[Arquivado] Socket Error # 11004 (log)

uall · Agosto 6, 2008

Meu TS não loga, aparece esse erro "Socket Error #11004".

Preciso de ajuda.

Eis o meu log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:09:02, on 5/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\IObit\Advanced WindowsCare V2\Awcl.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\ARQUIV~1\AVG\AVG8\aAvgApi.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: BrowsingProgram - {F8EACE56-0AF4-3AE3-6EF8-F8CC39675729} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Arquivos de programas\IObit\Advanced WindowsCare V2\Awcl.exe" /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{172C930D-71D6-443D-807F-C876E6BD44F0}: NameServer = 172.22.0.20,172.22.0.21

O17 - HKLM\System\CS1\Services\Tcpip\..\{172C930D-71D6-443D-807F-C876E6BD44F0}: NameServer = 172.22.0.20,172.22.0.21

O17 - HKLM\System\CS2\Services\Tcpip\..\{172C930D-71D6-443D-807F-C876E6BD44F0}: NameServer = 172.22.0.20,172.22.0.21

O17 - HKLM\System\CS3\Services\Tcpip\..\{172C930D-71D6-443D-807F-C876E6BD44F0}: NameServer = 172.22.0.20,172.22.0.21

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 6980 bytes

PedroN · Agosto 6, 2008

Baixe o Combofix e salve no seu desktop.

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

Para parar ou sair do ComboFix, tecle "2" e Enter.

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

uall · Agosto 6, 2008

Feito!

ComboFix 08-08-06.02 - edson 2008-08-06 19:48:44.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1071 [GMT -3:00]

Executando de: C:\Documents and Settings\edson\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\FBrowserAdvisor

C:\Arquivos de programas\FBrowsingAdvisor

C:\Arquivos de programas\FBrowsingAdvisor\IXPCOMEvents.xpt

C:\Arquivos de programas\FBrowsingAdvisor\Logo.png

C:\Arquivos de programas\FBrowsingAdvisor\main.db

C:\Arquivos de programas\FBrowsingAdvisor\unins000.dat

C:\Arquivos de programas\FBrowsingAdvisor\unins000.exe

C:\Arquivos de programas\FBrowsingAdvisor\XPCOMEvents.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-06 to 2008-08-06 ))))))))))))))))))))))))))))))))

.

2008-08-05 20:26 . 2008-08-05 20:26 <DIR> d-------- C:\!KillBox

2008-08-05 20:15 . 2008-08-05 20:15 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-08-05 15:18 . 2008-08-06 10:43 <DIR> d-------- C:\Arquivos de programas\Microsoft Games

2008-08-04 10:14 . 2008-08-04 10:14 <DIR> d-------- C:\Disney Interactive

2008-08-03 23:52 . 2008-08-03 23:52 <DIR> d-------- C:\Documents and Settings\edson\Meus documenWWWtos

2008-07-27 23:11 . 2008-07-27 23:11 230,424 --a------ C:\img1-001.raw

2008-07-16 19:17 . 2008-08-06 18:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-07-16 19:17 . 2008-07-16 22:14 <DIR> d-------- C:\Documents and Settings\edson\Dados de aplicativos\AVGTOOLBAR

2008-07-16 19:17 . 2008-07-18 11:14 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-16 19:17 . 2008-07-18 11:14 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-07-10 10:46 . 2008-08-06 10:39 <DIR> d-------- C:\Arquivos de programas\FruitFrolic

2008-07-09 12:35 . 2008-07-10 12:05 <DIR> d-------- C:\Arquivos de programas\DatawareGames

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-06 22:39 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-06 22:31 --------- d-----w C:\Arquivos de programas\Lineage II

2008-08-06 13:31 --------- d-----w C:\Arquivos de programas\Accolade

2008-08-05 18:41 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-04 01:43 --------- d-----w C:\Documents and Settings\edson\Dados de aplicativos\MegauploadToolbar

2008-07-18 04:33 --------- d-----w C:\Arquivos de programas\Uall

2008-07-16 22:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-07-10 15:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\edson editores

2008-06-26 02:24 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-06-23 21:21 --------- d-----w C:\Arquivos de programas\MYMA Decoder and Viewer

2008-06-10 21:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\snpstd

2008-01-03 15:26 8 -c--a-w C:\Documents and Settings\All Users\Dados de aplicativos\HJYWCPNGNWPP.SYS

2007-07-20 04:19 855,886 -c--a-w C:\Arquivos de programas\Arquivos comuns\AUG2007_d3dx10_35_x64.cab

2007-07-20 04:19 800,467 -c--a-w C:\Arquivos de programas\Arquivos comuns\AUG2007_d3dx10_35_x86.cab

2007-07-20 04:19 1,803,760 -c--a-w C:\Arquivos de programas\Arquivos comuns\AUG2007_d3dx9_35_x64.cab

2007-07-20 04:18 44,684 -c--a-w C:\Arquivos de programas\Arquivos comuns\dxdllreg_x86.cab

2007-07-20 04:18 201,696 -c--a-w C:\Arquivos de programas\Arquivos comuns\AUG2007_XACT_x64.cab

2007-07-20 04:18 156,612 -c--a-w C:\Arquivos de programas\Arquivos comuns\AUG2007_XACT_x86.cab

2007-07-20 04:18 1,711,752 -c--a-w C:\Arquivos de programas\Arquivos comuns\AUG2007_d3dx9_35_x86.cab

2006-10-25 16:17 74,520 -c--a-w C:\Documents and Settings\DirectX\DSETUP.dll

2006-10-25 16:17 484,632 -c--a-w C:\Documents and Settings\DirectX\DXSETUP.exe

2006-10-25 16:17 2,248,984 -c--a-w C:\Documents and Settings\DirectX\dsetup32.dll

1998-08-24 15:09 10,000 -c--a-w C:\WINDOWS\inf\unregpn.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-06-05 10:48 2113360]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced WindowsCare V2 Personal"="C:\Arquivos de programas\IObit\Advanced WindowsCare V2\Awcl.exe" [2007-12-13 15:56 2653976]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 02:47 7311360]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-07-16 19:17 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-05-11 23:12 49152 C:\Arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2005-11-11 02:47 7311360 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2005-11-11 02:47 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-03-21 14:44 185896 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a--c--- 2005-11-11 02:47 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a--c--- 2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

--a------ 2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

--a--c--- 2005-11-01 04:15 163840 C:\WINDOWS\system32\VTTrayp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"C:\\Arquivos de programas\\SopCast\\sopvod.exe"=

"C:\\Arquivos de programas\\Real\\RealPlayer\\realplay.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\Arquivos de programas\\MegaCubo\\megacubo.exe"=

"C:\\Arquivos de programas\\MegaCubo\\bin\\minifly.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 23:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 23:39]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-18 11:14]

R2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-07-18 11:14]

S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6ae92c1-7bef-11dc-a4c6-0018f3482142}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dafd96bd-bfc9-11dc-a5ac-0018f3482142}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

- - - - ORFAOS REMOVIDOS - - - -

HKCU-Run-PowerBar - (no file)

Notify-WgaLogon - (no file)

MSConfigStartUp-MDNS - C:\WINDOWS\system32\service.exe

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\edson\Dados de aplicativos\Mozilla\Firefox\Profiles\wwrh2dvi.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-06 19:50:06

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = ????????????l?@?l?@?D??????w???????????????wl?@?l?@????? ??????????????w???w???????w?m?wx????????m?w???????? ??????????????|x???0???????????@??????w???????????????? z??????V???????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-08-06 19:52:12

ComboFix-quarantined-files.txt 2008-08-06 22:52:09

Pre-Run: 16 pasta(s) 30,431,879,168 bytes disponíveis

Post-Run: 21 pasta(s) 30,404,091,904 bytes disponíveis

170 --- E O F --- 2008-03-05 06:25:25

Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:55:19, on 6/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\IObit\Advanced WindowsCare V2\Awcl.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896