Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

flee85

[Arquivado] problema do system error code 1400 fal

Recommended Posts

Bom segui o processo q esta no topico do resolvido.....

fiz o dl do do Combofix rodei de acordo como estava no topico ai gerou o Log.....

 

parei na parte do CFScript.txt q tenq criar no bloco de notas.... como seria o meu??

 

no aguardo... obrigado.

 

segue o relatorio abaixo:

 

ComboFix 09-01-13.04 - Eliza 2009-01-14 17:27:24.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.949.82.1046.18.2047.1805 [GMT -2:00]

Running from: c:\documents and settings\Eliza\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))

.

 

2009-01-14 14:35 . 2009-01-14 15:34 <DIR> d--h----- C:\$AVG8.VAULT$

2009-01-14 14:31 . 2009-01-14 14:33 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-01-14 14:31 . 2009-01-14 16:51 <DIR> d-------- c:\documents and settings\Eliza\Dados de aplicativos\AVGTOOLBAR

2009-01-14 14:31 . 2009-01-14 14:31 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-01-14 14:31 . 2009-01-14 14:31 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-01-14 14:31 . 2009-01-14 14:31 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-01-14 14:30 . 2009-01-14 14:30 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-01-14 14:30 . 2009-01-14 14:30 <DIR> d-------- c:\arquivos de programas\AVG

2009-01-14 12:27 . 2009-01-14 12:27 1 ---hs---- C:\MSDOS.INF

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-14 15:34 --------- d-----w c:\arquivos de programas\iTHINK

2009-01-14 14:24 --------- d-----w c:\arquivos de programas\Warcraft III

2009-01-13 17:37 --------- d-----w c:\arquivos de programas\PokerStars

2009-01-03 13:19 --------- d-----w c:\arquivos de programas\Google

2008-12-10 23:34 --------- d-----w c:\arquivos de programas\PartyGaming

2008-12-08 20:20 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles

2008-11-22 17:06 --------- d-----w c:\arquivos de programas\Garena

2008-11-22 17:05 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-16 10:26 --------- d-----w c:\arquivos de programas\BigFile

2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-18 16:46 2,829 ----a-w c:\windows\War3Unin.pif

2008-10-18 16:46 139,264 ----a-w c:\windows\War3Unin.exe

2008-10-18 16:25 58,635,007 ----a-w C:\War3TFT_122a_English.exe

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 16:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 16:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-16 10:39 661,504 ----a-w c:\windows\system32\wininet.dll

2008-10-16 05:51 2,732,032 ----a-w C:\ventrilo-3.0.1-Windows-i386.exe

2008-10-15 12:10 67,167,528 ----a-w C:\iTunes801Setup.exe

2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-14_16.45.20,50 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-14 18:43:47 589,824 ----a-w c:\windows\Historico\History.IE5\index.dat

+ 2009-01-14 19:27:27 589,824 ----a-w c:\windows\Historico\History.IE5\index.dat

- 2009-01-14 18:43:47 2,146,304 ----a-w c:\windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-14 19:27:27 2,146,304 ----a-w c:\windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-14 18:51:59 24,337 ----a-w c:\windows\Temporary Internet Files\Content.IE5\YDT6BQLS\www.avg[1].com

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FDA784-0154-418F-810B-F1839272C361}]

2009-01-14 12:27 824832 --a------ c:\windows\system32\DirectX\Dinput\diagx3d.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-28 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"amd_dc_opt"="c:\arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-01-14 1235736]

"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 159744]

"nwiz"="nwiz.exe" [2007-05-10 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= msaud32_divx.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTHINK.exe]

c:\arquivos de programas\iTHINK\iTHINK.exe [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2004-10-27 16:21 61952 c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\CABAL Online(BRAZIL)\\launcher\\update\\ESTdnheadless.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\BugsSvr.exe"=

"c:\\WINDOWS\\system32\\P3MelonSvr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Garena\\Garena.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"53444:TCP"= 53444:TCP:Monkey3Saver

"5435:TCP"= 5435:TCP:Monkey3

"5435:UDP"= 5435:UDP:Monkey3

 

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-14 98440]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-14 90632]

S3 ADSPIDER;ADSPIDER;c:\windows\system32\drivers\adspider.sys [2008-05-20 19999]

S3 ADSPIDEREX;ADSPIDEREX;\??\c:\windows\system32\drivers\adspiderex.sys --> c:\windows\system32\drivers\adspiderex.sys [?]

S3 dump_wmimmc;dump_wmimmc;\??\c:\sealonline\GameGuard\dump_wmimmc.sys --> c:\sealonline\GameGuard\dump_wmimmc.sys [?]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 XDva021;XDva021;\??\c:\windows\system32\XDva021.sys --> c:\windows\system32\XDva021.sys [?]

S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?]

S3 XDva165;XDva165;\??\c:\windows\system32\XDva165.sys --> c:\windows\system32\XDva165.sys [?]

S3 XDva172;XDva172;\??\c:\windows\system32\XDva172.sys --> c:\windows\system32\XDva172.sys [?]

S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys --> c:\windows\system32\XDva177.sys [?]

S3 XDva182;XDva182;\??\c:\windows\system32\XDva182.sys --> c:\windows\system32\XDva182.sys [?]

S4 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-01-14 874776]

S4 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-01-14 231704]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28264a82-b997-11dd-a8c2-001a92ef9dd8}]

\Shell\AutoRun\command - F:\jllwp.com

\Shell\explore\Command - F:\jllwp.com

\Shell\open\Command - F:\jllwp.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ede3daf2-ae19-11dd-a8b5-001a92ef9dd8}]

\Shell\AutoRun\command - F:\lbb.com

\Shell\explore\Command - F:\lbb.com

\Shell\open\Command - F:\lbb.com

.

Contents of the 'Scheduled Tasks' folder

 

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.terra.com.br/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

Trusted Zone: *.bigfile.co.kr

 

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

c:\windows\NMUninst18.exe - c:\windows\NMUpdate25_1.exe

c:\windows\Downloaded Program Files\NMStarter25.dll

O16 -: {00001025-A15C-11D4-97A4-0050BF0FBE67}

hxxp://download.netmarble.com/web/nmstarter/NMStarter25.cab

c:\windows\Downloaded Program Files\NMStarter25.inf

 

c:\windows\Downloaded Program Files\BigFile.ocx - O16 -: {03AF249E-119E-4569-838E-167E929EC6DA}

hxxp://www.bigfile.co.kr/client/BigFile.cab

 

c:\windows\system32\IndexedColorDecoder.dll - c:\windows\system32\WaveletDecoder.dll

c:\windows\system32\ToonsXHook.dll

c:\windows\system32\MAIS.VXD

c:\windows\system32\IMGSFMGR.dll

c:\windows\system32\IMGSFLOADER.exe

c:\windows\system32\IMGSF03.dll

c:\windows\system32\IMGSF02.dll

c:\windows\system32\IMGSF01.dll

c:\windows\system32\CaptureProtect.dll

c:\windows\system32\ToonsXParan3.ocx

O16 -: {1AD649C1-8B55-4033-9019-CF452DB5499E}

hxxp://comic.paran.com/tns_web2/ToonsXParan3.cab

c:\windows\Downloaded Program Files\ToonsXParan3.inf

 

c:\windows\Downloaded Program Files\NHNComicViewer.dll - O16 -: {2029F1D2-90E4-49EF-9824-F666D238BFF6}

hxxp://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab

c:\windows\Downloaded Program Files\NHNComicViewer.inf

 

c:\windows\Downloaded Program Files\TPopupRegP.dll - O16 -: {22D427A5-E460-4B08-9378-9708F7544129}

hxxp://www.tygem.com/pub/ActiveX/TPopupRegP.cab

 

c:\windows\Downloaded Program Files\webstarter.ocx - O16 -: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49}

hxxp://wo.tk.co.kr/webstarter/webstarter.cab

c:\windows\Downloaded Program Files\webstarter.inf

 

c:\windows\Downloaded Program Files\Monkey3ActiveXControl.ocx - O16 -: {820359CA-BD53-4BDF-8393-282FEEAE8C53}

hxxp://www.monkey3.co.kr/Monkey3ActiveX/Monkey3ActiveXControl.cab

c:\windows\Downloaded Program Files\Monkey3ActiveXControl.inf

 

c:\windows\KukiProc111.exe - c:\windows\Downloaded Program Files\NMTransX.dll

c:\windows\KukiProc112.exe

c:\windows\KukiProc113.exe

O16 -: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6}

hxxp://download.netmarble.net/NMChatX/NMTransX.cab

c:\windows\Downloaded Program Files\NMTransX.inf

 

c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll

c:\windows\system32\olepro32.dll

c:\windows\Downloaded Program Files\kdfense8.ocx

O16 -: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B}

hxxp://download.netmarble.com/kdefence/kdfense8237.cab

c:\windows\Downloaded Program Files\kdfense8.inf

 

c:\windows\system32\mfc42.dll - c:\windows\system32\olepro32.dll

c:\windows\Downloaded Program Files\BugsInstallerEx.ocx

c:\windows\system32\bugs_install.gif

O16 -: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69}

hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab

c:\windows\Downloaded Program Files\BugsInstallerEx.inf

 

c:\windows\system32\atl.dll - c:\windows\system32\MelonDN.exe

c:\windows\system32\MelonWebPlayer.dll

c:\windows\system32\p3Instl2.dll

c:\windows\system32\p3Instl1.dll

O16 -: {C0B2F53E-5E61-4856-B314-FE9AE262A796}

hxxp://www.melon.com/cab/P3MelWebInstall.cab

c:\windows\Downloaded Program Files\P3MelInstall.inf

 

c:\windows\system32\DanCom.dll - c:\windows\system32\dbgtrace.dll

c:\windows\Downloaded Program Files\JoinBaduk.ocx

O16 -: {E9429003-6294-4F4F-BCAB-83AD4DAAFED0}

hxxp://service.tygem.com/service/JoinBaduk.cab

c:\windows\Downloaded Program Files\JoinBaduk.inf

 

c:\windows\netmable.ico - c:\windows\system32\ToonsXHook.dll

c:\windows\system32\WaveletDecoder.dll

c:\windows\system32\IndexedColorDecoder.dll

c:\windows\system32\ToonsXESetPND.ocx

c:\windows\system32\CaptureProtect.dll

c:\windows\system32\IMGSF01.dll

c:\windows\system32\IMGSF02.dll

c:\windows\system32\IMGSF03.dll

c:\windows\system32\IMGSFLOADER.exe

c:\windows\system32\IMGSFMGR.dll

c:\windows\system32\MAIS.VXD

c:\windows\system32\ToonsHook2.dll

O16 -: {E97946F0-6F90-4738-95EF-33A946451580}

hxxp://comix.netmarble.net/mv/viewer/ToonsXESetPND10012.cab

c:\windows\Downloaded Program Files\ToonsXESetPND.inf

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-14 17:28:51

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1844237615-1972579041-839522115-1003\Software\Microsoft\MessengerService\GroupStateCacheU\*촴?

"Name"=hex:00,ac,71,c8,00,00

"Collapsed"=hex:01,00,00,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(224)

c:\windows\system32\avgrsstx.dll

 

- - - - - - - > 'lsass.exe'(308)

c:\windows\system32\avgrsstx.dll

.

Completion time: 2009-01-14 17:29:40

ComboFix-quarantined-files.txt 2009-01-14 19:29:38

ComboFix2.txt 2009-01-14 18:45:50

 

Pre-Run: 16 pasta(s) 35.662.667.776 bytes disponiveis

Post-Run: 16 pasta(s) 35,652,866,048 bytes disponiveis

 

258 --- E O F --- 2008-12-19 11:10:21

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! flee85

 

<@> Insira sua(s) unidade(s) removíveis,na entrada USB.

<@> Copie estas informações,entre os XXXXXXX....,para o Bloco de Notas.

<@> Salve-as,no desktop,como: CFScript <-- Texto!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

File::

c:\sealonline\GameGuard\dump_wmimmc.sys

F:\jllwp.com

F:\lbb.com

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28264a82-b997-11dd-a8c2-001a92ef9dd8}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ede3daf2-ae19-11dd-a8b5-001a92ef9dd8}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTHINK.exe]

Driver::

"dump_wmimmc"

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Arraste o CFScript.txt,para o ícone do ComboFix.

<@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe.

<@> Terminando,poste: ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

ai vai o texto atualizado, antes disso... uma duvida tenho q instala esse Hijackthis??

 

 

ComboFix 09-01-13.04 - Eliza 2009-01-15 0:27:06.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.949.82.1046.18.2047.1617 [GMT -2:00]

Running from: c:\documents and settings\Eliza\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Eliza\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

c:\sealonline\GameGuard\dump_wmimmc.sys

F:\jllwp.com

F:\lbb.com

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DUMP_WMIMMC

-------\Service_dump_wmimmc

 

 

((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))

.

 

2009-01-14 14:35 . 2009-01-14 15:34 <DIR> d--h----- C:\$AVG8.VAULT$

2009-01-14 14:31 . 2009-01-14 19:54 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-01-14 14:31 . 2009-01-14 16:51 <DIR> d-------- c:\documents and settings\Eliza\Dados de aplicativos\AVGTOOLBAR

2009-01-14 14:31 . 2009-01-14 14:31 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-01-14 14:31 . 2009-01-14 14:31 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-01-14 14:31 . 2009-01-14 14:31 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-01-14 14:30 . 2009-01-14 14:30 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-01-14 14:30 . 2009-01-14 14:30 <DIR> d-------- c:\arquivos de programas\AVG

2009-01-14 12:27 . 2009-01-14 12:27 1 ---hs---- C:\MSDOS.INF

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-14 20:54 --------- d-----w c:\arquivos de programas\PokerStars

2009-01-14 20:52 --------- d-----w c:\arquivos de programas\Warcraft III

2009-01-14 15:34 --------- d-----w c:\arquivos de programas\iTHINK

2009-01-03 13:19 --------- d-----w c:\arquivos de programas\Google

2008-12-10 23:34 --------- d-----w c:\arquivos de programas\PartyGaming

2008-12-08 20:20 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles

2008-11-22 17:06 --------- d-----w c:\arquivos de programas\Garena

2008-11-22 17:05 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-16 10:26 --------- d-----w c:\arquivos de programas\BigFile

2008-10-18 16:46 2,829 ----a-w c:\windows\War3Unin.pif

2008-10-18 16:46 139,264 ----a-w c:\windows\War3Unin.exe

2008-10-18 16:25 58,635,007 ----a-w C:\War3TFT_122a_English.exe

2008-10-16 05:51 2,732,032 ----a-w C:\ventrilo-3.0.1-Windows-i386.exe

2008-10-15 12:10 67,167,528 ----a-w C:\iTunes801Setup.exe

2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-14_16.45.20,50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 22:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

- 2009-01-14 18:43:47 589,824 ----a-w c:\windows\Historico\History.IE5\index.dat

+ 2009-01-15 02:29:44 589,824 ----a-w c:\windows\Historico\History.IE5\index.dat

- 2009-01-14 18:44:37 40,128 ----a-w c:\windows\system32\perfc009.dat

+ 2009-01-15 02:27:03 40,128 ----a-w c:\windows\system32\perfc009.dat

- 2009-01-14 18:44:37 48,764 ----a-w c:\windows\system32\perfc016.dat

+ 2009-01-15 02:27:03 48,764 ----a-w c:\windows\system32\perfc016.dat

- 2009-01-14 18:44:37 311,740 ----a-w c:\windows\system32\perfh009.dat

+ 2009-01-15 02:27:03 311,740 ----a-w c:\windows\system32\perfh009.dat

- 2009-01-14 18:44:37 344,480 ----a-w c:\windows\system32\perfh016.dat

+ 2009-01-15 02:27:03 344,480 ----a-w c:\windows\system32\perfh016.dat

- 2009-01-14 18:43:47 2,146,304 ----a-w c:\windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-15 02:29:36 2,146,304 ----a-w c:\windows\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FDA784-0154-418F-810B-F1839272C361}]

2009-01-14 12:27 824832 --a------ c:\windows\system32\DirectX\Dinput\diagx3d.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-28 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"amd_dc_opt"="c:\arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-01-14 1235736]

"nwiz"="nwiz.exe" [2007-05-10 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= msaud32_divx.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2004-10-27 16:21 61952 c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\CABAL Online(BRAZIL)\\launcher\\update\\ESTdnheadless.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\BugsSvr.exe"=

"c:\\WINDOWS\\system32\\P3MelonSvr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Garena\\Garena.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"53444:TCP"= 53444:TCP:Monkey3Saver

"5435:TCP"= 5435:TCP:Monkey3

"5435:UDP"= 5435:UDP:Monkey3

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-14 98440]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-14 90632]

R4 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-01-14 874776]

R4 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-01-14 231704]

S3 ADSPIDER;ADSPIDER;c:\windows\system32\drivers\adspider.sys [2008-05-20 19999]

S3 ADSPIDEREX;ADSPIDEREX;\??\c:\windows\system32\drivers\adspiderex.sys --> c:\windows\system32\drivers\adspiderex.sys [?]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 XDva021;XDva021;\??\c:\windows\system32\XDva021.sys --> c:\windows\system32\XDva021.sys [?]

S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?]

S3 XDva165;XDva165;\??\c:\windows\system32\XDva165.sys --> c:\windows\system32\XDva165.sys [?]

S3 XDva172;XDva172;\??\c:\windows\system32\XDva172.sys --> c:\windows\system32\XDva172.sys [?]

S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys --> c:\windows\system32\XDva177.sys [?]

S3 XDva182;XDva182;\??\c:\windows\system32\XDva182.sys --> c:\windows\system32\XDva182.sys [?]

 

--- Other Services/Drivers In Memory ---

 

*Deregistered* - InCDrec

.

Contents of the 'Scheduled Tasks' folder

 

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.terra.com.br/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

Trusted Zone: *.bigfile.co.kr

 

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

c:\windows\NMUninst18.exe - c:\windows\NMUpdate25_1.exe

c:\windows\Downloaded Program Files\NMStarter25.dll

O16 -: {00001025-A15C-11D4-97A4-0050BF0FBE67}

hxxp://download.netmarble.com/web/nmstarter/NMStarter25.cab

c:\windows\Downloaded Program Files\NMStarter25.inf

 

c:\windows\Downloaded Program Files\BigFile.ocx - O16 -: {03AF249E-119E-4569-838E-167E929EC6DA}

hxxp://www.bigfile.co.kr/client/BigFile.cab

 

c:\windows\system32\IndexedColorDecoder.dll - c:\windows\system32\WaveletDecoder.dll

c:\windows\system32\ToonsXHook.dll

c:\windows\system32\MAIS.VXD

c:\windows\system32\IMGSFMGR.dll

c:\windows\system32\IMGSFLOADER.exe

c:\windows\system32\IMGSF03.dll

c:\windows\system32\IMGSF02.dll

c:\windows\system32\IMGSF01.dll

c:\windows\system32\CaptureProtect.dll

c:\windows\system32\ToonsXParan3.ocx

O16 -: {1AD649C1-8B55-4033-9019-CF452DB5499E}

hxxp://comic.paran.com/tns_web2/ToonsXParan3.cab

c:\windows\Downloaded Program Files\ToonsXParan3.inf

 

c:\windows\Downloaded Program Files\NHNComicViewer.dll - O16 -: {2029F1D2-90E4-49EF-9824-F666D238BFF6}

hxxp://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab

c:\windows\Downloaded Program Files\NHNComicViewer.inf

 

c:\windows\Downloaded Program Files\TPopupRegP.dll - O16 -: {22D427A5-E460-4B08-9378-9708F7544129}

hxxp://www.tygem.com/pub/ActiveX/TPopupRegP.cab

 

c:\windows\Downloaded Program Files\webstarter.ocx - O16 -: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49}

hxxp://wo.tk.co.kr/webstarter/webstarter.cab

c:\windows\Downloaded Program Files\webstarter.inf

 

c:\windows\Downloaded Program Files\Monkey3ActiveXControl.ocx - O16 -: {820359CA-BD53-4BDF-8393-282FEEAE8C53}

hxxp://www.monkey3.co.kr/Monkey3ActiveX/Monkey3ActiveXControl.cab

c:\windows\Downloaded Program Files\Monkey3ActiveXControl.inf

 

c:\windows\KukiProc111.exe - c:\windows\Downloaded Program Files\NMTransX.dll

c:\windows\KukiProc112.exe

c:\windows\KukiProc113.exe

O16 -: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6}

hxxp://download.netmarble.net/NMChatX/NMTransX.cab

c:\windows\Downloaded Program Files\NMTransX.inf

 

c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll

c:\windows\system32\olepro32.dll

c:\windows\Downloaded Program Files\kdfense8.ocx

O16 -: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B}

hxxp://download.netmarble.com/kdefence/kdfense8237.cab

c:\windows\Downloaded Program Files\kdfense8.inf

 

c:\windows\system32\mfc42.dll - c:\windows\system32\olepro32.dll

c:\windows\Downloaded Program Files\BugsInstallerEx.ocx

c:\windows\system32\bugs_install.gif

O16 -: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69}

hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab

c:\windows\Downloaded Program Files\BugsInstallerEx.inf

 

c:\windows\system32\atl.dll - c:\windows\system32\MelonDN.exe

c:\windows\system32\MelonWebPlayer.dll

c:\windows\system32\p3Instl2.dll

c:\windows\system32\p3Instl1.dll

O16 -: {C0B2F53E-5E61-4856-B314-FE9AE262A796}

hxxp://www.melon.com/cab/P3MelWebInstall.cab

c:\windows\Downloaded Program Files\P3MelInstall.inf

 

c:\windows\system32\DanCom.dll - c:\windows\system32\dbgtrace.dll

c:\windows\Downloaded Program Files\JoinBaduk.ocx

O16 -: {E9429003-6294-4F4F-BCAB-83AD4DAAFED0}

hxxp://service.tygem.com/service/JoinBaduk.cab

c:\windows\Downloaded Program Files\JoinBaduk.inf

 

c:\windows\netmable.ico - c:\windows\system32\ToonsXHook.dll

c:\windows\system32\WaveletDecoder.dll

c:\windows\system32\IndexedColorDecoder.dll

c:\windows\system32\ToonsXESetPND.ocx

c:\windows\system32\CaptureProtect.dll

c:\windows\system32\IMGSF01.dll

c:\windows\system32\IMGSF02.dll

c:\windows\system32\IMGSF03.dll

c:\windows\system32\IMGSFLOADER.exe

c:\windows\system32\IMGSFMGR.dll

c:\windows\system32\MAIS.VXD

c:\windows\system32\ToonsHook2.dll

O16 -: {E97946F0-6F90-4738-95EF-33A946451580}

hxxp://comix.netmarble.net/mv/viewer/ToonsXESetPND10012.cab

c:\windows\Downloaded Program Files\ToonsXESetPND.inf

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-15 00:30:08

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1844237615-1972579041-839522115-1003\Software\Microsoft\MessengerService\GroupStateCacheU\*촴?

"Name"=hex:00,ac,71,c8,00,00

"Collapsed"=hex:01,00,00,00

.

------------------------ Other Running Processes ------------------------

.

c:\arquivos de programas\Ahead\InCD\InCDsrv.exe

c:\windows\system32\conime.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\windows\system32\nvsvc32.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\arquivos de programas\iPod\bin\iPodService.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-01-15 0:31:17 - machine was rebooted

ComboFix-quarantined-files.txt 2009-01-15 02:31:14

ComboFix2.txt 2009-01-14 19:29:41

ComboFix3.txt 2009-01-14 18:45:50

 

Pre-Run: 16 pasta(s) 35.711.950.848 bytes disponiveis

Post-Run: 16 pasta(s) 35,662,675,968 bytes disponiveis

 

270 --- E O F --- 2008-12-19 11:10:21

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! flee85

 

ai vai o texto atualizado, antes disso... uma duvida tenho q instala esse Hijackthis??

<!> Instale o pseudo hijackthis,que vem com o RSIT. Por ora,nos servirá! :thumbsup:

------------------------

<@> Baixe: < RSIT > ( ...by random/random )

<@> Salve-o,diretamente,no Disco Local ( C )!

<@> Dê um duplo clique em RSIT.exe,para executar a ferramenta.

<@> Na janela que abrir,disclamer,clique em "Continue".

<@> Aguarde a conclusão de "Running HijackThis". <-- Pseudo!

<@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem!

<@> Poste,também,na sua resposta: info.txt,que estará em C:\rsit\info.txt <--

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

log .txt ai vai

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Eliza at 2009-01-15 01:10:03

Microsoft Windows XP Professional Service Pack 2

System drive C: has 34 GB (68%) free of 50 GB

Total RAM: 2047 MB (70% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:10:20, on 15/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\conime.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\DirectX\Dinput\Driver\1\services.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\ARQUIV~1\AVG\AVG8\aAvgApi.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\AVG\AVG8\avgui.exe

C:\Arquivos de programas\AVG\AVG8\avgscanx.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\trend micro\Eliza.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: DirecX - {83FDA784-0154-418F-810B-F1839272C361} - C:\WINDOWS\system32\DirectX\Dinput\diagx3d.dll

O2 - BHO: Auxiliar de Conexao do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://*.bigfile.co.kr

O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.com/web/nmstarter/NMStarter25.cab

O16 - DPF: {03AF249E-119E-4569-838E-167E929EC6DA} (BigFileControl Control) - http://www.bigfile.co.kr/client/BigFile.cab

O16 - DPF: {1AD649C1-8B55-4033-9019-CF452DB5499E} (ToonsXParan Control) - http://comic.paran.com/tns_web2/ToonsXParan3.cab

O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab

O16 - DPF: {22D427A5-E460-4B08-9378-9708F7544129} (TPopupReg Class) - http://www.tygem.com/pub/ActiveX/TPopupRegP.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205862715328

O16 - DPF: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} (WebStarter Control) - http://wo.tk.co.kr/webstarter/webstarter.cab

O16 - DPF: {820359CA-BD53-4BDF-8393-282FEEAE8C53} - http://www.monkey3.co.kr/Monkey3ActiveX/Mo...iveXControl.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_47.cab

O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.net/NMChatX/NMTransX.cab

O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8237.cab

O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://200.212.184.212/g_bin/eng/domino_2_0_0_33.cab

O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab

O16 - DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} (MOPlayerWnd2 Class) - http://www.melon.com/cab/P3MelWebInstall.cab

O16 - DPF: {E9429003-6294-4F4F-BCAB-83AD4DAAFED0} (JoinBaduk Control) - http://service.tygem.com/service/JoinBaduk.cab

O16 - DPF: {E97946F0-6F90-4738-95EF-33A946451580} (ToonsXESetPND Control) - http://comix.netmarble.net/mv/viewer/ToonsXESetPND10012.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 9583 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Arquivos de programas\AVG\AVG8\avgssie.dll [2009-01-14 455960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FDA784-0154-418F-810B-F1839272C361}]

DirecX Media Objects - C:\WINDOWS\system32\DirectX\Dinput\diagx3d.dll [2009-01-14 824832]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexao do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

AVG Security Toolbar - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-14 2055960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-01-03 251504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-03 657904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-03 522224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-01-03 251504]

{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-14 2055960]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-10 8429568]

"nwiz"=nwiz.exe /install []

"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

"amd_dc_opt"=C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]

"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2008-09-06 413696]

"iTunesHelper"=C:\Arquivos de programas\iTunes\iTunesHelper.exe [2008-10-01 289576]

"AVG8_TRAY"=C:\ARQUIV~1\AVG\AVG8\avgtray.exe [2009-01-14 1235736]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"MsnMsgr"=C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-28 68856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="avgrsstx.dll"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"E:\CABAL Online(BRAZIL)\launcher\update\ESTdnheadless.exe"="E:\CABAL Online(BRAZIL)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\WINDOWS\system32\BugsSvr.exe"="C:\WINDOWS\system32\BugsSvr.exe:*:Enabled:Bugs Music Player Control"

"C:\WINDOWS\system32\P3MelonSvr.exe"="C:\WINDOWS\system32\P3MelonSvr.exe:*:Enabled:SKT Melon Music Control"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Arquivos de programas\iTunes\iTunes.exe"="C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Arquivos de programas\Garena\Garena.exe"="C:\Arquivos de programas\Garena\Garena.exe:*:Enabled:Garena"

"C:\Arquivos de programas\AVG\AVG8\avgemc.exe"="C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

======List of files/folders created in the last 1 months======

 

2009-01-15 01:10:04 ----D---- C:\Arquivos de programas\trend micro

2009-01-15 01:10:03 ----D---- C:\rsit

2009-01-15 01:09:02 ----A---- C:\RSIT.exe

2009-01-15 00:31:19 ----D---- C:\WINDOWS\temp

2009-01-15 00:31:18 ----A---- C:\ComboFix.txt

2009-01-15 00:26:36 ----D---- C:\ComboFix

2009-01-14 16:43:00 ----D---- C:\Qoobox

2009-01-14 16:32:16 ----A---- C:\WINDOWS\zip.exe

2009-01-14 16:32:16 ----A---- C:\WINDOWS\VFIND.exe

2009-01-14 16:32:16 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-01-14 16:32:16 ----A---- C:\WINDOWS\SWSC.exe

2009-01-14 16:32:16 ----A---- C:\WINDOWS\SWREG.exe

2009-01-14 16:32:16 ----A---- C:\WINDOWS\sed.exe

2009-01-14 16:32:16 ----A---- C:\WINDOWS\NIRCMD.exe

2009-01-14 16:32:16 ----A---- C:\WINDOWS\grep.exe

2009-01-14 16:32:16 ----A---- C:\WINDOWS\fdsv.exe

2009-01-14 16:32:15 ----D---- C:\WINDOWS\ERDNT

2009-01-14 14:35:59 ----HD---- C:\$AVG8.VAULT$

2009-01-14 14:31:07 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2009-01-14 14:31:04 ----D---- C:\Documents and Settings\Eliza\Dados de aplicativos\AVGTOOLBAR

2009-01-14 14:30:52 ----D---- C:\Arquivos de programas\AVG

2009-01-14 14:30:51 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-12-19 09:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$

 

======List of files/folders modified in the last 1 months======

 

2009-01-15 01:10:04 ----RD---- C:\Arquivos de programas

2009-01-15 00:34:00 ----D---- C:\WINDOWS\system32

2009-01-15 00:34:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-01-15 00:31:22 ----D---- C:\WINDOWS\system32\drivers

2009-01-15 00:31:19 ----D---- C:\WINDOWS

2009-01-15 00:30:33 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-15 00:30:11 ----A---- C:\WINDOWS\system.ini

2009-01-15 00:28:27 ----D---- C:\WINDOWS\system32\config

2009-01-15 00:27:54 ----D---- C:\WINDOWS\AppPatch

2009-01-15 00:27:54 ----D---- C:\Arquivos de programas\Arquivos comuns

2009-01-15 00:26:50 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-14 18:54:11 ----D---- C:\Arquivos de programas\PokerStars

2009-01-14 18:52:40 ----D---- C:\Arquivos de programas\Warcraft III

2009-01-14 17:33:48 ----RSH---- C:\boot.ini

2009-01-14 17:33:48 ----A---- C:\WINDOWS\win.ini

2009-01-14 16:43:02 ----D---- C:\WINDOWS\Prefetch

2009-01-14 14:30:49 ----SHD---- C:\WINDOWS\Installer

2009-01-14 14:30:48 ----D---- C:\WINDOWS\WinSxS

2009-01-14 14:30:48 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2009-01-14 14:30:30 ----SD---- C:\Documents and Settings\Eliza\Dados de aplicativos\Microsoft

2009-01-14 14:27:37 ----D---- C:\WINDOWS\system

2009-01-14 13:34:07 ----D---- C:\Arquivos de programas\iTHINK

2009-01-10 17:07:00 ----A---- C:\WINDOWS\NeroDigital.ini

2009-01-03 11:19:56 ----D---- C:\Arquivos de programas\Google

2009-01-03 10:25:45 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Google

2008-12-25 19:53:07 ----HD---- C:\WINDOWS\inf

2008-12-19 09:10:17 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-19 09:09:52 ----HD---- C:\WINDOWS\$hf_mig$

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 41984]

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-14 98440]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-14 26824]

R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-14 90632]

R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2001-10-28 12416]

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672]

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-06 141312]

R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-05 127872]

R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-12-31 25280]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]

R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-10 6738432]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-12 57856]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-12 20480]

R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-10-11 393088]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

S3 ADSPIDER;ADSPIDER; \??\C:\WINDOWS\system32\drivers\adspider.sys []

S3 ADSPIDEREX;ADSPIDEREX; \??\C:\WINDOWS\system32\drivers\adspiderex.sys []

S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]

S3 neokdss;neokdss; C:\WINDOWS\system32\Drivers\neokdss.sys []

S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []

S3 PciCon;PciCon; \??\D:\PciCon.sys []

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 XDva021;XDva021; \??\C:\WINDOWS\system32\XDva021.sys []

S3 XDva134;XDva134; \??\C:\WINDOWS\system32\XDva134.sys []

S3 XDva165;XDva165; \??\C:\WINDOWS\system32\XDva165.sys []

S3 XDva172;XDva172; \??\C:\WINDOWS\system32\XDva172.sys []

S3 XDva177;XDva177; \??\C:\WINDOWS\system32\XDva177.sys []

S3 XDva182;XDva182; \??\C:\WINDOWS\system32\XDva182.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Dispositivo Celular da Apple; C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

R2 avg8emc;AVG Free8 E-mail Scanner; C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2009-01-14 874776]

R2 avg8wd;AVG Free8 WatchDog; C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2009-01-14 231704]

R2 Bonjour Service;Bonjour Service; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-10 163908]

R3 iPod Service;iPod Service; C:\Arquivos de programas\iPod\bin\iPodService.exe [2008-10-01 536872]

R3 usnjsvc;Servico de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-03 137200]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

 

-----------------EOF-----------------

 

 

 

 

info.txt

 

info.txt logfile of random's system information tool 1.05 2009-01-15 01:10:22

 

======Uninstall list======

 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

¹eμaº¼-->C:\Arquivos de programas\TK\BadBall\uninst.exe

³Y¸¶ºi °OAO 'CIAⓒ¸A°i'-->"C:\WINDOWS\NMUninst18.exe" UNINSTALL=Netmarble,NetmarblePinkGostop

A¬·´¸A°i-->C:\Arquivos de programas\TK\FunMatgo\uninst.exe

Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

AMD Processor Driver-->C:\Arquivos de programas\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0012 -removeonly

Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Assistente de Conexao do Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Atualiza豫o de Seguran? para o Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para o Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para o Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Atualiza豫o de Seguran? para Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Atualiza豫o para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

AVG Free 8.0-->C:\Arquivos de programas\AVG\AVG8\setup.exe /UNINSTALL

Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}

CABAL Online v1.6-->"E:\CABAL Online(BRAZIL)\unins000.exe"

Canon iP1200-->C:\WINDOWS\system32\CNMCP76.exe "-PRINTERNAMECanon iP1200" "-HELPERDLLC:\Documents and Settings\All Users\Dados de aplicativos\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0816.dll"

Canon Utilities Easy-PhotoPrint-->C:\Arquivos de programas\Canon\Easy-PhotoPrint\uninst.exe uninst.ini

Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE

Dual-Core Optimizer-->MsiExec.exe /X{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}

DVD Solution-->"C:\Arquivos de programas\Uninstall_CDS.exe"

Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Canon\Easy-WebPrint\Uninst.isu"

FLV SPLITTER-->"C:\Arquivos de programas\GNU\FLVSPLITTER\Uninstall.exe"

Garena-->C:\Arquivos de programas\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0416 -removeonly

GOM Player-->"C:\Arquivos de programas\GRETECH\GomPlayer\Uninstall.exe"

Google Toolbar for Internet Explorer-->"C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall

Hamachi 1.0.2.5-->C:\Arquivos de programas\Hamachi\uninstall.exe

High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe

HijackThis 2.0.2-->"C:\Arquivos de programas\trend micro\HijackThis.exe" /uninstall

Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL

iTHINK-->C:\Arquivos de programas\iTHINK\uninstall.exe

iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}

K-Defense8 Control - 키보드 보안-->regsvr32 /u /s "C:\WINDOWS\Downloaded Program Files\kdfense8.ocx"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Multimedia Launcher-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall

Nero OEM-->C:\Arquivos de programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

NetFolder-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{923BF379-BAE8-4F38-9AC2-05DDEA184EB6}\setup.exe" -l0x12 -removeonly

NetMarble 게임 '신장기'-->"C:\WINDOWS\NMUninst18.exe" UNINSTALL=Netmarble,NetmarbleNewJangGi

NetMarble 게임 '장기'-->"C:\WINDOWS\NMUninst18.exe" UNINSTALL=Netmarble,NetmarbleJangGi

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

PartyPoker-->"C:\Arquivos de programas\PartyGaming\PartyPoker\Uninstall.exe" "C:\Arquivos de programas\PartyGaming\PartyPoker\install.log"

PokerStars-->"C:\Arquivos de programas\PokerStars\PokerStarsUninstall.exe" /u:PokerStars

PowerDVD-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PowerProducer-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

SoundMAX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x416 -removeonly

TeamSpeak 2 RC2-->"C:\Arquivos de programas\Teamspeak2_RC2\unins000.exe"

Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}

Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}

Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

넷마블 게임 '대박고스톱'-->"C:\WINDOWS\NMUninst18.exe" UNINSTALL=Netmarble,NetmarbleMsGostop

넷마블 게임 '맞고2.0'-->"C:\WINDOWS\NMUninst18.exe" UNINSTALL=Netmarble,NetmarbleNMatgo

넷마블 게임 '바둑'-->"C:\WINDOWS\NMUninst18.exe" UNINSTALL=Netmarble,NetmarbleBaduk

타이젬바둑-->C:\WINDOWS\IsUn0412.exe -f"C:\Arquivos de programas\타이젬바둑\Uninst.isu"

 

======Security center information======

 

AV: AVG Anti-Virus Free

 

System event log

 

Computer Name: ELIZA-F09A3C126

Event Code: 7036

Message: O servico iPod Service entrou no estado executando.

 

Record Number: 18897

Source Name: Service Control Manager

Time Written: 20081029122048.000000-120

Event Type: information

User:

 

Computer Name: ELIZA-F09A3C126

Event Code: 7036

Message: O servico IMAPI CD-Burning COM Service entrou no estado executando.

 

Record Number: 18896

Source Name: Service Control Manager

Time Written: 20081029122048.000000-120

Event Type: information

User:

 

Computer Name: ELIZA-F09A3C126

Event Code: 7035

Message: O servico Servico de descoberta SSDP recebeu com exito um controle Iniciar.

 

Record Number: 18895

Source Name: Service Control Manager

Time Written: 20081029122048.000000-120

Event Type: information

User: AUTORIDADE NT\SYSTEM

 

Computer Name: ELIZA-F09A3C126

Event Code: 7036

Message: O servico Reconhecimento de local da rede (NLA) entrou no estado executando.

 

Record Number: 18894

Source Name: Service Control Manager

Time Written: 20081029122048.000000-120

Event Type: information

User:

 

Computer Name: ELIZA-F09A3C126

Event Code: 7035

Message: O servico Reconhecimento de local da rede (NLA) recebeu com exito um controle Iniciar.

 

Record Number: 18893

Source Name: Service Control Manager

Time Written: 20081029122048.000000-120

Event Type: information

User: AUTORIDADE NT\SYSTEM

 

Application event log

 

Computer Name: ELIZA-F09A3C126

Event Code: 1001

Message: Os contadores de desempenho para o servico WmiApRpl (WmiApRpl) foram removidos com exito.

A pagina 'Registrar dados' contem os novos valores das entradas

Last Counter e Last Help do Registro do sistema.

 

Record Number: 5654

Source Name: LoadPerf

Time Written: 20080819065400.000000-180

Event Type: information

User:

 

Computer Name: ELIZA-F09A3C126

Event Code: 1800

Message: O Servico da Central de Seguranca do Windows foi iniciado.

 

Record Number: 5653

Source Name: SecurityCenter

Time Written: 20080819065014.000000-180

Event Type: information

User:

 

Computer Name: ELIZA-F09A3C126

Event Code: 1

Message:

Record Number: 5652

Source Name: AVGEMS

Time Written: 20080819065013.000000-180

Event Type: information

User:

 

Computer Name: ELIZA-F09A3C126

Event Code: 1

Message:

Record Number: 5651

Source Name: Avg7UpdSvc

Time Written: 20080819065007.000000-180

Event Type: information

User:

 

Computer Name: ELIZA-F09A3C126

Event Code: 1000

Message: Os contadores de desempenho para o servico WmiApRpl (WmiApRpl) foram carregados com exito.

A pagina 'Registrar dados' contem os novos valores de indice atribuidos

ao servico.

 

Record Number: 5650

Source Name: LoadPerf

Time Written: 20080818204237.000000-180

Event Type: information

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\QuickTime\QTSystem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=4b02

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Arquivos de programas\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=C:\Arquivos de programas\QuickTime\QTSystem\QTJava.zip

"PROCESSOR_DUMP"=1

"PROCESSOR_CORE"=15

 

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! flee85

 

<@> Baixe: < drweb.gif >

<@> Salve-o no desktop!

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

 

Neste modo são verificados os seguintes objectos:

 

* Sectores de Arranque de Todos os Discos. <--

 

* Todas as Unidades Removíveis. <--

 

* Todos os Discos Locais. <--

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Procure salvá-lo em um local adequado. ( DrWeb.csv )

<@> Poste: DrWeb.csv

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia DigRam!

obrigado pela atenção...

 

ai segue:

 

NetFolderUpdate.exe;C:\Arquivos de programas\NetFolder;Prov?elmente BACKDOOR.Trojan;;

Zip.SFX;C:\Arquivos de programas\WinRAR;Trojan.DownLoad.22242;Eliminado.;

data002\32788R22FWJFW\C.bat;C:\Documents and Settings\Eliza\Desktop\ComboFix.exe\data002;Prov?elmente BATCH.Virus;;

data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Eliza\Desktop\ComboFix.exe\data002;Program.PsExec.171;;

data002;C:\Documents and Settings\Eliza\Desktop\ComboFix.exe;O arquivo cont? objectos infectados;;

ComboFix.exe;C:\Documents and Settings\Eliza\Desktop;O arquivo cont? objectos infectados;Movido.;

A0045441.EXE;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP237;Trojan.PWS.Gamania.4449;Eliminado.;

A0045442.exe;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP237;Trojan.PWS.Gamania.4449;Eliminado.;

A0045443.EXE;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP237;Trojan.PWS.Wsgame.6930;Eliminado.;

A0045446.exe;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP237;Adware.SideSearch.70;;

A0045482.bat;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP237;Prov?elmente BATCH.Virus;;

A0046503.bat;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP238;Prov?elmente BATCH.Virus;;

data002\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP238\A0046536.exe\data002;Prov?elmente BATCH.Virus;;

data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP238\A0046536.exe\data002;Program.PsExec.171;;

data002;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP238\A0046536.exe;O arquivo cont? objectos infectados;;

A0046536.exe;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP238;O arquivo cont? objectos infectados;Movido.;

A0046551.bat;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP238;Prov?elmente BATCH.Virus;;

A0046641.bat;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239;Prov?elmente BATCH.Virus;;

A0046646.EXE;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239;Program.PsExec.170;;

data002\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239\A0046690.exe\data002;Prov?elmente BATCH.Virus;;

data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239\A0046690.exe\data002;Program.PsExec.171;;

data002;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239\A0046690.exe;O arquivo cont? objectos infectados;;

A0046690.exe;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239;O arquivo cont? objectos infectados;Movido.;

dxdiag32.exe;C:\WINDOWS\system32\DirectX\Dinput;Prov?elmente BACKDOOR.Trojan;;

XTrapVa.dll;E:\CABAL Online(BRAZIL)\XTrap;Prov?elmente DLOADER.Trojan;;

wrar371br.exe\Zip.SFX;E:\Download\wrar371br.exe;Trojan.DownLoad.22242;;

wrar371br.exe;E:\Download;O arquivo cont? objectos infectados;Movido.;

A0046691.exe\Zip.SFX;E:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239\A0046691.exe;Trojan.DownLoad.22242;;

A0046691.exe;E:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239;O arquivo cont? objectos infectados;Movido.;

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! flee85

 

<@> Baixe: < DelDomains >

<@> Extraia o DelDomains.inf,no Desktop.

<@> Clique com o botão direito do mouse,e escolha Instalar.

<@> Aparentemente,parece que nada aconteceu.Pois sua ação é imperceptível!

--------------------------

<@> Copie esta informação,entre os XXXXXXX....,para o Bloco de Notas.

<@> Salve-a,no desktop,como: CFScript <-- Texto!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Driver::

"neokdss"

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Arraste o CFScript.txt,para o ícone do ComboFix.

<@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe.

<@> Terminando,poste: ComboFix.txt

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

bom dia!

 

ComboFix 09-01-13.04 - Eliza 2009-01-15 6:50:22.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.949.82.1046.18.2047.1391 [GMT -2:00]

Running from: c:\documents and settings\Eliza\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Eliza\Desktop\CFScript.txt.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NEOKDSS

-------\Service_neokdss

 

 

((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))

.

 

2009-01-15 01:46 . 2009-01-15 02:03 <DIR> d-------- c:\documents and settings\Eliza\DoctorWeb

2009-01-15 01:10 . 2009-01-15 01:10 <DIR> d-------- C:\rsit

2009-01-15 01:10 . 2009-01-15 01:10 <DIR> d-------- c:\arquivos de programas\trend micro

2009-01-15 01:09 . 2009-01-15 01:09 781,851 --a------ C:\RSIT.exe

2009-01-14 14:35 . 2009-01-14 15:34 <DIR> d--h----- C:\$AVG8.VAULT$

2009-01-14 14:31 . 2009-01-14 19:54 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-01-14 14:31 . 2009-01-14 16:51 <DIR> d-------- c:\documents and settings\Eliza\Dados de aplicativos\AVGTOOLBAR

2009-01-14 14:31 . 2009-01-14 14:31 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-01-14 14:31 . 2009-01-14 14:31 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-01-14 14:31 . 2009-01-14 14:31 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-01-14 14:30 . 2009-01-14 14:30 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-01-14 14:30 . 2009-01-14 14:30 <DIR> d-------- c:\arquivos de programas\AVG

2009-01-14 12:27 . 2009-01-14 12:27 1 ---hs---- C:\MSDOS.INF

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-15 08:41 --------- d-----w c:\arquivos de programas\Warcraft III

2009-01-15 04:01 --------- d-----w c:\arquivos de programas\PokerStars

2009-01-14 15:34 --------- d-----w c:\arquivos de programas\iTHINK

2009-01-03 13:19 --------- d-----w c:\arquivos de programas\Google

2008-12-10 23:34 --------- d-----w c:\arquivos de programas\PartyGaming

2008-12-08 20:20 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles

2008-11-22 17:06 --------- d-----w c:\arquivos de programas\Garena

2008-11-22 17:05 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-16 10:26 --------- d-----w c:\arquivos de programas\BigFile

2008-10-18 16:46 2,829 ----a-w c:\windows\War3Unin.pif

2008-10-18 16:46 139,264 ----a-w c:\windows\War3Unin.exe

2008-10-18 16:25 58,635,007 ----a-w C:\War3TFT_122a_English.exe

2008-10-16 05:51 2,732,032 ----a-w C:\ventrilo-3.0.1-Windows-i386.exe

2008-10-15 12:10 67,167,528 ----a-w C:\iTunes801Setup.exe

2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-14_16.45.20,50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 22:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

- 2009-01-14 18:43:47 589,824 ----a-w c:\windows\Historico\History.IE5\index.dat

+ 2009-01-15 08:53:09 589,824 ----a-w c:\windows\Historico\History.IE5\index.dat

- 2009-01-14 18:44:37 40,128 ----a-w c:\windows\system32\perfc009.dat

+ 2009-01-15 02:34:00 40,128 ----a-w c:\windows\system32\perfc009.dat

- 2009-01-14 18:44:37 48,764 ----a-w c:\windows\system32\perfc016.dat

+ 2009-01-15 02:34:00 48,764 ----a-w c:\windows\system32\perfc016.dat

- 2009-01-14 18:44:37 311,740 ----a-w c:\windows\system32\perfh009.dat

+ 2009-01-15 02:34:00 311,740 ----a-w c:\windows\system32\perfh009.dat

- 2009-01-14 18:44:37 344,480 ----a-w c:\windows\system32\perfh016.dat

+ 2009-01-15 02:34:00 344,480 ----a-w c:\windows\system32\perfh016.dat

+ 2009-01-15 03:06:42 2,592 ----a-w c:\windows\Temporary Internet Files\Content.IE5\9NFJDT8E\RSIT[2].exe

- 2009-01-14 18:43:47 2,146,304 ----a-w c:\windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-15 08:53:09 2,146,304 ----a-w c:\windows\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FDA784-0154-418F-810B-F1839272C361}]

2009-01-14 12:27 824832 --a------ c:\windows\system32\DirectX\Dinput\diagx3d.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-28 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"amd_dc_opt"="c:\arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-01-14 1235736]

"nwiz"="nwiz.exe" [2007-05-10 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= msaud32_divx.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2004-10-27 16:21 61952 c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\CABAL Online(BRAZIL)\\launcher\\update\\ESTdnheadless.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\BugsSvr.exe"=

"c:\\WINDOWS\\system32\\P3MelonSvr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Garena\\Garena.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"53444:TCP"= 53444:TCP:Monkey3Saver

"5435:TCP"= 5435:TCP:Monkey3

"5435:UDP"= 5435:UDP:Monkey3

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-14 98440]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-14 90632]

R4 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-01-14 874776]

R4 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-01-14 231704]

S3 ADSPIDER;ADSPIDER;c:\windows\system32\drivers\adspider.sys [2008-05-20 19999]

S3 ADSPIDEREX;ADSPIDEREX;\??\c:\windows\system32\drivers\adspiderex.sys --> c:\windows\system32\drivers\adspiderex.sys [?]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 XDva021;XDva021;\??\c:\windows\system32\XDva021.sys --> c:\windows\system32\XDva021.sys [?]

S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?]

S3 XDva165;XDva165;\??\c:\windows\system32\XDva165.sys --> c:\windows\system32\XDva165.sys [?]

S3 XDva172;XDva172;\??\c:\windows\system32\XDva172.sys --> c:\windows\system32\XDva172.sys [?]

S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys --> c:\windows\system32\XDva177.sys [?]

S3 XDva182;XDva182;\??\c:\windows\system32\XDva182.sys --> c:\windows\system32\XDva182.sys [?]

 

--- Other Services/Drivers In Memory ---

 

*Deregistered* - InCDrec

.

Contents of the 'Scheduled Tasks' folder

 

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.terra.com.br/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

Trusted Zone: *.bigfile.co.kr

 

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

c:\windows\NMUninst18.exe - c:\windows\NMUpdate25_1.exe

c:\windows\Downloaded Program Files\NMStarter25.dll

O16 -: {00001025-A15C-11D4-97A4-0050BF0FBE67}

hxxp://download.netmarble.com/web/nmstarter/NMStarter25.cab

c:\windows\Downloaded Program Files\NMStarter25.inf

 

c:\windows\Downloaded Program Files\BigFile.ocx - O16 -: {03AF249E-119E-4569-838E-167E929EC6DA}

hxxp://www.bigfile.co.kr/client/BigFile.cab

 

c:\windows\system32\IndexedColorDecoder.dll - c:\windows\system32\WaveletDecoder.dll

c:\windows\system32\ToonsXHook.dll

c:\windows\system32\MAIS.VXD

c:\windows\system32\IMGSFMGR.dll

c:\windows\system32\IMGSFLOADER.exe

c:\windows\system32\IMGSF03.dll

c:\windows\system32\IMGSF02.dll

c:\windows\system32\IMGSF01.dll

c:\windows\system32\CaptureProtect.dll

c:\windows\system32\ToonsXParan3.ocx

O16 -: {1AD649C1-8B55-4033-9019-CF452DB5499E}

hxxp://comic.paran.com/tns_web2/ToonsXParan3.cab

c:\windows\Downloaded Program Files\ToonsXParan3.inf

 

c:\windows\Downloaded Program Files\NHNComicViewer.dll - O16 -: {2029F1D2-90E4-49EF-9824-F666D238BFF6}

hxxp://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab

c:\windows\Downloaded Program Files\NHNComicViewer.inf

 

c:\windows\Downloaded Program Files\TPopupRegP.dll - O16 -: {22D427A5-E460-4B08-9378-9708F7544129}

hxxp://www.tygem.com/pub/ActiveX/TPopupRegP.cab

 

c:\windows\Downloaded Program Files\webstarter.ocx - O16 -: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49}

hxxp://wo.tk.co.kr/webstarter/webstarter.cab

c:\windows\Downloaded Program Files\webstarter.inf

 

c:\windows\Downloaded Program Files\Monkey3ActiveXControl.ocx - O16 -: {820359CA-BD53-4BDF-8393-282FEEAE8C53}

hxxp://www.monkey3.co.kr/Monkey3ActiveX/Monkey3ActiveXControl.cab

c:\windows\Downloaded Program Files\Monkey3ActiveXControl.inf

 

c:\windows\KukiProc111.exe - c:\windows\Downloaded Program Files\NMTransX.dll

c:\windows\KukiProc112.exe

c:\windows\KukiProc113.exe

O16 -: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6}

hxxp://download.netmarble.net/NMChatX/NMTransX.cab

c:\windows\Downloaded Program Files\NMTransX.inf

 

c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll

c:\windows\system32\olepro32.dll

c:\windows\Downloaded Program Files\kdfense8.ocx

O16 -: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B}

hxxp://download.netmarble.com/kdefence/kdfense8237.cab

c:\windows\Downloaded Program Files\kdfense8.inf

 

c:\windows\system32\mfc42.dll - c:\windows\system32\olepro32.dll

c:\windows\Downloaded Program Files\BugsInstallerEx.ocx

c:\windows\system32\bugs_install.gif

O16 -: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69}

hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab

c:\windows\Downloaded Program Files\BugsInstallerEx.inf

 

c:\windows\system32\atl.dll - c:\windows\system32\MelonDN.exe

c:\windows\system32\MelonWebPlayer.dll

c:\windows\system32\p3Instl2.dll

c:\windows\system32\p3Instl1.dll

O16 -: {C0B2F53E-5E61-4856-B314-FE9AE262A796}

hxxp://www.melon.com/cab/P3MelWebInstall.cab

c:\windows\Downloaded Program Files\P3MelInstall.inf

 

c:\windows\system32\DanCom.dll - c:\windows\system32\dbgtrace.dll

c:\windows\Downloaded Program Files\JoinBaduk.ocx

O16 -: {E9429003-6294-4F4F-BCAB-83AD4DAAFED0}

hxxp://service.tygem.com/service/JoinBaduk.cab

c:\windows\Downloaded Program Files\JoinBaduk.inf

 

c:\windows\netmable.ico - c:\windows\system32\ToonsXHook.dll

c:\windows\system32\WaveletDecoder.dll

c:\windows\system32\IndexedColorDecoder.dll

c:\windows\system32\ToonsXESetPND.ocx

c:\windows\system32\CaptureProtect.dll

c:\windows\system32\IMGSF01.dll

c:\windows\system32\IMGSF02.dll

c:\windows\system32\IMGSF03.dll

c:\windows\system32\IMGSFLOADER.exe

c:\windows\system32\IMGSFMGR.dll

c:\windows\system32\MAIS.VXD

c:\windows\system32\ToonsHook2.dll

O16 -: {E97946F0-6F90-4738-95EF-33A946451580}

hxxp://comix.netmarble.net/mv/viewer/ToonsXESetPND10012.cab

c:\windows\Downloaded Program Files\ToonsXESetPND.inf

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-15 06:53:38

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1844237615-1972579041-839522115-1003\Software\Microsoft\MessengerService\GroupStateCacheU\*촴?

"Name"=hex:00,ac,71,c8,00,00

"Collapsed"=hex:01,00,00,00

.

------------------------ Other Running Processes ------------------------

.

c:\arquivos de programas\Ahead\InCD\InCDsrv.exe

c:\windows\system32\conime.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\windows\system32\nvsvc32.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\arquivos de programas\iPod\bin\iPodService.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-01-15 6:54:50 - machine was rebooted

ComboFix-quarantined-files.txt 2009-01-15 08:54:47

ComboFix2.txt 2009-01-15 02:31:18

ComboFix3.txt 2009-01-14 19:29:41

ComboFix4.txt 2009-01-14 18:45:50

 

Pre-Run: 17 pasta(s) 35.593.498.624 bytes disponiveis

Post-Run: 17 pasta(s) 35,580,559,360 bytes disponiveis

 

271 --- E O F --- 2008-12-19 11:10:21

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! flee85

 

O15 - Trusted Zone: http://*.bigfile.co.kr

<!> É de seu conhecimento,estar este site como preferencial?

-----------------------------

<@> Faça o download do a-squared Free 4.0.

 

<!> Link Opcional: < a2ppf_banner.jpg >

 

<@> Abra o programa e clique em: Atualizar agora --> Aguarde!

<@> Terminando,clique em: "Scan PC"

<@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar".

<@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena".

<@> Salve o relatório desta verificação,e poste-o na sua resposta.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.