[Arquivado] Erro De Aplicativo Explorer.exe e sdsd.exe

[Thomas95 0]

Bom...toda a vez qe inicio o windows em meu PC aparece um isso

 

Explorer.EXE - Erro de aplicativo

 

A instrução no "0x71a76a55"fez referencia à memória no "0x71a76a55".A memória não pode ser "read".

 

Clique em 'OK' para encerrar o programa

Clique em 'Cancelar' para depurar o programa

 

E assim que clico em OK ou Cancelar desaparecem todos o icones da tela e tbm a barra de tarefas,mas depois de algum segundos volta ao normal e reaparece tudo.

 

E tbm vem acontecendo um outro erro:

 

sdsd.exe - Erro de aplicativo

 

A instrução no "0x7c90100b" fez referencia a memória no "0x00000034".A memória não pôde ser "read"

 

Clique em 'OK' para encerrar o programa

Clique em 'Cancelar' para depura o programa

 

E esse erro sdsd.exe nao acontece somente quando o sistema se inicia mas tbm muito constantemente depois de o sistema ter sido iniciado muitas vezes atrapalhando nos programas qe estou executando.

 

Se alguem puder ajudar agradeço.

 

Segue abaixo um Log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:02:54, on 29/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

D:\arquivos de programas\steam\steam.exe

C:\Arquivos de programas\TuneUp Utilities 2008\MemOptimizer.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\SYSTEM32\rundll32.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\RegCure\RegCure.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "d:\arquivos de programas\steam\steam.exe" -silent

O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Arquivos de programas\TuneUp Utilities 2008\MemOptimizer.exe" autostart

O4 - HKCU\..\Run: [Eraser] C:\DOCUME~1\user\CONFIG~1\Temp\Rar$EX03.312\Eraser\eraser.exe -hide

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8AE49F26-FA5C-4153-AE63-1BDFF4E8C52F}: NameServer = 200.221.11.100,200.221.11.101

O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 

--

End of file - 7296 bytes

[jgarcia 1]

Opa Thomas95,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Abraços.

[Thomas95 0]

Segue abaixo o log do ComboFix

 

 

ComboFix 08-12-30.02 - user 2008-12-31 11:41:39.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.767.456 [GMT -2:00]

Executando de: c:\documents and settings\user\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013

c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\LucK.exe

c:\system\S-1-5-21-1482476501-1644491937-682003330-1013

c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\Perfume.exe

c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\USB.exe

c:\windows\AppPatch\AcSpecf.sdb

c:\windows\AppPatch\AcXtrnel.bpl

c:\windows\system32\mdm.exe

c:\windows\system32\spools.exe

c:\windows\temp\wmsetup.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-28 to 2008-12-31 ))))))))))))))))))))))))))))

.

 

2008-12-31 10:25 . 2008-12-31 11:10 <DIR> d-------- c:\documents and settings\user\Dados de aplicativos\ImgBurn

2008-12-31 10:23 . 2008-12-31 11:38 9,772 --a------ c:\documents and settings\user\sdsd21.exe

2008-12-31 10:22 . 2008-12-31 10:22 <DIR> d-------- c:\arquivos de programas\ImgBurn

2008-12-30 22:55 . 2008-12-30 22:55 <DIR> d-------- c:\arquivos de programas\Orbitdownloader

2008-12-30 22:52 . 2008-12-31 00:05 9,772 --a------ c:\documents and settings\user\sdsd2.exe

2008-12-30 22:42 . 2008-12-30 22:42 <DIR> d-------- c:\arquivos de programas\Yahoo!

2008-12-30 22:42 . 2008-12-30 22:42 <DIR> d-------- c:\arquivos de programas\CCleaner

2008-12-30 21:22 . 2008-12-30 22:56 <DIR> dr------- c:\documents and settings\user\Favoritos

2008-12-30 14:59 . 2008-12-30 22:27 9,772 --a------ c:\documents and settings\user\sdsxd.exe

2008-12-29 23:43 . 2008-12-31 11:39 40,960 --a------ c:\documents and settings\user\kkkfucku.exe

2008-12-29 23:42 . 2008-12-30 22:45 9,772 --a------ c:\documents and settings\user\sdsd.exe

2008-12-29 23:13 . 2008-12-29 23:43 <DIR> d-------- c:\documents and settings\user\Dados de aplicativos\uTorrent

2008-12-29 22:34 . 2008-12-29 22:34 <DIR> d-------- c:\arquivos de programas\Trend Micro

2008-12-29 22:08 . 2008-12-29 22:08 <DIR> d-------- c:\documents and settings\user\Dados de aplicativos\Malwarebytes

2008-12-29 22:08 . 2008-12-29 22:08 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-12-29 21:07 . 2008-12-30 20:31 695 --a------ c:\windows\Mp3CutterJoiner.ini

2008-12-29 21:06 . 2008-12-30 20:31 5 --a------ c:\windows\system32\SySMP3CutJoin.dat

2008-12-29 20:44 . 2008-12-29 20:44 540 --a------ c:\windows\wininit.ini

2008-12-29 12:32 . 2008-12-29 12:32 <DIR> d-------- c:\documents and settings\user\Dados de aplicativos\Desktopicon

2008-12-28 22:01 . 2008-12-28 22:01 286,720 --a------ c:\windows\iun506.exe

2008-12-27 22:46 . 2008-12-27 22:46 <DIR> d-------- c:\windows\Crack

2008-12-27 10:17 . 2008-12-27 10:17 <DIR> dr-hs---- C:\Recycle

2008-12-19 23:39 . 2008-12-19 23:39 <DIR> d-------- c:\arquivos de programas\Microsoft Office Outlook Connector

2008-12-19 23:37 . 2008-12-19 23:37 <DIR> d-------- c:\arquivos de programas\Microsoft

2008-12-19 23:36 . 2008-12-19 23:36 <DIR> d-------- c:\arquivos de programas\Windows Live SkyDrive

2008-12-18 13:00 . 2008-12-18 13:00 <DIR> d-------- c:\windows\ie8updates

2008-12-18 11:53 . 2008-12-18 11:54 48 --a------ c:\windows\scmate.ini

2008-12-12 13:17 . 2008-12-30 22:17 <DIR> d-------- c:\documents and settings\user\Dados de aplicativos\Any Video Converter

2008-12-12 13:02 . 2008-12-12 13:03 <DIR> d-------- c:\documents and settings\user\Dados de aplicativos\gtk-2.0

2008-12-12 13:01 . 2008-12-12 13:01 <DIR> d-------- c:\documents and settings\user\avidemux

2008-12-10 19:35 . 2008-12-10 19:50 <DIR> d-------- c:\arquivos de programas\Windows Live Safety Center

2008-12-05 23:00 . 2008-01-09 10:22 110,464 --a------ c:\windows\system32\drivers\lgmcmdm.sys

2008-12-05 23:00 . 2008-01-09 10:22 109,952 --a------ c:\windows\system32\drivers\lgmcunic.sys

2008-12-05 23:00 . 2008-01-09 10:22 104,448 --a------ c:\windows\system32\drivers\lgmcmgmt.sys

2008-12-05 23:00 . 2008-01-09 10:22 100,480 --a------ c:\windows\system32\drivers\lgmcobex.sys

2008-12-05 23:00 . 2008-01-09 10:22 83,584 --a------ c:\windows\system32\drivers\lgmcbus.sys

2008-12-05 23:00 . 2008-01-09 10:22 25,344 --a------ c:\windows\system32\drivers\lgmcnd5.sys

2008-12-05 23:00 . 2008-01-09 10:22 14,976 --a------ c:\windows\system32\drivers\lgmcmdfl.sys

2008-12-05 23:00 . 2008-01-09 10:22 12,160 --a------ c:\windows\system32\drivers\lgmcwhnt.sys

2008-12-05 23:00 . 2008-01-09 10:22 12,160 --a------ c:\windows\system32\drivers\lgmcwh.sys

2008-12-05 23:00 . 2008-01-09 10:22 12,160 --a------ c:\windows\system32\drivers\lgmccmnt.sys

2008-12-05 23:00 . 2008-01-09 10:22 12,160 --a------ c:\windows\system32\drivers\lgmccm.sys

2008-12-05 23:00 . 2008-01-09 10:22 10,496 --a------ c:\windows\system32\drivers\lgmccr.sys

2008-12-05 22:58 . 2008-12-05 23:00 <DIR> d-------- c:\arquivos de programas\LG PC Suite II

2008-12-05 22:58 . 2007-11-08 16:26 1,164,728 --a------ c:\windows\system32\NMSDVDXU.dll

2008-12-05 22:58 . 2005-09-26 22:55 419,240 --a------ c:\windows\system32\Vsflex7L.ocx

2008-12-05 22:58 . 2000-05-22 00:00 244,416 --a------ c:\windows\system32\Msflxgrd.ocx

2008-12-04 14:11 . 2008-12-04 14:11 <DIR> d-------- c:\windows\SiS

2008-12-04 09:36 . 2008-12-31 11:41 <DIR> dr-hs---- C:\SYSTEM

2008-12-03 14:17 . 2008-12-03 14:17 <DIR> d-------- c:\windows\nview

2008-12-03 14:17 . 2008-12-03 14:17 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles

2008-12-03 13:45 . 2008-12-03 13:45 <DIR> d-------- c:\windows\nview(2)

2008-12-03 13:45 . 2008-12-31 10:21 182,038 --a------ c:\windows\system32\nvapps.xml

2008-12-03 13:45 . 2008-05-02 22:46 181,895 --a------ c:\windows\system32\nvdsp.chm

2008-12-03 13:45 . 2008-05-02 22:46 121,529 --a------ c:\windows\system32\nvcpl.chm

2008-12-03 13:45 . 2008-05-02 22:46 116,384 --a------ c:\windows\system32\nv3d.chm

2008-12-03 13:45 . 2008-05-02 22:46 54,988 --a------ c:\windows\system32\nvmob.chm

2008-12-03 13:45 . 2008-05-02 22:46 18,070 --a------ c:\windows\system32\nvdisp.nvu

2008-12-03 12:57 . 2006-10-22 12:22 208,896 --a------ c:\windows\system32\nvudisp.exe

2008-12-03 12:56 . 2006-10-22 15:06 208,896 --a------ c:\windows\system32\NVUNINST.EXE

2008-12-03 12:31 . 2008-12-05 16:09 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\NexonUS

2008-12-02 22:44 . 2008-12-02 22:45 79 --a------ c:\windows\SuperUtil.ini

2008-12-02 22:42 . 2008-03-12 20:06 276,480 --a------ c:\windows\system32\baksm.dll

2008-12-02 22:42 . 2008-12-02 22:42 0 --a------ c:\windows\system32\suupdate.dat

2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll

2008-12-02 20:33 . 2005-12-19 16:43 32,768 --a------ c:\windows\system32\drivers\sisnicxp.sys

2008-12-02 18:57 . 2008-12-02 18:57 <DIR> d-------- c:\arquivos de programas\Realtek Sound Manager

2008-12-02 18:57 . 2001-07-06 00:19 164 --a------ c:\windows\avrack.ini

2008-12-02 18:56 . 2008-12-02 18:56 <DIR> d-------- c:\arquivos de programas\Realtek AC97

2008-12-02 18:56 . 2006-11-17 05:42 577,536 --a------ c:\windows\soundman.exe

2008-12-02 18:56 . 2006-07-31 11:19 315,392 --a------ c:\windows\alcupd.exe

2008-12-02 18:56 . 2006-07-31 11:27 217,088 --a------ c:\windows\Alcrmv.exe

2008-12-02 17:23 . 2008-12-02 17:23 <DIR> d-------- c:\documents and settings\user\Dados de aplicativos\Thinstall

2008-12-02 11:15 . 2008-12-03 09:41 13,085 --a------ c:\windows\system32\oodbs.lor

2008-12-01 21:32 . 2008-12-01 21:43 <DIR> d-------- c:\windows\system32\oodag

2008-12-01 21:25 . 2008-12-01 21:25 0 --a------ c:\windows\OODCNT.INI

2008-12-01 17:28 . 2008-12-01 17:29 <DIR> d-------- c:\windows\system32\Adobe

2008-11-30 21:43 . 2002-10-29 16:59 3,173,047 --------- c:\windows\NtwSpeed.CAB

2008-11-30 21:43 . 2008-11-30 21:43 93,184 --------- c:\windows\Setup1.exe

2008-11-30 21:43 . 2008-11-30 21:43 73,216 --a------ c:\windows\ST6UNST.EXE

2008-11-30 21:43 . 2008-11-30 21:43 1,596 --a------ c:\windows\ST6UNST.001

2008-11-30 10:36 . 2008-11-30 10:36 909 --a------ c:\windows\system32\%LocalXml%

2008-11-28 13:54 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

2008-11-27 16:08 . 2008-12-30 22:53 <DIR> d-------- c:\arquivos de programas\Leiterow

2008-11-27 14:23 . 2008-12-31 11:41 <DIR> dr-hs---- C:\RESTORE

2008-11-23 17:09 . 2008-12-30 22:08 <DIR> d-------- c:\documents and settings\user\Dados de aplicativos\SAMSUNG

2008-11-23 17:08 . 2008-12-30 22:14 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers

2008-11-23 17:08 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll

2008-11-23 17:08 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico

2008-11-23 17:07 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys

2008-11-23 09:06 . 2008-11-23 09:06 236 --a------ C:\sqmdata19.sqm

2008-11-23 09:06 . 2008-11-23 09:06 200 --a------ C:\sqmnoopt19.sqm

2008-11-22 19:19 . 2008-12-05 23:00 <DIR> d-------- c:\arquivos de programas\LG Electronics

2008-11-22 19:17 . 2008-11-23 17:34 <DIR> d-------- c:\documents and settings\user\Dados de aplicativos\LG Electronics

2008-11-21 23:54 . 2008-11-21 23:54 <DIR> d-------- c:\arquivos de programas\QT Lite

2008-11-21 23:54 . 2008-09-06 15:09 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx

2008-11-21 23:54 . 2008-09-06 15:09 57,344 --a------ c:\windows\system32\QuickTime.qts

2008-11-21 23:41 . 2008-11-21 23:41 <DIR> d-------- c:\arquivos de programas\Real Alternative

2008-11-20 22:10 . 2008-11-20 22:10 236 --a------ C:\sqmdata18.sqm

2008-11-20 22:10 . 2008-11-20 22:10 200 --a------ C:\sqmnoopt18.sqm

2008-11-20 21:43 . 2008-11-20 21:43 850 --a------ c:\windows\system32\ProductTweaks.xml

2008-11-20 21:43 . 2008-11-20 21:43 385 --a------ c:\windows\system32\user_gensett.xml

2008-11-20 21:35 . 2008-11-20 21:38 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\BitDefender

2008-11-20 20:54 . 2008-11-20 20:54 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Backup

2008-11-20 14:15 . 2008-11-20 14:15 236 --a------ C:\sqmdata17.sqm

2008-11-20 14:15 . 2008-11-20 14:15 200 --a------ C:\sqmnoopt17.sqm

2008-11-18 21:20 . 2008-11-18 21:40 <DIR> d-------- c:\documents and settings\user\Dados de aplicativos\mIRC

2008-11-16 20:52 . 2008-11-16 20:52 <DIR> dr-hs---- C:\CONFIG

2008-11-16 10:57 . 2008-11-16 10:57 236 --a------ C:\sqmdata16.sqm

2008-11-16 10:57 . 2008-11-16 10:57 200 --a------ C:\sqmnoopt16.sqm

2008-11-16 02:51 . 2008-11-16 02:51 <DIR> d--hs---- c:\documents and settings\Convidado\PrivacIE

2008-11-15 19:02 . 2008-04-13 11:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys

2008-11-15 19:02 . 2008-04-13 11:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys

2008-11-15 09:59 . 2008-11-15 09:59 236 --a------ C:\sqmdata15.sqm

2008-11-15 09:59 . 2008-11-15 09:59 200 --a------ C:\sqmnoopt15.sqm

2008-11-14 19:29 . 2008-11-14 19:29 <DIR> d-------- c:\arquivos de programas\DAEMON Tools Lite

2008-11-12 12:00 . 2008-11-12 12:00 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2008-11-12 07:50 . 2008-10-24 09:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 06:53 . 2008-11-12 06:53 236 --a------ C:\sqmdata14.sqm

2008-11-12 06:53 . 2008-11-12 06:53 200 --a------ C:\sqmnoopt14.sqm

2008-11-07 19:32 . 2008-11-07 19:32 236 --a------ C:\sqmdata13.sqm

2008-11-07 19:32 . 2008-11-07 19:32 200 --a------ C:\sqmnoopt13.sqm

2008-11-03 13:44 . 2008-11-03 13:44 236 --a------ C:\sqmdata12.sqm

2008-11-03 13:44 . 2008-11-03 13:44 200 --a------ C:\sqmnoopt12.sqm

2008-11-03 13:38 . 2008-11-03 13:38 236 --a------ C:\sqmdata11.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-31 13:42 --------- d-----w c:\documents and settings\user\Dados de aplicativos\Orbit

2008-12-29 14:32 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-12-06 01:00 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-12-05 13:58 --------- d-----w c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2008-12-05 13:58 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-12-02 21:18 --------- d-----w c:\arquivos de programas\Java

2008-12-02 20:57 --------- d-----w c:\arquivos de programas\AvRack

2008-12-02 19:23 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2008-11-03 15:08 --------- d-----w c:\arquivos de programas\SystemRequirementsLab

2008-10-31 14:03 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys

2008-10-31 14:02 --------- d-----w c:\arquivos de programas\Windows Live

2008-10-31 00:23 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2008-10-30 21:29 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Steam"="d:\arquivos de programas\steam\steam.exe" [2008-11-27 1410296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]

"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-12-30 1690824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\documents and settings\All Users\Dados de aplicativos\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Iniciar^Programas^Inicializar^IPCheck.lnk]

backup=c:\windows\pss\IPCheck.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEIT Agent

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2006-01-13 04:39 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-10-22 12:22 7700480 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2006-11-17 05:42 577536 c:\windows\soundman.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Documents and Settings\\user\\kkkfucku.exe"=

"c:\\Arquivos de programas\\Leiterow\\mIRC.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Recycle\\X-5-4-27-2345678318-4567890223-4234567884-2341\\RisinG.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"44405:TCP"= 44405:TCP:MuOnline

"55901:TCP"= 55901:TCP:MuOnline

"27015:TCP"= 27015:TCP:CounterStrike

"8090:TCP"= 8090:TCP:MuOnline

"1433:TCP"= 1433:TCP:MuOnline

"27015:UDP"= 27015:UDP:Counter Strike

"27016:TCP"= 27016:TCP:Counter Strike

"27016:UDP"= 27016:UDP:Counter Strike

 

R2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [2007-02-26 61440]

S1 SuperMounter;SuperMounter; []

S2 cdralw;NVIDIA Compatible Windows Miniport Driver; []

S3 ATE_PROCMON;ATE_PROCMON; []

S3 CrystalSysInfo;CrystalSysInfo; []

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\d:\meus documentos\Everest\kerneld.wnt []

S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmcbus.sys [2008-12-05 83584]

S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmcmdfl.sys [2008-12-05 14976]

S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmcmdm.sys [2008-12-05 110464]

S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmcmgmt.sys [2008-12-05 104448]

S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\DRIVERS\lgmcnd5.sys [2008-12-05 25344]

S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmcobex.sys [2008-12-05 100480]

S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\DRIVERS\lgmcunic.sys [2008-12-05 109952]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fd0fb3d-46e4-11dd-a9c5-00115be363bc}]

\Shell\AutoRun\command - wkcay8u.cmd

\Shell\explore\Command - wkcay8u.cmd

\Shell\open\Command - wkcay8u.cmd

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C987892}]

c:\recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX3C644141}]

c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-22CX3C644241}]

c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\Perfume.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67EFG7H6-8IJL-56YT-KLH4-76WE2D3RAM87}]

c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\\LucK.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67EFG7H6-8IJL-56YT-KLH4-76WE8D3RAM87}]

c:\system\S-3-7-89-2225458569-9856321456-454423558-8896\\Driver.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-12-31 c:\windows\Tasks\1-Click Maintenance.job

- c:\arquivos de programas\TuneUp Utilities 2008\OneClickStarter.exe []

 

2008-12-31 c:\windows\Tasks\User_Feed_Synchronization-{B44AE3DE-E6A7-48F8-B0FE-09DD7BE9C2C6}.job

- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]

 

2008-12-31 c:\windows\Tasks\User_Feed_Synchronization-{F35F9CEE-8236-4D71-87A7-5076611B5C36}.job

- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = *.local

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

TCP: {8AE49F26-FA5C-4153-AE63-1BDFF4E8C52F} = 200.221.11.100,200.221.11.101

 

O16 -: Microsoft XML Parser for Java

 

c:\arquivos de programas\SystemRequirementsLab\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}

hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-31 11:44:58

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver]

"ImagePath"="\??\d:\meus documentos\Everest\kerneld.wnt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-484763869-1214440339-1606980848-1003\Software\Microsoft\Internet Explorer\User Preferences]

@Owner=S-1-5-21-484763869-1214440339-1606980848-1003

@Denied: (2) (S-1-5-21-484763869-1214440339-1606980848-1003)

"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,\

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,f2,39,a7,af,f6,c4,44,a6,1c,ae,\

1f,cc,82,de,8d,00,00,00,00,02,00,00,00,00,00,03,66,00,00,a8,00,00,00,10,00,\

00,00,56,68,eb,f3,10,91,04,f9,27,a7,ff,fd,91,bd,8c,bf,00,00,00,00,04,80,00,\

00,a0,00,00,00,10,00,00,00,06,f8,89,dd,dd,2b,b1,bd,8d,0f,f4,f1,e3,cb,db,5c,\

50,00,00,00,00,1e,77,a1,d5,b6,c1,79,9c,ff,d1,d6,d7,76,74,dc,5b,1d,50,b4,0b,\

b2,af,44,1b,23,59,26,af,6a,5e,8c,29,3a,76,43,d6,a3,a0,8d,a3,3e,65,05,f4,3f,\

00,40,ca,31,ed,11,65,09,6b,e5,ba,cf,19,fd,85,d0,17,ab,11,f1,b3,a7,0a,80,28,\

4a,aa,4d,4b,b8,19,bc,ea,66,14,00,00,00,d4,0b,11,01,68,91,5b,4f,b5,ab,1b,cb,\

7e,b2,75,0a,61,a4,f2,da

"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,\

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,f2,39,a7,af,f6,c4,44,a6,1c,ae,\

1f,cc,82,de,8d,00,00,00,00,02,00,00,00,00,00,03,66,00,00,a8,00,00,00,10,00,\

00,00,63,b6,ad,90,97,6f,b4,16,69,c4,66,98,ce,30,4c,5f,00,00,00,00,04,80,00,\

00,a0,00,00,00,10,00,00,00,38,49,7d,51,f2,18,14,a8,45,e4,ef,78,f4,11,9d,5c,\

10,00,00,00,1b,0f,11,b6,f6,e4,bf,11,f9,34,9b,69,d4,e2,66,1f,14,00,00,00,52,\

f9,4a,63,53,fe,5a,d0,1b,52,bb,33,09,03,76,e7,c7,49,9d,8c

"B34DEDAE08DEBC3D9AE72E5085B5F343BB2B215141"=hex:01,00,00,00,d0,8c,9d,df,01,15,\

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,f2,39,a7,af,f6,c4,44,a6,1c,ae,\

1f,cc,82,de,8d,00,00,00,00,02,00,00,00,00,00,03,66,00,00,a8,00,00,00,10,00,\

00,00,63,90,ab,eb,67,ae,ad,9d,c9,8f,ba,c0,02,89,de,1d,00,00,00,00,04,80,00,\

00,a0,00,00,00,10,00,00,00,77,d8,08,8d,cc,bb,47,99,4a,d3,8b,62,09,ff,fd,fe,\

08,00,00,00,a9,d4,2f,7f,f9,81,3f,9e,14,00,00,00,0e,0d,45,3f,52,4a,ff,06,8d,\

83,96,6c,f4,1b,f8,a8,d8,66,3c,4a

 

[HKEY_USERS\S-1-5-21-484763869-1214440339-1606980848-1003\Software\\¸ìÎ *NULL*QÇ©Æ *NULL*Õ\¸ø­¨· *NULL*ȹ•¼¬ÀÐÅÁ *NULL*ÝÀ1Á´ *NULL*QÇ©Æ *NULL*Õ\¸ø­¨·]

@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)

@Owner=S-1-5-21-484763869-1214440339-1606980848-1003

@Allowed: (Full) (S-1-5-21-484763869-1214440339-1606980848-1003)

@Allowed: (Full) (S-1-5-21-484763869-1214440339-1606980848-1003)

@Allowed: (Full) (LocalSystem)

@Allowed: (Full) (LocalSystem)

@Allowed: (Full) (Administrators)

@Allowed: (Full) (Administrators)

@Allowed: (Read) (S-1-5-12)

@Allowed: (Read) (S-1-5-12)

 

[HKEY_USERS\S-1-5-21-484763869-1214440339-1606980848-1003\Software\\¸ìÎ *NULL*QÇ©Æ *NULL*Õ\¸ø­¨· *NULL*ȹ•¼¬ÀÐÅÁ *NULL*ÝÀ1Á´ *NULL*QÇ©Æ *NULL*Õ\¸ø­¨·\PC Sync]

@Security="Inherited"

 

[HKEY_USERS\S-1-5-21-484763869-1214440339-1606980848-1003\Software\\¸ìÎ *NULL*QÇ©Æ *NULL*Õ\¸ø­¨· *NULL*ȹ•¼¬ÀÐÅÁ *NULL*ÝÀ1Á´ *NULL*QÇ©Æ *NULL*Õ\¸ø­¨·\PC Sync\Settings]

@Security="Inherited"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]

@Owner=S-1-5-21-484763869-1214440339-1606980848-1003

@Denied: (A 2) (Everyone)

@Denied: (A 2) (S-1-5-7)

@="FlashProp Class"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]

@Owner=S-1-5-21-484763869-1214440339-1606980848-1003

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]

@Owner=S-1-5-21-484763869-1214440339-1606980848-1003

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*NULL*]

@Security="Inherited"

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*NULL*]

@Owner=S-1-5-21-484763869-1214440339-1606980848-1003

"OODEFRAG11.00.00.01WORKSTATION"="55EFA2923BCBD6C1D65C6E39EC951136576D7EC74D639C671B999F57A5283ADBC64A8DBB5D0

CCF299E974EFD834FD2DB5B5095AF697C2DA60CCDBA0150633E6985A4C3AE9C6FEB076A167542A7C2

BF08B9DD7F98182D13117144AEC24966D022C20DB7B3CAA1C3B254AB0835656F6F1013D0B23F3BEA0

A17173A618A6EBB6EB29265DF02DCE6B1B5D87F2E80696EC07BEE3528D8D9C38F5FAB423E363E05D3

7FECE43AC7EA91D651DA0E943A06E7530737EADE8A9E5466434342349ADCF5059E2F17C5A4B28C977

81FA56D73B0990EA3BA28D6F05AD093D05573B4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127B

ECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980A

C7933A2D97226D213B555C038D530D6EB34526CBD2518CE948719B47A7CE0806F5C2F52A598D02BA4

295E7A3E8E4E2FDA2194BA8C3C3223E4807A08703AF74965A4269BD49CF9D10273639AA2004371261

40919D2EFE947D37562638110010A85AB22991EA596152515EB9DA2DD403A08D267CEDEF63B620891

6A19D5AA9A8821A22D4CA1F30678A5E4124F751C0666817AFA15A29A68D28C56AFEEB6C726BEE98FD

5A8245DE932818B76F07945190B787A951935BAF4284F9854A195BB4ADA794BAF168B48AA2C180B3D

B8AFF4C06E37960B7ECD482CA62201FE60046CF03E4905CFEFE5B1F2062DB38C4EBA5D0A0DE8E5B45

ACCC91AC7BD8B56CBB8D5487C3ABDD008E02A32906B2D914E66C3431720D56E36B1598FB639898B7D

8D0841E10ECBD3A052569BD45D71FACA9E02036E5324999125A622D515A04EFE04A514E96D577872B

06C268A74517C4973059F2B59E51B5D6FF1AAB734C855D03DE5BA476361682A99BB0CA2046DCE421B

CD361A72035A007D14C6A5DB4FD864809371DD5F38CBE6CB22CDBE453D2CA2ECF02739BEB544D363F

4579C35D49721B80F3C4A3483513C2B94AE34D38CD34BE619953CC210CA265693814D51CC526274CA

60D61A3D2DB3BF1BB41032F80B912A03698B69F3E1B8AF022F1BA181CF7768CE68072CB2154735D32

C8EC1F5993D7B7F51C17F1A82426D670C1FFB8FD9A2E836A28F6A84C4E9DB6C2324CC49498DC2F3B9

AE368EA76D32FC0BA61AE7BC1BF1AEA0D937A9F8FCA7AAEDF4008EEB320D5B5AD5232F54D6C2125F3

19CCECA0DA37E3804DA6CF6D93066235DE93454500D40A9EEBFB20C128A088373845C59163E7A855F

7F6902CB318C9D6C01FD598195C5E2E5699E57231656B3D5387E43C9AB8EE3713614E7130B1DFBE11

C8156D121A087D9E0CFC206170572758376E4AFF3B978F371B0F5E4422B2437F829ACC2CA995C1ECC

75DE2865B503A212D6A0C1489026D387D8FDE7FC61391637363FC9D50F673A3514C16B78977062788

A5C6F7AB81AB236FAD7B709792ADB"

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\drivers\CDAC11BA.EXE

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\IoctlSvc.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\combofix\hidec.exe

c:\combofix\Catchme.tmp

.

**************************************************************************

.

Tempo para conclusão: 2008-12-31 11:48:26 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-12-31 13:47:08

 

Pré-execução: 3.559.165.952 bytes disponíveis

Pós execução: 3,496,775,680 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=IPJL6P

 

372 --- E O F --- 2008-12-18 15:00:41

[jgarcia 1]

Opa Thomas95,

 

Poste um novo log do ComboFix.

 

PS.: Desculpe a demora, pois só retornei ontem de viagem. :thumbsup:

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.