----w- d:\windows\EHome
2010-09-13 16:33 . 2010-09-13 16:33 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Panda Security
2010-09-10 00:15 . 2010-09-10 00:15 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\BigFishGamesCache
2010-09-02 15:31 . 2010-09-02 15:31 -------- d-----w- d:\windows\Cache
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 18:39 . 2009-08-27 01:37 664 ----a-w- d:\windows\system32\d3d9caps.dat
2010-10-01 15:45 . 2010-08-19 20:23 157184 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Runscanner.net\VirusTotalUpload.exe
2010-09-16 16:02 . 2004-08-04 10:45 219648 ----a-w- d:\windows\system32\uxtheme.dll
2010-09-10 01:15 . 2009-09-22 20:52 1 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-28 20:03 . 2010-04-18 00:33 423656 ----a-w- d:\windows\system32\deployJava1.dll
2010-08-25 15:38 . 2010-08-25 15:38 -------- d-----w- d:\arquivos de programas\Windows Live SkyDrive
2010-08-25 15:38 . 2010-08-25 15:38 -------- d-----w- d:\arquivos de programas\Windows Live
2010-08-23 20:53 . 2010-08-23 20:53 143392 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\BigFishGamesCache\Upgrade\stub\mahjongescapeancie_s1_l1_gF986T1L1_d1020783961.exe
2010-08-19 20:23 . 2010-08-19 20:23 -------- d-----w- d:\documents and settings\edsom luis\Dados de aplicativos\Runscanner.net
2010-08-17 13:17 . 2004-08-04 10:45 58880 ----a-w- d:\windows\system32\spoolsv.exe
2010-08-12 18:18 . 2010-08-12 18:18 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Windows Live
2010-08-09 14:07 . 2010-08-09 14:07 503808 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7bdeb69a-n\msvcp71.dll
2010-08-09 14:07 . 2010-08-09 14:07 499712 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7bdeb69a-n\jmc.dll
2010-08-09 14:07 . 2010-08-09 14:07 348160 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7bdeb69a-n\msvcr71.dll
2010-08-09 14:07 . 2010-08-09 14:07 61440 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63c474f1-n\decora-sse.dll
2010-08-09 14:07 . 2010-08-09 14:07 12800 ----a-w- d:\documents and settings\edsom luis\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-63c474f1-n\decora-d3d.dll
2010-07-22 15:46 . 2004-08-04 10:45 590848 ----a-w- d:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2009-04-17 12:45 5120 ----a-w- d:\windows\system32\xpsp4res.dll
2010-07-19 22:46 . 2010-07-19 22:46 56324 ---ha-w- d:\windows\system32\mlfcache.dat
2009-12-01 18:16 . 2009-12-01 18:16 38338 ------w- d:\arquivos de programas\Uninst.isu
2009-11-27 21:47 . 2009-11-13 21:19 218 ------w- d:\arquivos de programas\Arquivos comuns\operaprefs_default.ini
2009-11-20 22:11 . 2009-11-20 22:11 15828 ------w- d:\arquivos de programas\Arquivos comuns\license.rtf
2009-11-20 22:01 . 2009-11-20 22:01 832296 ------w- d:\arquivos de programas\Arquivos comuns\opera.exe
2009-11-20 22:01 . 2009-11-20 22:01 4450088 ------w- d:\arquivos de programas\Arquivos comuns\opera.dll
2009-11-20 22:00 . 2009-11-20 22:00 20480 ------w- d:\arquivos de programas\Arquivos comuns\OUniAnsi.dll
2009-11-20 22:00 . 2009-11-20 22:00 653419 ------w- d:\arquivos de programas\Arquivos comuns\encoding.bin
2009-11-13 21:19 . 2009-03-27 23:27 2320 ------w- d:\arquivos de programas\Arquivos comuns\operadef6.ini
2009-08-19 08:39 . 2009-08-19 08:39 330 ------w- d:\arquivos de programas\setup.ini
2009-07-10 06:20 . 2009-12-01 18:16 621546 ----a-w- d:\arquivos de programas\Arquivos comuns\ACIHELP.HLP.vir
2009-07-10 06:20 . 2009-12-01 18:16 3219 ----a-w- d:\arquivos de programas\Arquivos comuns\Acihelp.cnt.vir
2009-06-17 17:41 . 2009-06-17 17:41 3870 ----a-w- d:\arquivos de programas\Arquivos comuns\lngcode.txt.vir
2008-06-09 13:17 . 2008-06-09 13:17 301 ----a-w- d:\arquivos de programas\Arquivos comuns\c3nform.vxml.vir
2004-02-26 16:35 . 2004-02-26 16:35 7904 ------w- d:\arquivos de programas\Arquivos comuns\html40_entities.dtd
2009-11-24 09:18 . 2009-04-29 23:59 32 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-03-08 17:09 . 2010-09-16 16:05 510816 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
.
------- Sigcheck -------
[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe
[7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\WINLOGON.EXE
[7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . d:\windows\system32\comctl32.dll
[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . d:\windows\ERDNT\cache\COMCTL32.DLL
[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . d:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2008-04-14 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . d:\windows\WinSxS\InstallTemp\15449055\comctl32.dll
[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . d:\windows\WinSxS\InstallTemp\27228101\comctl32.dll
[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . d:\windows\WinSxS\InstallTemp\13399001\comctl32.dll
[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . d:\windows\WinSxS\InstallTemp\13714530\comctl32.dll
[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . d:\windows\WinSxS\InstallTemp\15322374\comctl32.dll
[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . d:\windows\WinSxS\InstallTemp\884784\comctl32.dll
[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . d:\windows\WinSxS\InstallTemp\27002523\comctl32.dll
[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . d:\windows\WinSxS\InstallTemp\6837353\comctl32.dll
[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . d:\windows\WinSxS\InstallTemp\6653252\comctl32.dll
[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . d:\windows\WinSxS\InstallTemp\1694423\comctl32.dll
[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . d:\windows\WinSxS\InstallTemp\4042144\comctl32.dll
[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . d:\windows\WinSxS\InstallTemp\833932\comctl32.dll
[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2006-08-25 . 50141E3C168F02C3920891400CEC9FF4 . 1054208 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2004-08-04 . 3680CF24C64348BFDC89E290790398E7 . 1050624 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2001-10-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2010-06-24 . BFD26DB90A37C2B79EBA3F0FCB36B5CF . 5954560 . . [8.00.6001.23037] . . d:\windows\ie8\mshtml.dll
[7] 2010-06-24 . BFD26DB90A37C2B79EBA3F0FCB36B5CF . 5954560 . . [8.00.6001.23037] . . d:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 04819CB0FD378DF668E0126E795B39D1 . 6112768 . . [8.00.6001.18939] . . d:\windows\system32\mshtml.dll
[7] 2010-06-24 . 3E34A8371BF952433A4D645CAA15B1F8 . 5951488 . . [8.00.6001.18939] . . d:\windows\ERDNT\cache\mshtml.dll
[-] 2010-06-24 . 04819CB0FD378DF668E0126E795B39D1 . 6112768 . . [8.00.6001.18939] . . d:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2010-06-24 . 04819CB0FD378DF668E0126E795B39D1 . 6112768 . . [8.00.6001.18939] . . d:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2010-05-06 . 7DD1799F5CA037BE23A9C1ECE2222151 . 6112256 . . [8.00.6001.18928] . . d:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[7] 2010-05-06 . AA1410ABF16D5F3655569927075CEF05 . 5953024 . . [8.00.6001.23019] . . d:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . A709662B2C291B04B765FAC8583AC8E0 . 6106112 . . [8.00.6001.18904] . . d:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2010-04-28 . 17266497E25E5864AAE5A6779F67046B . 2354304 . . [5.1.2600.5973] . . d:\windows\system32\ntoskrnl.exe
[7] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . d:\windows\ERDNT\cache\ntoskrnl.exe
[7] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . d:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2010-04-28 . 17266497E25E5864AAE5A6779F67046B . 2354304 . . [5.1.2600.5973] . . d:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2010-04-28 . 2B14801C5D196E8BEC3EA573B3B2DA44 . 2194304 . . [5.1.2600.5973] . . d:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-17 . 16F9B5E8C253A9211ED01885077C7526 . 2354304 . . [5.1.2600.5938] . . d:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll
[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\USER32.DLL
[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\user32.dll
[7] 2010-06-24 . 119AC859ABDA997E87CD30E10145B1AD . 919040 . . [8.00.6001.23037] . . d:\windows\ie8\wininet.dll
[7] 2010-06-24 . 119AC859ABDA997E87CD30E10145B1AD . 919040 . . [8.00.6001.23037] . . d:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . BA2D3FF9F2F464CF86449AB436029A94 . 983040 . . [8.00.6001.18939] . . d:\windows\system32\wininet.dll
[7] 2010-06-24 . 1F337249AE3EF62110CEED8A0425E7C7 . 916480 . . [8.00.6001.18939] . . d:\windows\ERDNT\cache\WININET.DLL
[-] 2010-06-24 . BA2D3FF9F2F464CF86449AB436029A94 . 983040 . . [8.00.6001.18939] . . d:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2010-06-24 . BA2D3FF9F2F464CF86449AB436029A94 . 983040 . . [8.00.6001.18939] . . d:\windows\ServicePackFiles\i386\wininet.dll
[-] 2010-05-06 . 5CD052E4E5E4463BC6A5543D8351BFAA . 983040 . . [8.00.6001.18923] . . d:\windows\ie8updates\KB2183461-IE8\wininet.dll
[7] 2010-05-06 . 326CDF2109D669998922946D6B490836 . 919040 . . [8.00.6001.23014] . . d:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 9B25F4F2E1C0622CB951FCAED549F0A9 . 983040 . . [8.00.6001.18904] . . d:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . d:\windows\explorer.exe
[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . d:\windows\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-13 . 88578EEECDAC059F9B12B8D3DA41FFAB . 1312256 . . [5.1.2600.5512] . . d:\windows\system32\ole32.dll
[7] 2008-04-13 . 4DA89C78A5AC43DD98E7497324000378 . 1287168 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\ole32.dll
[7] 2008-04-13 . 4DA89C78A5AC43DD98E7497324000378 . 1287168 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2008-04-13 . 88578EEECDAC059F9B12B8D3DA41FFAB . 1312256 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . B300CB983AB3D3CDE4332E47852706FB . 1285632 . . [5.1.2600.2726] . . d:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 86A64F2146E3DE3E2D0251F7DEC38C3A . 1286144 . . [5.1.2600.2665] . . d:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe
[7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . d:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2010-04-29 . AA06D29D46C992CF620C6FE8037123E9 . 2231296 . . [5.1.2600.5973] . . d:\windows\system32\ntkrnlpa.exe
[7] 2010-04-29 . 7FDAC9D0C4F6EBC61160EC9F00F03C20 . 2071168 . . [5.1.2600.5973] . . d:\windows\ERDNT\cache\ntkrnlpa.exe
[7] 2010-04-29 . 7FDAC9D0C4F6EBC61160EC9F00F03C20 . 2071168 . . [5.1.2600.5973] . . d:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2010-04-29 . AA06D29D46C992CF620C6FE8037123E9 . 2231296 . . [5.1.2600.5973] . . d:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2010-04-29 . 7FDAC9D0C4F6EBC61160EC9F00F03C20 . 2071168 . . [5.1.2600.5973] . . d:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-02-16 . 297C1AE40DE572E38618042B781EEE15 . 2231168 . . [5.1.2600.5938] . . d:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
[-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . d:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . d:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . d:\windows\ie8\iexplore.exe
[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . d:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . d:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . d:\windows\ie7updates\KB958215-IE7\iexplore.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="d:\arquivos de programas\CursorXP\CursorXP.exe" [2005-01-19 128000]
"msnmsgr"="d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="d:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"DWQueuedReporting"="d:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.1.lnk]
[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^K-Meleon Loader.lnk]
backup=d:\windows\pss\K-Meleon Loader.lnkStartup
[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_15.01.2010_15-37.lnk]
[HKLM\~\startupfolder\D:^Documents and Settings^edsom luis^Menu Iniciar^Programas^Inicializar^setup_9.0.0.722_18.02.2010_16-03.lnk]
[HKLM\~\startupfolder\^.mjsync_pt_BR]
path=\.mjsync_pt_BR
[HKLM\~\startupfolder\^catchme.exe]
path=\catchme.exe
[HKLM\~\startupfolder\^Desktop.rar]
path=\Desktop.rar
[HKLM\~\startupfolder\^dumphive.exe]
path=\dumphive.exe
[HKLM\~\startupfolder\^Favoritos.rar]
path=\Favoritos.rar
[HKLM\~\startupfolder\^haxoth2.txt]
path=\haxoth2.txt
[HKLM\~\startupfolder\^ipconfig]
path=\ipconfig
[HKLM\~\startupfolder\^Items.xml]
path=\Items.xml
[HKLM\~\startupfolder\^md5file.exe]
path=\md5file.exe
[HKLM\~\startupfolder\^moveex.exe]
path=\moveex.exe
[HKLM\~\startupfolder\^NTUSER.DAT]
path=\ntuser.dat
[HKLM\~\startupfolder\^NTUSER.DAT.bak_jv16pt]
path=\NTUSER.DAT.bak_jv16pt
[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
[HKLM\~\startupfolder\^NTUSER.DAT.tmp.LOG]
path=\NTUSER.DAT.tmp.LOG
[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
[HKLM\~\startupfolder\^ntuser.pol]
path=\ntuser.pol
[HKLM\~\startupfolder\^PrivacIE.rar]
path=\PrivacIE.rar
[HKLM\~\startupfolder\^process.exe]
path=\process.exe
[HKLM\~\startupfolder\^rebuilt.Menu Iniciar.rar]
path=\rebuilt.Menu Iniciar.rar
[HKLM\~\startupfolder\^rebuilt.UserData.rar]
path=\rebuilt.UserData.rar
[HKLM\~\startupfolder\^run2.hax]
path=\run2.hax
[HKLM\~\startupfolder\^settings.dat]
path=\settings.dat
[HKLM\~\startupfolder\^swsc.exe]
path=\swsc.exe
[HKLM\~\startupfolder\^tool_en.log]
path=\tool_en.log
[HKLM\~\startupfolder\^UserData.rar]
path=\UserData.rar
[HKLM\~\startupfolder\^vfind.exe]
path=\vfind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- d:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- d:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 16:08 209153 ----a-w- d:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:20 40448 ----a-w- d:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
2005-01-19 19:34 128000 ----a-w- d:\arquivos de programas\CursorXP\CursorXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2008-11-04 04:44 435096 ------w- d:\arquiv~1\ARQUIV~1\MICROS~1\DW\DWTRIG20.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 01:12 3872080 ----a-w- d:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 14:44 248552 ----a-w- d:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoogleDesktopManager-060409-093314"=3 (0x3)
"ZeppelinService"=2 (0x2)
"idsvc"=3 (0x3)
"AntiVirSchedulerService"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Arquivos de programas\\Arquivos comuns\\opera.exe"=
"d:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Arquivos de programas\\Opera\\opera.exe"=
"d:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [23/9/2010 23:06 165584]
R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [18/9/2009 13:11 142864]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [18/9/2009 13:10 41744]
R2 713xTVCard;SAA7131 TV Card;d:\windows\system32\drivers\SAA713x.sys [15/3/2005 12:00 277504]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [23/9/2010 23:06 17744]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [18/9/2009 13:11 100368]
R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [18/5/2010 20:28 111248]
R3 xpvcom;XPVCOM Port;d:\windows\system32\drivers\XPVCOM.sys [23/3/2007 02:00 30032]
S4 AntiVirSchedulerService;Avira AntiVir Programador;d:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [23/9/2010 15:10 108289]
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-10-03 d:\windows\Tasks\User_Feed_Synchronization-{85870EB0-73F3-41E1-92DD-7C153C1F486E}.job
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
mWindow Title =
IE: E&xportar para o Microsoft Excel
FF - ProfilePath - d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/webhp?hl=pt-BR
FF - component: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: d:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\documents and settings\edsom luis\Dados de aplicativos\Mozilla\Firefox\Profiles\izozpjim.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-02 20:20
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\.Default\Software\Stardock\WindowBlinds\WB5.ini\Installed]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\Microsoft.MSN.MCC.USNJSVC.1\CLSID]
@DACL=(02 0000)
@="{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}"
[HKEY_LOCAL_MACHINE\software\Classes\MSN.V2SDeviceHandler\CLSID]
@DACL=(02 0000)
@="{D74C0C0E-14F3-402C-9379-3E2BD0BF5D06}"
[HKEY_LOCAL_MACHINE\software\Classes\MSN.V2SDeviceHandler\CurVer]
@DACL=(02 0000)
@="MSN.V2SDeviceHandler.1"
[HKEY_LOCAL_MACHINE\software\Classes\MSN.V2SDeviceHandler.1\CLSID]
@DACL=(02 0000)
@="{D74C0C0E-14F3-402C-9379-3E2BD0BF5D06}"
[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.Dialer\CLSID]
@DACL=(02 0000)
@="{6E2200B4-7C9E-44C6-96A3-F904A7AB8880}"
[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.Dialer\CurVer]
@DACL=(02 0000)
@="pcsexe.Dialer.1"
[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.Dialer.1\CLSID]
@DACL=(02 0000)
@="{6E2200B4-7C9E-44C6-96A3-F904A7AB8880}"
[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.MessengerDialer\CLSID]
@DACL=(02 0000)
@="{81C63250-607F-4e79-9FCB-F756C16C5AB9}"
[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.MessengerDialer\CurVer]
@DACL=(02 0000)
@="pcsexe.Dialer.1"
[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.MessengerDialer.1\CLSID]
@DACL=(02 0000)
@="{81C63250-607F-4e79-9FCB-F756C16C5AB9}"
[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.PstnOut\CLSID]
@DACL=(02 0000)
@="{630ED07B-04A5-4AB9-A73B-FD94F34D5F09}"
[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.PstnOut\CurVer]
@DACL=(02 0000)
@="pcsexe.PstnOut.1"
[HKEY_LOCAL_MACHINE\software\Classes\pcsexe.PstnOut.1\CLSID]
@DACL=(02 0000)
@="{630ED07B-04A5-4AB9-A73B-FD94F34D5F09}"
[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Dialer\CLSID]
@DACL=(02 0000)
@="{72770783-9801-43c4-9E1F-9084BAE210CF}"
[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Dialer\CurVer]
@DACL=(02 0000)
@="Softphone.Dialer.1"
[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Dialer.1\CLSID]
@DACL=(02 0000)
@="{72770783-9801-43c4-9E1F-9084BAE210CF}"
[HKEY_LOCAL_MACHINE\software\Classes\Softphone.DialerWindow\CLSID]
@DACL=(02 0000)
@="{37E192CB-B5C5-4487-9D66-2550B6F57B7A}"
[HKEY_LOCAL_MACHINE\software\Classes\Softphone.DialerWindow\CurVer]
@DACL=(02 0000)
@="Softphone.DialerWindow.1"
[HKEY_LOCAL_MACHINE\software\Classes\Softphone.DialerWindow.1\CLSID]
@DACL=(02 0000)
@="{37E192CB-B5C5-4487-9D66-2550B6F57B7A}"
[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Error\CLSID]
@DACL=(02 0000)
@="{C2F86E32-3AD2-42f1-94F2-D7E0414F2C10}"
[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Error\CurVer]
@DACL=(02 0000)
@="Softphone.Error.1"
[HKEY_LOCAL_MACHINE\software\Classes\Softphone.Error.1\CLSID]
@DACL=(02 0000)
@="{C2F86E32-3AD2-42f1-94F2-D7E0414F2C10}"
[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneContact\CLSID]
@DACL=(02 0000)
@="{52C92B9C-B117-4AC5-AD94-A6D8604608BB}"
[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneContact\CurVer]
@DACL=(02 0000)
@="Softphone.PhoneContact.1"
[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneContact.1\CLSID]
@DACL=(02 0000)
@="{52C92B9C-B117-4AC5-AD94-A6D8604608BB}"
[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneNumber\CLSID]
@DACL=(02 0000)
@="{B0C5F2DF-5D4B-4DBC-888E-D96E971B57F4}"
[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneNumber\CurVer]
@DACL=(02 0000)
@="Softphone.PhoneNumber.1"
[HKEY_LOCAL_MACHINE\software\Classes\Softphone.PhoneNumber.1\CLSID]
@DACL=(02 0000)
@="{B0C5F2DF-5D4B-4DBC-888E-D96E971B57F4}"
[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupJob\CLSID]
@DACL=(02 0000)
@="{9B38B1AC-C774-46AB-AD99-0C19871F0714}"
[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupJob\CurVer]
@DACL=(02 0000)
@="WindowsLive.SetupJob.1"
[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupJob.1\CLSID]
@DACL=(02 0000)
@="{9B38B1AC-C774-46AB-AD99-0C19871F0714}"
[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupService\CLSID]
@DACL=(02 0000)
@="{585D47D2-CF74-4869-BF4E-DF5662504F11}"
[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupService\CurVer]
@DACL=(02 0000)
@="WindowsLive.SetupService.1"
[HKEY_LOCAL_MACHINE\software\Classes\WindowsLive.SetupService.1\CLSID]
@DACL=(02 0000)
@="{585D47D2-CF74-4869-BF4E-DF5662504F11}"
[HKEY_LOCAL_MACHINE\software\Classes\XceedSoftware.XceedCompression.1\CLSID]
@DACL=(02 0000)
@="{4C836512-BB70-11D2-A5A7-00105A9C91C6}"
[HKEY_LOCAL_MACHINE\software\Classes\XceedSoftware.XceedCompression.1\Insertable]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\XceedSoftware.XceedZip.4\CLSID]
@DACL=(02 0000)
@="{DB797690-40E0-11D2-9BD5-0060082AE372}"
[HKEY_LOCAL_MACHINE\software\Classes\XceedSoftware.XceedZip.4\Insertable]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\sfc_os.dll
d:\windows\system32\cscui.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\psbase.dll
d:\windows\system32\WININET.dll
d:\windows\system32\COMRes.dll
d:\windows\System32\cscui.dll
d:\windows\system32\LINKINFO.dll
d:\windows\system32\ntshrui.dll
d:\windows\system32\msi.dll
d:\arquivos de programas\CursorXP\CurXP0.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
.
Tempo para conclusão: 2010-10-02 20:25:13
ComboFix-quarantined-files.txt 2010-10-02 23:20
ComboFix2.txt 2010-09-16 17:18
Pré-execução: 16 pasta(s) 31.174.426.624 bytes disponíveis
Pós execução: 17 pasta(s) 31.866.290.176 bytes disponíveis
Obrigado e abraços
O sinal [-] significa arquivos provenientes de atualizações separadas ou de programas.
Exemplo:
[7] 2010-05-06 . AA1410ABF16D5F3655569927075CEF05 . 5953024 . . [8.00.6001.23019] . . d:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
Arquivo mshtml.dll proveniente do SP3 referente a atualização KB982381 para o Internet explorer 8, com assinatura AA1410ABF16D5....cuja versão é 8.00.6001.23019.
[-] 2010-02-25 . A709662B2C291B04B765FAC8583AC8E0 . 6106112 . . [8.00.6001.18904] . . d:\windows\ie8updates\KB982381-IE8\mshtml.dll
Arquivo mshtml.dll referente a atualização KB982381 para o Internet explorer 8 instalada em algum momento durante o update automático com assinatura digital A709662B2C291B....cuja versão é 8.00.6001.18904.
A presença destes arquivos no PC tem uma finalidade de, se caso um arquivo ser contaminado, uma cópia limpa poderá ser obtida de outra localização.
Um abraço.
Boa tarde ! Wings
Ok, esclarecido .
Obrigado e abraços
Algum moderador para iniciar a analise?