flee85 0 Denunciar post Postado Janeiro 14, 2009 Bom segui o processo q esta no topico do resolvido..... fiz o dl do do Combofix rodei de acordo como estava no topico ai gerou o Log..... parei na parte do CFScript.txt q tenq criar no bloco de notas.... como seria o meu?? no aguardo... obrigado. segue o relatorio abaixo: ComboFix 09-01-13.04 - Eliza 2009-01-14 17:27:24.2 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.949.82.1046.18.2047.1805 [GMT -2:00] Running from: c:\documents and settings\Eliza\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 ))))))))))))))))))))))))))))))) . 2009-01-14 14:35 . 2009-01-14 15:34 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-01-14 14:31 . 2009-01-14 14:33 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-01-14 14:31 . 2009-01-14 16:51 <DIR> d-------- c:\documents and settings\Eliza\Dados de aplicativos\AVGTOOLBAR 2009-01-14 14:31 . 2009-01-14 14:31 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-01-14 14:31 . 2009-01-14 14:31 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-01-14 14:31 . 2009-01-14 14:31 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-01-14 14:30 . 2009-01-14 14:30 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8 2009-01-14 14:30 . 2009-01-14 14:30 <DIR> d-------- c:\arquivos de programas\AVG 2009-01-14 12:27 . 2009-01-14 12:27 1 ---hs---- C:\MSDOS.INF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 15:34 --------- d-----w c:\arquivos de programas\iTHINK 2009-01-14 14:24 --------- d-----w c:\arquivos de programas\Warcraft III 2009-01-13 17:37 --------- d-----w c:\arquivos de programas\PokerStars 2009-01-03 13:19 --------- d-----w c:\arquivos de programas\Google 2008-12-10 23:34 --------- d-----w c:\arquivos de programas\PartyGaming 2008-12-08 20:20 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles 2008-11-22 17:06 --------- d-----w c:\arquivos de programas\Garena 2008-11-22 17:05 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2008-11-16 10:26 --------- d-----w c:\arquivos de programas\BigFile 2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-18 16:46 2,829 ----a-w c:\windows\War3Unin.pif 2008-10-18 16:46 139,264 ----a-w c:\windows\War3Unin.exe 2008-10-18 16:25 58,635,007 ----a-w C:\War3TFT_122a_English.exe 2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 16:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 16:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-16 10:39 661,504 ----a-w c:\windows\system32\wininet.dll 2008-10-16 05:51 2,732,032 ----a-w C:\ventrilo-3.0.1-Windows-i386.exe 2008-10-15 12:10 67,167,528 ----a-w C:\iTunes801Setup.exe 2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe . ((((((((((((((((((((((((((((( snapshot@2009-01-14_16.45.20,50 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-14 18:43:47 589,824 ----a-w c:\windows\Historico\History.IE5\index.dat + 2009-01-14 19:27:27 589,824 ----a-w c:\windows\Historico\History.IE5\index.dat - 2009-01-14 18:43:47 2,146,304 ----a-w c:\windows\Temporary Internet Files\Content.IE5\index.dat + 2009-01-14 19:27:27 2,146,304 ----a-w c:\windows\Temporary Internet Files\Content.IE5\index.dat + 2009-01-14 18:51:59 24,337 ----a-w c:\windows\Temporary Internet Files\Content.IE5\YDT6BQLS\www.avg[1].com . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FDA784-0154-418F-810B-F1839272C361}] 2009-01-14 12:27 824832 --a------ c:\windows\system32\DirectX\Dinput\diagx3d.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-28 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "amd_dc_opt"="c:\arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2008-10-01 289576] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-01-14 1235736] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 159744] "nwiz"="nwiz.exe" [2007-05-10 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTHINK.exe] c:\arquivos de programas\iTHINK\iTHINK.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --------- 2004-10-27 16:21 61952 c:\windows\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\CABAL Online(BRAZIL)\\launcher\\update\\ESTdnheadless.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\BugsSvr.exe"= "c:\\WINDOWS\\system32\\P3MelonSvr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\iTunes\\iTunes.exe"= "c:\\Arquivos de programas\\Garena\\Garena.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "53444:TCP"= 53444:TCP:Monkey3Saver "5435:TCP"= 5435:TCP:Monkey3 "5435:UDP"= 5435:UDP:Monkey3 S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-14 98440] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-14 90632] S3 ADSPIDER;ADSPIDER;c:\windows\system32\drivers\adspider.sys [2008-05-20 19999] S3 ADSPIDEREX;ADSPIDEREX;\??\c:\windows\system32\drivers\adspiderex.sys --> c:\windows\system32\drivers\adspiderex.sys [?] S3 dump_wmimmc;dump_wmimmc;\??\c:\sealonline\GameGuard\dump_wmimmc.sys --> c:\sealonline\GameGuard\dump_wmimmc.sys [?] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 XDva021;XDva021;\??\c:\windows\system32\XDva021.sys --> c:\windows\system32\XDva021.sys [?] S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?] S3 XDva165;XDva165;\??\c:\windows\system32\XDva165.sys --> c:\windows\system32\XDva165.sys [?] S3 XDva172;XDva172;\??\c:\windows\system32\XDva172.sys --> c:\windows\system32\XDva172.sys [?] S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys --> c:\windows\system32\XDva177.sys [?] S3 XDva182;XDva182;\??\c:\windows\system32\XDva182.sys --> c:\windows\system32\XDva182.sys [?] S4 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-01-14 874776] S4 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-01-14 231704] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28264a82-b997-11dd-a8c2-001a92ef9dd8}] \Shell\AutoRun\command - F:\jllwp.com \Shell\explore\Command - F:\jllwp.com \Shell\open\Command - F:\jllwp.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ede3daf2-ae19-11dd-a8b5-001a92ef9dd8}] \Shell\AutoRun\command - F:\lbb.com \Shell\explore\Command - F:\lbb.com \Shell\open\Command - F:\lbb.com . Contents of the 'Scheduled Tasks' folder 2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.terra.com.br/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html Trusted Zone: *.bigfile.co.kr O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\NMUninst18.exe - c:\windows\NMUpdate25_1.exe c:\windows\Downloaded Program Files\NMStarter25.dll O16 -: {00001025-A15C-11D4-97A4-0050BF0FBE67} hxxp://download.netmarble.com/web/nmstarter/NMStarter25.cab c:\windows\Downloaded Program Files\NMStarter25.inf c:\windows\Downloaded Program Files\BigFile.ocx - O16 -: {03AF249E-119E-4569-838E-167E929EC6DA} hxxp://www.bigfile.co.kr/client/BigFile.cab c:\windows\system32\IndexedColorDecoder.dll - c:\windows\system32\WaveletDecoder.dll c:\windows\system32\ToonsXHook.dll c:\windows\system32\MAIS.VXD c:\windows\system32\IMGSFMGR.dll c:\windows\system32\IMGSFLOADER.exe c:\windows\system32\IMGSF03.dll c:\windows\system32\IMGSF02.dll c:\windows\system32\IMGSF01.dll c:\windows\system32\CaptureProtect.dll c:\windows\system32\ToonsXParan3.ocx O16 -: {1AD649C1-8B55-4033-9019-CF452DB5499E} hxxp://comic.paran.com/tns_web2/ToonsXParan3.cab c:\windows\Downloaded Program Files\ToonsXParan3.inf c:\windows\Downloaded Program Files\NHNComicViewer.dll - O16 -: {2029F1D2-90E4-49EF-9824-F666D238BFF6} hxxp://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab c:\windows\Downloaded Program Files\NHNComicViewer.inf c:\windows\Downloaded Program Files\TPopupRegP.dll - O16 -: {22D427A5-E460-4B08-9378-9708F7544129} hxxp://www.tygem.com/pub/ActiveX/TPopupRegP.cab c:\windows\Downloaded Program Files\webstarter.ocx - O16 -: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} hxxp://wo.tk.co.kr/webstarter/webstarter.cab c:\windows\Downloaded Program Files\webstarter.inf c:\windows\Downloaded Program Files\Monkey3ActiveXControl.ocx - O16 -: {820359CA-BD53-4BDF-8393-282FEEAE8C53} hxxp://www.monkey3.co.kr/Monkey3ActiveX/Monkey3ActiveXControl.cab c:\windows\Downloaded Program Files\Monkey3ActiveXControl.inf c:\windows\KukiProc111.exe - c:\windows\Downloaded Program Files\NMTransX.dll c:\windows\KukiProc112.exe c:\windows\KukiProc113.exe O16 -: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} hxxp://download.netmarble.net/NMChatX/NMTransX.cab c:\windows\Downloaded Program Files\NMTransX.inf c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll c:\windows\system32\olepro32.dll c:\windows\Downloaded Program Files\kdfense8.ocx O16 -: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} hxxp://download.netmarble.com/kdefence/kdfense8237.cab c:\windows\Downloaded Program Files\kdfense8.inf c:\windows\system32\mfc42.dll - c:\windows\system32\olepro32.dll c:\windows\Downloaded Program Files\BugsInstallerEx.ocx c:\windows\system32\bugs_install.gif O16 -: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab c:\windows\Downloaded Program Files\BugsInstallerEx.inf c:\windows\system32\atl.dll - c:\windows\system32\MelonDN.exe c:\windows\system32\MelonWebPlayer.dll c:\windows\system32\p3Instl2.dll c:\windows\system32\p3Instl1.dll O16 -: {C0B2F53E-5E61-4856-B314-FE9AE262A796} hxxp://www.melon.com/cab/P3MelWebInstall.cab c:\windows\Downloaded Program Files\P3MelInstall.inf c:\windows\system32\DanCom.dll - c:\windows\system32\dbgtrace.dll c:\windows\Downloaded Program Files\JoinBaduk.ocx O16 -: {E9429003-6294-4F4F-BCAB-83AD4DAAFED0} hxxp://service.tygem.com/service/JoinBaduk.cab c:\windows\Downloaded Program Files\JoinBaduk.inf c:\windows\netmable.ico - c:\windows\system32\ToonsXHook.dll c:\windows\system32\WaveletDecoder.dll c:\windows\system32\IndexedColorDecoder.dll c:\windows\system32\ToonsXESetPND.ocx c:\windows\system32\CaptureProtect.dll c:\windows\system32\IMGSF01.dll c:\windows\system32\IMGSF02.dll c:\windows\system32\IMGSF03.dll c:\windows\system32\IMGSFLOADER.exe c:\windows\system32\IMGSFMGR.dll c:\windows\system32\MAIS.VXD c:\windows\system32\ToonsHook2.dll O16 -: {E97946F0-6F90-4738-95EF-33A946451580} hxxp://comix.netmarble.net/mv/viewer/ToonsXESetPND10012.cab c:\windows\Downloaded Program Files\ToonsXESetPND.inf . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-14 17:28:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1844237615-1972579041-839522115-1003\Software\Microsoft\MessengerService\GroupStateCacheU\*촴? "Name"=hex:00,ac,71,c8,00,00 "Collapsed"=hex:01,00,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(224) c:\windows\system32\avgrsstx.dll - - - - - - - > 'lsass.exe'(308) c:\windows\system32\avgrsstx.dll . Completion time: 2009-01-14 17:29:40 ComboFix-quarantined-files.txt 2009-01-14 19:29:38 ComboFix2.txt 2009-01-14 18:45:50 Pre-Run: 16 pasta(s) 35.662.667.776 bytes disponiveis Post-Run: 16 pasta(s) 35,652,866,048 bytes disponiveis 258 --- E O F --- 2008-12-19 11:10:21 Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 15, 2009 Boa Noite! flee85 <@> Insira sua(s) unidade(s) removíveis,na entrada USB. <@> Copie estas informações,entre os XXXXXXX....,para o Bloco de Notas. <@> Salve-as,no desktop,como: CFScript <-- Texto! XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX File:: c:\sealonline\GameGuard\dump_wmimmc.sys F:\jllwp.com F:\lbb.com Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28264a82-b997-11dd-a8c2-001a92ef9dd8}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ede3daf2-ae19-11dd-a8b5-001a92ef9dd8}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTHINK.exe] Driver:: "dump_wmimmc" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <@> Arraste o CFScript.txt,para o ícone do ComboFix. <@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe. <@> Terminando,poste: ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
flee85 0 Denunciar post Postado Janeiro 15, 2009 ai vai o texto atualizado, antes disso... uma duvida tenho q instala esse Hijackthis?? ComboFix 09-01-13.04 - Eliza 2009-01-15 0:27:06.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.949.82.1046.18.2047.1617 [GMT -2:00] Running from: c:\documents and settings\Eliza\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Eliza\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\sealonline\GameGuard\dump_wmimmc.sys F:\jllwp.com F:\lbb.com . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DUMP_WMIMMC -------\Service_dump_wmimmc ((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 ))))))))))))))))))))))))))))))) . 2009-01-14 14:35 . 2009-01-14 15:34 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-01-14 14:31 . 2009-01-14 19:54 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-01-14 14:31 . 2009-01-14 16:51 <DIR> d-------- c:\documents and settings\Eliza\Dados de aplicativos\AVGTOOLBAR 2009-01-14 14:31 . 2009-01-14 14:31 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-01-14 14:31 . 2009-01-14 14:31 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-01-14 14:31 . 2009-01-14 14:31 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-01-14 14:30 . 2009-01-14 14:30 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8 2009-01-14 14:30 . 2009-01-14 14:30 <DIR> d-------- c:\arquivos de programas\AVG 2009-01-14 12:27 . 2009-01-14 12:27 1 ---hs---- C:\MSDOS.INF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 20:54 --------- d-----w c:\arquivos de programas\PokerStars 2009-01-14 20:52 --------- d-----w c:\arquivos de programas\Warcraft III 2009-01-14 15:34 --------- d-----w c:\arquivos de programas\iTHINK 2009-01-03 13:19 --------- d-----w c:\arquivos de programas\Google 2008-12-10 23:34 --------- d-----w c:\arquivos de programas\PartyGaming 2008-12-08 20:20 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles 2008-11-22 17:06 --------- d-----w c:\arquivos de programas\Garena 2008-11-22 17:05 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2008-11-16 10:26 --------- d-----w c:\arquivos de programas\BigFile 2008-10-18 16:46 2,829 ----a-w c:\windows\War3Unin.pif 2008-10-18 16:46 139,264 ----a-w c:\windows\War3Unin.exe 2008-10-18 16:25 58,635,007 ----a-w C:\War3TFT_122a_English.exe 2008-10-16 05:51 2,732,032 ----a-w C:\ventrilo-3.0.1-Windows-i386.exe 2008-10-15 12:10 67,167,528 ----a-w C:\iTunes801Setup.exe 2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe . ((((((((((((((((((((((((((((( snapshot@2009-01-14_16.45.20,50 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 22:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2009-01-14 18:43:47 589,824 ----a-w c:\windows\Historico\History.IE5\index.dat + 2009-01-15 02:29:44 589,824 ----a-w c:\windows\Historico\History.IE5\index.dat - 2009-01-14 18:44:37 40,128 ----a-w c:\windows\system32\perfc009.dat + 2009-01-15 02:27:03 40,128 ----a-w c:\windows\system32\perfc009.dat - 2009-01-14 18:44:37 48,764 ----a-w c:\windows\system32\perfc016.dat + 2009-01-15 02:27:03 48,764 ----a-w c:\windows\system32\perfc016.dat - 2009-01-14 18:44:37 311,740 ----a-w c:\windows\system32\perfh009.dat + 2009-01-15 02:27:03 311,740 ----a-w c:\windows\system32\perfh009.dat - 2009-01-14 18:44:37 344,480 ----a-w c:\windows\system32\perfh016.dat + 2009-01-15 02:27:03 344,480 ----a-w c:\windows\system32\perfh016.dat - 2009-01-14 18:43:47 2,146,304 ----a-w c:\windows\Temporary Internet Files\Content.IE5\index.dat + 2009-01-15 02:29:36 2,146,304 ----a-w c:\windows\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FDA784-0154-418F-810B-F1839272C361}] 2009-01-14 12:27 824832 --a------ c:\windows\system32\DirectX\Dinput\diagx3d.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-28 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "amd_dc_opt"="c:\arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2008-10-01 289576] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-01-14 1235736] "nwiz"="nwiz.exe" [2007-05-10 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --------- 2004-10-27 16:21 61952 c:\windows\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\CABAL Online(BRAZIL)\\launcher\\update\\ESTdnheadless.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\BugsSvr.exe"= "c:\\WINDOWS\\system32\\P3MelonSvr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\iTunes\\iTunes.exe"= "c:\\Arquivos de programas\\Garena\\Garena.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "53444:TCP"= 53444:TCP:Monkey3Saver "5435:TCP"= 5435:TCP:Monkey3 "5435:UDP"= 5435:UDP:Monkey3 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-14 98440] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-14 90632] R4 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-01-14 874776] R4 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-01-14 231704] S3 ADSPIDER;ADSPIDER;c:\windows\system32\drivers\adspider.sys [2008-05-20 19999] S3 ADSPIDEREX;ADSPIDEREX;\??\c:\windows\system32\drivers\adspiderex.sys --> c:\windows\system32\drivers\adspiderex.sys [?] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 XDva021;XDva021;\??\c:\windows\system32\XDva021.sys --> c:\windows\system32\XDva021.sys [?] S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?] S3 XDva165;XDva165;\??\c:\windows\system32\XDva165.sys --> c:\windows\system32\XDva165.sys [?] S3 XDva172;XDva172;\??\c:\windows\system32\XDva172.sys --> c:\windows\system32\XDva172.sys [?] S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys --> c:\windows\system32\XDva177.sys [?] S3 XDva182;XDva182;\??\c:\windows\system32\XDva182.sys --> c:\windows\system32\XDva182.sys [?] --- Other Services/Drivers In Memory --- *Deregistered* - InCDrec . Contents of the 'Scheduled Tasks' folder 2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.terra.com.br/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html Trusted Zone: *.bigfile.co.kr O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\NMUninst18.exe - c:\windows\NMUpdate25_1.exe c:\windows\Downloaded Program Files\NMStarter25.dll O16 -: {00001025-A15C-11D4-97A4-0050BF0FBE67} hxxp://download.netmarble.com/web/nmstarter/NMStarter25.cab c:\windows\Downloaded Program Files\NMStarter25.inf c:\windows\Downloaded Program Files\BigFile.ocx - O16 -: {03AF249E-119E-4569-838E-167E929EC6DA} hxxp://www.bigfile.co.kr/client/BigFile.cab c:\windows\system32\IndexedColorDecoder.dll - c:\windows\system32\WaveletDecoder.dll c:\windows\system32\ToonsXHook.dll c:\windows\system32\MAIS.VXD c:\windows\system32\IMGSFMGR.dll c:\windows\system32\IMGSFLOADER.exe c:\windows\system32\IMGSF03.dll c:\windows\system32\IMGSF02.dll c:\windows\system32\IMGSF01.dll c:\windows\system32\CaptureProtect.dll c:\windows\system32\ToonsXParan3.ocx O16 -: {1AD649C1-8B55-4033-9019-CF452DB5499E} hxxp://comic.paran.com/tns_web2/ToonsXParan3.cab c:\windows\Downloaded Program Files\ToonsXParan3.inf c:\windows\Downloaded Program Files\NHNComicViewer.dll - O16 -: {2029F1D2-90E4-49EF-9824-F666D238BFF6} hxxp://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab c:\windows\Downloaded Program Files\NHNComicViewer.inf c:\windows\Downloaded Program Files\TPopupRegP.dll - O16 -: {22D427A5-E460-4B08-9378-9708F7544129} hxxp://www.tygem.com/pub/ActiveX/TPopupRegP.cab c:\windows\Downloaded Program Files\webstarter.ocx - O16 -: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} hxxp://wo.tk.co.kr/webstarter/webstarter.cab c:\windows\Downloaded Program Files\webstarter.inf c:\windows\Downloaded Program Files\Monkey3ActiveXControl.ocx - O16 -: {820359CA-BD53-4BDF-8393-282FEEAE8C53} hxxp://www.monkey3.co.kr/Monkey3ActiveX/Monkey3ActiveXControl.cab c:\windows\Downloaded Program Files\Monkey3ActiveXControl.inf c:\windows\KukiProc111.exe - c:\windows\Downloaded Program Files\NMTransX.dll c:\windows\KukiProc112.exe c:\windows\KukiProc113.exe O16 -: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} hxxp://download.netmarble.net/NMChatX/NMTransX.cab c:\windows\Downloaded Program Files\NMTransX.inf c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll c:\windows\system32\olepro32.dll c:\windows\Downloaded Program Files\kdfense8.ocx O16 -: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} hxxp://download.netmarble.com/kdefence/kdfense8237.cab c:\windows\Downloaded Program Files\kdfense8.inf c:\windows\system32\mfc42.dll - c:\windows\system32\olepro32.dll c:\windows\Downloaded Program Files\BugsInstallerEx.ocx c:\windows\system32\bugs_install.gif O16 -: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab c:\windows\Downloaded Program Files\BugsInstallerEx.inf c:\windows\system32\atl.dll - c:\windows\system32\MelonDN.exe c:\windows\system32\MelonWebPlayer.dll c:\windows\system32\p3Instl2.dll c:\windows\system32\p3Instl1.dll O16 -: {C0B2F53E-5E61-4856-B314-FE9AE262A796} hxxp://www.melon.com/cab/P3MelWebInstall.cab c:\windows\Downloaded Program Files\P3MelInstall.inf c:\windows\system32\DanCom.dll - c:\windows\system32\dbgtrace.dll c:\windows\Downloaded Program Files\JoinBaduk.ocx O16 -: {E9429003-6294-4F4F-BCAB-83AD4DAAFED0} hxxp://service.tygem.com/service/JoinBaduk.cab c:\windows\Downloaded Program Files\JoinBaduk.inf c:\windows\netmable.ico - c:\windows\system32\ToonsXHook.dll c:\windows\system32\WaveletDecoder.dll c:\windows\system32\IndexedColorDecoder.dll c:\windows\system32\ToonsXESetPND.ocx c:\windows\system32\CaptureProtect.dll c:\windows\system32\IMGSF01.dll c:\windows\system32\IMGSF02.dll c:\windows\system32\IMGSF03.dll c:\windows\system32\IMGSFLOADER.exe c:\windows\system32\IMGSFMGR.dll c:\windows\system32\MAIS.VXD c:\windows\system32\ToonsHook2.dll O16 -: {E97946F0-6F90-4738-95EF-33A946451580} hxxp://comix.netmarble.net/mv/viewer/ToonsXESetPND10012.cab c:\windows\Downloaded Program Files\ToonsXESetPND.inf . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-15 00:30:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1844237615-1972579041-839522115-1003\Software\Microsoft\MessengerService\GroupStateCacheU\*촴? "Name"=hex:00,ac,71,c8,00,00 "Collapsed"=hex:01,00,00,00 . ------------------------ Other Running Processes ------------------------ . c:\arquivos de programas\Ahead\InCD\InCDsrv.exe c:\windows\system32\conime.exe c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\arquivos de programas\Bonjour\mDNSResponder.exe c:\windows\system32\nvsvc32.exe c:\arquiv~1\AVG\AVG8\avgnsx.exe c:\arquivos de programas\iPod\bin\iPodService.exe c:\arquivos de programas\AVG\AVG8\avgrsx.exe c:\arquivos de programas\AVG\AVG8\avgrsx.exe c:\arquivos de programas\AVG\AVG8\avgrsx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-01-15 0:31:17 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-15 02:31:14 ComboFix2.txt 2009-01-14 19:29:41 ComboFix3.txt 2009-01-14 18:45:50 Pre-Run: 16 pasta(s) 35.711.950.848 bytes disponiveis Post-Run: 16 pasta(s) 35,662,675,968 bytes disponiveis 270 --- E O F --- 2008-12-19 11:10:21 Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 15, 2009 Bom Dia! flee85 ai vai o texto atualizado, antes disso... uma duvida tenho q instala esse Hijackthis?? <!> Instale o pseudo hijackthis,que vem com o RSIT. Por ora,nos servirá! :thumbsup: ------------------------ <@> Baixe: < RSIT > ( ...by random/random ) <@> Salve-o,diretamente,no Disco Local ( C )! <@> Dê um duplo clique em RSIT.exe,para executar a ferramenta. <@> Na janela que abrir,disclamer,clique em "Continue". <@> Aguarde a conclusão de "Running HijackThis". <-- Pseudo! <@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem! <@> Poste,também,na sua resposta: info.txt,que estará em C:\rsit\info.txt <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
flee85 0 Denunciar post Postado Janeiro 15, 2009 log .txt ai vai Logfile of random's system information tool 1.05 (written by random/random) Run by Eliza at 2009-01-15 01:10:03 Microsoft Windows XP Professional Service Pack 2 System drive C: has 34 GB (68%) free of 50 GB Total RAM: 2047 MB (70% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:10:20, on 15/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\conime.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\AVG\AVG8\avgrsx.exe C:\Arquivos de programas\AVG\AVG8\avgrsx.exe C:\Arquivos de programas\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\DirectX\Dinput\Driver\1\services.exe C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\ARQUIV~1\AVG\AVG8\aAvgApi.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Arquivos de programas\AVG\AVG8\avgui.exe C:\Arquivos de programas\AVG\AVG8\avgscanx.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Arquivos de programas\trend micro\Eliza.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: DirecX - {83FDA784-0154-418F-810B-F1839272C361} - C:\WINDOWS\system32\DirectX\Dinput\diagx3d.dll O2 - BHO: Auxiliar de Conexao do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://*.bigfile.co.kr O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.com/web/nmstarter/NMStarter25.cab O16 - DPF: {03AF249E-119E-4569-838E-167E929EC6DA} (BigFileControl Control) - http://www.bigfile.co.kr/client/BigFile.cab O16 - DPF: {1AD649C1-8B55-4033-9019-CF452DB5499E} (ToonsXParan Control) - http://comic.paran.com/tns_web2/ToonsXParan3.cab O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab O16 - DPF: {22D427A5-E460-4B08-9378-9708F7544129} (TPopupReg Class) - http://www.tygem.com/pub/ActiveX/TPopupRegP.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205862715328 O16 - DPF: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} (WebStarter Control) - http://wo.tk.co.kr/webstarter/webstarter.cab O16 - DPF: {820359CA-BD53-4BDF-8393-282FEEAE8C53} - http://www.monkey3.co.kr/Monkey3ActiveX/Mo...iveXControl.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://200.212.184.212/g_bin/eng/poker_2_0_0_47.cab O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.net/NMChatX/NMTransX.cab O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8237.cab O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://200.212.184.212/g_bin/eng/domino_2_0_0_33.cab O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab O16 - DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} (MOPlayerWnd2 Class) - http://www.melon.com/cab/P3MelWebInstall.cab O16 - DPF: {E9429003-6294-4F4F-BCAB-83AD4DAAFED0} (JoinBaduk Control) - http://service.tygem.com/service/JoinBaduk.cab O16 - DPF: {E97946F0-6F90-4738-95EF-33A946451580} (ToonsXESetPND Control) - http://comix.netmarble.net/mv/viewer/ToonsXESetPND10012.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9583 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Arquivos de programas\AVG\AVG8\avgssie.dll [2009-01-14 455960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FDA784-0154-418F-810B-F1839272C361}] DirecX Media Objects - C:\WINDOWS\system32\DirectX\Dinput\diagx3d.dll [2009-01-14 824832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Auxiliar de Conexao do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] AVG Security Toolbar - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-14 2055960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-01-03 251504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-03 657904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-03 522224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-01-03 251504] {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-14 2055960] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-10 8429568] "nwiz"=nwiz.exe /install [] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168] "amd_dc_opt"=C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824] "QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2008-09-06 413696] "iTunesHelper"=C:\Arquivos de programas\iTunes\iTunesHelper.exe [2008-10-01 289576] "AVG8_TRAY"=C:\ARQUIV~1\AVG\AVG8\avgtray.exe [2009-01-14 1235736] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "MsnMsgr"=C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "swg"=C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-28 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\CABAL Online(BRAZIL)\launcher\update\ESTdnheadless.exe"="E:\CABAL Online(BRAZIL)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine" "C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\WINDOWS\system32\BugsSvr.exe"="C:\WINDOWS\system32\BugsSvr.exe:*:Enabled:Bugs Music Player Control" "C:\WINDOWS\system32\P3MelonSvr.exe"="C:\WINDOWS\system32\P3MelonSvr.exe:*:Enabled:SKT Melon Music Control" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Arquivos de programas\iTunes\iTunes.exe"="C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Arquivos de programas\Garena\Garena.exe"="C:\Arquivos de programas\Garena\Garena.exe:*:Enabled:Garena" "C:\Arquivos de programas\AVG\AVG8\avgemc.exe"="C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe" "C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Arquivos de programas\AVG\AVG8\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2009-01-15 01:10:04 ----D---- C:\Arquivos de programas\trend micro 2009-01-15 01:10:03 ----D---- C:\rsit 2009-01-15 01:09:02 ----A---- C:\RSIT.exe 2009-01-15 00:31:19 ----D---- C:\WINDOWS\temp 2009-01-15 00:31:18 ----A---- C:\ComboFix.txt 2009-01-15 00:26:36 ----D---- C:\ComboFix 2009-01-14 16:43:00 ----D---- C:\Qoobox 2009-01-14 16:32:16 ----A---- C:\WINDOWS\zip.exe 2009-01-14 16:32:16 ----A---- C:\WINDOWS\VFIND.exe 2009-01-14 16:32:16 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-01-14 16:32:16 ----A---- C:\WINDOWS\SWSC.exe 2009-01-14 16:32:16 ----A---- C:\WINDOWS\SWREG.exe 2009-01-14 16:32:16 ----A---- C:\WINDOWS\sed.exe 2009-01-14 16:32:16 ----A---- C:\WINDOWS\NIRCMD.exe 2009-01-14 16:32:16 ----A---- C:\WINDOWS\grep.exe 2009-01-14 16:32:16 ----A---- C:\WINDOWS\fdsv.exe 2009-01-14 16:32:15 ----D---- C:\WINDOWS\ERDNT 2009-01-14 14:35:59 ----HD---- C:\$AVG8.VAULT$ 2009-01-14 14:31:07 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2009-01-14 14:31:04 ----D---- C:\Documents and Settings\Eliza\Dados de aplicativos\AVGTOOLBAR 2009-01-14 14:30:52 ----D---- C:\Arquivos de programas\AVG 2009-01-14 14:30:51 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg8 2008-12-19 09:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$ ======List of files/folders modified in the last 1 months====== 2009-01-15 01:10:04 ----RD---- C:\Arquivos de programas 2009-01-15 00:34:00 ----D---- C:\WINDOWS\system32 2009-01-15 00:34:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-01-15 00:31:22 ----D---- C:\WINDOWS\system32\drivers 2009-01-15 00:31:19 ----D---- C:\WINDOWS 2009-01-15 00:30:33 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-15 00:30:11 ----A---- C:\WINDOWS\system.ini 2009-01-15 00:28:27 ----D---- C:\WINDOWS\system32\config 2009-01-15 00:27:54 ----D---- C:\WINDOWS\AppPatch 2009-01-15 00:27:54 ----D---- C:\Arquivos de programas\Arquivos comuns 2009-01-15 00:26:50 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-14 18:54:11 ----D---- C:\Arquivos de programas\PokerStars 2009-01-14 18:52:40 ----D---- C:\Arquivos de programas\Warcraft III 2009-01-14 17:33:48 ----RSH---- C:\boot.ini 2009-01-14 17:33:48 ----A---- C:\WINDOWS\win.ini 2009-01-14 16:43:02 ----D---- C:\WINDOWS\Prefetch 2009-01-14 14:30:49 ----SHD---- C:\WINDOWS\Installer 2009-01-14 14:30:48 ----D---- C:\WINDOWS\WinSxS 2009-01-14 14:30:48 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared 2009-01-14 14:30:30 ----SD---- C:\Documents and Settings\Eliza\Dados de aplicativos\Microsoft 2009-01-14 14:27:37 ----D---- C:\WINDOWS\system 2009-01-14 13:34:07 ----D---- C:\Arquivos de programas\iTHINK 2009-01-10 17:07:00 ----A---- C:\WINDOWS\NeroDigital.ini 2009-01-03 11:19:56 ----D---- C:\Arquivos de programas\Google 2009-01-03 10:25:45 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Google 2008-12-25 19:53:07 ----HD---- C:\WINDOWS\inf 2008-12-19 09:10:17 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-12-19 09:09:52 ----HD---- C:\WINDOWS\$hf_mig$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 41984] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-14 98440] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-14 26824] R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-14 90632] R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2001-10-28 12416] R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696] R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-06 141312] R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-05 127872] R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-12-31 25280] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240] R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-10 6738432] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-12 57856] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-12 20480] R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-10-11 393088] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] S3 ADSPIDER;ADSPIDER; \??\C:\WINDOWS\system32\drivers\adspider.sys [] S3 ADSPIDEREX;ADSPIDEREX; \??\C:\WINDOWS\system32\drivers\adspiderex.sys [] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920] S3 neokdss;neokdss; C:\WINDOWS\system32\Drivers\neokdss.sys [] S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys [] S3 PciCon;PciCon; \??\D:\PciCon.sys [] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 XDva021;XDva021; \??\C:\WINDOWS\system32\XDva021.sys [] S3 XDva134;XDva134; \??\C:\WINDOWS\system32\XDva134.sys [] S3 XDva165;XDva165; \??\C:\WINDOWS\system32\XDva165.sys [] S3 XDva172;XDva172; \??\C:\WINDOWS\system32\XDva172.sys [] S3 XDva177;XDva177; \??\C:\WINDOWS\system32\XDva177.sys [] S3 XDva182;XDva182; \??\C:\WINDOWS\system32\XDva182.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Dispositivo Celular da Apple; C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040] R2 avg8emc;AVG Free8 E-mail Scanner; C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2009-01-14 874776] R2 avg8wd;AVG Free8 WatchDog; C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2009-01-14 231704] R2 Bonjour Service;Bonjour Service; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe [2005-07-08 871424] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-10 163908] R3 iPod Service;iPod Service; C:\Arquivos de programas\iPod\bin\iPodService.exe [2008-10-01 536872] R3 usnjsvc;Servico de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-03 137200] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- info.txt info.txt logfile of random's system information tool 1.05 2009-01-15 01:10:22 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ¹eμaº¼-->C:\Arquivos de programas\TK\BadBall\uninst.exe ³Y¸¶ºi °OAO 'CIAⓒ¸A°i'-->"C:\WINDOWS\NMUninst18.exe" UNINSTALL=Netmarble,NetmarblePinkGostop A¬·´¸A°i-->C:\Arquivos de programas\TK\FunMatgo\uninst.exe Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe AMD Processor Driver-->C:\Arquivos de programas\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0012 -removeonly Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe Assistente de Conexao do Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Atualiza豫o de Seguran? para o Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para o Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para o Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Atualiza豫o de Seguran? para Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Atualiza豫o para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" AVG Free 8.0-->C:\Arquivos de programas\AVG\AVG8\setup.exe /UNINSTALL Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} CABAL Online v1.6-->"E:\CABAL Online(BRAZIL)\unins000.exe" Canon iP1200-->C:\WINDOWS\system32\CNMCP76.exe "-PRINTERNAMECanon iP1200" "-HELPERDLLC:\Documents and Settings\All Users\Dados de aplicativos\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0816.dll" Canon Utilities Easy-PhotoPrint-->C:\Arquivos de programas\Canon\Easy-PhotoPrint\uninst.exe uninst.ini Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE Dual-Core Optimizer-->MsiExec.exe /X{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9} DVD Solution-->"C:\Arquivos de programas\Uninstall_CDS.exe" Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Canon\Easy-WebPrint\Uninst.isu" FLV SPLITTER-->"C:\Arquivos de programas\GNU\FLVSPLITTER\Uninstall.exe" Garena-->C:\Arquivos de programas\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0416 -removeonly GOM Player-->"C:\Arquivos de programas\GRETECH\GomPlayer\Uninstall.exe" Google Toolbar for Internet Explorer-->"C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall Hamachi 1.0.2.5-->C:\Arquivos de programas\Hamachi\uninstall.exe High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe HijackThis 2.0.2-->"C:\Arquivos de programas\trend micro\HijackThis.exe" /uninstall Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL iTHINK-->C:\Arquivos de programas\iTHINK\uninstall.exe iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843} K-Defense8 Control - 키보드 보안-->regsvr32 /u /s "C:\WINDOWS\Downloaded Program Files\kdfense8.ocx" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Multimedia Launcher-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall Nero OEM-->C:\Arquivos de programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NetFolder-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{923BF379-BAE8-4F38-9AC2-05DDEA184EB6}\setup.exe" -l0x12 -removeonly NetMarble 게임 '신장기'-->"C:\WINDOWS\NMUninst18.exe" UNINSTALL=Netmarble,NetmarbleNewJangGi NetMarble 게임 '장기'-->"C:\WINDOWS\NMUninst18.exe" UNINSTALL=Netmarble,NetmarbleJangGi NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI PartyPoker-->"C:\Arquivos de programas\PartyGaming\PartyPoker\Uninstall.exe" "C:\Arquivos de programas\PartyGaming\PartyPoker\install.log" PokerStars-->"C:\Arquivos de programas\PokerStars\PokerStarsUninstall.exe" /u:PokerStars PowerDVD-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerProducer-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} SoundMAX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x416 -removeonly TeamSpeak 2 RC2-->"C:\Arquivos de programas\Teamspeak2_RC2\unins000.exe" Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39} Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7} Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe 넷마블 게임 '대박고스톱'-->"C:\WINDOWS\NMUninst18.exe" UNINSTALL=Netmarble,NetmarbleMsGostop 넷마블 게임 '맞고2.0'-->"C:\WINDOWS\NMUninst18.exe" UNINSTALL=Netmarble,NetmarbleNMatgo 넷마블 게임 '바둑'-->"C:\WINDOWS\NMUninst18.exe" UNINSTALL=Netmarble,NetmarbleBaduk 타이젬바둑-->C:\WINDOWS\IsUn0412.exe -f"C:\Arquivos de programas\타이젬바둑\Uninst.isu" ======Security center information====== AV: AVG Anti-Virus Free System event log Computer Name: ELIZA-F09A3C126 Event Code: 7036 Message: O servico iPod Service entrou no estado executando. Record Number: 18897 Source Name: Service Control Manager Time Written: 20081029122048.000000-120 Event Type: information User: Computer Name: ELIZA-F09A3C126 Event Code: 7036 Message: O servico IMAPI CD-Burning COM Service entrou no estado executando. Record Number: 18896 Source Name: Service Control Manager Time Written: 20081029122048.000000-120 Event Type: information User: Computer Name: ELIZA-F09A3C126 Event Code: 7035 Message: O servico Servico de descoberta SSDP recebeu com exito um controle Iniciar. Record Number: 18895 Source Name: Service Control Manager Time Written: 20081029122048.000000-120 Event Type: information User: AUTORIDADE NT\SYSTEM Computer Name: ELIZA-F09A3C126 Event Code: 7036 Message: O servico Reconhecimento de local da rede (NLA) entrou no estado executando. Record Number: 18894 Source Name: Service Control Manager Time Written: 20081029122048.000000-120 Event Type: information User: Computer Name: ELIZA-F09A3C126 Event Code: 7035 Message: O servico Reconhecimento de local da rede (NLA) recebeu com exito um controle Iniciar. Record Number: 18893 Source Name: Service Control Manager Time Written: 20081029122048.000000-120 Event Type: information User: AUTORIDADE NT\SYSTEM Application event log Computer Name: ELIZA-F09A3C126 Event Code: 1001 Message: Os contadores de desempenho para o servico WmiApRpl (WmiApRpl) foram removidos com exito. A pagina 'Registrar dados' contem os novos valores das entradas Last Counter e Last Help do Registro do sistema. Record Number: 5654 Source Name: LoadPerf Time Written: 20080819065400.000000-180 Event Type: information User: Computer Name: ELIZA-F09A3C126 Event Code: 1800 Message: O Servico da Central de Seguranca do Windows foi iniciado. Record Number: 5653 Source Name: SecurityCenter Time Written: 20080819065014.000000-180 Event Type: information User: Computer Name: ELIZA-F09A3C126 Event Code: 1 Message: Record Number: 5652 Source Name: AVGEMS Time Written: 20080819065013.000000-180 Event Type: information User: Computer Name: ELIZA-F09A3C126 Event Code: 1 Message: Record Number: 5651 Source Name: Avg7UpdSvc Time Written: 20080819065007.000000-180 Event Type: information User: Computer Name: ELIZA-F09A3C126 Event Code: 1000 Message: Os contadores de desempenho para o servico WmiApRpl (WmiApRpl) foram carregados com exito. A pagina 'Registrar dados' contem os novos valores de indice atribuidos ao servico. Record Number: 5650 Source Name: LoadPerf Time Written: 20080818204237.000000-180 Event Type: information User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4b02 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Arquivos de programas\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Arquivos de programas\QuickTime\QTSystem\QTJava.zip "PROCESSOR_DUMP"=1 "PROCESSOR_CORE"=15 -----------------EOF----------------- Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 15, 2009 Bom Dia! flee85 <@> Baixe: < > <@> Salve-o no desktop! <@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit. <@> Na janela que abrir,clique em Iniciar --> OK. <@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda! <@> Terminando,marque a caixa de "Verificação Completa". Neste modo são verificados os seguintes objectos: * Sectores de Arranque de Todos os Discos. <-- * Todas as Unidades Removíveis. <-- * Todos os Discos Locais. <-- <@> Clique em "Iniciar verificação" --> Aguarde! <@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim. <@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios". <@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <@> Poste: DrWeb.csv Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
flee85 0 Denunciar post Postado Janeiro 15, 2009 Bom dia DigRam! obrigado pela atenção... ai segue: NetFolderUpdate.exe;C:\Arquivos de programas\NetFolder;Prov?elmente BACKDOOR.Trojan;; Zip.SFX;C:\Arquivos de programas\WinRAR;Trojan.DownLoad.22242;Eliminado.; data002\32788R22FWJFW\C.bat;C:\Documents and Settings\Eliza\Desktop\ComboFix.exe\data002;Prov?elmente BATCH.Virus;; data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Eliza\Desktop\ComboFix.exe\data002;Program.PsExec.171;; data002;C:\Documents and Settings\Eliza\Desktop\ComboFix.exe;O arquivo cont? objectos infectados;; ComboFix.exe;C:\Documents and Settings\Eliza\Desktop;O arquivo cont? objectos infectados;Movido.; A0045441.EXE;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP237;Trojan.PWS.Gamania.4449;Eliminado.; A0045442.exe;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP237;Trojan.PWS.Gamania.4449;Eliminado.; A0045443.EXE;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP237;Trojan.PWS.Wsgame.6930;Eliminado.; A0045446.exe;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP237;Adware.SideSearch.70;; A0045482.bat;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP237;Prov?elmente BATCH.Virus;; A0046503.bat;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP238;Prov?elmente BATCH.Virus;; data002\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP238\A0046536.exe\data002;Prov?elmente BATCH.Virus;; data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP238\A0046536.exe\data002;Program.PsExec.171;; data002;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP238\A0046536.exe;O arquivo cont? objectos infectados;; A0046536.exe;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP238;O arquivo cont? objectos infectados;Movido.; A0046551.bat;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP238;Prov?elmente BATCH.Virus;; A0046641.bat;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239;Prov?elmente BATCH.Virus;; A0046646.EXE;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239;Program.PsExec.170;; data002\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239\A0046690.exe\data002;Prov?elmente BATCH.Virus;; data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239\A0046690.exe\data002;Program.PsExec.171;; data002;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239\A0046690.exe;O arquivo cont? objectos infectados;; A0046690.exe;C:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239;O arquivo cont? objectos infectados;Movido.; dxdiag32.exe;C:\WINDOWS\system32\DirectX\Dinput;Prov?elmente BACKDOOR.Trojan;; XTrapVa.dll;E:\CABAL Online(BRAZIL)\XTrap;Prov?elmente DLOADER.Trojan;; wrar371br.exe\Zip.SFX;E:\Download\wrar371br.exe;Trojan.DownLoad.22242;; wrar371br.exe;E:\Download;O arquivo cont? objectos infectados;Movido.; A0046691.exe\Zip.SFX;E:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239\A0046691.exe;Trojan.DownLoad.22242;; A0046691.exe;E:\System Volume Information\_restore{DE30030B-2121-4E31-9755-629711A46652}\RP239;O arquivo cont? objectos infectados;Movido.; Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 15, 2009 Bom Dia! flee85 <@> Baixe: < DelDomains > <@> Extraia o DelDomains.inf,no Desktop. <@> Clique com o botão direito do mouse,e escolha Instalar. <@> Aparentemente,parece que nada aconteceu.Pois sua ação é imperceptível! -------------------------- <@> Copie esta informação,entre os XXXXXXX....,para o Bloco de Notas. <@> Salve-a,no desktop,como: CFScript <-- Texto! XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Driver:: "neokdss" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <@> Arraste o CFScript.txt,para o ícone do ComboFix. <@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe. <@> Terminando,poste: ComboFix.txt Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
flee85 0 Denunciar post Postado Janeiro 15, 2009 bom dia! ComboFix 09-01-13.04 - Eliza 2009-01-15 6:50:22.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.949.82.1046.18.2047.1391 [GMT -2:00] Running from: c:\documents and settings\Eliza\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Eliza\Desktop\CFScript.txt.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NEOKDSS -------\Service_neokdss ((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 ))))))))))))))))))))))))))))))) . 2009-01-15 01:46 . 2009-01-15 02:03 <DIR> d-------- c:\documents and settings\Eliza\DoctorWeb 2009-01-15 01:10 . 2009-01-15 01:10 <DIR> d-------- C:\rsit 2009-01-15 01:10 . 2009-01-15 01:10 <DIR> d-------- c:\arquivos de programas\trend micro 2009-01-15 01:09 . 2009-01-15 01:09 781,851 --a------ C:\RSIT.exe 2009-01-14 14:35 . 2009-01-14 15:34 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-01-14 14:31 . 2009-01-14 19:54 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-01-14 14:31 . 2009-01-14 16:51 <DIR> d-------- c:\documents and settings\Eliza\Dados de aplicativos\AVGTOOLBAR 2009-01-14 14:31 . 2009-01-14 14:31 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-01-14 14:31 . 2009-01-14 14:31 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-01-14 14:31 . 2009-01-14 14:31 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-01-14 14:30 . 2009-01-14 14:30 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8 2009-01-14 14:30 . 2009-01-14 14:30 <DIR> d-------- c:\arquivos de programas\AVG 2009-01-14 12:27 . 2009-01-14 12:27 1 ---hs---- C:\MSDOS.INF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-15 08:41 --------- d-----w c:\arquivos de programas\Warcraft III 2009-01-15 04:01 --------- d-----w c:\arquivos de programas\PokerStars 2009-01-14 15:34 --------- d-----w c:\arquivos de programas\iTHINK 2009-01-03 13:19 --------- d-----w c:\arquivos de programas\Google 2008-12-10 23:34 --------- d-----w c:\arquivos de programas\PartyGaming 2008-12-08 20:20 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles 2008-11-22 17:06 --------- d-----w c:\arquivos de programas\Garena 2008-11-22 17:05 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2008-11-16 10:26 --------- d-----w c:\arquivos de programas\BigFile 2008-10-18 16:46 2,829 ----a-w c:\windows\War3Unin.pif 2008-10-18 16:46 139,264 ----a-w c:\windows\War3Unin.exe 2008-10-18 16:25 58,635,007 ----a-w C:\War3TFT_122a_English.exe 2008-10-16 05:51 2,732,032 ----a-w C:\ventrilo-3.0.1-Windows-i386.exe 2008-10-15 12:10 67,167,528 ----a-w C:\iTunes801Setup.exe 2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe . ((((((((((((((((((((((((((((( snapshot@2009-01-14_16.45.20,50 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 22:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2009-01-14 18:43:47 589,824 ----a-w c:\windows\Historico\History.IE5\index.dat + 2009-01-15 08:53:09 589,824 ----a-w c:\windows\Historico\History.IE5\index.dat - 2009-01-14 18:44:37 40,128 ----a-w c:\windows\system32\perfc009.dat + 2009-01-15 02:34:00 40,128 ----a-w c:\windows\system32\perfc009.dat - 2009-01-14 18:44:37 48,764 ----a-w c:\windows\system32\perfc016.dat + 2009-01-15 02:34:00 48,764 ----a-w c:\windows\system32\perfc016.dat - 2009-01-14 18:44:37 311,740 ----a-w c:\windows\system32\perfh009.dat + 2009-01-15 02:34:00 311,740 ----a-w c:\windows\system32\perfh009.dat - 2009-01-14 18:44:37 344,480 ----a-w c:\windows\system32\perfh016.dat + 2009-01-15 02:34:00 344,480 ----a-w c:\windows\system32\perfh016.dat + 2009-01-15 03:06:42 2,592 ----a-w c:\windows\Temporary Internet Files\Content.IE5\9NFJDT8E\RSIT[2].exe - 2009-01-14 18:43:47 2,146,304 ----a-w c:\windows\Temporary Internet Files\Content.IE5\index.dat + 2009-01-15 08:53:09 2,146,304 ----a-w c:\windows\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FDA784-0154-418F-810B-F1839272C361}] 2009-01-14 12:27 824832 --a------ c:\windows\system32\DirectX\Dinput\diagx3d.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-28 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "amd_dc_opt"="c:\arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2008-10-01 289576] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-01-14 1235736] "nwiz"="nwiz.exe" [2007-05-10 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --------- 2004-10-27 16:21 61952 c:\windows\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\CABAL Online(BRAZIL)\\launcher\\update\\ESTdnheadless.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\BugsSvr.exe"= "c:\\WINDOWS\\system32\\P3MelonSvr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\iTunes\\iTunes.exe"= "c:\\Arquivos de programas\\Garena\\Garena.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "53444:TCP"= 53444:TCP:Monkey3Saver "5435:TCP"= 5435:TCP:Monkey3 "5435:UDP"= 5435:UDP:Monkey3 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-14 98440] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-14 90632] R4 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-01-14 874776] R4 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-01-14 231704] S3 ADSPIDER;ADSPIDER;c:\windows\system32\drivers\adspider.sys [2008-05-20 19999] S3 ADSPIDEREX;ADSPIDEREX;\??\c:\windows\system32\drivers\adspiderex.sys --> c:\windows\system32\drivers\adspiderex.sys [?] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 XDva021;XDva021;\??\c:\windows\system32\XDva021.sys --> c:\windows\system32\XDva021.sys [?] S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?] S3 XDva165;XDva165;\??\c:\windows\system32\XDva165.sys --> c:\windows\system32\XDva165.sys [?] S3 XDva172;XDva172;\??\c:\windows\system32\XDva172.sys --> c:\windows\system32\XDva172.sys [?] S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys --> c:\windows\system32\XDva177.sys [?] S3 XDva182;XDva182;\??\c:\windows\system32\XDva182.sys --> c:\windows\system32\XDva182.sys [?] --- Other Services/Drivers In Memory --- *Deregistered* - InCDrec . Contents of the 'Scheduled Tasks' folder 2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.terra.com.br/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html Trusted Zone: *.bigfile.co.kr O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\NMUninst18.exe - c:\windows\NMUpdate25_1.exe c:\windows\Downloaded Program Files\NMStarter25.dll O16 -: {00001025-A15C-11D4-97A4-0050BF0FBE67} hxxp://download.netmarble.com/web/nmstarter/NMStarter25.cab c:\windows\Downloaded Program Files\NMStarter25.inf c:\windows\Downloaded Program Files\BigFile.ocx - O16 -: {03AF249E-119E-4569-838E-167E929EC6DA} hxxp://www.bigfile.co.kr/client/BigFile.cab c:\windows\system32\IndexedColorDecoder.dll - c:\windows\system32\WaveletDecoder.dll c:\windows\system32\ToonsXHook.dll c:\windows\system32\MAIS.VXD c:\windows\system32\IMGSFMGR.dll c:\windows\system32\IMGSFLOADER.exe c:\windows\system32\IMGSF03.dll c:\windows\system32\IMGSF02.dll c:\windows\system32\IMGSF01.dll c:\windows\system32\CaptureProtect.dll c:\windows\system32\ToonsXParan3.ocx O16 -: {1AD649C1-8B55-4033-9019-CF452DB5499E} hxxp://comic.paran.com/tns_web2/ToonsXParan3.cab c:\windows\Downloaded Program Files\ToonsXParan3.inf c:\windows\Downloaded Program Files\NHNComicViewer.dll - O16 -: {2029F1D2-90E4-49EF-9824-F666D238BFF6} hxxp://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab c:\windows\Downloaded Program Files\NHNComicViewer.inf c:\windows\Downloaded Program Files\TPopupRegP.dll - O16 -: {22D427A5-E460-4B08-9378-9708F7544129} hxxp://www.tygem.com/pub/ActiveX/TPopupRegP.cab c:\windows\Downloaded Program Files\webstarter.ocx - O16 -: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} hxxp://wo.tk.co.kr/webstarter/webstarter.cab c:\windows\Downloaded Program Files\webstarter.inf c:\windows\Downloaded Program Files\Monkey3ActiveXControl.ocx - O16 -: {820359CA-BD53-4BDF-8393-282FEEAE8C53} hxxp://www.monkey3.co.kr/Monkey3ActiveX/Monkey3ActiveXControl.cab c:\windows\Downloaded Program Files\Monkey3ActiveXControl.inf c:\windows\KukiProc111.exe - c:\windows\Downloaded Program Files\NMTransX.dll c:\windows\KukiProc112.exe c:\windows\KukiProc113.exe O16 -: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} hxxp://download.netmarble.net/NMChatX/NMTransX.cab c:\windows\Downloaded Program Files\NMTransX.inf c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll c:\windows\system32\olepro32.dll c:\windows\Downloaded Program Files\kdfense8.ocx O16 -: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} hxxp://download.netmarble.com/kdefence/kdfense8237.cab c:\windows\Downloaded Program Files\kdfense8.inf c:\windows\system32\mfc42.dll - c:\windows\system32\olepro32.dll c:\windows\Downloaded Program Files\BugsInstallerEx.ocx c:\windows\system32\bugs_install.gif O16 -: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab c:\windows\Downloaded Program Files\BugsInstallerEx.inf c:\windows\system32\atl.dll - c:\windows\system32\MelonDN.exe c:\windows\system32\MelonWebPlayer.dll c:\windows\system32\p3Instl2.dll c:\windows\system32\p3Instl1.dll O16 -: {C0B2F53E-5E61-4856-B314-FE9AE262A796} hxxp://www.melon.com/cab/P3MelWebInstall.cab c:\windows\Downloaded Program Files\P3MelInstall.inf c:\windows\system32\DanCom.dll - c:\windows\system32\dbgtrace.dll c:\windows\Downloaded Program Files\JoinBaduk.ocx O16 -: {E9429003-6294-4F4F-BCAB-83AD4DAAFED0} hxxp://service.tygem.com/service/JoinBaduk.cab c:\windows\Downloaded Program Files\JoinBaduk.inf c:\windows\netmable.ico - c:\windows\system32\ToonsXHook.dll c:\windows\system32\WaveletDecoder.dll c:\windows\system32\IndexedColorDecoder.dll c:\windows\system32\ToonsXESetPND.ocx c:\windows\system32\CaptureProtect.dll c:\windows\system32\IMGSF01.dll c:\windows\system32\IMGSF02.dll c:\windows\system32\IMGSF03.dll c:\windows\system32\IMGSFLOADER.exe c:\windows\system32\IMGSFMGR.dll c:\windows\system32\MAIS.VXD c:\windows\system32\ToonsHook2.dll O16 -: {E97946F0-6F90-4738-95EF-33A946451580} hxxp://comix.netmarble.net/mv/viewer/ToonsXESetPND10012.cab c:\windows\Downloaded Program Files\ToonsXESetPND.inf . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-15 06:53:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1844237615-1972579041-839522115-1003\Software\Microsoft\MessengerService\GroupStateCacheU\*촴? "Name"=hex:00,ac,71,c8,00,00 "Collapsed"=hex:01,00,00,00 . ------------------------ Other Running Processes ------------------------ . c:\arquivos de programas\Ahead\InCD\InCDsrv.exe c:\windows\system32\conime.exe c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\arquivos de programas\Bonjour\mDNSResponder.exe c:\windows\system32\nvsvc32.exe c:\arquiv~1\AVG\AVG8\avgnsx.exe c:\arquivos de programas\iPod\bin\iPodService.exe c:\arquivos de programas\AVG\AVG8\avgrsx.exe c:\arquivos de programas\AVG\AVG8\avgrsx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-01-15 6:54:50 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-15 08:54:47 ComboFix2.txt 2009-01-15 02:31:18 ComboFix3.txt 2009-01-14 19:29:41 ComboFix4.txt 2009-01-14 18:45:50 Pre-Run: 17 pasta(s) 35.593.498.624 bytes disponiveis Post-Run: 17 pasta(s) 35,580,559,360 bytes disponiveis 271 --- E O F --- 2008-12-19 11:10:21 Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 16, 2009 Bom Dia! flee85 O15 - Trusted Zone: http://*.bigfile.co.kr <!> É de seu conhecimento,estar este site como preferencial? ----------------------------- <@> Faça o download do a-squared Free 4.0. <!> Link Opcional: < > <@> Abra o programa e clique em: Atualizar agora --> Aguarde! <@> Terminando,clique em: "Scan PC" <@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar". <@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena". <@> Salve o relatório desta verificação,e poste-o na sua resposta. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Fevereiro 16, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
